Attachment #169 for bug #399

View | Details | Raw Unified | Return to bug 399
Collapse All | Expand All

Lines 232-237 Link Here

(-)lib/Mail/SpamAssassin.pm (-3 / +15 lines)
232	my $msg = Mail::SpamAssassin::PerMsgStatus->new($self, $mail);	232	my $msg = Mail::SpamAssassin::PerMsgStatus->new($self, $mail);
233	chomp($TIMELOG->{mesgid} = ($mail_obj->get("Message-Id") \|\| 'nomsgid'));	233	chomp($TIMELOG->{mesgid} = ($mail_obj->get("Message-Id") \|\| 'nomsgid'));
234	$TIMELOG->{mesgid} =~ s#<(.*)>#$1#;	234	$TIMELOG->{mesgid} =~ s#<(.*)>#$1#;
		235	# Message-Id is used for a filename on disk, so we can't have '/' in it.
		236	$TIMELOG->{mesgid} =~ s#/#-#g;
235	timelog("Created message object, checking message", "msgcheck", 1);	237	timelog("Created message object, checking message", "msgcheck", 1);
236	$msg->check();	238	$msg->check();
237	timelog("Done checking message", "msgcheck", 2);	239	timelog("Done checking message", "msgcheck", 2);
Lines 525-532 Link Here
525		527
526	# note: this may incur network access. Good. We want to make sure	528	# note: this may incur network access. Good. We want to make sure
527	# as much as possible is preloaded!	529	# as much as possible is preloaded!
528	my @testmsg = ("From: ignore\@compiling.spamassassin.taint.org\n",	530	# Timelog uses the Message-ID for the filename on disk, so let's set that
529	"\n", "I need to make this message body somewhat long so TextCat preloads\n"x20);	531	# to a value easy to recognize. It'll show when spamd was restarted -- Marc
		532	my @testmsg = ("From: ignore\@compiling.spamassassin.taint.org\n",
		533	"Message-Id: <".time."\@spamassassin_spamd_init>\n", "\n",
		534	"I need to make this message body somewhat long so TextCat preloads\n"x20);
530		535
531	dbg ("ignore: test message to precompile patterns and load modules");	536	dbg ("ignore: test message to precompile patterns and load modules");
532	$self->init($use_user_prefs);	537	$self->init($use_user_prefs);
Lines 875-880 Link Here
875		880
876	if (defined($deltaslot) and ($deltaslot eq "SAfull") and defined($wheredelta) and ($wheredelta eq 1)) {	881	if (defined($deltaslot) and ($deltaslot eq "SAfull") and defined($wheredelta) and ($wheredelta eq 1)) {
877	$tl->{'start'}=$now;	882	$tl->{'start'}=$now;
		883	# Because spamd is long running, we need to close and re-open the log file
		884	if ($tl->{flushedlogs}) {
		885	$tl->{flushedlogs}=0;
		886	$tl->{mesgid}="";
		887	@{$tl->{keeplogs}} = ();
		888	close(LOG);
		889	}
878	}	890	}
879		891
880	if (defined $wheredelta) {	892	if (defined $wheredelta) {
Lines 902-908 Link Here
902		914
903	$tl->{flushedlogs}=1;	915	$tl->{flushedlogs}=1;
904	dbg("Flushing logs to $file", "timelog", -2);	916	dbg("Flushing logs to $file", "timelog", -2);
905	open (LOG, ">>$file") or warn("Can't open file: $!");	917	open (LOG, ">>$file") or warn("Can't open $file: $!");
906		918
907	while (defined ($_ = shift(@{$tl->{keeplogs}})))	919	while (defined ($_ = shift(@{$tl->{keeplogs}})))
908	{	920	{

