# This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # # Only a small subset of options are listed below # # Test who's sending to us- # Received =~ /addr\.to\.test\.com by mail\.(crosswell|redbus)\.holtain\.net/ ########################################################################### # Add *****SPAM***** to the Subject header of spam e-mails # rewrite_header Subject ***SPAM*** # Modify Status header # remove_header all Status add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ autolearn=_AUTOLEARN_" # Add a full report header # add_header all Report "_REPORT_" # Add a relays untrusted header # add_header all Relays-Untrusted _RELAYSUNTRUSTED_ # Add language header # add_header all Language _LANGUAGES_ # Add DKIM header # add_header all DKIM-i _DKIMIDENTITY_ add_header all DKIM-d _DKIMDOMAIN_ # Save spam messages as a message/rfc822 MIME attachment instead of # modifying the original message (0: off, 2: use text/plain instead) # # report_safe 1 # Set which networks or hosts are considered 'trusted' by your mail # server (i.e. not spammers) # trusted_networks 217.146.107.40 217.146.109.176/28 internal_networks 217.146.107.40 217.146.109.176/28 # Set file-locking method (flock is not safe over NFS, but is faster) # # lock_method flock # Set the threshold at which a message is considered spam (default: 5.0) # required_score 4.5 # Use Bayesian classifier (default: 1) # use_bayes 1 bayes_path /home/spamtest/.spamassassin/bayes bayes_file_mode 0777 bayes_min_spam_num 50 bayes_min_ham_num 100 # Bayesian classifier auto-learning (default: 1) # bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 6 # score BAYES_00 -2 # score BAYES_05 -1 # score BAYES_95 3 # score BAYES_99 4 add_header all Bayes bayes=_BAYES_, _TOKENSUMMARY_, ham=(_HAMMYTOKENS(5,short)_), spam=(_SPAMMYTOKENS(5,short)_) # Set headers which may provide inappropriate cues to the Bayesian # classifier # bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status #Specify languages # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. ok_languages en de es fr it # Mail using locales used in these country codes will not be marked # as being possibly spam in a foreign language. ok_locales en de es fr it score UNWANTED_LANGUAGE_BODY 0.8 # Whitelist senders whitelist_from caio_roberts@hotmail.com whitelist_from *@prioryvetscardigan.co.uk whitelist_from *@pawsinwales.com whitelist_from *@eljones.org.uk whitelist_from rfanimalphysio@gmail.com whitelist_from kathleenfrench64@gmail.com whitelist_from cooperoliver@hotmail.com whitelist_from dasuk1@hotmail.com whitelist_from telandsue42@outlook.com whitelist_from callumgoldsmith@gmail.com whitelist_from rachel@browndogtraining.co.uk whitelist_from howard.homewest@btinternet.com whitelist_from rachel.brown@sppot.co.uk whitelist_from luciferlandy@gmail.com whitelist_from speedway@img.com whitelist_from speedway@imgworld.com whitelist_from wordpress@zap-map.com whitelist_from rhiansianjones73@hotmail.com whitelist_from junejeon@s-logibis.com whitelist_from medikjaya@gmail.com whitelist_from southernmetrology@gmail.com whitelist_from helen.976@btinternet.com whitelist_from livelyredjellybean@hotmail.co.uk whitelist_from contactsppot@gmail.com whitelist_from *.seritex.com whitelist_from *@taylorengineeringuk.com whitelist_from admin@adultebookshop.com whitelist_from dsllewellyn@hotmail.com whitelist_from chalet.montegut@wanadoo.fr whitelist_from chasmmiddleton@gmail.com whitelist_from thanadecha@yahoo.com whitelist_from *@allfourpawstraining.com whitelist_from *@fbi-medizintechnik.de whitelist_from *@togglemobile.co.uk whitelist_from sales@woodcaredirect.co.uk whitelist_from sppotdog@gmail.com whitelist_from sppot.rachel@gmail.com whitelist_from