# SpamAssassin - ReplaceTags configuration # # Please don't modify this file as your changes will be overwritten with # the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead. # See 'perldoc Mail::SpamAssassin::Conf' for details. # # <@LICENSE> # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to you under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at: # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # ########################################################################### # Requires the Mail::SpamAssassin::Plugin::ReplaceTags plugin be loaded. ifplugin Mail::SpamAssassin::Plugin::ReplaceTags replace_tag A (?:[gra\@\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xe4\xe3\xe2\xe0\xe1\xe2\xe3\xe4\xe5\xe6o0]|[\xc3][\x80\x81\x82\x83\x84\x85\xa0\xa1\xa2\xa3\xa4\xa5]|[\xc4][\x80\x81\x82\x83\x84\x85]|[\xce][\x86\x91\x94\x9b\xac\xb1]|[\xd0][\x90\xb0]|[\xd1][\xa6\xa7]|[\xd3][\x90\x91\x92\x93]|[\xe1][\x8e][\xaa]) replace_tag B (?:[b8]|[\xce][\x92\xb2]|[\xcf][\x90\xb8]|[\xc3][\x9f]|[\xc6][\x80\x81\x82\x83\x84\x85]|[\xce][\x92\xb2]|[\xcf][\x90]|[\xd0][\x91\x92\xac\xb1\xb2]|[\xd1][\x8a\x8c\xa2\xa3]|[\xd2][\x8c\x8d]) replace_tag C (?:[ck\xc7\xe7@]|[\xc3][\x87\xa7]|[\xc4][\x86\x87\x88\x89\x8a\x8b\x8c\x8d]|[\xc6][\x87\x88]|[\xcf][\x82\x9a\x9b\xb2\xb9\xbe]|[\xd0][\xa1]|[\xd1][\x81]|[\xd2][\x80\x81\xaa\xab]|[\xd5][\x87]|&\#(?:1(?:0(?:10|17|2[123]|57|89)|1(?:52|53|94|95)|99)|2(?:31|6[2-9])|39[12]|x(?:3(?:f2|f9|fe)|4(?:21|41|80|81|aa|ab)));) replace_tag D (?:[d\xd0]|[\xc3][\x90]|[\xc4][\x8e\x8f\x90\x91]|[\xc6][\x89\x8a]|[\xd4][\x80\x81]|[\xd5][\xaa]) replace_tag E (?:[e3]|[\xc3][\x88\x89\x8a\x8b\xa8\xa9\xaa\xab]|[\xc4][\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b]|[\xc8][\x84\x85\x86\x87\xa8\xa9]|[\xce][\x88\x95\xa3\xad\xb5\xbe]|[\xcf][\xb5]|[\xd0][\x80\x81\x84\x95\xb5]|[\xd1][\x90\x91\x94\xb3]|[\xd2][\xbc\xbd\xbe\xbf]|[\xd3][\x96\x97\xa9\xab]|[\xd4][\x90\x91]|[\xc8\xc9\xca\xcb\xe8\xe9\xea\xeb\xa4]|&\#(?:1(?:0(?:13|2[458]|45|77)|108|2(?:1[2-5]|3[89]|9[67]))|2(?:0[0-3]|3[2-5]|7[4-9]|8[0-3])|400|51[6-9]|5[58][23]|603|9(?:04|17|[34]1|4[19]));) replace_tag F (?:f|[\xcf][\x9c\x9d]|[\xd2][\x92\x93]|[\xd3][\xba\xbb]|[\xd4][\xb2]|[\xd5][\xa2]) replace_tag G (?:[gk]|[\xc4][\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3]|[\xd2][\xa8\xa9]|[\xd4][\x8c\x8d]|[\xd6][\x81]) replace_tag H (?:h|[\xc4][\xa4\xa5\xa6\xa7]|[\xce][\x89\x97]|[\xcf][\xa6]|[\xd0][\x8a\x8b\x9d\xbd]|[\xd1][\x92\x9b]|[\xd2][\x94\x95\xa2\xa3\xa4\xa5\xba\xbb]|[\xd3][\x87\x88\x89\x8a]|[\xd4][\xbb]|[\xd5][\xab\xb0]|&\#(?:2(?:22[3-6]|9[2-5])|54[23]|1(?:0(?:53|85)|18[6-9]|8(?:0(?:8[89]|9[0-5])|1(?:38[89]|340)))|919);) replace_tag I (?:[il|!1y?