Lines 136-142 Link Here

(-)lib/Mail/SpamAssassin/PerMsgStatus.pm (-1 / +1 lines)
136	$self->do_head_eval_tests();	136	$self->do_head_eval_tests();
137	timelog("Finished head eval tests", "headevaltest", 2);	137	timelog("Finished head eval tests", "headevaltest", 2);
138		138
139	timelog('Starting RBL tests (will wait up to $self->{conf}->{dns_timeout} secs before giving up)', "rblblock", 1);	139	timelog("Starting RBL tests (will wait up to $self->{conf}->{rbl_timeout} secs before giving up)", "rblblock", 1);
140	# This time we want to harvest the DNS results -- Marc	140	# This time we want to harvest the DNS results -- Marc
141	$self->do_rbl_eval_tests(1);	141	$self->do_rbl_eval_tests(1);
142	# And now we can compute rules that depend on those results	142	# And now we can compute rules that depend on those results




header POST_IN_RCVD		Received =~ / Post\.(?:sk|cz)/
describe POST_IN_RCVD		Received contains fake 'Post.cz' hostname


# Multizone / Multi meaning BLs first

# Osirusoft, like MAPS RBL+ is a multi-meaning BL, so it is treated separately
header RCVD_IN_OSIRUSOFT_COM	rbleval:check_rbl('osirusoft', 'relays.osirusoft.com.')
describe RCVD_IN_OSIRUSOFT_COM	Received via a relay in relays.osirusoft.com

# X prefix was used to insure that it was run at the end, but it's not needed
# anymore since we run the rule with rblreseval -- Marc
header X_OSIRU_SPAM_SRC		rbleval:check_rbl_results_for('osirusoft', '127.0.0.4')
describe X_OSIRU_SPAM_SRC	DNSBL: sender is Confirmed Spam Source

header X_OSIRU_SPAMWARE_SITE	rbleval:check_rbl_results_for('osirusoft', '127.0.0.6')
describe X_OSIRU_SPAMWARE_SITE	DNSBL: sender is a Spamware site or vendor

header X_OSIRU_DUL_FH		rbleval:check_rbl('osirusoft-dul-firsthop', 'dialups.mail-abuse.org.')
describe X_OSIRU_DUL_FH		Received from first hop dialup listed in relays.osirusoft.com



# Now, single zone BLs follow:
# the new first arg for check_rbl() indicates what type of check it is;
# each type of check is stored in a separate set, and if an IP has already
# been hit in that set, it will not be checked with any other zone in
# that set.
header RCVD_IN_RELAYS_ORDB_ORG	rbleval:check_rbl('relay', 'relays.ordb.org.')
describe RCVD_IN_RELAYS_ORDB_ORG Received via a relay in relays.ordb.org

header RCVD_IN_VISI		rbleval:check_rbl('relay', 'relays.visi.com.')
describe RCVD_IN_OSIRUSOFT_COM	Received via a relay in relays.osirusoft.com

header RCVD_IN_VISI		eval:check_rbl('relay', 'relays.visi.com.')
describe RCVD_IN_VISI		Received via a relay in relays.visi.com

header RCVD_IN_RFCI		eval:check_rbl('rfci', 'ipwhois.rfc-ignorant.org.')
describe RCVD_IN_RFCI		Received via a relay in ipwhois.rfc-ignorant.org

# Overzealous, blocking sparklist.com and yahoogroups with Confirmed Spam
# Source records.  not recommended.
#header RCVD_IN_5_10	 rbleval:check_rbl('relay', 'blackholes.five-ten-sg.com.')
#describe RCVD_IN_5_10	 Received via a relay in blackholes.five-ten-sg.com

header RCVD_IN_ORBS		rbleval:check_rbl('relay', 'orbs.dorkslayers.com.')
describe RCVD_IN_ORBS		Received via a relay in orbs.dorkslayers.com

