# This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # ########################################################################### # # rewrite_header Subject *****SPAM***** # report_safe 1 # trusted_networks 212.17.35. # lock_method flock #use_bayes 0 report_safe 0 dns_available yes #ok_locales en #ok_languages de en #use_dcc 1 #use_pyzor 1 #use_razor2 1 # # # score DCC_CHECK 4.5 score PYZOR_CHECK 4.8 header RCVD_IN_ORDB_ORG rbleval:check_rbl('relay', 'relays.ordb.org.') describe RCVD_IN_ORDB_ORG Sender in relays.ordb.org gelistet score RCVD_IN_ORDB_ORG 2 tflags RCVD_IN_ORDB_ORG net score URIBL_WS_SURBL 3 # Scheint sehr gut zu sein, default ist 2.0 score URIBL_OB_SURBL 3.5 urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 header URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Contains a URL listed in JP www.surbl.org tflags URIBL_JP_SURBL net score URIBL_JP_SURBL 4.0 urirhsbl URIBL_AH_RHSBL rhsbl.ahbl.org. A body URIBL_AH_RHSBL eval:check_uridnsbl('URIBL_AH_RHSBL') describe URIBL_AH_RHSBL Contains a URL listed in the AH RHSBL blocklist tflags URIBL_AH_RHSBL net score URIBL_AH_RHSBL 0.5 urirhsbl URIBL_MP_RHSBL block.rhs.mailpolice.com. A body URIBL_MP_RHSBL eval:check_uridnsbl('URIBL_MP_RHSBL') describe URIBL_MP_RHSBL Contains a URL listed in the MP RHSBL blocklist tflags URIBL_MP_RHSBL net score URIBL_MP_RHSBL 0.5 urirhsbl URIBL_SS_RHSBL blackhole.securitysage.com. A body URIBL_SS_RHSBL eval:check_uridnsbl('URIBL_SS_RHSBL') describe URIBL_SS_RHSBL Contains a URL listed in the SS RHSBL blocklist tflags URIBL_SS_RHSBL net score URIBL_SS_RHSBL 0.5 required_score 10.0 # Add your own customisations to this file. # See 'perldoc Mail::SpamAssassin::Conf' for details # rewrite_subject 0 # report_safe 1 #trusted_networks 134.109/16 # RBL-Checks machen wir hier noch mal ... ist ein Test # skip_rbl_checks 1 dns_available yes #use_bayes 0 report_charset ISO-8859-1 #report_contact Postmaster TU Chemnitz lang de clear-report-template lang de report --- Start der SpamAssassin _VERSION_ Textanalyse (_HITS_ Punkte) lang de report Fragen an _CONTACTADDRESS_ lang de report _SUMMARY_ lang de report --- Ende der SpamAssassin Textanalyse clear-report-template report --- Start der SpamAssassin _VERSION_ Textanalyse (_HITS_ Punkte) report Fragen an/questions to: _CONTACTADDRESS_ report _SUMMARY_ report --- Ende der SpamAssassin Textanalyse # Bei uns authentisiert - da vergeben wir fast alles: header TUC_AUTH Received =~ /by (john|lana)\.hrz\.tu-chemnitz\.de with asmtp/ describe TUC_AUTH Authentisiert (TUC) score TUC_AUTH -5.0 # Den X-RBL-Warning header, so vorhanden, bewerten wir auch vorsichtig negativ: header TUC_RBL X-RBL-Warning =~ / listed at/ describe TUC_RBL RBL: Mail von bekanntem Spam-Relay oder Dialup (TUC) score TUC_RBL 4.5 # Subject deutet auf Viren-Warnung header TUC_VIRUSWARN Subject =~ /(VIRUS .*IN YOUR MAIL|VIRUS .*IN MAIL FROM YOU|Virus detected|infected by a virus|Content violation)/ describe TUC_VIRUSWARN Irrefuehrende Viruswarnung score TUC_VIRUSWARN 2.5 body TUC_SPAM_PHRASE1 /("Magic Lubricant".+"Power Bottle"|Genierc and S\S+ Viarga \(Caiils\) available|(Weekend|Super).(pill|V)|STILL NO LUCK EN[A-Z]+ IT|PHOTO BLOCKER SPRAY|ABSOLUTELY FAMOUS LOTTERY INTERNATIONAL|NETHERLANDS SWEEPSTAKES LOTTERY|WINNING NOTIFICATION)/ describe TUC_SPAM_PHRASE1 Spam phrase 1 (TUC) score TUC_SPAM_PHRASE1 4.0 body TUC_SPAM_PHRASE2 /The only solution to Penis Enlargement/ describe TUC_SPAM_PHRASE2 Spam phrase 2 (TUC) score TUC_SPAM_PHRASE2 4.0 body TUC_SPAM_PHRASE3 /(It's Guaranteed to work or your money back!|Free CableTV|Most trusted online source!