# # 2007-2011 Victor Ustugov # header MAILER_Ajaxel_CMS X-Mailer =~ /^\s*Ajaxel CMS v\d+\.\d+ on PHP v\d+\.\d+\.\d+$/ describe MAILER_Ajaxel_CMS Message from Ajaxel CMS (DSPAM_autolearn), already_read score MAILER_Ajaxel_CMS 3.5 header MAILER_SendBlaster X-Mailer =~ /^\s*SendBlaster\.\d+\.\d+\.\d+$/ describe MAILER_SendBlaster Email marketing mailing software SendBlaster (DSPAM_autolearn), already_read score MAILER_SendBlaster 3.5 header MAILER_SMART_SEND_2 X-Mailer =~ /^\s*SmartSend\.2\.\d+\.\d+$/ describe MAILER_SMART_SEND_2 Suspicious X-Mailer: SmartSend score MAILER_SMART_SEND_2 4.0 header SPAMWARE_USER_AGENT_Postman_Pro User-Agent =~ /^\s*Postman Professional \d+\.\d+$/ describe SPAMWARE_USER_AGENT_Postman_Pro Spamware User-Agent (DSPAM_autolearn) score SPAMWARE_USER_AGENT_Postman_Pro 4.0 header SUSPICIOUS_USER_AGENT_CodeIgniter User-Agent =~ /^\s*CodeIgniter$/ describe SUSPICIOUS_USER_AGENT_CodeIgniter Suspicious header User-Agent: CodeIgniter (User-Agent, not X-Mailer) score SUSPICIOUS_USER_AGENT_CodeIgniter 0.5 header __SUSPICIOUS_X_MAILER X-Mailer =~ /^\s*(Amaizingly Fast|Bad Seeds|Blast|Cool|Espresso|Express|Fantasy|Kaffisimo|Mega|St. Nikolaus|Super|The Mailer|The Thing|The Weeds|Word and Deed)$/ meta SUSPICIOUS_X_MAILER __SUSPICIOUS_X_MAILER && !__CUST_X_PRIORITY_EMPTY && !__CUST_X_MSMAIL_PRIORITY_EMPTY && !__CUST_Importance_EMPTY && __CUST_X_MimeOLE_OE_600 describe SUSPICIOUS_X_MAILER Suspicious X-Mailer (DSPAM_autolearn) score SUSPICIOUS_X_MAILER 4.5 header SPAMWARE_X_MAILER_iBriteMail X-Mailer =~ /^\s*(iBriteMail .+)$/ describe SPAMWARE_X_MAILER_iBriteMail SpamWare X-Mailer (DSPAM_autolearn) score SPAMWARE_X_MAILER_iBriteMail 3.0 header SPAMWARE_X_MAILER_MMailer X-Mailer =~ /^\s*MMailer v3\.[01]$/ describe SPAMWARE_X_MAILER_MMailer SpamWare X-Mailer MMailer (DSPAM_autolearn) score SPAMWARE_X_MAILER_MMailer 5.0 header SPAMWARE_X_MAILER_eMailink X-Mailer =~ /^\s*eMailink 3$/ describe SPAMWARE_X_MAILER_eMailink SpamWare X-Mailer (DSPAM_autolearn) score SPAMWARE_X_MAILER_eMailink 3.0 # http://www.freedownloadscenter.com/Best/mailer-software.html header SPAMWARE_X_MAILER_GOOD_Mailer X-Mailer =~ /^\s*GOOD Mailer v\d+\.\d+$/ describe SPAMWARE_X_MAILER_GOOD_Mailer SpamWare X-Mailer GOOD Mailer score SPAMWARE_X_MAILER_GOOD_Mailer 3.0 header X_MAILER_mLogic X-Mailer =~ /^\s*mLogic$/ describe X_MAILER_mLogic Strange X-Mailer mLogic (DSPAM_autolearn) score X_MAILER_mLogic 5.0 header X_MAILER_Default X-Mailer =~ /^\s*Default$/ describe X_MAILER_Default Suspicious X-Mailer Default score X_MAILER_Default 4.0 header SPAM_SERVICE_STREAMSEND X-Mailer =~ /^\s*StreamSend/ describe SPAM_SERVICE_STREAMSEND Message from Email Marketing Solutions (spam service) StreamSend score SPAM_SERVICE_STREAMSEND 0.5 ###################################################################### header __X_MAILER_8bit X-Mailer =~ /[\x80-\xFF]/ header __X_MAILER_A_Z X-Mailer =~ /[a-z]/i meta X_MAILER_8bit __X_MAILER_8bit && !__X_MAILER_A_Z describe X_MAILER_8bit Suspicious X-Mailer score X_MAILER_8bit 4.0 header __CUST_X_Mailer_8bit X-Mailer =~ /[\x80-\xFF]/ header __CUST_X_Mailer_encoded X-Mailer:raw =~ /^\s*=\?[a-z\-\d]+\?(B|Q)\?/i header __CUST_X_Mailer_encoded_BASE64 X-Mailer:raw =~ /^\s*=\?[a-z\-\d]+\?B\?/i header __CUST_X_Mailer_encoded_QP X-Mailer:raw =~ /^\s*=\?[a-z\-\d]+\?Q\?/i meta X_Mailer_8bit __CUST_X_Mailer_8bit && !__CUST_X_Mailer_encoded && !X_MAILER_8bit describe X_Mailer_8bit X-Mailer with 8-bit characters score X_Mailer_8bit 2.5 meta X_Mailer_8bit_encoded __CUST_X_Mailer_8bit && __CUST_X_Mailer_encoded describe X_Mailer_8bit_encoded X-Mailer encoded with BASE64/QP score X_Mailer_8bit_encoded 2.0 meta X_Mailer_EXCESS_BASE64 !__CUST_X_Mailer_8bit && __CUST_X_Mailer_encoded_BASE64 describe X_Mailer_EXCESS_BASE64 X-Mailer: base64 encoded unnecessarily score X_Mailer_EXCESS_BASE64 2.5 meta X_Mailer_EXCESS_QP !__CUST_X_Mailer_8bit && __CUST_X_Mailer_encoded_QP describe X_Mailer_EXCESS_QP X-Mailer: quoted-printable encoded unnecessarily score X_Mailer_EXCESS_QP 2.5