# DSBL catches open relays, badly-installed CGI scripts and open SOCKS and
# HTTP proxies.  list.dsbl.org lists servers tested by "trusted" users,
# multihop.dsbl.org lists servers which open SMTP servers relay through,
# unconfirmed.dsbl.org lists servers tested by "untrusted" users.
# See http://dsbl.org/ for full details.
# This is effectively an open relay BL, put in in the relay set too -- Marc
header RCVD_IN_DSBL            rbleval:check_rbl('relay', 'list.dsbl.org')
describe RCVD_IN_DSBL          Received via a relay in list.dsbl.org

header RCVD_IN_MULTIHOP_DSBL   rbleval:check_rbl('multihop', 'multihop.dsbl.org')
describe RCVD_IN_MULTIHOP_DSBL Received via a relay in multihop.dsbl.org

# We want to count this in the open relay set so that someone doesn't get scored
# twice (at least by default) for being listed there and in some other relay BL.
# Users can request a double hit and double score by changing 'relay' with
# 'unconfirmed_dsbl' or something like that, but I don't think it should be
# a default  -- Marc
header X_RCVD_IN_UNCONFIRMED_DSBL        rbleval:check_rbl('relay', 'unconfirmed.dsbl.org')
describe X_RCVD_IN_UNCONFIRMED_DSBL      Received via a relay in unconfirmed.dsbl.org


# Other miscellaneous RBLs are listed here:
header RCVD_IN_RFCI		rbleval:check_rbl('rfci', 'ipwhois.rfc-ignorant.org.')
describe RCVD_IN_RFCI		Received via a relay in ipwhois.rfc-ignorant.org


# NOTE: commercial test, see README file for details
header RCVD_IN_BL_SPAMCOP_NET	rbleval:check_rbl('spamcop', 'bl.spamcop.net.')
describe RCVD_IN_BL_SPAMCOP_NET	Received via a relay in bl.spamcop.net

# NOTE: commercial tests, see README file for details
header RCVD_IN_RBL		rbleval:check_rbl('rbl', 'blackholes.mail-abuse.org.')
describe RCVD_IN_RBL		Received via RBLed relay, see http://www.mail-abuse.org/rbl/

header RCVD_IN_RSS		rbleval:check_rbl('relay', 'relays.mail-abuse.org.')
describe RCVD_IN_RSS		Received via RSSed relay, see http://www.mail-abuse.org/rss/

header RCVD_IN_DUL		rbleval:check_rbl('dialup', 'dialups.mail-abuse.org.')
describe RCVD_IN_DUL		Received from dialup, see http://www.mail-abuse.org/dul/

header X_RCVD_IN_DUL_FH		rbleval:check_rbl('dialup-firsthop', 'dialups.mail-abuse.org.')
describe X_RCVD_IN_DUL_FH	Received from first hop dialup, see http://www.mail-abuse.org/dul/

# DSBL catches open relays, badly-installed CGI scripts and open SOCKS and
# HTTP proxies.  list.dsbl.org lists servers tested by "trusted" users,
# multihop.dsbl.org lists servers which open SMTP servers relay through,
# unconfirmed.dsbl.org lists servers tested by "untrusted" users.
# See http://dsbl.org/ for full details.
header RCVD_IN_DSBL            eval:check_rbl('dsbl', 'list.dsbl.org')
describe RCVD_IN_DSBL          Received via a relay in list.dsbl.org

# Now, you can apply rules to counter for the effect of two similar BLs matching
# together -- Marc
header FUDGE_DUL_MAPS_OSIRU	rblreseval:check_two_rbl_results('osirusoft', "127.0.0.3", 'dialup', "127.0.0.3")
describe FUDGE_DUL_MAPS_OSIRU	Do not double penalize for MAPS DUL and Osirusoft DUL

header FUDGE_RELAY_OSIRU	rblreseval:check_two_rbl_results('osirusoft', "127.0.0.2", 'relay', "127.0.0.2")
describe FUDGE_RELAY_OSIRU	Do not double penalize for being an open relay on Osirusoft and another RBL

header FUDGE_DUL_OSIRU_FH	rblreseval:check_two_rbl_results('osirusoft-dul-firsthop', "127.0.0.3", 'dialup-firsthop', "127.0.0.3")
describe FUDGE_DUL_OSIRU_FH	Do not double compensate for MAPS DUL and Osirusoft DUL first hop dialup


header RCVD_IN_UNCONFIRMED_DSBL        eval:check_rbl('dsbl', 'unconfirmed.dsbl.org')
describe RCVD_IN_UNCONFIRMED_DSBL      Received via a relay in unconfirmed.dsbl.org
describe RCVD_IN_BL_SPAMCOP_NET	Received via a relay in bl.spamcop.net

