Contents of /trunk/spamassassin_config/common/auto_response_spam

# -*- mode: spamassassin -*-

## This file contains rules which match various automatic responders
## which give us backscatter. The scores here are best guesses; and
## may need to be overridden for recipients which actually want these
## bounces.

# don 2009-02-05
body  QMAILBOUNCE       /This\s*is\s*the\s*qmail-send\s*program/i
describe QMAILBOUNCE    Stupid qmail bounces; we don't want them
score QMAILBOUNCE       2

# don 2009-02-05 (the following are all for various stupid auto-repsonse things)
header RECEIVEDMAIL     subject =~ /(?:received\s*your\s*mail|(?:respuesta|risposta|response) (?:autom.tica|automatic)|auto(?:matic|m.tica)?\s*(?:respuesta|risposta|response))/i
describe RECEIVEDMAIL   It's great that you've received our mail and automatically responded. We don't care
score RECEIVEDMAIL      4

body AUTOREBOD          /(?:received\s*your\s*mail|(?:(?:respuesta|risposta|response|message) auto(?:m.tica?|mated)?)|auto(?:m.tica?|mated)?\s*(?:respuesta|risposta|response|message))/i
describe AUTOREBOD      It's great that you've automatically responded
score AUTOREBOD         4

header YOURMESSAGE      subject =~ /your message/i
describe YOURMESSAGE    It's great that our message did something; we don't care
score YOURMESSAGE       2.5

body YOURMESSAGEBOD     /^Your message/i
describe YOURMESSAGEBOD It's great that our message did something; we don't care
score YOURMESSAGEBOD    2.5

body NODELIVERY         /(?:could not be|has not been) delivered/i
describe NODELIVERY     We don't care if it could be or has not been delivered
score NODELIVERY        1.5

body NORESEND           /do not resend your original message/i
describe NORESEND       If you don't want us to resend our message, why tell us?
score NORESEND          2

header PROOFPOINT       from =~ /proofpoint/
describe PROOFPOINT     Automatic mail from proofpoint (some MTA thingie)
score PROOFPOINT        3.5

body  NOTPROCBOUNCE     /was not processed by our system/i
describe NOTPROCBOUNCE  Bounce by system that was not processed
score NOTPROCBOUNCE     2

body ACCOUNTNOTEXIST    /(?:account\s+\S+\s+(does\s*not|doesn't)\s*exist|(?:invalid|not a valid) e-?mail address)/i
describe ACCOUNTNOTEXIST        It's not our problem if an account doesn't exist
score ACCOUNTNOTEXIST           2

body CR_SYSTEM1         /sent by a human and not a computer/i
describe CR_SYSTEM1     Looks like a challenge/response system
score CR_SYSTEM1        2

body CR_SYSTEM2         /do not reply/i
describe CR_SYSTEM2     Body contains do not reply; likely a CR system
score CR_SYSTEM2        1.5

body CR_SYSTEM3         /confirm this request/i
describe CR_SYSTEM3     Body contains confirm this request; likely a CR system
score CR_SYSTEM3        1.5

header CR_SYSTEM4       subject =~ /challenge.*response/i
describe CR_SYSTEM4     Subject contains challenge/response
score CR_SYSTEM4        3

body CR_SYSTEM5         /confirmation of list posting/i
describe CR_SYSTEM5     Body asks us to confirm a list posting
score CR_SYSTEM5        3

header CR_SYSTEM6       subject =~ /^confirm\:/i
describe CR_SYSTEM6     Subject asks us to confirm something; we don't want to
score CR_SYSTEM6        2

header CR_SYSTEM7       x-cr-puzzleid =~ /./i
describe CR_SYSTEM7     Has a X-cr-puzzleid: header
score CR_SYSTEM7        5

body CR_SYSTEM8         /reply to this message/i
describe CR_SYSTEM8     Reply to this message? are you crazy?
score CR_SYSTEM8        3

body SUPPORTMAIL1       /assigned a ticket/
describe SUPPORTMAIL1   Message from an automated support/response system
score SUPPORTMAIL1      2

header SUPPORTMAIL2     subject =~ /^\[*(?:update\s*to\s*)?ticket/
describe SUPPORTMAIL2   Message with ticket leading it; probably a support mail
score SUPPORTMAIL2      1.5

body SUPPORTMAIL3       /the email address \S+ is not registered/i
describe SUPPORTMAIL3   We don't care if an e-mail address is not registered
score SUPPORTMAIL3      1.5

body SUPPORTMAIL4       /(reached an unmonitored e-mail address|no response will be given)/i
describe SUPPORTMAIL4   Yeay for dumb auto-response bots that don't want a response
score SUPPORTMAIL4      1.5

