# # 2003-2022 Victor Ustugov # # проверка заголовка Message-Id # #header __HAS_MESSAGE_ID exists:Message-Id #meta MISSING_MID !__HAS_MESSAGE_ID #describe MISSING_MID Missing Message-Id: header meta MISSING_MID !__HAS_MESSAGE_ID && !__CUST_X_Mailer_MSO11 && !TWITTER_COM && !FROM_ZVIT_STA_GOV_UA score MISSING_MID 2.0 meta MISSING_MID_MSO11 !__HAS_MESSAGE_ID && __CUST_X_Mailer_MSO11 describe MISSING_MID_MSO11 Missing Message-Id: header score MISSING_MID_MSO11 1.0 header MESSAGE_ID_EMPTY Message-Id =~ /^\s*<\s*>$/im describe MESSAGE_ID_EMPTY Message-Id is empty score MESSAGE_ID_EMPTY 2.0 meta MESSAGE_ID_EXISTS_BUT_EMPTY __HAS_MESSAGE_ID && __CUST_MESSAGE_ID_EMPTY describe MESSAGE_ID_EXISTS_BUT_EMPTY Message-ID exists bu empty score MESSAGE_ID_EXISTS_BUT_EMPTY 2.0 # # Message-ID: # Message-ID: # header MSGID_DOUBLED ALL =~ /^(.*\n)*Message-ID:.(.*\n)+Message-ID:/ describe MSGID_DOUBLED Found more than one header Message-ID score MSGID_DOUBLED 3.0 ######################################## header MSGID_SUSP_FTIME_LOCALHOST Message-ID =~ /^\s*<01c[a-f][\da-f]{4}\.[\da-f]{8}\@localhost>$/ describe MSGID_SUSP_FTIME_LOCALHOST Suspicious header Message-ID with filetime score MSGID_SUSP_FTIME_LOCALHOST 2.5 header __MSGID_SUSP_FTIME Message-ID =~ /^\s*<01c[a-f][\da-f]{4}\.[\da-f]{8}\@\S+>$/ meta MSGID_SUSP_FTIME __MSGID_SUSP_FTIME && !MSGID_SUSP_FTIME_LOCALHOST describe MSGID_SUSP_FTIME Suspicious header Message-ID with filetime score MSGID_SUSP_FTIME 0.5 header SUSPICIOUS_Message_ID Message-ID =~ /^\s*<[A-F\d]{32}\@[a-z]{2,}-[\da-f]{6,10}>$/ describe SUSPICIOUS_Message_ID Suspicious header Message-ID score SUSPICIOUS_Message_ID 1.0 header MSGID_8BIT Message-ID =~ /[\x80-\xFF]/ describe MSGID_8BIT There are 8bit characters in header Message-ID score MSGID_8BIT 5.0 header MSGID_IP Message-ID =~ /\@\d+\.\d+\.\d+\.\d+\.\d+>$/ describe MSGID_IP There is IP address in domain part of Message-ID score MSGID_IP 1.0 # dublicated by INVALID_MSGID #header __MSGID_NO_BRACKETS_MSGID Message-ID =~ /^\s*[^<]\S+\@\S+[^>]$/ #meta MSGID_NO_BRACKETS __MSGID_NO_BRACKETS_MSGID && !MSGID_NO_BRACKETS_DMARC_REPORT && !(__UKR_NET_auto_generated || __UKR_NET_auto_replied) && !ALIEXPRESS_COM #describe MSGID_NO_BRACKETS Message-ID with no angle brackets #score MSGID_NO_BRACKETS 3.0 #tflags MSGID_NO_BRACKETS mandatory_learn meta MSGID_NO_BRACKETS_DMARC_REPORT __MSGID_NO_BRACKETS_MSGID && DMARC_REPORT describe MSGID_NO_BRACKETS_DMARC_REPORT Stupid Message-ID with no angle brackets in DMARC reports score MSGID_NO_BRACKETS_DMARC_REPORT 0.1 meta MSGID_NO_BRACKETS_UKR_NET __MSGID_NO_BRACKETS_MSGID && (__UKR_NET_auto_generated || __UKR_NET_auto_replied) describe MSGID_NO_BRACKETS_UKR_NET Stupid Message-ID with no angle brackets in ukr.net auto-generated message score MSGID_NO_BRACKETS_UKR_NET 0.1 header MSGID_IN_ADDR_ARPA Message-ID =~ /\@.+\.in-addr\.arpa>$/ describe MSGID_IN_ADDR_ARPA Suspicious domain in Message-ID score MSGID_IN_ADDR_ARPA 3.0