|prescription|klickTel)/ describe TUC_SPAM_PHRASE3 Spam phrase 3 (TUC) score TUC_SPAM_PHRASE3 2.0 #body TUC_SPAM_PHRASE4 /(Banned CD(!)? Government don't want me to sell it|The cablefilterz will allow you to receive)/ #describe TUC_SPAM_PHRASE4 Spam phrase 4 (TUC) #score TUC_SPAM_PHRASE4 4.0 body TUC_SPAM_PHRASE5 /(endlich geschafft.+ echten Hardcore-Porno Dialer|Dollar beim World Wide Online Casino gewonnen|100% kostenloses S E X|InverZ.+http:\/\/www.inverz)/ describe TUC_SPAM_PHRASE5 Spam phrase 5 (TUC) score TUC_SPAM_PHRASE5 4.0 #body TUC_SPAM_PHRASE6 /V.I.A.G.R.A/ #describe TUC_SPAM_PHRASE6 Spam phrase 6 (TUC) #score TUC_SPAM_PHRASE6 5.0 # Rechtsextreme Mails via Sober.P #header TUC_VIRUS_GERMAN1 Subject =~ /(60 Jahre Befreiung: Wer feiert mit\?|Tuerkei in die EU|Dresden 1945|Trotz Stellenabbau|Gegen das Vergessen|Du wirst zum Sklaven gemacht!!!|Du wirst ausspioniert ....!|Volk wird nur zum zahlen gebraucht!|Hier sind wir Lehrer die einzigen Auslaender|Blutige Selbstjustiz|Multi-Kulturell = Multi-Kriminell|Schily ueber Deutschland|Auslaenderpolitik|Auslaender bevorzugt|Augen auf|Blutige Selbstjustiz|4,8 Mill. Osteuropaeer durch Fischer-Volmer Erlass|Verbrechen der deutsc #describe TUC_VIRUS_GERMAN1 Subject: Deutscher Spam via Viren versendet (TUC) #score TUC_VIRUS_GERMAN1 7.0 # Subject deutet auf Phishing header TUC_PHISING1 Subject =~ /Deutsche-bank Sicherheitsaktualisierung/ describe TUC_PHISING1 Phishing (betruegerisches Entlocken sensibler Daten) score TUC_PHISING1 5.0 # ist -8.0, kam aber viel Spam (2004-01-12) # score HABEAS_SWE 0.1 score TRACKER_ID 0 # Trifft lange deutsche Worte > 24 Zeichen uri TUC_URI1 /^(?:https?:\/\/|mailto:)[^\/]*(powermail100|email-deals-24|inverz)\.biz(?:\/|$)/i describe TUC_URI1 Verdaechtige Links (TUC) score TUC_URI1 4.0 # uri TUC_URI2 /^http:\/\/(www\.((webfun|premiumhost|pfui)\.tv|naughtynews\.info|(boobie|itronic)\.cc|extremepics\.org)|trs.vodstop.com)\//i uri TUC_URI2 /^http:\/\/(www\.(pfui\.tv|teenparadies\.com|(boobie|itronic)\.cc)|.+\.(vodstop|tickytauri)\.com)\//i describe TUC_URI2 Verdaechtige Links 2 (TUC) score TUC_URI2 5.0 # 2006-03-29 fri: Penetrante Spam, die Greylisting überwindet # hat: Content-Type: multipart/related; type="multipart/alternative"; header TUC_MPART_REL_ALT Content-Type =~ /(?:\s*multipart\/related)?.* type="multipart\/alternative";/ describe TUC_MPART_REL_ALT Doppelter Content-type: related+alternative (TUC) score TUC_MPART_REL_ALT 0.0 body TUC_SPAM_PHRASE6 /WINNER\*\*WINNER\*\*WINNER\*\*WINNER\*\*WINNER/ describe TUC_SPAM_PHRASE6 Dubiose Investor Massen-Mail score TUC_SPAM_PHRASE6 2.0 body TUC_SPAM_PHRASE7 /"unsubscribe" an list-unsubscribe\@(vodstop|tickytauri)\.com/ describe TUC_SPAM_PHRASE7 Pornografie (TUC) score TUC_SPAM_PHRASE7 4.5 # 2006-11-07 fri: Stocks-Werbung: GIF mit "irrem" HTML-Text full SARE_GIF_ATTACH /Content-Type: image\/gif;\s+name=\"?[0-9a-z._\- ]{3,18}\.gif\"?/i describe SARE_GIF_ATTACH Email has a inline gif score SARE_GIF_ATTACH 0.75 body HTML_IMAGE_ONLY_40 eval:html_image_only('3200','4000') describe HTML_IMAGE_ONLY_40 HTML: images with 3200-4000 bytes of words score HTML_IMAGE_ONLY_40 0.1 meta __IMG_ONLY ( HTML_IMAGE_ONLY_04 || HTML_IMAGE_ONLY_08 || HTML_IMAGE_ONLY_12 || HTML_IMAGE_ONLY_16 || HTML_IMAGE_ONLY_20 || HTML_IMAGE_ONLY_24 || HTML_IMAGE_ONLY_28 || HTML_IMAGE_ONLY_32 || HTML_IMAGE_ONLY_40 ) # full TUC_GIF_STOX /<\/head>\n]*src=\"cid:/s full TUC_GIF_STOX /<\/head>\n]*src=(3D)?"cid:/is describe TUC_GIF_STOX TUC: Typische Werbung mit gif am Anfang score TUC_GIF_STOX 1.5 meta SARE_GIF_STOX ( SARE_GIF_ATTACH && __IMG_ONLY && TUC_GIF_STOX ) describe SARE_GIF_STOX Inline gif with little HTML (new stox spam) score SARE_GIF_STOX 2.66 # vim:et:ts=40