enquiries.sppot@gmail.com whitelist_from scarletrover22@aol.com whitelist_from peaseanthony@aol.com whitelist_from tthomas@altron.co.uk whitelist_from simon@msg.uk.com whitelist_from djhadley1@aol.co.uk whitelist_from *.rs-components.com whitelist_from GPJCONSULT@aol.com whitelist_from sales@wessexmetrology.com whitelist_from craigssutton@hotmail.co.uk whitelist_from marktgb7@yahoo.co.uk whitelist_from *.prism-ifm.co.uk whitelist_from *@atlassupplymed.es whitelist_from thame@johnclegg.co.uk whitelist_from player@national-lottery.co.uk whitelist_from *.seritex.com whitelist_from p.morgan@skm.org.uk whitelist_from huw@selectfor.com whitelist_from *@cnapan.co.uk whitelist_from *@whatkatiedid.com whitelist_from apache@webserver.sysexcel.com whitelist_from *@portableuniverse.co.uk whitelist_from elizabethcarey@btinternet.com whitelist_from MAILER-DAEMON@mail.redbus.holtain.net whitelist_from vehicles.mailer@brightwells.com whitelist_from itpro.site-editor@dennisnet.co.uk whitelist_from MartinsMoneyTips@moneysavingexpert.com whitelist_from bounce@email2.moneysavingexpert.com whitelist_from bounce@tips2.moneysavingexpert.com whitelist_from newsletter-respond@developershed.com whitelist_from ssmedical@satyam.net.in whitelist_from *@queralto.com whitelist_from spamcop@devnull.spamcop.net whitelist_from TICKETALERT@GETMEIN.COM whitelist_from mailer@ironmaiden.com whitelist_from *@grupotaper.com whitelist_from *@queralto.es whitelist_from *@popspride.co.uk whitelist_from miro.1@talktalk.net whitelist_from metalfinishing@btconnect.com whitelist_from webservice@multiquote.com whitelist_from GFitzgerald@boxability.co.uk whitelist_from info@arromanches-hotel.com whitelist_from dgambrill@ntlworld.com whitelist_from mteam@tiscali.co.uk whitelist_from *@miss-candyfloss.com whitelist_from mudplugv8@btinternet.com whitelist_from tricia.fox@hotmail.co.uk whitelist_from robertholding@hotmail.co.uk whitelist_from sales@williamboulton.co.uk whitelist_from popspride@gmail.com whitelist_from muse_darkshines@hotmail.co.uk whitelist_from jumbo@woodpark-offroad.com # Blacklist senders blacklist_from *@mediabuzzmail.co.uk blacklist_from *@*.edietsuk.com blacklist_from info@marearock.com # Modified scores score STRONG_BUY 3.3 score NO_RELAYS -0.9 score DYN_RDNS_AND_INLINE_IMAGE 0.95 score RCVD_IN_PBL 0.5 score URI_NO_WWW_INFO_CGI 0.5 score MISSING_MIMEOLE 0.5 score CHARSET_FARAWAY 1.2 score CHARSET_FARAWAY_HEADER 1.2 score MIME_CHARSET_FARAWAY 1.2 # Custom tests mimeheader __AS_090505_CDIS_INLINE Content-Disposition =~ /inline/ describe __AS_090505_CDIS_INLINE Rule by AS: Content-Disposition: inline mimeheader __AS_090508_CTYP_PNG Content-Type =~ /image\/png/ describe __AS_090508_CTYP_PNG Rule by AS: Content-Type: PNG meta AS_090508_PNGSPAM (!AWL && __AS_090505_CDIS_INLINE && __AS_090508_CTYP_PNG) score AS_090508_PNGSPAM 2 describe AS_090508_PNGSPAM Rule by AS: Probably an Inline PNG spam meta NH_PBL_PNGSPAM (__AS_090508_CTYP_PNG && RCVD_IN_PBL) score NH_PBL_PNGSPAM 1.9 describe NH_PBL_PNGSPAM Inline PNG from PBL listed addr header __NH_RCVD_IN_HOLTRBL eval:check_rbl('holtrbl-lastexternal','rbl.holtain.net.') describe __NH_RCVD_IN_HOLTRBL Received from a source previously blocked at rbl.holtain.net tflags __NH_RCVD_IN_HOLTRBL net header __NH_HOLTRBL_X1 eval:check_rbl_sub('holtrbl-lastexternal','127.0.0.2') describe __NH_HOLTRBL_X1 Received from a source listed once at rbl.holtain.net tflags __NH_HOLTRBL_X1 net header __NH_HOLTRBL_X2 eval:check_rbl_sub('holtrbl-lastexternal','127.0.0.3') describe __NH_HOLTRBL_X2 Received from a source listed twice at rbl.holtain.net tflags __NH_HOLTRBL_X2 net header __NH_HOLTRBL_X3 eval:check_rbl_sub('holtrbl-lastexternal','127.0.0.4') describe __NH_HOLTRBL_X3 Received from a source listed 3 times at rbl.holtain.net tflags __NH_HOLTRBL_X3 net header __NH_HOLTRBL_X4 eval:check_rbl_sub('holtrbl-lastexternal','127.0.0.5') describe __NH_HOLTRBL_X4 Received from a source listed 4 times or more at rbl.holtain.net tflags __NH_HOLTRBL_X4 net header __NH_CURR_IN_HOLTRBL eval:check_rbl_txt('holtrbl-lastexternal','rbl.holtain.net.') describe __NH_CURR_IN_HOLTRBL Received from a source Currently at rbl.holtain.net tflags __NH_CURR_IN_HOLTRBL net meta NH_HOLTRBL_ONCE (__NH_HOLTRBL_X1) describe NH_HOLTRBL_ONCE Received from a source listed once at rbl.holtain.net tflags NH_HOLTRBL_ONCE net score NH_HOLTRBL_ONCE 1.3 meta NH_HOLTRBL_TWICE (__NH_HOLTRBL_X2) describe NH_HOLTRBL_TWICE Received from a source listed twice at rbl.holtain.net tflags NH_HOLTRBL_TWICE net score NH_HOLTRBL_TWICE 1.6 meta NH_HOLTRBL_THRICE (__NH_HOLTRBL_X3) describe NH_HOLTRBL_THRICE Received from a source listed 3 times at rbl.holtain.net tflags NH_HOLTRBL_THRICE net score NH_HOLTRBL_THRICE 2.0 meta NH_HOLTRBL_4PLUS (__NH_HOLTRBL_X4) describe NH_HOLTRBL_4PLUS Received from a source listed 4 times or more at rbl.holtain.net tflags NH_HOLTRBL_4PLUS net score NH_HOLTRBL_4PLUS 2.5 mimeheader NH_RUSSIAN Content-Type =~ /charset="?koi8-r/i score NH_RUSSIAN 2.5 describe NH_RUSSIAN Cyrllic character set mimeheader NH_CHINESE Content-Type =~ /charset="?gb2312/i score NH_CHINESE 2.5 describe NH_CHINESE Chinese character set mimeheader NH_CYRILLIC Content-Type =~ /charset="?windows-1251/i score NH_CYRILLIC 1.5 describe NH_CYRILLIC Windows-1251 character set header __NH_PHP X-Mailer =~ /PHP/ describe __NH_PHP Sent by PHP mailer mimeheader __NH_RTF Content-Type =~ /name=.*rtf/ describe __NH_RTF RTF attachment meta NH_PHP_RTF (__NH_PHP && __NH_RTF) score NH_PHP_RTF 2.0 describe NH_PHP_RTF RTF attachment from PHP mailer meta NH_PHP_PNG (__NH_PHP && __AS_090508_CTYP_PNG) score NH_PHP_PNG 2.0 describe NH_PHP_PNG PNG attachment from PHP mailer header NH_DYN_TELITALIA X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^ ]*dynamic.*retail\.telecomitalia\.it/i score NH_DYN_TELITALIA 1.5 describe NH_DYN_TELITALIA Received from a Telecomitalia dynamic IP address header NH_TOPICA X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^ ]*topica-/i score NH_TOPICA 1.61 describe NH_TOPICA Received directly from dynamic topica address header NH_TDIALIN X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^ ]*dip\.t-dialin\.net/i score NH_TDIALIN 1.61 describe NH_TDIALIN Received directly from dynamic t-dialin.net address header NH_NET24_IT X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=adsl-[^ ]*net24\.it/i score NH_NET24_IT 1.6 describe NH_NET24_IT Received directly from dynamic net24.it address header NH_ALICEDSL_DE X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^ ]*adsl\.alicedsl\.de/i score NH_ALICEDSL_DE 1.6 describe NH_ALICEDSL_DE Received directly fron Alice Germany ADSL header NH_BID_DATE Return-Path =~ /\.(outbue\.com|shop|date|bid|host|online|club|info|fun|icu)>/i score NH_BID_DATE 2.6 describe NH_BID_DATE Received from .host, .bid, .shop, .club, .online, .info, .fun, .icu or .date header NH_TIPCONNECT X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^ ]*dip.\.t-ipconnect\.de/i score NH_TIPCONNECT 1.61 describe NH_TIPCONNECT Received directly from dynamic t-ipconnect.de address header NH_TICKETMASTER X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^ ]*mm.\.ticketmaster\.com/i score NH_TICKETMASTER -1.75 describe NH_TICKETMASTER Received from Ticketmaster header __NH_YAHOO_GROUP X-Yahoo-Newman-Property =~ /^groups/ describe __NH_YAHOO_GROUP Received from a Yahoo Group header __NH_YAHOO X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^ ]*yahoo\.com/i describe __NH_YAHOO yahoo.com most recent untrusted host meta NH_YAHOO (__NH_YAHOO && !