# S25R is:  http://www.gabacho-net.jp/en/anti-spam/anti-spam-system.html
# S25R is seven regexps.  rule 0 is in SA as RDNS_NONE and the rest follow.
# The whitelist is way too big to be worthwhile, so I'm using SPF/DKIM instead.

# I do NOT currently trust S25R, especially rules 4-6,
# but it might be more good fodder for poor-man's-botnet like RDNS_DYNAMIC

header __S25R_1 X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^. ]*\d[^0-9. ]+\d\S*\./
describe S25R_1 S25R Rule 1: Bottom of rDNS has num, non-num, num
meta	 S25R_1 !__NOT_SPOOFED && __S25R_1
tflags	 S25R_1 nopublish
score	 S25R_1 0.2

header __S25R_2 X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^. ]*\d{5}/
describe S25R_2 S25R Rule 2: Bottom of rDNS has 5+ digits in a row
meta	 S25R_2 !__NOT_SPOOFED && __S25R_2
tflags	 S25R_2 nopublish
score	 S25R_2 0.1

header __S25R_3 X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=(?:[^. ]+\.)?\d[^. ]*\.[^. ]+\.\S+\.[a-z]/
describe S25R_3 S25R Rule 3: A low-level of rDNS starts w/ a number
meta	 S25R_3 !__NOT_SPOOFED && __S25R_3
tflags	 S25R_3 nopublish
score	 S25R_3 0.1

header __S25R_4 X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^. ]*\d\.[^. ]*\d-\d/
describe S25R_4 S25R Rule 4: Bottom of rDNS ends w/ num, next lvl has num-num
meta	 S25R_4 !__NOT_SPOOFED && __S25R_4
tflags	 S25R_4 nopublish
score	 S25R_4 0.001

header __S25R_5 X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^. ]*\d\.[^. ]*\d\.[^. ]+\.\S+\./
describe S25R_5 S25R Rule 5: rDNS has 5+ layers, bottom 2 end in numbers
meta	 S25R_5 !__NOT_SPOOFED && __S25R_5
tflags	 S25R_5 nopublish
score	 S25R_5 0.001

header __S25R_6 X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=(?:dhcp|dialup|ppp|[achrsvx]?dsl)[^. ]*\d/
describe S25R_6 S25R Rule 6: rDNS looks dynamic or customer-facing
meta	 S25R_6 !__NOT_SPOOFED && __S25R_6
tflags	 S25R_6 nopublish
score	 S25R_6 0.001