Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
160 lines (121 sloc) 9.35 KB
# SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
#*
#* Note: this file is not read by SpamAssassin until copied into the user
#* directory. At runtime, if a user has no preferences in their home directory
#* already, it will be copied for them, allowing them to perform personalised
#* customisation. If you want to make changes to the site-wide defaults,
#* create a file in /etc/spamassassin or /etc/mail/spamassassin instead.
###########################################################################
# How many points before a mail is considered spam.
required_score 5
# Whitelist and blacklist addresses are now file-glob-style patterns, so
# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
# whitelist_from someone@somewhere.com
# Add your own customised scores for some tests below. The default scores are
# read from the installed spamassassin rules files, but you can override them
# here. To see the list of tests and their default scores, go to
# http://spamassassin.apache.org/tests.html .
#
# score SYMBOLIC_TEST_NAME n.nn
# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost
# definitely want to uncomment the following lines. They will switch off some
# rules that detect 8-bit characters, which commonly trigger on mails using CJK
# character sets, or that assume a western-style charset is in use.
#
# uncommented for Hatena Haiku since there's lots of Japanese users
score HTML_COMMENT_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
score OBSCURED_EMAIL 0
# Speakers of any language that uses non-English, accented characters may wish
# to uncomment the following lines. They turn off rules that fire on
# misformatted messages generated by common mail apps in contravention of the
# email RFCs.
score SUBJ_ILLEGAL_CHARS 0
# Begin Sudofox config
include user_black_and_white_lists
score FROM_ILLEGAL_CHARS 0
score SUBJECT_NEEDS_ENCODING 0
# sports spam
score GAPPY_SUBJECT 3
score TVD_SPACE_RATIO 1
score TVD_SPACE_RATIO_MINFP 1
score LOTS_OF_MONEY 2
score BAYES_99 4
score BAYES_999 4
score ONLINE_PHARMACY 3
score TVD_VISIT_PHARMA 3
# We won't be using email-related spam checks
# since this will be run against Hatena Haiku
score DNS_FROM_AHBL_RHSBL 0
score NO_DNS_FOR_FROM 0
score DKIM_ADSP_NXDOMAIN 0
score NO_RELAYS 0
# Retitle some of the rules to make more sense
describe USER_IN_BLACKLIST Hatena ID is blacklisted
describe USER_IN_WHITELIST Hatena ID is whitelisted
describe HK_RANDOM_FROM Hatena ID looks random
describe FROM_LOCAL_NOVOWEL Hatena ID has no vowels
# Custom stuff
# ........................................................................
header SUDO_HTN_ZERO_FANS X-Hatena-Fan-Count =~ /^0$/
score SUDO_HTN_ZERO_FANS 1.0
describe SUDO_HTN_ZERO_FANS User has no fans
header SUDO_HTN_FEW_FANS X-Hatena-Fan-Count =~ /^([1-9]{1})$/
score SUDO_HTN_FEW_FANS -1.0
describe SUDO_HTN_FEW_FANS User has 1-9 fans - spam less likely
header SUDO_HTN_10_PLUS_FANS X-Hatena-Fan-Count =~ /^([0-9]{2})$/
score SUDO_HTN_10_PLUS_FANS -2.0
describe SUDO_HTN_10_PLUS_FANS User has 10-99 fans - spam unlikely