__NH_YAHOO_GROUP) score NH_YAHOO 1.7 describe NH_YAHOO yahoo.com most recent untrusted host & not group mail header __NH_BLANK_SUB Subject =~ /^\s*$/ describe __NH_BLANK_SUB Subject is blank meta NH_EMPTY_SUB (__HAS_SUBJECT && __NH_BLANK_SUB) score NH_EMPTY_SUB 1.5 describe NH_EMPTY_SUB Subject: is empty header __NH_BLANK_TO To =~ /^\s*$/ describe __NH_BLANK_TO To is blank meta NH_EMPTY_TO (__NH_BLANK_TO && !MISSING_HEADERS) describe NH_EMPTY_TO To: is empty score NH_EMPTY_TO 2.0 full NH_FALSE_OPTIN /\bmiana\b/i score NH_FALSE_OPTIN 1.5 describe NH_FALSE_OPTIN Message from a false optin source header __NH_LEASE Subject =~ /\b(lease|leasing)\b/i describe __NH_LEASE Sublect contains "lease" header __NH_HIRE Subject =~ /\bhire\b/i describe __NH_HIRE Subject contains "hire" header __NH_VEHICLE Subject =~ /\b(vehicle|car)s?\b/i describe __NH_VEHICLE Sublect contains "vehicle or car" meta NH_VEHICLE ((__NH_LEASE || __NH_HIRE) && __NH_VEHICLE) score NH_VEHICLE 2.0 describe NH_VEHICLE Vehicle lease or hire offer header NH_ESHOT Organization =~ /\beshot\b/i score NH_ESHOT 1.8 describe NH_ESHOT eShot mailshot header NH_SECURITY Subject =~ /\bsecurity\b/i score NH_SECURITY 0.8 describe NH_SECURITY Security alert header NH_JEAN_PATRIQUE From =~ /Jean Patrique/i score NH_JEAN_PATRIQUE 2.0 describe NH_JEAN_PATRIQUE Spam from Jean Patrique header NH_HOTMAIL X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^ ]*hotmail\.com/i describe NH_HOTMAIL hotmail.com most recent untrusted host score NH_HOTMAIL 1.5 header __NH_FEDEX_SERVER X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^ ]*fedex\.com/i describe __NH_FEDEX_SERVER fedex.com most recent untrusted host header __NH_FROM_FEDEX From =~ /\@fedex\.com\b/i describe __NH_FROM_FEDEX From fedex address meta FEDEX_SPAM (__NH_FROM_FEDEX && !__NH_FEDEX_SERVER) describe FEDEX_SPAM Spam perporting to be from fedex score FEDEX_SPAM 1.5 urirhssub SEM_URIRED urired.spameatingmonkey.net. A 2 body SEM_URIRED eval:check_uridnsbl('SEM_URIRED') describe SEM_URIRED Contains a URI listed by SEM-URIRED tflags SEM_URIRED net score SEM_URIRED 0.5 urirhssub SEM_FRESH fresh.spameatingmonkey.net. A 2 body SEM_FRESH eval:check_uridnsbl('SEM_FRESH') describe SEM_FRESH Contains a domain registered less than 5 days ago tflags SEM_FRESH net score SEM_FRESH 0.5 header NH_NORTON To =~ /\bnorton\b/i describe NH_NORTON To Niamh Norton score NH_NORTON 1.5 header NH_BRACK_RECP_SUB Subject =~ /^\(.*@/ describe NH_BRACK_RECP_SUB Subject is bracketed email address score NH_BRACK_RECP_SUB 2.0 header NH_CHATURBATE From =~ /chaturbate/i describe NH_CHATURBATE From Chaturbate score NH_CHATURBATE 2.5 header NH_BITCOIN Subject =~ /\bbitcoin/i describe NH_BITCOIN Subject contains Bitcoin score NH_BITCOIN 2.0 header NH_DOT_LOAN X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^ ].loan\b/i describe NH_DOT_LOAN *.loan most recent untrusted host score NH_DOT_LOAN 1.5 ifplugin Mail::SpamAssassin::Plugin::DNSEval header __RCVD_IN_BRBL eval:check_rbl('brbl', 'bb.barracudacentral.org') tflags __RCVD_IN_BRBL net header __RCVD_IN_BRBL_2 eval:check_rbl_sub('brbl', '127.0.0.2') meta RCVD_IN_BRBL __RCVD_IN_BRBL_2 && !RCVD_IN_BRBL_LASTEXT describe RCVD_IN_BRBL Received is listed in Barracuda RBL bb.barracudacentral.org score RCVD_IN_BRBL 1.2 tflags RCVD_IN_BRBL net header RCVD_IN_BRBL_LASTEXT eval:check_rbl('brbl-lastexternal', 'bb.barracudacentral.org') describe RCVD_IN_BRBL_LASTEXT Last external is listed in Barracuda RBL bb.barracudacentral.org score RCVD_IN_BRBL_LASTEXT 2.2 tflags RCVD_IN_BRBL_LASTEXT net endif # Disabled tests