#This file was generated automatically #include local.rul if (letterpairs("Body","52","11")) then call spamdetect(1.0,"Suspicious Character Pairs") if (letterpairs("Body","52","25")) then call spamdetect(2.0,"Suspicious Character Pairs") end if end if if (exists("X-ORBS-Stamp")) then if (isin("X-ORBS-Stamp", "SpamCop")) then call spamdetect(2.550000, "Server blacklisted SpamCop") end if if (rexp("head", "ORDB")) then call spamdetect(1.500000, "Server blacklisted ORDB") end if if (rexp("head", "Five-Ten-SG")) then call spamdetect(2.550000, "Server blacklisted Five-Ten-SG") end if if (rexp("head", "SpamCop")) then call spamdetect(2.550000, "Server blacklisted SpamCop") end if if (rexp("head", "DNSRBL")) then call spamdetect(2.000000, "Server blacklisted DNSRBL") end if if (rexp("head", "SPAMHAUS")) then call spamdetect(5.500000, "Server blacklisted SPAMHAUS") end if if (rexp("head", "Habeas")) then call spamdetect(2.000000, "Server on Habeas blacklist") if (exists("X-Habeas-SWE-3")) then call spamdetect(20.000000, "Fake Habeas Mark!") end if end if if (rexp("head", "NJABL")) then call spamdetect(1.500000, "Server blacklisted NJABL") end if if (rexp("head", "DSBL")) then call spamdetect(1.000000, "Server blacklisted DSBL") end if if (rexp("head", "Country-China")) then call spamdetect(1.500000, "Server blacklisted DSBL(China)") end if end if if (exists("X-DNS-Paranoid")) then call spamdetect(1.0, "Sending mail server's IP address does not have a matching reverse entry") end if if (rexp("X-FromBlackList", "http://www.rfc-ignorant.org")) then call spamdetect(1.0000000, "Domain is listed as RFC Ignorant") end if if (rexp("Received", "MailMXPro")) then call spamdetect(3.500000, "Spam program - MailMXPro") end if if (rexp("Subject", "\#NET\ FOLDERS\#:")) then call spamdetect(-50.000000, "Outlook Synchronization Message - Allow no matter how spammy it may look") end if if (rexp("X-Mailer", "mPOP\ Web-Mail\ 2\.19")) then call spamdetect(2.000000, "mPOP - abused webmail client found") end if if (rexp("body", "mddelivers")) then call spamdetect(4.000000, "mddelivers.com - Known spammer!") end if if (rexp("body", "without\ a\ prescription")) then call spamdetect(2.500000, "druges without prescription - likely spam") end if if (rexp("body", "without\ prescription")) then call spamdetect(2.500000, "druges without a prescription - likely spam") end if if (rexp("body", "top\ painkillers")) then call spamdetect(2.500000, "top painkillers? - likely spam") end if if (rexp("Subject", "penis")) then call spamdetect(4.000000, "Penis in subject - likely spam") end if if (rexp("body", "banned\.cd")) then call spamdetect(4.000000, "Banned CD? - likely spam") end if if (rexp("body", "amooor\.net")) then call spamdetect(4.000000, "amooor.net IS spam") end if if (rexp("body", "mypillsource\.com")) then call spamdetect(5.000000, "mypillsource.com IS spam") end if if (rexp("body", "banned\ cd")) then call spamdetect(4.000000, "Banned CD? - likely spam") end if if (rexp("Subject", "viagra")) then call spamdetect(4.000000, "Viagra in subject - likely spam") end if if (exists("From")) then if (!rexp_case("From", "(?:\"[^\"]+\"|\S+)\@\S+\.\S+|<\S+(\!\S+){1,}>")) then call spamdetect(2.000000, "From: has a malformed address") end if end if if (rexp("Subject", "FREE")) then call spamdetect(1.000000, "Something is free? Sure it is...") end if if (rexp("Subject", "SAVE")) then call spamdetect(1.000000, "You're going to save me money?") end if if (rexp("Subject", "protect\ yourself")) then call spamdetect(1.000000, "Do you really need email telling you to protect yourself?") end if if (rexp("Subject", "This\ worked\ for\ me")) then call spamdetect(1.500000, "If this really worked for you, you wouldn't be telling everyone about it!") end if if (rexp("Subject", "enlarge\ your")) then call