header SUPPORTMAIL5     from =~ /\b(?:support|info)\@/i
describe SUPPORTMAIL5   Message from an address that looks like support@ or info@
score SUPPORTMAIL5      2

header FROMAUTOREPLY    from =~ /(autoreply|no-?repl(?:y|ies))/i
describe FROMAUTOREPLY  Message from an autoreplier or something who doesn't seem to want a reply
score FROMAUTOREPLY     4

header FROMABUSE        from =~ /\babbuse\@/i
describe FROMABUSE      Message from abbuse@somedomain
score FROMABUSE         1.5

header FROMSPAMCOP      from =~ /spamcop\@/i
describe FROMSPAMCOP    Message from spamcop@somedomain
score FROMSPAMCOP       3.5

header SUBJECTSPAM      subject =~ /(?:\*\*|\[)\s*spam\s*(?:\*\*|\])/i
describe SUBJECTSPAM    Subject contains **spam** or [spam], so it's probably spam
score SUBJECTSPAM       3.5

header MESBLOCKED       subject =~ /your message (?:is )?blocked/i
describe MESBLOCKED     That's great that our message was blocked
score    MESBLOCKED     2

header FAILDELIVERY     subject =~ /failed to deliver/i
describe FAILDELIVERY   Oh noes! You failed to deliver spam!
score FAILDELIVERY      2

header NEWADDRESS       subject =~ /(?:new e-?mail address|deaktivierung der mailadresse)/i
describe NEWADDRESS     We don't care that you have a new e-mail address
score NEWADDRESS        4

header VACATIONMAIL1    user-agent =~ /vacation/i
describe VACATIONMAIL1  Mail from the vacation user agent
score VACATIONMAIL1     0.1

header VACATIONMAIL2    X-Vacation =~ /./
describe VACATIONMAIL2  Has an X-Vacation header
score VACATIONMAIL2     0.1