# don't add headers without testing for false positives (usually Unix MTAs and
# list software) and especially don't add From:, Reply-To:, Date:, Message-ID:





score RCVD_IN_RELAYS_ORDB_ORG	     2.0
score RCVD_IN_OSIRUSOFT_COM	     2.0
score X_OSIRU_DUL_FH		    -1.5
score X_OSIRU_SPAM_SRC		     3.0
score X_OSIRU_SPAMWARE_SITE	     5.0
score ROUND_THE_WORLD		     3.0
score RCVD_IN_RFCI		     0.5
score RCVD_IN_ORBS                   1.0
score RCVD_IN_DSBL                   3.0
score RCVD_IN_MULTIHOP_DSBL          1.0
score RCVD_IN_UNCONFIRMED_DSBL      0.5

# The fudge scores below expect that you use the following scores for MAPS
#score RCVD_IN_VARBL		     4.5
#score RCVD_IN_RSS		     2.0
#score RCVD_IN_DUL		     2.0
#score RCVD_IN_DUL_FH		    -1.5

score FUDGE_DUL_MAPS_OSIRU          -2.0
score FUDGE_RELAY_OSIRU		    -2.0
score FUDGE_OSIRU_FH		     1.5

score ROUND_THE_WORLD		     3.0

# the ok_language configuration option will need to be set correctly
# across each corpus for this score to be GA evolved