spamdetect(2.500000, "Email can't enlarge anything except your mailbox!") end if if (rexp("X-Habeas-SWE-4", "Copyright\ 2002\ Habeas")) then call spamdetect(-6.100000, "Habeas SWE Copyright Mark - Warranted to not be spam!") end if if (rexp("Subject", "Invest\ in\ gold")) then call spamdetect(1.000000, "Invest in gold? Sure...") end if if (rexp("From", "newsletters\.online\.com")) then call spamdetect(-8.000000, "CNET and other newsletters, they are ok") end if if (rexp("body","THIS\ IS\ NOT\ SPAM")) then call spamdetect(2.000000, "This is not spam - Yeah, right.") end if if (rexp("body","le\.\.TV")) then call spamdetect(2.500000, "Cable TV? Probably free... Yeah, right.") end if if (rexp("body","cableTV")) then call spamdetect(2.500000, "Cable TV? Probably free... Yeah, right.") end if if (rexp("body","vano-soft\.biz")) then call spamdetect(5.000000, "vano-soft.biz IS spam!!!") end if if (rexp("body", "100\%\ guaranteed")) then call spamdetect(2.000000, "One hundred percent guaranteed - Oh really?") end if if (rexp("body", "pharmacourt\.biz")) then call spamdetect(40.000000, "pharmacourt.biz forges Habeas!") end if if (rexp("body", "pharmawharehouse\.biz")) then call spamdetect(40.000000, "pharmawharehouse.biz forges Habeas!") end if if (rexp("body", "valuepointmeds\.biz")) then call spamdetect(40.000000, "valuepointmeds.biz forges Habeas!") end if if (rexp("urls", "\.tv")) then call spamdetect(3.500000, "Spam URL? Most .tv domains are spammy") end if if (rexp("urls", "\.biz")) then call spamdetect(3.500000, "Spam URL? Most .biz domains are spammy") end if if (rexp("urls", "\.tw")) then call spamdetect(2.500000, "Spam URL? Many .tw domains are spammy") end if if (rexp("urls", "\.us")) then call spamdetect(1.500000, "Spam URL? Some .us domains are spammy") end if if (rexp("body","eoffer")) then call spamdetect(1.600000, "Eoffer? Sounds like spam!") end if if (rexp("body","bigtimebargains\.net")) then call spamdetect(4.000000, "bigtimebargains.net IS spam") end if if (rexp("body","Best-Tv-Stuff\.com")) then call spamdetect(4.000000, "Best-Tv-Stuff.com IS spam") end if if (rexp("body","yourfavoritestuff\.com")) then call spamdetect(4.000000, "yourfavoritestuff.com IS spam") end if if (rexp("body","2004hosting")) then call spamdetect(5.000000, "2004hosting IS spam") end if if (rexp("body","clickbank\.net")) then call spamdetect(5.000000, "clickbank.net IS spam") end if if (rexp("body","100\%\ targeted")) then call spamdetect(3.000000, "100% targeted? Sounds like spam") end if if (rexp("body","To\ be\ removed")) then call spamdetect(2.000000, "To be removed? Sounds like spam") end if if (rexp_case("Content-Type", "boundary=\"[A-F\d]{8}-[A-F\d]{4}-[A-F\d]{4}-[A-F\d]{4}-[A-F\d]{12}OPTIN\"")) then call spamdetect(1.000000, "Spam tool pattern in MIME boundary (#2)") end if if (rexp("body","future\ campaigns")) then call spamdetect(1.400000, "future campaigns? you mean future spam!") end if if (rexp("body","without\ dieting\ or\ exercise")) then call spamdetect(2.500000, "No pain, no gain!") end if if (rexp("body","or\ one\ of\ our\ affiliate\ sites")) then call spamdetect(2.000000, "They don't know where they got my address?!?!") end if if (rexp("body","while\ visiting\ one\ of\ our\ partner\ sites")) then call spamdetect(2.500000, "Sure I opted in with one of your 'partners'") end if call rexp_fast(1.250000, "\", "White HTML text? It is probably spam.") call rexp_fast(1.250000, "\/cable\/", "A URL with cable? - Probably spam.") call rexp_fast(1.250000, "rx359\.net", "rx359.net - Probably spam.") call rexp_fast(1.250000, "530000x\.net", "530000x.net - Probably spam.") call rexp_fast(-3.500000, "Do\ you\ Yahoo!?", "Yahoo footer ad, should be ok.") recipients if (isin("recipient","abuse")) accept "Always accept for me so spammers can talk to me" end recipients