# 2011-08-02 header AXB_XM_QCVR X-Mailer =~ /\bQuickConveyor\b/ describe AXB_XM_QCVR Bulk fingerprint # 2011-07-27 header AXB_XRCVD_XYZCRP Received =~ /\(envelope\-sender \<\#\@\[\]\>\)/ describe AXB_XRCVD_XYZCRP sender fingerprint # 2011-07-08 header AXB_XRCVD_APACHE_CTRIP Received =~ /\bfrom apache by ctrip\.com\b/i describe AXB_XRCVD_APACHE_CTRIP possibly forged ctrip sender - apache header AXB_XMID_PFIX_CTRIP Message-ID =~ /\<[A-F0-9]{8}.[0-9]{6}\@ctrip\.com\>/ describe AXB_XMID_PFIX_CTRIP possibly forged ctrip sender - postfix header AXB_XMID_EXIM_CTRIP Message-ID =~ /\<[A-F0-9]{32}\@ctrip\.com\>/ describe AXB_XMID_EXIM_CTRIP possibly forged ctrip sender - exim header AXB_X_PHPS_CTRIP X-PHP-Script =~ /\bctrip\.com\/sendmail\.php\b/ describe AXB_X_PHPS_CTRIP possibly forged ctrip sender - php ########### ARG.. when will I learn to copy/paste :-( header AXB_XRCVD_FRMCTRIP Received =~ /from ctrip\.com\b/ describe AXB_XRCVD_FRMCTRIP possibly forged ctrip sender - rcvd # # 2011-07-05 rawbody AXB_SSCECCF /\bSandboxScopeClass ExternalClass\b/ describe AXB_SSCECCF unidentified fingerprint # 2011-06-28 header AXB_X_GOOGRP_DIRADD X-Google-Loop =~ /^sub_directadd$/ describe AXB_X_GOOGRP_DIRADD Google Groups: You've been added to spammy group? #2011-06-05 header AXB_XRCVD_EYOU_SEND Received =~ /\(eyou send program\)/ describe AXB_XRCVD_EYOU_SEND fingerprint #score AXB_XRCVD_EYOU_SEND 1.0 # 2011-06-02 header AXB_XMIME_OLEV X-MimeOLE =~ /Produced By Microsoft MimeOLE V$/ describe AXB_XMIME_OLEV fingerprint #score AXB_XMIME_OLEV 0.1 # 2011-06-01 header AXB_XM_RCVD_ZERO Received =~ /^from 0\./ describe AXB_XM_RCVD_ZERO fingerprint #score AXB_XM_RCVD_ZERO 1.5 header AXB_HELO_HOME_UN X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\w+\.(lan|home) /i describe AXB_HELO_HOME_UN HELO from home - untrusted #score AXB_HELO_HOME_UN 1.0