header SUDO_HTN_100_PLUS_FANS X-Hatena-Fan-Count =~ /^([0-9]{3,})$/
score SUDO_HTN_100_PLUS_FANS -10.0
describe SUDO_HTN_100_PLUS_FANS User has 100+ fans - prob legitimate
header SUDO_HTN_SPORTS_SPAM_1 Subject =~ /^http.*(boxing|stream|champions|playoffs|game|soccer|rugby|espn|watchfree|watch|finals)/
score SUDO_HTN_SPORTS_SPAM_1 3.0
describe SUDO_HTN_SPORTS_SPAM_1 Keyword - URL with sports/streaming-related terms
header SUDO_HTN_SPORTS_SPAM_2 Subect =~ /(boxing|stream|champions|playoffs|soccer|rugby|espn|watchfree|watch|finals)/i
score SUDO_HTN_SPORTS_SPAM_2 3.0
describe SUDO_HTN_SPORTS_SPAM_2 Keyword: sports/streaming-related terms
body SUDO_HTN_SPORTS_SPAM_3 /(boxing|stream|champions|playoffs|soccer|rugby|espn|watchfree|finals)/i
score SUDO_HTN_SPORTS_SPAM_3 2.0
describe SUDO_HTN_SPORTS_SPAM_3 Body: sports/streaming-related terms
body SUDO_HTN_SPORTS_SPAM_4 /http.*(boxing|champions|playoffs|soccer|rugby|espn|watchfree)/
score SUDO_HTN_SPORTS_SPAM_4 1.0
describe SUDO_HTN_SPORTS_SPAM_4 Body: URL with sports/streaming-related terms
header SUDO_HTN_SPORTS_SPAM_5 Subject =~ /.*(stream|watch|free|live|online|tream).*(\w+)\Wvs\W(\w+).*(watch|free|live|online|stream|tream|ream).*/i
score SUDO_HTN_SPORTS_SPAM_5 2.5
describe SUDO_HTN_SPORTS_SPAM_5 Subject: Sports spam
body SUDO_HTN_SPORTS_SPAM_6 /.*(stream|watch|free|live|online|tream).*(\w+)\Wvs\W(\w+).*(watch|free|live|online|stream|tream|ream).*/i
score SUDO_HTN_SPORTS_SPAM_6 2.0
describe SUDO_HTN_SPORTS_SPAM_6 Body: Sports spam
body SUDO_HTN_TV_SPAM_1 /(watch).*(full.movie|full.episode).*/i
score SUDO_HTN_TV_SPAM_1 2.0
describe SUDO_HTN_TV_SPAM_1 Body: Watch TV/movie for free
body SUDO_HTN_MOBGAME_SPAM_1 /((tips.and.cheats|cheats.and.tips)|((unlimited|infinite|[0-9]{4,}).(diamonds|coins|gems)))/i
score SUDO_HTN_MOBGAME_SPAM_1 2.0
describe SUDO_HTN_MOBGAME_SPAM_1 Body: mobile game cheats/hacks
# ........................................................................
header SUDO_HTN_HTTP_KEYWORD Subject =~ /^https?.*/
score SUDO_HTN_HTTP_KEYWORD 1.5
describe SUDO_HTN_HTTP_KEYWORD Keyword is a URL
body __SUDO_HTN_DOT_TK_LINK /http(s|):\/\/[a-z0-9\-\.]+?(?=\.tk)/
describe __SUDO_HTN_DOT_TK_LINK Includes .tk links
body __SUDO_HTN_DATINGWORDS_1 /(dates|dating|matchmaking|hookup|single|cheating)/i
header __SUDO_HTN_DATINGWORDS_2 Subject =~ /(dates|dating|matchmaking|hookup|single|cheating)/i
#score __SUDO_HTN_DATINGWORDS_1 2.5
#score __SUDO_HTN_DATINGWORDS_2 2.5
meta SUDO_HTN_DATINGSPAM_1 __SUDO_HTN_DOT_TK_LINK && ( __SUDO_HTN_DATINGWORDS_1 || __SUDO_HTN_DATINGWORDS_2 )
score SUDO_HTN_DATINGSPAM_1 10
# username contains throwaway mail domain
# spam users wont have any fans, so this should push it over the threshold of five
header SUDO_HTN_TEMP_MAIL_ID From =~ /.