\xcc\xcd\xce\xcf\xec\xed\xee\xef]|[\xc3][\x8c\x8d\x8e\x8f\xac\xad\xae\xaf]|[\xc4][\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1]|[\xc7][\x8f\x90]|[\xce][\x8a\x90\x99\xaa\xaf\xb9]|[\xcf][\x8a]|[\xd0][\x86\x87]|[\xd1][\x96\x97]|[\xd3][\x80\x8f]|[\xd5][\xac]|&\#(?:1(?:03[01]|11[01]|216|231)|2(?:0[4-7]|16|3[6-9]|9[6-9])|3(?:0[0-5])|4(?:0[67]|6[34])|52[0-3]);) replace_tag J (?:j|[\xc4][\xb4\xb5]|[\xcf][\xb3]|[\xd0][\x88]|[\xd1][\x98]|[\xd5][\xb5]) replace_tag K (?:k|[\xc4][\xb6\xb7\xb8]|[\xc7][\xa8\xa9]|[\xce][\x9a\xba]|[\xd0][\x8c\x9a\xba]|[\xd1][\x9c]|[\xd2][\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1]|[\xd3][\x83\x84]|[\xd4][\x9e\x9f]|&\#(?:31[0-2]|4[08][89]|9(?:22|54|75)|1(?:0(?:36|50|82)|1(?:16|7[89]|8[0-5])|219|220|31[01]));) replace_tag L (?:[il|!1\xa3]|[\xc4][\xb9\xba\xbb\xbc\xbd\xbe\xbf]|[\xc5][\x80\x81\x82]|[\xc8][\xbd]|[\xce][\xb9]|[\xd3][\x80\x8f]|[\xd4][\xbc]|[\xd5][\xac]|[\xd6][\x82]|&\#(?:1340|3(?:1[3-9]|2[0-2])|573|671|x53c|76);) replace_tag M (?:m|rn|[\xc9][\xb1]|[\xce][\x9c]|[\xcf][\xba\xbb]|[\xd0][\x9c\xbc]|[\xd2][\xa7]|[\xd3][\x8d\x8e]) replace_tag N (?:[n\xd1\xf1]|[\xc3][\x91\xb1]|[\xc5][\x83\x84\x85\x86\x87\x88\x89\x8a\x8b]|[\xc9][\xb2\xb3\xb4]|[\xce][\x9d\xae\xb7]|[\xcf][\x80]|[\xd0][\x98\x99\x9f\xb8\xb9\xbb\xbf]|[\xd1][\x9d]|[\xd2][\x8a\x8b]|[\xd3][\x86\xa2\xa3\xa4\xa5]|[\xd4][\xa5]|[\xd5][\x88\x8c\xa4\xa8\xb2\xb8\xbc]|[\xd6][\x80]) replace_tag O (?:[go0\xd2\xd3\xd4\xd5\xd6\xd8\xf0\xf2\xf3\xf4\xf5\xf6\xf8]|[\xc3][\x92\x93\x94\x95\x96\x98\xb2\xb3\xb4\xb5\xb6\xb8]|[\xc5][\x8c\xbd\xbe\xbf\x90\x91]|[\xce][\x8c\x98\x9f\xbf]|[\xcf][\x8c\x98\x99]|[\xd0][\x9e\xae\xbe]|[\xd1][\xba\xbb]|[\xd3][\xa6\xa7\xa8\xaa]|[\xd4][\x9a]|[\xd5][\x95\xae]|[\xd6][\x85]|[\xd7][\xa1]) replace_tag P (?:[p\xfe]|[\xce][\xa1]|[\xcf][\x81\xb7\xb8]|[\xd0][\xa0]|[\xd1][\x80]|[\xd2][\x8e\x8f]|[\xd4][\x97]|[\xd5][\xa9]|[\xd6][\x84]) replace_tag Q (?:q|[\xcf][\x98\xa4\xa5]|[\xd4][\x9a\x9b\xb3]|[\xd5][\xa3\xa6]) replace_tag R (?:r|[\xc5][\x94\x95\x96\x97\x98\x99]|[\xc8][\x90\x91\x92\x93]|[\xd0][\x93\xaf]|[\xd1][\x8f\x93]|[\xd2][\x90\x91\x93]|[\xd3][\xb6\xb7]|[\xd4][\xb8\xbb]|[\xd5][\x90\x92]|[\xd6][\x80]|&\#(?:1(?:071|103)|34[0-5]|422|5(?:2[89]|3[01]|8[89])|6(?:3[67]|40));) replace_tag S (?:[sz\xa6\xa7]|[\xc5][\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1]|[\xd0][\x85]|[\xd1][\x95]|[\xd5][\x8f]) replace_tag T (?:t|[\xc5][\xa2\xa3\xa4\xa5\xa6\xa7]|[\xcd][\xb2\xb3]|[\xce][\xa4]|[\xcf][\x84]|[\xd0][\x93\xa2]|[\xd1][\x82]|[\xd2][\x90\xac\xad]|[\xd3][\xb6]|[\xd4][\xb5\xb7]|[\xd5][\x92\xa7]) replace_tag U (?:[uv\xb5\xd9\xda\xdb\xdc\xfc\xfb\xfa\xf9\xfd]|[\xc3][\x99\x9a\x9b\x9c\xb9\xba\xbb\xbc]|[\xc5][\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3]|[\xcf][\x85\x8b\x8d]|[\xd0][\x8f\xa6]|[\xd1][\x86\x9f]|[\xd4][\xb1\xbf]|[\xd5][\x84\x8d\xb4\xb6\xbd\xbe]|[\xd6][\x87]) replace_tag