meta  VACATIONMAIL      (VACATIONMAIL1 || VACATIONMAIL2)
describe VACATIONMAIL   Looks like a vacation message
score VACATIONMAIL      1
1	# -- mode: spamassassin --
2
3	## This file contains rules which match various automatic responders
4	## which give us backscatter. The scores here are best guesses; and
5	## may need to be overridden for recipients which actually want these
6	## bounces.
7
8	# don 2009-02-05
9	body QMAILBOUNCE /This\sis\sthe\sqmail-send\sprogram/i
10	describe QMAILBOUNCE Stupid qmail bounces; we don't want them
11	score QMAILBOUNCE 2
12
13	# don 2009-02-05 (the following are all for various stupid auto-repsonse things)
14	header RECEIVEDMAIL subject =~ /(?:received\syour\smail\|(?:respuesta\|risposta\|response) (?:autom.tica\|automatic)\|auto(?:matic\|m.tica)?\s*(?:respuesta\|risposta\|response))/i
15	describe RECEIVEDMAIL It's great that you've received our mail and automatically responded. We don't care
16	score RECEIVEDMAIL 4
17
18	body AUTOREBOD /(?:received\syour\smail\|(?:(?:respuesta\|risposta\|response\|message) auto(?:m.tica?\|mated)?)\|auto(?:m.tica?\|mated)?\s*(?:respuesta\|risposta\|response\|message))/i
19	describe AUTOREBOD It's great that you've automatically responded
20	score AUTOREBOD 4
21
22	header YOURMESSAGE subject =~ /your message/i
23	describe YOURMESSAGE It's great that our message did something; we don't care
24	score YOURMESSAGE 2.5
25
26	body YOURMESSAGEBOD /^Your message/i
27	describe YOURMESSAGEBOD It's great that our message did something; we don't care
28	score YOURMESSAGEBOD 2.5
29
30	body NODELIVERY /(?:could not be\|has not been) delivered/i
31	describe NODELIVERY We don't care if it could be or has not been delivered
32	score NODELIVERY 1.5
33
34	body NORESEND /do not resend your original message/i
35	describe NORESEND If you don't want us to resend our message, why tell us?
36	score NORESEND 2
37
38	header PROOFPOINT from =~ /proofpoint/
39	describe PROOFPOINT Automatic mail from proofpoint (some MTA thingie)
40	score PROOFPOINT 3.5
41
42	body NOTPROCBOUNCE /was not processed by our system/i
43	describe NOTPROCBOUNCE Bounce by system that was not processed
44	score NOTPROCBOUNCE 2
45
46	body ACCOUNTNOTEXIST /(?:account\s+\S+\s+(does\snot\|doesn't)\sexist\|(?:invalid\|not a valid) e-?mail address)/i
47	describe ACCOUNTNOTEXIST It's not our problem if an account doesn't exist
48	score ACCOUNTNOTEXIST 2
49
50	body CR_SYSTEM1 /sent by a human and not a computer/i
51	describe CR_SYSTEM1 Looks like a challenge/response system
52	score CR_SYSTEM1 2
53
54	body CR_SYSTEM2 /do not reply/i
55	describe CR_SYSTEM2 Body contains do not reply; likely a CR system
56	score CR_SYSTEM2 1.5
57
58	body CR_SYSTEM3 /confirm this request/i
59	describe CR_SYSTEM3 Body contains confirm this request; likely a CR system
60	score CR_SYSTEM3 1.5
61
62	header CR_SYSTEM4 subject =~ /challenge.*response/i
63	describe CR_SYSTEM4 Subject contains challenge/response
64	score CR_SYSTEM4 3
65
66	body CR_SYSTEM5 /confirmation of list posting/i
67	describe CR_SYSTEM5 Body asks us to confirm a list posting
68	score CR_SYSTEM5 3
69
70	header CR_SYSTEM6 subject =~ /^confirm\:/i
71	describe CR_SYSTEM6 Subject asks us to confirm something; we don't want to
72	score CR_SYSTEM6 2
73
74	header CR_SYSTEM7 x-cr-puzzleid =~ /./i
75	describe CR_SYSTEM7 Has a X-cr-puzzleid: header
76	score CR_SYSTEM7 5
77
78	body CR_SYSTEM8 /reply to this message/i
79	describe CR_SYSTEM8 Reply to this message? are you crazy?
80	score CR_SYSTEM8 3
81
82	body SUPPORTMAIL1 /assigned a ticket/
83	describe SUPPORTMAIL1 Message from an automated support/response system
84	score SUPPORTMAIL1 2
85
86	header SUPPORTMAIL2 subject =~ /^\[(?:update\sto\s*)?ticket/
87	describe SUPPORTMAIL2 Message with ticket leading it; probably a support mail
88	score SUPPORTMAIL2 1.5
89
90	body SUPPORTMAIL3 /the email address \S+ is not registered/i
91	describe SUPPORTMAIL3 We don't care if an e-mail address is not registered
92	score SUPPORTMAIL3 1.5
93
94	body SUPPORTMAIL4 /(reached an unmonitored e-mail address\|no response will be given)/i
95	describe SUPPORTMAIL4 Yeay for dumb auto-response bots that don't want a response
96	score SUPPORTMAIL4 1.5
97
98	header SUPPORTMAIL5 from =~ /\b(?:support\|info)\@/i
99	describe SUPPORTMAIL5 Message from an address that looks like support@ or info@
100	score SUPPORTMAIL5 2
101
102	header FROMAUTOREPLY from =~ /(autoreply\|no-?repl(?:y\|ies))/i
103	describe FROMAUTOREPLY Message from an autoreplier or something who doesn't seem to want a reply
104	score FROMAUTOREPLY 4
105
106	header FROMABUSE from =~ /\babbuse\@/i
107	describe FROMABUSE Message from abbuse@somedomain
108	score FROMABUSE 1.5
109
110	header FROMSPAMCOP from =~ /spamcop\@/i
111	describe FROMSPAMCOP Message from spamcop@somedomain
112	score FROMSPAMCOP 3.5
113
114	header SUBJECTSPAM subject =~ /(?:\\\|\[)\sspam\s(?:\\\|\])/i
115	describe SUBJECTSPAM Subject contains spam or [spam], so it's probably spam
116	score SUBJECTSPAM 3.5
117
118	header MESBLOCKED subject =~ /your message (?:is )?blocked/i
119	describe MESBLOCKED That's great that our message was blocked
120	score MESBLOCKED 2
121
122	header FAILDELIVERY subject =~ /failed to deliver/i
123	describe FAILDELIVERY Oh noes! You failed to deliver spam!
124	score FAILDELIVERY 2
125
126	header NEWADDRESS subject =~ /(?:new e-?mail address\|deaktivierung der mailadresse)/i
127	describe NEWADDRESS We don't care that you have a new e-mail address
128	score NEWADDRESS 4
129
130	header VACATIONMAIL1 user-agent =~ /vacation/i
131	describe VACATIONMAIL1 Mail from the vacation user agent
132	score VACATIONMAIL1 0.1
133
134	header VACATIONMAIL2 X-Vacation =~ /./
135	describe VACATIONMAIL2 Has an X-Vacation header
136	score VACATIONMAIL2 0.1
137
138	meta VACATIONMAIL (VACATIONMAIL1 \|\| VACATIONMAIL2)
139	describe VACATIONMAIL Looks like a vacation message
140	score VACATIONMAIL 1