Attachment #5508 for bug #7292

View | Details | Raw Unified | Return to bug 7292
Collapse All | Expand All

Lines 163-169 Link Here

(-)rules/30_text_de.cf (-1 lines)
163	lang de describe KOREAN_UCE_SUBJECT Betreff enthält koreanische Werbungskennzeichnung	163	lang de describe KOREAN_UCE_SUBJECT Betreff enthält koreanische Werbungskennzeichnung
164	lang de describe NO_DNS_FOR_FROM Domain der Absendeadresse nicht im DNS registriert (kein MX/A Eintrag)	164	lang de describe NO_DNS_FOR_FROM Domain der Absendeadresse nicht im DNS registriert (kein MX/A Eintrag)
165	lang de describe RCVD_HELO_IP_MISMATCH HELO-Name und IP-Adresse in Kopfzeilen passen nicht	165	lang de describe RCVD_HELO_IP_MISMATCH HELO-Name und IP-Adresse in Kopfzeilen passen nicht
166	lang de describe RCVD_NUMERIC_HELO "Received"-Kopfzeilen enthalten numerische HELO-Identifikation
167	lang de describe RCVD_ILLEGAL_IP "Received"-Kopfzeilen enthalten ungültige IP-Adresse	166	lang de describe RCVD_ILLEGAL_IP "Received"-Kopfzeilen enthalten ungültige IP-Adresse
168	lang de describe RCVD_DOUBLE_IP_SPAM Kennzeichen von Spam-Software (doppelte IP-Adresse)	167	lang de describe RCVD_DOUBLE_IP_SPAM Kennzeichen von Spam-Software (doppelte IP-Adresse)
169	lang de describe RCVD_DOUBLE_IP_LOOSE Empfänger/Sender in Kopfzeilen sehen aus wie IP-Adressen	168	lang de describe RCVD_DOUBLE_IP_LOOSE Empfänger/Sender in Kopfzeilen sehen aus wie IP-Adressen

Lines 226-232 Link Here

(-)rules/30_text_fr.cf (-1 lines)
226	lang fr describe RCVD_IN_SORBS_SOCKS SORBS: Envoyé par un proxy SOCKS ouvert	226	lang fr describe RCVD_IN_SORBS_SOCKS SORBS: Envoyé par un proxy SOCKS ouvert
227	lang fr describe RCVD_IN_SORBS_WEB SORBS: Envoyé depuis un serveur web vulnérable	227	lang fr describe RCVD_IN_SORBS_WEB SORBS: Envoyé depuis un serveur web vulnérable
228	lang fr describe RCVD_IN_SORBS_ZOMBIE SORBS: Envoyé depuis un réseau IP piraté	228	lang fr describe RCVD_IN_SORBS_ZOMBIE SORBS: Envoyé depuis un réseau IP piraté
229	lang fr describe RCVD_NUMERIC_HELO Received: contient un HELO numérique
230	lang fr describe REFINANCE_NOW Offre de refinancement immobilier	229	lang fr describe REFINANCE_NOW Offre de refinancement immobilier
231	lang fr describe REFINANCE_YOUR_HOME Offre de refinancement immobilier	230	lang fr describe REFINANCE_YOUR_HOME Offre de refinancement immobilier
232	lang fr describe SORTED_RECIPS La liste des destinataires est triée par ordre alphabétique	231	lang fr describe SORTED_RECIPS La liste des destinataires est triée par ordre alphabétique

Lines 109-115 Link Here

(-)rules/30_text_nl.cf (-1 lines)
109	lang nl describe JAPANESE_UCE_SUBJECT Onderwerp: bevat een Japanese UCE tag	109	lang nl describe JAPANESE_UCE_SUBJECT Onderwerp: bevat een Japanese UCE tag
110	lang nl describe KOREAN_UCE_SUBJECT Onderwerp: bevat een koreaanse ongewenste email tag	110	lang nl describe KOREAN_UCE_SUBJECT Onderwerp: bevat een koreaanse ongewenste email tag
111	lang nl describe NO_DNS_FOR_FROM Domein in Van heeft geen MX of A DNS record	111	lang nl describe NO_DNS_FOR_FROM Domein in Van heeft geen MX of A DNS record
112	lang nl describe RCVD_NUMERIC_HELO Received: bevat een numerieke HELO
113	lang nl describe RCVD_DOUBLE_IP_SPAM Buld email vingerafdruk (dubbel IP) gevonden	112	lang nl describe RCVD_DOUBLE_IP_SPAM Buld email vingerafdruk (dubbel IP) gevonden
114	lang nl describe RCVD_DOUBLE_IP_LOOSE Received: door en van lijken op IP adressen	113	lang nl describe RCVD_DOUBLE_IP_LOOSE Received: door en van lijken op IP adressen
115	lang nl describe FORGED_TELESP_RCVD Bevat een vervalde hostnaam voor een DSL IP in Brazilie	114	lang nl describe FORGED_TELESP_RCVD Bevat een vervalde hostnaam voor een DSL IP in Brazilie

