Contents of /trunk/spamassassin_config/common/list_specific

# This configuration file contains lists.debian.org specific rulessets

# our MTAs fix up headers for a slew of spams, so mark these as suspicious
# -- joy, 2003-06-28
# deactivated as this rule is also part of SA itself.
#header OUR_MTA_MSGID           Message-Id =~ /\@(bendel|master|gluck)\.debian\.org/
#describe OUR_MTA_MSGID         Sounds like a MsgId autogenerated by our MTAs
#score OUR_MTA_MSGID            1

# -- joy, 2003-08-15
header SENDER_FOR_US    From =~ /\@(bendel|master|gluck|lists)\.debian\.org/
describe SENDER_FOR_US  Sounds like a mail aimed at tricking our MTAs
score SENDER_FOR_US     2

# exception... --joy, 2003-07-12
header WEBSUBS                  X-Remote-IP =~ /./
describe WEBSUBS                Sounds like a subscription request from the web
score WEBSUBS                   -2

# another exception... --joy, 2003-07-27
header SUBSCONFIRM              Subject =~ /CONFIRM [su]\d+/
describe SUBSCONFIRM            Sounds like a subscription request confirmation
score SUBSCONFIRM               -2

# some valid autogenerated mail of ours
# -- joy, 2003-07-09
header OUR_SCRIPTS_1            Orig-From =~ /.+\@debian\.org \(.+ as listmaster\)/
describe OUR_SCRIPTS_1          Mail likely generated by .bin/mladmin
score OUR_SCRIPTS_1             -5

# our daily un/subscription report gets ~8 SA points !
# lower it to 3
# -- zobel, 2006-12-10
header _OUR_UNSUB_CHANGES1      Subject =~ /Daily un\/subscription report/
meta OUR_UNSUB_CHANGES          (_OUR_UNSUB_CHANGES1 && OUR_MTA_MSGID)
describe OUR_UNSUB_CHANGES      Daily mail sent to listmaster about un/subscriptions
score OUR_UNSUB_CHANGES         -5

# exception... --joy, 2003-08-15
body MDOMOSUBS          /^Request forwarded.$/
describe MDOMOSUBS      Sounds like a subscription request via majorsmart
score MDOMOSUBS         -2

# another exception --joy, 2004-05-27
#body OURCRONMAILS      Subject =~ /^Cron \<list\@.*\/var\/list\//
#describe OURCRONMAILS  Sounds like a legitimate cron job mail
#score OURCRONMAILS     -3

header BENDEL_LOCAL_FORWARDED   Resent-From =~ /bendel\.debian\.org/
describe BENDEL_LOCAL_FORWARDED Mail has been locally forwarded.
score BENDEL_LOCAL_FORWARDED    -5

# temp work-around for d-l-f

header RFR  Subject =~ /\[RFR\]/
describe RFR Request for revision
score RFR -5

# pasc 2004-02-02
header AM_REPORT        Subject =~ /AM Report for Week Ending/
describe AM_REPORT      Auto-generated AM summary
score AM_REPORT         -5

# automated reports on debian-l10n-french
header MURPHY_MIGUS_REPORT      Subject =~ /Etat dans le CVS des/
describe MURPHY_MIGUS_REPORT    Auto-generated report from migus on translations
score MURPHY_MIGUS_REPORT       -5

# our own whitelisting of subscribers
header LDOSUBSCRIBER            X-Subscriber-lists.debian.org =~ /./
describe LDOSUBSCRIBER          Sender is a lists.debian.org subscriber
score LDOSUBSCRIBER             -6

# whitelist mails to majordomo
header MAJORDOMOMAIL    Delivered-To =~ /lists-majordomo@/
describe MAJORDOMOMAIL  mail to major domo
score MAJORDOMOMAIL     -0.1

meta     MAJORDOMOWHITE (MAJORDOMO && (NOSUBJECT || MISSING_SUBJECT))
describe MAJORDOMOWHITE Counteract no subject score for majordomo mails
score    MAJORDOMOWHITE -3

# count recipients and score those with Too Many. -cord
describe TO_TOO_MANY To: too many recipients
header   TO_TOO_MANY To =~ /(?:,[^,]{1,80}){5}/
score    TO_TOO_MANY 1

describe TO_WAY_TOO_MANY To: way too many recipients
header   TO_WAY_TOO_MANY To =~ /(?:,[^,]{1,80}){10}/
score    TO_WAY_TOO_MANY 3

describe CC_TOO_MANY CC: too many recipients
header   CC_TOO_MANY CC =~ /(?:,[^,]{1,80}){10}/
score    CC_TOO_MANY 3

