Contents of /trunk/spamassassin_config/common/list_specific

# This configuration file contains lists.debian.org specific rulessets

# our MTAs fix up headers for a slew of spams, so mark these as suspicious
# -- joy, 2003-06-28
# deactivated as this rule is also part of SA itself.
#header OUR_MTA_MSGID           Message-Id =~ /\@(liszt|master|gluck)\.debian\.org/
#describe OUR_MTA_MSGID         Sounds like a MsgId autogenerated by our MTAs
#score OUR_MTA_MSGID            1

# -- joy, 2003-08-15
header SENDER_FOR_US    From =~ /\@(liszt|master|gluck|lists)\.debian\.org/
describe SENDER_FOR_US  Sounds like a mail aimed at tricking our MTAs
score SENDER_FOR_US     2

# exception... --joy, 2003-07-12
header WEBSUBS                  X-Remote-IP =~ /./
describe WEBSUBS                Sounds like a subscription request from the web
score WEBSUBS                   -2

# another exception... --joy, 2003-07-27
header SUBSCONFIRM              Subject =~ /CONFIRM [su]\d+/
describe SUBSCONFIRM            Sounds like a subscription request confirmation
score SUBSCONFIRM               -2

# some valid autogenerated mail of ours
# -- joy, 2003-07-09
header OUR_SCRIPTS_1            Orig-From =~ /.+\@debian\.org \(.+ as listmaster\)/
describe OUR_SCRIPTS_1          Mail likely generated by .bin/mladmin
score OUR_SCRIPTS_1             -5

# our daily un/subscription report gets ~8 SA points !
# lower it to 3
# -- zobel, 2006-12-10
header _OUR_UNSUB_CHANGES1      Subject =~ /Daily un\/subscription report/
meta OUR_UNSUB_CHANGES          (_OUR_UNSUB_CHANGES1 && OUR_MTA_MSGID)
describe OUR_UNSUB_CHANGES      Daily mail sent to listmaster about un/subscriptions
score OUR_UNSUB_CHANGES         -5

# exception... --joy, 2003-08-15
body MDOMOSUBS          /^Request forwarded.$/
describe MDOMOSUBS      Sounds like a subscription request via majorsmart
score MDOMOSUBS         -2

# another exception --joy, 2004-05-27
#body OURCRONMAILS      Subject =~ /^Cron \<list\@.*\/var\/list\//
#describe OURCRONMAILS  Sounds like a legitimate cron job mail
#score OURCRONMAILS     -3

header LISZT_LOCAL_FORWARDED    Resent-From =~ /liszt\.debian\.org/
describe LISZT_LOCAL_FORWARDED  Mail has been locally forwarded.
score LISZT_LOCAL_FORWARDED     -5

# temp work-around for d-l-f

header RFR  Subject =~ /\[RFR\]/
describe RFR Request for revision
score RFR -5

# pasc 2004-02-02
header AM_REPORT        Subject =~ /AM Report for Week Ending/
describe AM_REPORT      Auto-generated AM summary
score AM_REPORT         -5

# automated reports on debian-l10n-french
header MURPHY_MIGUS_REPORT      Subject =~ /Etat dans le CVS des/
describe MURPHY_MIGUS_REPORT    Auto-generated report from migus on translations
score MURPHY_MIGUS_REPORT       -5

# our own whitelisting of subscribers
header LDOSUBSCRIBER            X-Subscriber-lists.debian.org =~ /./
describe LDOSUBSCRIBER          Sender is a lists.debian.org subscriber
score LDOSUBSCRIBER             -6

# whitelist mails to majordomo
header MAJORDOMOMAIL    Delivered-To =~ /lists-majordomo@/
describe MAJORDOMOMAIL  mail to major domo
score MAJORDOMOMAIL     -0.1

meta     MAJORDOMOWHITE (MAJORDOMO && (NOSUBJECT || MISSING_SUBJECT))
describe MAJORDOMOWHITE Counteract no subject score for majordomo mails
score    MAJORDOMOWHITE -3

# count recipients and score those with Too Many. -cord
describe TO_TOO_MANY To: too many recipients
header   TO_TOO_MANY To =~ /(?:,[^,]{1,80}){5}/
score    TO_TOO_MANY 1

describe TO_WAY_TOO_MANY To: way too many recipients
header   TO_WAY_TOO_MANY To =~ /(?:,[^,]{1,80}){10}/
score    TO_WAY_TOO_MANY 3

describe CC_TOO_MANY CC: too many recipients
header   CC_TOO_MANY CC =~ /(?:,[^,]{1,80}){10}/
score    CC_TOO_MANY 3