Lines 211-217 Link Here

(-)rules/30_text_pl.cf (-1 lines)
211	lang pl describe RCVD_IN_SORBS_SOCKS SORBS: nadawca jest otwartym serwerem SOCKS proxy	211	lang pl describe RCVD_IN_SORBS_SOCKS SORBS: nadawca jest otwartym serwerem SOCKS proxy
212	lang pl describe RCVD_IN_SORBS_WEB SORBS: nadawca posiada nadu¿ywany serwer WWW	212	lang pl describe RCVD_IN_SORBS_WEB SORBS: nadawca posiada nadu¿ywany serwer WWW
213	lang pl describe RCVD_IN_SORBS_ZOMBIE SORBS: nadawca jest z sieci bez kontroli	213	lang pl describe RCVD_IN_SORBS_ZOMBIE SORBS: nadawca jest z sieci bez kontroli
214	lang pl describe RCVD_NUMERIC_HELO Received: zawiera numeryczne HELO
215	lang pl describe REFINANCE_NOW Refinansowanie domów	214	lang pl describe REFINANCE_NOW Refinansowanie domów
216	lang pl describe REFINANCE_YOUR_HOME Refinansowanie domów	215	lang pl describe REFINANCE_YOUR_HOME Refinansowanie domów
217	lang pl describe SORTED_RECIPS Lista odbiorców posortowana wed³ug adresu	216	lang pl describe SORTED_RECIPS Lista odbiorców posortowana wed³ug adresu

Lines 284-290 Link Here

(-)rules/30_text_pt_br.cf (-1 lines)
284	lang pt_BR describe MISSING_HB_SEP Não há uma linha separando o cabeçalho do corpo da mensagem	284	lang pt_BR describe MISSING_HB_SEP Não há uma linha separando o cabeçalho do corpo da mensagem
285	lang pt_BR describe UNPARSEABLE_RELAY Info: mensagem possui dados de relay que não puderam ser lidos	285	lang pt_BR describe UNPARSEABLE_RELAY Info: mensagem possui dados de relay que não puderam ser lidos
286	lang pt_BR describe RCVD_HELO_IP_MISMATCH HELO e IP no "Received:" não conferem	286	lang pt_BR describe RCVD_HELO_IP_MISMATCH HELO e IP no "Received:" não conferem
287	lang pt_BR describe RCVD_NUMERIC_HELO "Received:" contém um endereço IP utilizado no comando HELO
288	lang pt_BR describe NO_RDNS_DOTCOM_HELO Comando HELO enviado como um provedor confiável, mas não possui rDNS	287	lang pt_BR describe NO_RDNS_DOTCOM_HELO Comando HELO enviado como um provedor confiável, mas não possui rDNS
289		288
290	# 20_html_tests.cf	289	# 20_html_tests.cf

Lines 497-503 Link Here

(-)rulesrc/10_force_active.cf (-1 lines)
497	publish RCVD_IN_SORBS_ZOMBIE	497	publish RCVD_IN_SORBS_ZOMBIE
498	publish RCVD_IN_XBL	498	publish RCVD_IN_XBL
499	publish RCVD_MAIL_COM	499	publish RCVD_MAIL_COM
500	publish RCVD_NUMERIC_HELO
501	publish RDNS_DYNAMIC	500	publish RDNS_DYNAMIC
502	publish RDNS_LOCALHOST	501	publish RDNS_LOCALHOST
503	publish RDNS_NONE	502	publish RDNS_NONE

Lines 36-42 Link Here

(-)rulesrc/sandbox/kmcgrail/20_fake_helo_tests.cf (-1 / +1 lines)
36		36
37	header __HELO_MISC_IP X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[^a-z\?]\S{0,30}(?:\d{1,3}[^\d]){4}[^\]]+ auth= /i	37	header __HELO_MISC_IP X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[^a-z\?]\S{0,30}(?:\d{1,3}[^\d]){4}[^\]]+ auth= /i
38		38
39	meta HELO_MISC_IP (__HELO_MISC_IP && !HELO_DYNAMIC_IPADDR && !HELO_DYNAMIC_IPADDR2 && !HELO_DYNAMIC_SPLIT_IP && !HELO_DYNAMIC_HCC && !HELO_DYNAMIC_DIALIN && ((TVD_RCVD_IP4 + TVD_RCVD_IP + RCVD_NUMERIC_HELO) <2))	39	meta HELO_MISC_IP (__HELO_MISC_IP && !HELO_DYNAMIC_IPADDR && !HELO_DYNAMIC_IPADDR2 && !HELO_DYNAMIC_SPLIT_IP && !HELO_DYNAMIC_HCC && !HELO_DYNAMIC_DIALIN && ((TVD_RCVD_IP4 + TVD_RCVD_IP) <2))
40	describe HELO_MISC_IP Looking for more Dynamic IP Relays	40	describe HELO_MISC_IP Looking for more Dynamic IP Relays
41	score HELO_MISC_IP 0.25	41	score HELO_MISC_IP 0.25
42		42





