# # 2007-2014 Victor Ustugov # # для проверки комбинаций полей заголовка нужен патч: # http://mta.org.ua/spamassassin-3.4.0/patches/3.3.2/patch-src::MultiCaseSensHeadersCheck-3.3.2.patch # для проверки полей заголовков с учетом регистра названия поля нужен патч: # http://mta.org.ua/spamassassin-3.4.0/patches/3.3.2/patch-src::MultiCaseSensHeadersCheck-3.3.2.patch # header __Thread_Topic_EMPTY Thread-Topic =~ /^$/ header __Thread_Index_EMPTY Thread-Index =~ /^$/ header __Accept_Language_EMPTY Accept_Language =~ /^$/ header __Content_Language_EMPTY Content-Language =~ /^$/ header __X_MS_Has_Attach_EMPTY X-MS-Has-Attach =~ /^$/ header __X_MS_TNEF_Correlator_EMPTY X-MS-TNEF-Correlator =~ /^$/ header __MS_MimeOLE_Content_Class Content-Class =~ /^\s*urn:content-classes:message$/ header __MS_MimeOLE_From_RAW From:raw =~ /^\s*("?[\x20-\x7F]+"? )?<.+\@.+>$/ header __MS_MimeOLE_To_RAW To:raw =~ /^\s*("?[\x20-\x7F]+"? )?<\S+\@\S+>/ meta __MS_MimeOLE __MS_MimeOLE_Content_Class && __CUST_Content_Transfer_Encoding_7bit && __MS_MimeOLE_From_RAW && __MS_MimeOLE_To_RAW && (__CUST_X_MimeOLE_OE_600 || __CUST_x_mimeole_OE_600) && __CUST_MIME_Version_1_0 && (__CUST_Content_Type_multipart_mixed_OE ||__CUST_Content_Type_multipart_mixed_MSO || __CUST_Content_Type_multipart_alternative_MSO || __CUST_Content_Type_multipart_related_alt_OE) # Content-Transfer-Encoding: 7bit # From: "Top Consulting" # To: "=?koi8-r?B?5sHMwsk=?=" # MIME-Version: 1.0 # Content-Type: multipart/mixed; # boundary="----=_NextPart_000_1267_01C74557.033D78A0" # X-Mailer: Microsoft CDO for Windows 2000 # Thread-Index: AcdFRj+0Q3SiLz5xT8WEDA9Ecsh6XA== # Content-Class: urn:content-classes:message # X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 #header __MS_CDO_Thread_Index Thread-Index:case =~ /./ header __MS_CDO_Thread_Index Thread-Index =~ /./ meta __MS_CDO __MS_MimeOLE && __MS_CDO_Thread_Index && __CUST_X_Mailer_CDO2000 # # MIME-Version: 1.0 # X-Priority: 3 # X-MSMail-Priority: Normal # Importance: Normal # X-Mailer: Microsoft Windows Live Mail 12.0.1606 # X-MimeOLE: Produced By Microsoft MimeOLE V12.0.1606 # meta __MS_Windows_Live_Mail __CUST_X_Mailer_MWLM && !__CUST_MIME_Version_EMPTY && !__CUST_X_MimeOLE_EMPTY && !__CUST_X_PRIORITY_EMPTY && __CUST_X_MSMAIL_PRIORITY_NOT_EMPTY && !__CUST_Importance_EMPTY # Content-Transfer-Encoding: 7bit # Importance: normal # Priority: normal # X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.607 # Content-Class: urn:content-classes:message # MIME-Version: 1.0 # Content-Type: multipart/alternative; # boundary="----_=_NextPart_001_01C74590.1EE09797" # X-MS-Has-Attach: # X-MS-TNEF-Correlator: # Thread-Topic: What is the sqlite concatenation operator? # thread-index: AcdFkB8cu8xtffd/TFm4g1z9EejHZQ== # From: "Anderson, James H \(IT\)" # To: # X-OriginalArrivalTime: 31 Jan 2007 23:32:50.0100 (UTC) FILETIME=[1EFF3F40:01C74590] # # Content-Transfer-Encoding: 7bit # Importance: normal # Priority: normal # X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826 # Content-Class: urn:content-classes:message # MIME-Version: 1.0 # Content-Type: multipart/mixed; # boundary="----_=_NextPart_001_01C74508.BF5712C2" # X-MS-Has-Attach: yes # X-MS-TNEF-Correlator: # Thread-Topic: Security Survey # thread-index: AcdFCPvSt1yr8Dx4QTCY0msR+GEu3g== # From: "Miller, Aleksey \(UA - Kyiv\)" # To: # X-OriginalArrivalTime: 31 Jan 2007 07:23:49.0400 (UTC) FILETIME=[C0707980:01C74508] # # Content-Transfer-Encoding: 7bit # X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 # Content-Class: urn:content-classes:message # MIME-Version: 1.0 # Content-Type: multipart/alternative; # boundary="----_=_NextPart_001_01C71F89.A27EC5CF" # X-MS-Has-Attach: # X-MS-TNEF-Correlator: # Thread-Topic: =?windows-1251?B?xOXkIMvg6e0=?= # thread-index: Acce57WRQNoDnzfMS/m3g+2uCf0KlgAoexJw # X-Priority: 1 # Priority: Urgent # Importance: high # From: "Miller, Aleksey \(UA - Kyiv\)" # To: # X-OriginalArrivalTime: 14 Dec 2006 14:11:57.0268 (UTC) FILETIME=[D0849940:01C71F89] header __MS_Exchange_Priority_normal X-Priority|Priority|Importance =~ /^\s*[\r\n]*\|\s*normal[\r\n]*\|\s*normal/ header __MS_Exchange_Priority_urgent X-Priority|Priority|Importance =~ /^\s*1[\r\n]*\|\s*Urgent[\r\n]*\|\s*high$/ header __MS_Exchange_Thread_Topic Thread-Topic:case =~ /./ header __MS_Exchange_Thread_Index Thread-Index:case =~ /./ #header __MS_Exchange_thread_index thread-index:case =~ /./ header __MS_Exchange_thread_index thread-index =~ /./ #meta __MS_Exchange __MS_MimeOLE && (__MS_Exchange_Priority_normal || __MS_Exchange_Priority_urgent) && __MS_Exchange_thread_index && __HAS_X_MS_Has_Attach && __HAS_X_MS_TNEF_Correlator && __MS_Exchange_Thread_Topic && __X_OriginalArrivalTime #meta __MS_Exchange __MS_MimeOLE && (__MS_Exchange_Priority_normal || __MS_Exchange_Priority_urgent) && __MS_Exchange_thread_index && __HAS_X_MS_Has_Attach && __HAS_X_MS_TNEF_Correlator && __MS_Exchange_Thread_Topic meta __MS_Exchange __MS_MimeOLE && (__MS_Exchange_Priority_normal || __MS_Exchange_Priority_urgent) && __MS_Exchange_thread_index && __HAS_X_MS_Has_Attach && __HAS_X_MS_TNEF_Correlator header __Accept_Language_not_empty Accept-Language =~ /./ header __X_MS_Exchange_Organization_AuthAs_not_empty X-MS-Exchange-Organization-AuthAs =~ /./ header __X_MS_Exchange_Organization_AuthSource_not_empty X-MS-Exchange-Organization-AuthSource =~ /./ header __X_MS_Has_Attach_not_empty X-MS-Has-Attach =~ /./ header __X_MS_TNEF_Correlator_not_empty X-MS-TNEF-Correlator =~ /./ header __HAS_HEADER_X_MS_Has_Attach ALL =~ /^(.*\n)*X-MS-Has-Attach:/ header __HAS_HEADER_X_MS_TNEF_Correlator ALL =~ /^(.*\n)*X-MS-TNEF-Correlator:/ header __RCVD_WITH_SMTPSVC_6_0_3790_3959 Received =~ /with\s+Microsoft\s+SMTPSVC\(6\.0\.3790\.3959\);/ #meta __RCVD_WITH_EXCHANGE_2007 __RCVD_WITH_SMTPSVC_6_0_3790_3959 meta __RCVD_WITH_EXCHANGE_2007 __MS_Exchange_Thread_Topic && __MS_Exchange_Thread_Index && __Accept_Language_not_empty && __X_MS_Exchange_Organization_AuthAs_not_empty && __X_MS_Exchange_Organization_AuthSource_not_empty && __HAS_HEADER_X_MS_Has_Attach && __HAS_HEADER_X_MS_TNEF_Correlator meta FORGED_MS_HEADERS !__CUST_X_MSMAIL_PRIORITY_EMPTY && __CUST_X_MimeOLE_MS && !__CUST_X_Mailer_OE && !__CUST_X_Mailer_MWM && !__CUST_X_Mailer_MWLM && !__CUST_X_Mailer_MSO && !__MS_CDO && !__MS_Windows_Live_Mail && !__X_Mailer_Kerio_Outlook_Connector describe FORGED_MS_HEADERS MS headers without MS MUA score FORGED_MS_HEADERS 1.5