V (?:[vu]|\\\/|[\xce][\xbd]|[\xd1][\xb4\xb5\xb6\xb7]) replace_tag W (?:[wv]|[\xc5][\xb4\xb5]|[\xc9][\xaf\xb0]|[\xce][\xa8]|[\xcf][\x86\x88\x89\x8e\x96\xa2\xa3]|[\xd0][\xa8\xa9]|[\xd1][\x88\x89\xa1\xb0\xb1\xbf]|[\xd4][\x9c\x9d]|[\xd5][\xa1\xba]) replace_tag X (?:[x\xd7]|><|[\xce][\xa7]|[\xcf][\x87\xa7\x97\xb0]|[\xd0][\x96\xa5\xb6]|[\xd1][\x85]|[\xd2][\x96\x97\xb2\xb3]|[\xd3][\x81\x82\x9c\x9d\xbc\xbd\xbe\xbf]) replace_tag Y (?:[y\xff\xfd\xa5j]|[\xc3][\x9d\xbd\xbf]|[\xc5][\xb6\xb7\xb8]|[\xce][\x8e\xa5\xab\xb3]|[\xcf][\x92\x93\x94]|[\xd0][\x8e\xa3]|[\xd1][\x83\x87\x9e]|[\xd2][\xae\xaf\xb0\xb1\xb6\xb7\xb8\xb9]|[\xd3][\x8b\x8c\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5]|[\xd4][\xbf]|[\xd5][\x8e\xaf\xbe]) replace_tag Z (?:[zs]|[\xc5][\xb9\xba\xbb\xbc\xbd\xbe]|[\xce][\x96\xb6]) replace_tag IMG (?:jpe?g|gif|png) replace_tag SP [\s\d_*\$\%(),.:;?!}{\[\]|\/?^\#~\xa1`'+-] replace_tag WS (?:=?\s|[\xe2](?:[\x80][\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\xaf]|[\x81][\x9f])|&(?:\#(?:8(?:19[2-9]|20[0-5]|239|287)|160|xa0)|(?:e[nm]|nb|thin)sp);) replace_tag CUR [\$\xa5\xa3\xa4\xa2] replace_inter SP [\s\d_*\$\%(),.:;?!}{\[\]|\/?^\#~\xa1`'+-] replace_inter W1 \W? replace_inter W2 \W{0,2} replace_inter W3 \W{0,3} replace_post P2 {1,2} replace_post P3 {1,3} ########################################################################### # fuzzy header tests header SUBJECT_FUZZY_MEDS Subject =~ /(?:\b|_)(?!meds)(?:\b|_)/i describe SUBJECT_FUZZY_MEDS Attempt to obfuscate words in Subject: replace_rules SUBJECT_FUZZY_MEDS header __SUBJECT_FUZZY_VPILL Subject =~ /(?!viagra)/i replace_rules __SUBJECT_FUZZY_VPILL meta SUBJECT_FUZZY_VPILL __SUBJECT_FUZZY_VPILL && !FUZZY_VPILL describe SUBJECT_FUZZY_VPILL Attempt to obfuscate words in Subject: header SUBJECT_FUZZY_CHEAP Subject =~ /\b(?!cheap)

(?:\b|)/i describe SUBJECT_FUZZY_CHEAP Attempt to obfuscate words in Subject: replace_rules SUBJECT_FUZZY_CHEAP header SUBJECT_FUZZY_PENIS Subject =~ /\b(?!pen\s?(?:ie?s|ny[ ']?s))

\b/i describe SUBJECT_FUZZY_PENIS Attempt to obfuscate words in Subject: replace_rules SUBJECT_FUZZY_PENIS header SUBJECT_FUZZY_TION Subject =~ /(?!tion)/i describe SUBJECT_FUZZY_TION Attempt to obfuscate words in Subject: replace_rules SUBJECT_FUZZY_TION ########################################################################### # fuzzy body tests body FUZZY_AFFORDABLE /(?!affordable)/i describe FUZZY_AFFORDABLE Attempt to obfuscate words in spam replace_rules FUZZY_AFFORDABLE # Not performing 6/2019, too much cpu #body FUZZY_AMBIEN /(?