Return to bug 399

Lines 183-248 Link Here

(-)rules/20_head_tests.cf (-34 / +69 lines)
183	header POST_IN_RCVD Received =~ / Post\.(?:sk\|cz)/	183	header POST_IN_RCVD Received =~ / Post\.(?:sk\|cz)/
184	describe POST_IN_RCVD Received contains fake 'Post.cz' hostname	184	describe POST_IN_RCVD Received contains fake 'Post.cz' hostname
185		185
		186
		187	# Multizone / Multi meaning BLs first
		188
		189	# Osirusoft, like MAPS RBL+ is a multi-meaning BL, so it is treated separately
		190	header RCVD_IN_OSIRUSOFT_COM rbleval:check_rbl('osirusoft', 'relays.osirusoft.com.')
		191	describe RCVD_IN_OSIRUSOFT_COM Received via a relay in relays.osirusoft.com
		192
		193	# X prefix was used to insure that it was run at the end, but it's not needed
		194	# anymore since we run the rule with rblreseval -- Marc
		195	header X_OSIRU_SPAM_SRC rbleval:check_rbl_results_for('osirusoft', '127.0.0.4')
		196	describe X_OSIRU_SPAM_SRC DNSBL: sender is Confirmed Spam Source
		197
		198	header X_OSIRU_SPAMWARE_SITE rbleval:check_rbl_results_for('osirusoft', '127.0.0.6')
		199	describe X_OSIRU_SPAMWARE_SITE DNSBL: sender is a Spamware site or vendor
		200
		201	header X_OSIRU_DUL_FH rbleval:check_rbl('osirusoft-dul-firsthop', 'dialups.mail-abuse.org.')
		202	describe X_OSIRU_DUL_FH Received from first hop dialup listed in relays.osirusoft.com
		203
		204
		205
		206	# Now, single zone BLs follow:
186	# the new first arg for check_rbl() indicates what type of check it is;	207	# the new first arg for check_rbl() indicates what type of check it is;
187	# each type of check is stored in a separate set, and if an IP has already	208	# each type of check is stored in a separate set, and if an IP has already
188	# been hit in that set, it will not be checked with any other zone in	209	# been hit in that set, it will not be checked with any other zone in
189	# that set.	210	# that set.
190	header RCVD_IN_RELAYS_ORDB_ORG eval:check_rbl('relay', 'relays.ordb.org.')	211	header RCVD_IN_RELAYS_ORDB_ORG rbleval:check_rbl('relay', 'relays.ordb.org.')
191	describe RCVD_IN_RELAYS_ORDB_ORG Received via a relay in relays.ordb.org	212	describe RCVD_IN_RELAYS_ORDB_ORG Received via a relay in relays.ordb.org
192		213
193	header RCVD_IN_OSIRUSOFT_COM eval:check_rbl('relay', 'relays.osirusoft.com.')	214	header RCVD_IN_VISI rbleval:check_rbl('relay', 'relays.visi.com.')
194	describe RCVD_IN_OSIRUSOFT_COM Received via a relay in relays.osirusoft.com
195
196	header RCVD_IN_VISI eval:check_rbl('relay', 'relays.visi.com.')
197	describe RCVD_IN_VISI Received via a relay in relays.visi.com	215	describe RCVD_IN_VISI Received via a relay in relays.visi.com
198		216
199	header RCVD_IN_RFCI eval:check_rbl('rfci', 'ipwhois.rfc-ignorant.org.')
200	describe RCVD_IN_RFCI Received via a relay in ipwhois.rfc-ignorant.org
201
202	# Overzealous, blocking sparklist.com and yahoogroups with Confirmed Spam	217	# Overzealous, blocking sparklist.com and yahoogroups with Confirmed Spam
203	# Source records. not recommended.	218	# Source records. not recommended.
204	#header RCVD_IN_5_10 eval:check_rbl('relay', 'blackholes.five-ten-sg.com.')	219	#header RCVD_IN_5_10 rbleval:check_rbl('relay', 'blackholes.five-ten-sg.com.')
205	#describe RCVD_IN_5_10 Received via a relay in blackholes.five-ten-sg.com	220	#describe RCVD_IN_5_10 Received via a relay in blackholes.five-ten-sg.com
206		221
207	header RCVD_IN_ORBS eval:check_rbl('relay', 'orbs.dorkslayers.com.')	222	header RCVD_IN_ORBS rbleval:check_rbl('relay', 'orbs.dorkslayers.com.')
208	describe RCVD_IN_ORBS Received via a relay in orbs.dorkslayers.com	223	describe RCVD_IN_ORBS Received via a relay in orbs.dorkslayers.com
209		224
210	# X prefix is so that these are run after RCVD_IN_*. tests are run in	225	# DSBL catches open relays, badly-installed CGI scripts and open SOCKS and
211	# alphanumerically-sorted order. (These used to be Osirusoft.com-specific, but	226	# HTTP proxies. list.dsbl.org lists servers tested by "trusted" users,
212	# now, other DNSBLs are using the same convention.)	227	# multihop.dsbl.org lists servers which open SMTP servers relay through,
213	header X_OSIRU_SPAM_SRC eval:check_rbl_results_for('relay', '127.0.0.4')	228	# unconfirmed.dsbl.org lists servers tested by "untrusted" users.
214	describe X_OSIRU_SPAM_SRC DNSBL: sender is Confirmed Spam Source	229	# See http://dsbl.org/ for full details.
		230	# This is effectively an open relay BL, put in in the relay set too -- Marc
		231	header RCVD_IN_DSBL rbleval:check_rbl('relay', 'list.dsbl.org')
		232	describe RCVD_IN_DSBL Received via a relay in list.dsbl.org
215		233
216	header X_OSIRU_SPAMWARE_SITE eval:check_rbl_results_for('relay', '127.0.0.6')	234	header RCVD_IN_MULTIHOP_DSBL rbleval:check_rbl('multihop', 'multihop.dsbl.org')