score CORRUPT_FROM_LINE_IN_HDRS 0
score FM_DDDD_TIMES_2           0
score FM_SEX_HOSTDDDD           0
score NO_HEADERS_MESSAGE        0
score SARE_HEAD_SUBJ_RAND       0
score SARE_SPEC_PROLEO_M2a      0
score SHACKOUTLOOK              0
score MSGID_FROM_MTA_ID         0
1	don	2	# This configuration file contains lists.debian.org specific rulessets
2
3			# our MTAs fix up headers for a slew of spams, so mark these as suspicious
4			# -- joy, 2003-06-28
5	don	17	# deactivated as this rule is also part of SA itself.
6	joey	120	#header OUR_MTA_MSGID Message-Id =~ /\@(liszt\|master\|gluck)\.debian\.org/
7	don	17	#describe OUR_MTA_MSGID Sounds like a MsgId autogenerated by our MTAs
8			#score OUR_MTA_MSGID 1
9	don	2
10			# -- joy, 2003-08-15
11	joey	120	header SENDER_FOR_US From =~ /\@(liszt\|master\|gluck\|lists)\.debian\.org/
12	don	2	describe SENDER_FOR_US Sounds like a mail aimed at tricking our MTAs
13			score SENDER_FOR_US 2
14
15			# exception... --joy, 2003-07-12
16			header WEBSUBS X-Remote-IP =~ /./
17			describe WEBSUBS Sounds like a subscription request from the web
18			score WEBSUBS -2
19
20			# another exception... --joy, 2003-07-27
21			header SUBSCONFIRM Subject =~ /CONFIRM [su]\d+/
22			describe SUBSCONFIRM Sounds like a subscription request confirmation
23			score SUBSCONFIRM -2
24
25			# some valid autogenerated mail of ours
26			# -- joy, 2003-07-09
27			header OUR_SCRIPTS_1 Orig-From =~ /.+\@debian\.org \(.+ as listmaster\)/
28			describe OUR_SCRIPTS_1 Mail likely generated by .bin/mladmin
29			score OUR_SCRIPTS_1 -5
30
31			# our daily un/subscription report gets ~8 SA points !
32			# lower it to 3
33			# -- zobel, 2006-12-10
34			header _OUR_UNSUB_CHANGES1 Subject =~ /Daily un\/subscription report/
35			meta OUR_UNSUB_CHANGES (_OUR_UNSUB_CHANGES1 && OUR_MTA_MSGID)
36			describe OUR_UNSUB_CHANGES Daily mail sent to listmaster about un/subscriptions
37			score OUR_UNSUB_CHANGES -5
38
39			# exception... --joy, 2003-08-15
40			body MDOMOSUBS /^Request forwarded.$/
41			describe MDOMOSUBS Sounds like a subscription request via majorsmart
42			score MDOMOSUBS -2
43
44			# another exception --joy, 2004-05-27
45			#body OURCRONMAILS Subject =~ /^Cron \<list\@.*\/var\/list\//
46			#describe OURCRONMAILS Sounds like a legitimate cron job mail
47			#score OURCRONMAILS -3
48
49	joey	120	header LISZT_LOCAL_FORWARDED Resent-From =~ /liszt\.debian\.org/
50			describe LISZT_LOCAL_FORWARDED Mail has been locally forwarded.
51			score LISZT_LOCAL_FORWARDED -5
52	don	2
53			# temp work-around for d-l-f
54
55			header RFR Subject =~ /\[RFR\]/
56			describe RFR Request for revision
57			score RFR -5
58
59			# pasc 2004-02-02
60			header AM_REPORT Subject =~ /AM Report for Week Ending/
61			describe AM_REPORT Auto-generated AM summary
62			score AM_REPORT -5
63
64			# automated reports on debian-l10n-french
65			header MURPHY_MIGUS_REPORT Subject =~ /Etat dans le CVS des/
66			describe MURPHY_MIGUS_REPORT Auto-generated report from migus on translations
67			score MURPHY_MIGUS_REPORT -5
68
69			# our own whitelisting of subscribers
70	joey	120	header LDOSUBSCRIBER X-Subscriber-lists.debian.org =~ /./
71	don	2	describe LDOSUBSCRIBER Sender is a lists.debian.org subscriber
72			score LDOSUBSCRIBER -6
73
74	don	309	# whitelist mails to majordomo
75			header MAJORDOMOMAIL Delivered-To =~ /lists-majordomo@/
76			describe MAJORDOMOMAIL mail to major domo
77			score MAJORDOMOMAIL -0.1
78
79			meta MAJORDOMOWHITE (MAJORDOMO && (NOSUBJECT \|\| MISSING_SUBJECT))
80			describe MAJORDOMOWHITE Counteract no subject score for majordomo mails
81			score MAJORDOMOWHITE -3
82
83	cord	368	# count recipients and score those with Too Many. -cord
84			describe TO_TOO_MANY To: too many recipients
85			header TO_TOO_MANY To =~ /(?:,[^,]{1,80}){5}/
86	cord	383	score TO_TOO_MANY 1
87	cord	368
88			describe TO_WAY_TOO_MANY To: way too many recipients
89			header TO_WAY_TOO_MANY To =~ /(?:,[^,]{1,80}){10}/
90	cord	383	score TO_WAY_TOO_MANY 3
91	cord	368
92			describe CC_TOO_MANY CC: too many recipients
93			header CC_TOO_MANY CC =~ /(?:,[^,]{1,80}){10}/
94	cord	383	score CC_TOO_MANY 3
95	cord	368
96	zobel	136	score CORRUPT_FROM_LINE_IN_HDRS 0
97			score FM_DDDD_TIMES_2 0
98			score FM_SEX_HOSTDDDD 0
99			score NO_HEADERS_MESSAGE 0
100			score SARE_HEAD_SUBJ_RAND 0
101			score SARE_SPEC_PROLEO_M2a 0
102			score SHACKOUTLOOK 0
103			score MSGID_FROM_MTA_ID 0