# SMF: FP avoidance
# JHardin: don't hit 127.x.x.x (loopback) addresses
header  __FSL_HELO_BARE_IP_1      X-Spam-Relays-External =~ /^[^\]]+ helo=(?!127)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} [^\]]*auth= /i
meta    FSL_HELO_BARE_IP_1        __FSL_HELO_BARE_IP_1 && !ALL_TRUSTED

# score   FSL_HELO_BARE_IP_1      0.001

# JHardin: FP avoidance per reports on users list 10/12/2013
# SMF: Further FP avoidance; we don't want to match 4.3.2.1.host.domain.com
# score limit due to partial overlap with RCVD_NUMERIC_HELO
# JHardin: don't hit 127.x.x.x (loopback) addresses
header  __FSL_HELO_BARE_IP_2    X-Spam-Relays-Untrusted =~ /helo=(?!127)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} /i
meta    FSL_HELO_BARE_IP_2      __FSL_HELO_BARE_IP_2 && !FSL_HELO_BARE_IP_1 && !__VIA_ML && !__HAS_ERRORS_TO
score   FSL_HELO_BARE_IP_2      1.500

header  FSL_HELO_NON_FQDN_1     X-Spam-Relays-External =~ /^[^\]]+ helo=[a-zA-Z0-9-_]+ /i

Return to bug 7292

Lines 99-115 Link Here

(-)rulesrc/sandbox/maddoc/99_doc_test.cf (-5 / +4 lines)
99		99
100	# SMF: FP avoidance	100	# SMF: FP avoidance
101	# JHardin: don't hit 127.x.x.x (loopback) addresses	101	# JHardin: don't hit 127.x.x.x (loopback) addresses
102	header __FSL_HELO_BARE_IP_1 X-Spam-Relays-External =~ /^[^\]]+ helo=(?!127)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} /i	102	header __FSL_HELO_BARE_IP_1 X-Spam-Relays-External =~ /^[^\]]+ helo=(?!127)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} [^\]]*auth= /i
103	meta FSL_HELO_BARE_IP_1 __FSL_HELO_BARE_IP_1	103	meta FSL_HELO_BARE_IP_1 __FSL_HELO_BARE_IP_1 && !ALL_TRUSTED
104		104
105	# score FSL_HELO_BARE_IP_1 0.001	105	# score FSL_HELO_BARE_IP_1 0.001
106		106
107	# JHardin: FP avoidance per reports on users list 10/12/2013	107	# JHardin: FP avoidance per reports on users list 10/12/2013
108	# SMF: Further FP avoidance; we don't want to match 4.3.2.1.host.domain.com	108	# SMF: Further FP avoidance; we don't want to match 4.3.2.1.host.domain.com
109	# score limit due to partial overlap with RCVD_NUMERIC_HELO
110	# JHardin: don't hit 127.x.x.x (loopback) addresses	109	# JHardin: don't hit 127.x.x.x (loopback) addresses
111	header __FSL_HELO_BARE_IP_2 X-Spam-Relays-External =~ /helo=(?!127)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} /i	110	header __FSL_HELO_BARE_IP_2 X-Spam-Relays-Untrusted =~ /helo=(?!127)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} /i
112	meta FSL_HELO_BARE_IP_2 __FSL_HELO_BARE_IP_2 && !ALL_TRUSTED && !FSL_HELO_BARE_IP_1 && !__VIA_ML && !__HAS_ERRORS_TO	111	meta FSL_HELO_BARE_IP_2 __FSL_HELO_BARE_IP_2 && !FSL_HELO_BARE_IP_1 && !__VIA_ML && !__HAS_ERRORS_TO
113	score FSL_HELO_BARE_IP_2 1.500	112	score FSL_HELO_BARE_IP_2 1.500
114		113
115	header FSL_HELO_NON_FQDN_1 X-Spam-Relays-External =~ /^[^\]]+ helo=[a-zA-Z0-9-_]+ /i	114	header FSL_HELO_NON_FQDN_1 X-Spam-Relays-External =~ /^[^\]]+ helo=[a-zA-Z0-9-_]+ /i