# From Adam Katz (khopesh) testing grounds and live channels
# http://khopesh.com/Anti-spam

### select rules from khop-lists

header	 __SENDER_BOT	ALL =~ /(?:not?\W?repl[yi]|bounce|daemon|subscri|report|\b(?:root|news|nobody|agent|(?:post)?master|manag|send(?:er|ing)?|out|bot\b))[^\@ >]{0,5}s?\@\w/i
body	 __UNSUB_EMAIL	/\b(?:(?:un)?subscri(?:ber?|ptions?)|abuses?|opt(?:ing)?.?out)\b[-a-z_0-9.+=]{0,60}\@[a-z0-9][-a-z_0-9.]{4,20}(?:[^a-z_0-9.-]|$)/i
rawbody	 __UNSUB_MAILTO	/href=["']?mailto:[^>]{6,60}>[^<]{0,6}\b(?:(?:un)?subscri(?:ber?|ptions?)|abuses?|opt(?:ing)?.?out)\b/
uri	 __UNSUB_LINK	/\b(?:(?:un)?subscri(?:ber?|ptions?)|abuses?|opt(?:ing)?.?out)\b/i
uri	 __MAIL_LINK	/\?.{0,200}\w\@[\w-]{1,20}.\w\w\w?\b/i

header   __MSGID_LIST	Message-ID =~ /-\w+\#[\w.]+\.\w{2,4}\@/
tflags   __MSGID_LIST	nice

body     KHOP_NEWSLETTER	/\b(?:e?newsletters?|(?:un)?(?:subscrib|register)|you(?:r| are) subscri(?:b|ption)|opt(?:.|ing)?out\b|further info|you do ?n[o']t w(?:ish|ant)|remov\w{1,3}.{1,9}\blists?\b|to your white.?list)/i
describe KHOP_NEWSLETTER	Is a newsletter or has list managing details
score    KHOP_NEWSLETTER	0.4 0.5 0.6 0.7 # 20090219
tflags	 KHOP_NEWSLETTER	nopublish

#meta	 KHOP_UNSUB_LINK    __UNSUB_LINK && !(SARE_UNI||__VIA_ML||__SENDER_BOT)
meta	 KHOP_UNSUB_LINK	__UNSUB_LINK && !(__VIA_ML||__DOS_HAS_LIST_UNSUB||__SENDER_BOT)
describe KHOP_UNSUB_LINK	Non-list message has unsusbscribe link
tflags	 KHOP_UNSUB_LINK	nopublish
score    KHOP_UNSUB_LINK	0.5 0.6 0.7 0.8

meta	 KHOP_MAIL_LINK	__MAIL_LINK && !(__UNSUB_LINK||__VIA_ML||__DOS_HAS_LIST_UNSUB||__SENDER_BOT)
describe KHOP_MAIL_LINK	A link contains an email address in the URL
tflags	 KHOP_MAIL_LINK	nopublish
#score	 KHOP_MAIL_LINK	0.1 0.2 0.3 0.4

meta	 KHOP_UNSUB_EMAIL	!__UNSUB_LINK && (__UNSUB_EMAIL||__UNSUB_MAILTO)
describe KHOP_UNSUB_EMAIL	Unsubscribe by email but not by link

# This matches foreign characters by process of elimination.
# From: must start w/ ~uppercase, ~letters, space/punctuation, then ~uppercase.
header	 __FROM_FULL_NAME	From:name =~ /^[^a-z[:punct:][:cntrl:]\d\s][^[:punct:][:cntrl:]\d\s]*[[:punct:]\s]+[^a-z[:punct:][:cntrl:]\d\s]/
tflags	 __FROM_FULL_NAME	nice
meta	 KHOP_NO_FULL_NAME	!(__VIA_ML || __SENDER_BOT || __DOS_HAS_LIST_UNSUB || __FROM_ENCODED_QP || __FROM_NEEDS_MIME || __FROM_FULL_NAME)
describe KHOP_NO_FULL_NAME	Sender does not have both First and Last names
#score	 KHOP_NO_FULL_NAME	0.259 # keep low! 20090220, sa-users @20090514
score	 KHOP_NO_FULL_NAME	0.001 # apparently hits the same on ham v spam
tflags	 KHOP_NO_FULL_NAME	nopublish