score CORRUPT_FROM_LINE_IN_HDRS 0
score FM_DDDD_TIMES_2           0
score FM_SEX_HOSTDDDD           0
score NO_HEADERS_MESSAGE        0
score SARE_HEAD_SUBJ_RAND       0
score SARE_SPEC_PROLEO_M2a      0
score SHACKOUTLOOK              0
score MSGID_FROM_MTA_ID         0
1	# This configuration file contains lists.debian.org specific rulessets
2
3	# our MTAs fix up headers for a slew of spams, so mark these as suspicious
4	# -- joy, 2003-06-28
5	# deactivated as this rule is also part of SA itself.
6	#header OUR_MTA_MSGID Message-Id =~ /\@(bendel\|master\|gluck)\.debian\.org/
7	#describe OUR_MTA_MSGID Sounds like a MsgId autogenerated by our MTAs
8	#score OUR_MTA_MSGID 1
9
10	# -- joy, 2003-08-15
11	header SENDER_FOR_US From =~ /\@(bendel\|master\|gluck\|lists)\.debian\.org/
12	describe SENDER_FOR_US Sounds like a mail aimed at tricking our MTAs
13	score SENDER_FOR_US 2
14
15	# exception... --joy, 2003-07-12
16	header WEBSUBS X-Remote-IP =~ /./
17	describe WEBSUBS Sounds like a subscription request from the web
18	score WEBSUBS -2
19
20	# another exception... --joy, 2003-07-27
21	header SUBSCONFIRM Subject =~ /CONFIRM [su]\d+/
22	describe SUBSCONFIRM Sounds like a subscription request confirmation
23	score SUBSCONFIRM -2
24
25	# some valid autogenerated mail of ours
26	# -- joy, 2003-07-09
27	header OUR_SCRIPTS_1 Orig-From =~ /.+\@debian\.org \(.+ as listmaster\)/
28	describe OUR_SCRIPTS_1 Mail likely generated by .bin/mladmin
29	score OUR_SCRIPTS_1 -5
30
31	# our daily un/subscription report gets ~8 SA points !
32	# lower it to 3
33	# -- zobel, 2006-12-10
34	header _OUR_UNSUB_CHANGES1 Subject =~ /Daily un\/subscription report/
35	meta OUR_UNSUB_CHANGES (_OUR_UNSUB_CHANGES1 && OUR_MTA_MSGID)
36	describe OUR_UNSUB_CHANGES Daily mail sent to listmaster about un/subscriptions
37	score OUR_UNSUB_CHANGES -5
38
39	# exception... --joy, 2003-08-15
40	body MDOMOSUBS /^Request forwarded.$/
41	describe MDOMOSUBS Sounds like a subscription request via majorsmart
42	score MDOMOSUBS -2
43
44	# another exception --joy, 2004-05-27
45	#body OURCRONMAILS Subject =~ /^Cron \<list\@.*\/var\/list\//
46	#describe OURCRONMAILS Sounds like a legitimate cron job mail
47	#score OURCRONMAILS -3
48
49	header BENDEL_LOCAL_FORWARDED Resent-From =~ /bendel\.debian\.org/
50	describe BENDEL_LOCAL_FORWARDED Mail has been locally forwarded.
51	score BENDEL_LOCAL_FORWARDED -5
52
53	# temp work-around for d-l-f
54
55	header RFR Subject =~ /\[RFR\]/
56	describe RFR Request for revision
57	score RFR -5
58
59	# pasc 2004-02-02
60	header AM_REPORT Subject =~ /AM Report for Week Ending/
61	describe AM_REPORT Auto-generated AM summary
62	score AM_REPORT -5
63
64	# automated reports on debian-l10n-french
65	header MURPHY_MIGUS_REPORT Subject =~ /Etat dans le CVS des/
66	describe MURPHY_MIGUS_REPORT Auto-generated report from migus on translations
67	score MURPHY_MIGUS_REPORT -5
68
69	# our own whitelisting of subscribers
70	header LDOSUBSCRIBER X-Subscriber-lists.debian.org =~ /./
71	describe LDOSUBSCRIBER Sender is a lists.debian.org subscriber
72	score LDOSUBSCRIBER -6
73
74	# whitelist mails to majordomo
75	header MAJORDOMOMAIL Delivered-To =~ /lists-majordomo@/
76	describe MAJORDOMOMAIL mail to major domo
77	score MAJORDOMOMAIL -0.1
78
79	meta MAJORDOMOWHITE (MAJORDOMO && (NOSUBJECT \|\| MISSING_SUBJECT))
80	describe MAJORDOMOWHITE Counteract no subject score for majordomo mails
81	score MAJORDOMOWHITE -3
82
83	# count recipients and score those with Too Many. -cord
84	describe TO_TOO_MANY To: too many recipients
85	header TO_TOO_MANY To =~ /(?:,[^,]{1,80}){5}/
86	score TO_TOO_MANY 1
87
88	describe TO_WAY_TOO_MANY To: way too many recipients
89	header TO_WAY_TOO_MANY To =~ /(?:,[^,]{1,80}){10}/
90	score TO_WAY_TOO_MANY 3
91
92	describe CC_TOO_MANY CC: too many recipients
93	header CC_TOO_MANY CC =~ /(?:,[^,]{1,80}){10}/
94	score CC_TOO_MANY 3
95
96	score CORRUPT_FROM_LINE_IN_HDRS 0
97	score FM_DDDD_TIMES_2 0
98	score FM_SEX_HOSTDDDD 0
99	score NO_HEADERS_MESSAGE 0
100	score SARE_HEAD_SUBJ_RAND 0
101	score SARE_SPEC_PROLEO_M2a 0
102	score SHACKOUTLOOK 0
103	score MSGID_FROM_MTA_ID 0