*(0celotcom|0clocknet|0clockorg|0fru8te0xkgfpttiga|0hboycom|0hiolcecom|0hionet|0hioorg|0ilsnet|0ilsorg|0koknet|0ld0akcom|0liveorg|0mixmailinfo|0ncenet|0ne0akcom|0nesnet|0nlyorg|0regonorg|0zspgifzboga|10hosttop|10launchedscom|10vpninfo|117yyolfnet|12hostingnet|12storagecom|1blackmooncom|1dmedicalcom|1rentcartop|1shivomcom|1thecitybiz|1webmailinfo|20boxmeorg|2ethernet|2odemcom|2viewerlcom|3etvi1zbiuv9ncf|3fy1rcwevwm4ytk|3pscsr94r3dct1a7ga|41v1relaxncom|456b4564ga|4tbhost|55hostingnet|5musicinfo|5musictop|69postixinfo|6paqcom|7bhmsthextga|7nglhuzdtvga|84rhilv8mm3xut2ga|88cleanpro|8imefdzddciga|99pubblicitacom|9skcqddzppe4ga|a41odgz7jhcom|a84doctorcom|aaaw45ecom|abyssmailcom|acc2t9qnrtga|adipex7zcom|aditusinfo|air2tokencom|akgq701|akgq701com|alienware13|alienware13com|allfamuscom|amadamuscom|amailclub|amailcom|anappthatcom|andreihusanuro|angoplengopcf|annanakalga|ao4ffqtycom|aoalelgl64shfga|apkmdcom|apssdcml|asdhgsadcom|asmsnapwetcom|asonlysextcom|asorentcom|athens5com|atlanticyucom|averdovcom|awsoocom|ax80mailcom|axon7zte|axon7ztecom|axsupnet|b2bxnet|b5safariacom|b6vscarmencom|balanc3rcom|banitclub|banitme|barryogormancom|bcompiled3com|bestvpntop|bigprofessorso|binnarycom|bit2tubecom|bit-degreecom|bitwhitestop|blogfc2com|bloggersxmicom|blogspamro|boximailcom|bt3019kcom|burner-emailcom|buy003com|c1oramncom|candreihusanuro|carbtcnet|carinsio|cars2club|caseedutk|cchatzga|cetpasscom|champmailscom|chaosi0tcom|cheaphubnet|cjpegcom|ckoiecom|cloud99pro|cloud99top|clrmailcom|cmailclub|cobin2hoodcom|cocovpncom|collapse3bcom|coreclipcom|creazionisacom|crusthostcom|crymail2com|crypemail|crypemailinfo|cumanuallyocom|customs2g3com|cutoutclub|d1yuncom|d58pb91com|dahonet|damanikga|datum2com|dayonepw|definingjtlcom|demandsxzcom|deyomcom|dff55dynunet|dfg6kozowcom|dim-coincom|disposablemailscom|divermailcom|dmarcro|dmslovakiatcom|dndentcom|dnsdeercom|dqnwaracom|dr69site|dremixdcom|dress9xcom|drivesotp7com|drivetagdevcom|dsleeping09com|duck2club|dumoacnet|dutiesu0com|dwseedupl|dynunet|e5r6ynr5ga|eblogspamro|ebtukukxnnga|eelmailcom|e-mailboxga|emailnalife|emailopro|emailsecurercom|emailsyinfo|emailurenet|emlprocom|emltmpcom|endrixorg|envy17com|eos2mailcom|etdcr5arsu3ga|eth2btcinfo|ether123net|ethereum1top|ethersportsorg|ethersportzinfo|etoiccom|etzdnetxcom|eu6geneticcom|evyushcom|ewroteedcom|ewupicscom|ezdiroorg|fidelium10com|freeletterme|freemymailorg|furhostcom|gafynet|getapetnet|gmatchorg|go2vpnnet|grandmamailcom|haydoocom|honor-8|hurify1com|ipdeercom|klipschx12|l0realnet|ldahoorg|lenovog4|lgloonet|lgxscreen|lilyleecom|lndexnet|lndexorg|lnvokenet|lslandnet|lucyucom|lvorynet|lvoryorg|matchpoln|mvrhtnet|mymail90com|nadacom|pavilionx2|payperex2|porshnet|promptly700com|putlocker|reftokenn|rupayamailcom|shalarnet|socksnet|tapetnet|tecaseedutk|tempmailus|tinozaorg|travala10com|udmarcro|uscavescom|vidlocker|vpstrafficcom|w22fe21com|wmailclub|xinzk1ulcom|xperiae5|xxqx3802com|yatamaral|yk20com|yuslamailcom).*/
score SUDO_HTN_TEMP_MAIL_ID 4.5
describe SUDO_HTN_TEMP_MAIL_ID Hatena ID contains temp mail domain
# username mentions free webmail domain
# slightly less likely to be spam. Any legit IDs will have at least fans.
header SUDO_HTN_WEBMAIL_ID From =~ /.*(gmailcom|hotmail(com|couk)|ymailco).*/i
score SUDO_HTN_WEBMAIL_ID 4.0
describe SUDO_HTN_WEBMAIL_ID Hatena ID mentions free webmail service
# meta SUDO_HTN_DATING_MAIL_ID SUDO_HTN_WEBMAIL_ID && ( __SUDO_HTN_DATINGWORDS_1 || __SUDO_HTN_DATINGWORDS_2 )