File: 01_test_rules.cf

package info (click to toggle)
spamassassin 4.0.2-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 22,988 kB
  • sloc: perl: 88,863; ansic: 5,193; sh: 3,737; javascript: 339; sql: 295; makefile: 209; python: 49
file content (95 lines) | stat: -rw-r--r-- 5,238 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
# Rules used in the test suite.  This allows us to change the
# main ruleset without breaking the test suite.

# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at:
# 
#     http://www.apache.org/licenses/LICENSE-2.0
# 
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# </@LICENSE>

# This file defines a subset of the default rules that tests can count on
# If you need something else in a test, use tstpre, tstlocalrules, or tstprefs in the test
# instead of adding it here, so tests can be more self-contained and maintainable.

header TEST_NOREALNAME  From =~ /^["\s]*\<?\S+\@\S+\>?\s*$/
describe TEST_NOREALNAME From: does not include a real name
score TEST_NOREALNAME 5

header TEST_ENDSNUMS    From:addr =~ /\D\d{8,}\@/i
describe TEST_ENDSNUMS  From: ends in many numbers
score TEST_ENDSNUMS 5

header TEST_FORGED_YAHOO_RCVD   eval:check_for_forged_yahoo_received_headers()
describe TEST_FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
score TEST_FORGED_YAHOO_RCVD 5

uri TEST_NORMAL_HTTP_TO_IP m{^https?://\d+\.\d+\.\d+\.\d+}i
describe TEST_NORMAL_HTTP_TO_IP      Uses a dotted-decimal IP address in URL
score TEST_NORMAL_HTTP_TO_IP  5

body TEST_EXCUSE_12        /this (?:e?-?mail|message) (?:(?:has )?reached|was sent to) you in error/i
describe TEST_EXCUSE_12    Nobody's perfect
score TEST_EXCUSE_12       5

body TEST_EXCUSE_4         /To Be Removed,? Please/i
describe TEST_EXCUSE_4     Claims you can be removed from the list
score TEST_EXCUSE_4        5

header TEST_INVALID_DATE   Date !~ /^\s*(?:(?i:Mon|Tue|Wed|Thu|Fri|Sat|Sun),\s+)?[0-3\s]?[0-9]\s+(?i:Jan|Feb|Ma[ry]|Apr|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+(?:[12][901])?[0-9]{2}\s+[0-2]?[0-9](?:\:[0-5][0-9]){1,2}\s+(?:[AP]M\s+)?(?:[+-][0-9]{4}|UT|[A-Z]{2,3}T)(?:\s+\(.*\))?\s*$/ [if-unset: Wed, 31 Jul 2002 16:41:57 +0200]
describe TEST_INVALID_DATE Invalid Date: header (not RFC 2822)
score TEST_INVALID_DATE    5

header TEST_MSGID_OUTLOOK_INVALID    eval:check_outlook_message_id()
describe TEST_MSGID_OUTLOOK_INVALID  Message-Id is fake (in Outlook Express format)
score TEST_MSGID_OUTLOOK_INVALID     5

header MISSING_HB_SEP            eval:check_msg_parse_flags('missing_head_body_separator')
describe MISSING_HB_SEP          Missing blank line between message header and body
tflags MISSING_HB_SEP            userconf

header X_MESSAGE_INFO            exists:X-Message-Info
describe X_MESSAGE_INFO          Bulk email fingerprint (X-Message-Info) found

header SORTED_RECIPS             eval:sorted_recipients()
describe SORTED_RECIPS           Recipient list is sorted by address

header SUSPICIOUS_RECIPS eval:similar_recipients('0.65','undef')
describe SUSPICIOUS_RECIPS       Similar addresses in recipient list

body GTUBE               /XJS\*C4JDBQADN1\.NSBN3\*2IDNEN\*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL\*C\.34X/
describe GTUBE           Generic Test for Unsolicited Bulk Email
score GTUBE              1000
tflags GTUBE             userconf noautolearn

header __HAS_MSGID               MESSAGEID =~ /\S/
header __SANE_MSGID              MESSAGEID =~ /^<[^<>\\ \t\n\r\x0b\x80-\xff]+\@[^<>\\ \t\n\r\x0b\x80-\xff]+>\s*$/m
header __MSGID_COMMENT           MESSAGEID =~ /\(.*\)/m
meta INVALID_MSGID               __HAS_MSGID && !(__SANE_MSGID || __MSGID_COMMENT)
describe INVALID_MSGID           Message-Id is not valid, according to RFC 2822
score INVALID_MSGID              2.999 2.603 2.489 1.900

header TEST_MSGID_SPAM_CAPS      Message-ID =~ /^\s*<?[A-Z]+\@(?!(?:mailcity|whowhere)\.com)/
score TEST_MSGID_SPAM_CAPS       5

header INVALID_DATE              Date !~ /^\s*(?:(?i:Mon|Tue|Wed|Thu|Fri|Sat|Sun),\s)?\s*(?:[12]\d|3[01]|0?[1-9])\s+(?i:Jan|Feb|Ma[ry]|Apr|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+(?:19[7-9]\d|2\d{3})\s+(?:[01]?\d|2[0-3])\:[0-5]\d(?::(?:[0-5]\d|60))?(?:\s+[AP]M)?(?:\s+(?:[+-][0-9]{4}|UT|[A-Z]{2,3}T|0000 GMT|"GMT"))?(?:\s*\(.*\))?\s*$/m [if-unset: Wed, 31 Jul 2002 16:41:57 +0200]
describe INVALID_DATE            Invalid Date: header (not RFC 2822)
score INVALID_DATE               2.303 1.651 1.329 1.245

redirector_pattern      /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
redirector_pattern      /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
redirector_pattern      /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
redirector_pattern      /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
redirector_pattern      /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
redirector_pattern      m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i
redirector_pattern      m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i