217	describe X_OSIRU_SPAMWARE_SITE DNSBL: sender is a Spamware site or vendor	235	describe RCVD_IN_MULTIHOP_DSBL Received via a relay in multihop.dsbl.org
		236
		237	# We want to count this in the open relay set so that someone doesn't get scored
		238	# twice (at least by default) for being listed there and in some other relay BL.
		239	# Users can request a double hit and double score by changing 'relay' with
		240	# 'unconfirmed_dsbl' or something like that, but I don't think it should be
		241	# a default -- Marc
		242	header X_RCVD_IN_UNCONFIRMED_DSBL rbleval:check_rbl('relay', 'unconfirmed.dsbl.org')
		243	describe X_RCVD_IN_UNCONFIRMED_DSBL Received via a relay in unconfirmed.dsbl.org
		244
		245
		246	# Other miscellaneous RBLs are listed here:
		247	header RCVD_IN_RFCI rbleval:check_rbl('rfci', 'ipwhois.rfc-ignorant.org.')
		248	describe RCVD_IN_RFCI Received via a relay in ipwhois.rfc-ignorant.org
		249
		250
		251	# NOTE: commercial test, see README file for details
		252	header RCVD_IN_BL_SPAMCOP_NET rbleval:check_rbl('spamcop', 'bl.spamcop.net.')
		253	describe RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net
218		254
219	# NOTE: commercial tests, see README file for details	255	# NOTE: commercial tests, see README file for details
220	header RCVD_IN_RBL eval:check_rbl('rbl', 'blackholes.mail-abuse.org.')	256	header RCVD_IN_RBL rbleval:check_rbl('rbl', 'blackholes.mail-abuse.org.')
221	describe RCVD_IN_RBL Received via RBLed relay, see http://www.mail-abuse.org/rbl/	257	describe RCVD_IN_RBL Received via RBLed relay, see http://www.mail-abuse.org/rbl/
222		258
223	header RCVD_IN_RSS eval:check_rbl('relay', 'relays.mail-abuse.org.')	259	header RCVD_IN_RSS rbleval:check_rbl('relay', 'relays.mail-abuse.org.')
224	describe RCVD_IN_RSS Received via RSSed relay, see http://www.mail-abuse.org/rss/	260	describe RCVD_IN_RSS Received via RSSed relay, see http://www.mail-abuse.org/rss/
225		261
226	header RCVD_IN_DUL eval:check_rbl('dialup', 'dialups.mail-abuse.org.')	262	header RCVD_IN_DUL rbleval:check_rbl('dialup', 'dialups.mail-abuse.org.')
227	describe RCVD_IN_DUL Received from dialup, see http://www.mail-abuse.org/dul/	263	describe RCVD_IN_DUL Received from dialup, see http://www.mail-abuse.org/dul/
228		264
229	# NOTE: commercial test, see README file for details	265	header X_RCVD_IN_DUL_FH rbleval:check_rbl('dialup-firsthop', 'dialups.mail-abuse.org.')
230	header RCVD_IN_BL_SPAMCOP_NET eval:check_rbl('spamcop', 'bl.spamcop.net.')	266	describe X_RCVD_IN_DUL_FH Received from first hop dialup, see http://www.mail-abuse.org/dul/
231		267
232	# DSBL catches open relays, badly-installed CGI scripts and open SOCKS and
233	# HTTP proxies. list.dsbl.org lists servers tested by "trusted" users,
234	# multihop.dsbl.org lists servers which open SMTP servers relay through,
235	# unconfirmed.dsbl.org lists servers tested by "untrusted" users.
236	# See http://dsbl.org/ for full details.
237	header RCVD_IN_DSBL eval:check_rbl('dsbl', 'list.dsbl.org')
238	describe RCVD_IN_DSBL Received via a relay in list.dsbl.org
239		268
240	header RCVD_IN_MULTIHOP_DSBL eval:check_rbl('dsbl', 'multihop.dsbl.org')	269	# Now, you can apply rules to counter for the effect of two similar BLs matching
241	describe RCVD_IN_MULTIHOP_DSBL Received via a relay in multihop.dsbl.org	270	# together -- Marc
		271	header FUDGE_DUL_MAPS_OSIRU rblreseval:check_two_rbl_results('osirusoft', "127.0.0.3", 'dialup', "127.0.0.3")
		272	describe FUDGE_DUL_MAPS_OSIRU Do not double penalize for MAPS DUL and Osirusoft DUL
		273
		274	header FUDGE_RELAY_OSIRU rblreseval:check_two_rbl_results('osirusoft', "127.0.0.2", 'relay', "127.0.0.2")
		275	describe FUDGE_RELAY_OSIRU Do not double penalize for being an open relay on Osirusoft and another RBL
		276
		277	header FUDGE_DUL_OSIRU_FH rblreseval:check_two_rbl_results('osirusoft-dul-firsthop', "127.0.0.3", 'dialup-firsthop', "127.0.0.3")
		278	describe FUDGE_DUL_OSIRU_FH Do not double compensate for MAPS DUL and Osirusoft DUL first hop dialup
		279
242		280
243	header RCVD_IN_UNCONFIRMED_DSBL eval:check_rbl('dsbl', 'unconfirmed.dsbl.org')
244	describe RCVD_IN_UNCONFIRMED_DSBL Received via a relay in unconfirmed.dsbl.org
245	describe RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net
246		281
247	# don't add headers without testing for false positives (usually Unix MTAs and	282	# don't add headers without testing for false positives (usually Unix MTAs and
248	# list software) and especially don't add From:, Reply-To:, Date:, Message-ID:	283	# list software) and especially don't add From:, Reply-To:, Date:, Message-ID:

Lines 367-380 Link Here

(-)rules/50_scores.cf (-1 / +13 lines)
367		367
368	score RCVD_IN_RELAYS_ORDB_ORG 2.0	368	score RCVD_IN_RELAYS_ORDB_ORG 2.0
369	score RCVD_IN_OSIRUSOFT_COM 2.0	369	score RCVD_IN_OSIRUSOFT_COM 2.0
		370	score X_OSIRU_DUL_FH -1.5
370	score X_OSIRU_SPAM_SRC 3.0	371	score X_OSIRU_SPAM_SRC 3.0
371	score X_OSIRU_SPAMWARE_SITE 5.0	372	score X_OSIRU_SPAMWARE_SITE 5.0
372	score ROUND_THE_WORLD 3.0
373	score RCVD_IN_RFCI 0.5	373	score RCVD_IN_RFCI 0.5
374	score RCVD_IN_ORBS 1.0	374	score RCVD_IN_ORBS 1.0
375	score RCVD_IN_DSBL 3.0	375	score RCVD_IN_DSBL 3.0
376	score RCVD_IN_MULTIHOP_DSBL 1.0	376	score RCVD_IN_MULTIHOP_DSBL 1.0
377	score RCVD_IN_UNCONFIRMED_DSBL 0.5	377	score RCVD_IN_UNCONFIRMED_DSBL 0.5
		378
		379	# The fudge scores below expect that you use the following scores for MAPS
		380	#score RCVD_IN_VARBL 4.5
		381	#score RCVD_IN_RSS 2.0
		382	#score RCVD_IN_DUL 2.0
		383	#score RCVD_IN_DUL_FH -1.5
		384
		385	score FUDGE_DUL_MAPS_OSIRU -2.0
		386	score FUDGE_RELAY_OSIRU -2.0
		387	score FUDGE_OSIRU_FH 1.5
		388
		389	score ROUND_THE_WORLD 3.0
378		390
379	# the ok_language configuration option will need to be set correctly	391	# the ok_language configuration option will need to be set correctly
380	# across each corpus for this score to be GA evolved	392	# across each corpus for this score to be GA evolved