/i #describe FUZZY_AMBIEN Attempt to obfuscate words in spam #replace_rules FUZZY_AMBIEN body FUZZY_BILLION /(?!billion)/i describe FUZZY_BILLION Attempt to obfuscate words in spam replace_rules FUZZY_BILLION body FUZZY_CPILL /(?!ciali[sz])/i describe FUZZY_CPILL Attempt to obfuscate words in spam replace_rules FUZZY_CPILL body FUZZY_CREDIT /(?![ck]r[e\xe9]dit)/i describe FUZZY_CREDIT Attempt to obfuscate words in spam replace_rules FUZZY_CREDIT # Not performing 6/2019, too much cpu #body FUZZY_ERECT /(?!erection)/i #describe FUZZY_ERECT Attempt to obfuscate words in spam #replace_rules FUZZY_ERECT body FUZZY_GUARANTEE /(?!guarantee)/i describe FUZZY_GUARANTEE Attempt to obfuscate words in spam replace_rules FUZZY_GUARANTEE body FUZZY_MEDICATION /(?!medicati[eo])/i describe FUZZY_MEDICATION Attempt to obfuscate words in spam replace_rules FUZZY_MEDICATION body FUZZY_MILLION /(?!milli?[o\xf3\xd3]n)/i describe FUZZY_MILLION Attempt to obfuscate words in spam replace_rules FUZZY_MILLION body FUZZY_MONEY /(?!money)/i describe FUZZY_MONEY Attempt to obfuscate words in spam replace_rules FUZZY_MONEY body FUZZY_MORTGAGE /(?!mortgage)/i describe FUZZY_MORTGAGE Attempt to obfuscate words in spam replace_rules FUZZY_MORTGAGE body FUZZY_OBLIGATION /(?!obligation)/i describe FUZZY_OBLIGATION Attempt to obfuscate words in spam replace_rules FUZZY_OBLIGATION body FUZZY_OFFERS /(?!offers)/i describe FUZZY_OFFERS Attempt to obfuscate words in spam replace_rules FUZZY_OFFERS body FUZZY_PHARMACY /(?!pharmacy)

/i describe FUZZY_PHARMACY Attempt to obfuscate words in spam replace_rules FUZZY_PHARMACY body FUZZY_PHENT /(?!phentermine)

/i describe FUZZY_PHENT Attempt to obfuscate words in spam replace_rules FUZZY_PHENT body FUZZY_PRESCRIPT /(?!prescription)

/i describe FUZZY_PRESCRIPT Attempt to obfuscate words in spam replace_rules FUZZY_PRESCRIPT # left S off of negative look-ahead on purpose body FUZZY_PRICES /(?!price)

/i describe FUZZY_PRICES Attempt to obfuscate words in spam replace_rules FUZZY_PRICES body FUZZY_REFINANCE /(?!refinance)/i describe FUZZY_REFINANCE Attempt to obfuscate words in spam replace_rules FUZZY_REFINANCE body FUZZY_REMOVE /(?!remove)/i describe FUZZY_REMOVE Attempt to obfuscate words in spam replace_rules FUZZY_REMOVE # Not performing 6/2019, too much cpu #body FUZZY_ROLEX /(?!rolex)/i #describe FUZZY_ROLEX Attempt to obfuscate words in spam #replace_rules FUZZY_ROLEX body FUZZY_SOFTWARE /(?!software)/i describe FUZZY_SOFTWARE Attempt to obfuscate words in spam replace_rules FUZZY_SOFTWARE body FUZZY_THOUSANDS /(?!thousands)/i describe FUZZY_THOUSANDS Attempt to obfuscate words in spam replace_rules FUZZY_THOUSANDS body FUZZY_VLIUM /(?!valium|verifiquem|volturno|vollum)/i describe FUZZY_VLIUM Attempt to obfuscate words in spam replace_rules FUZZY_VLIUM body FUZZY_VIOXX /(?!vioxx)/i describe FUZZY_VIOXX Attempt to obfuscate words in spam replace_rules FUZZY_VIOXX body FUZZY_VPILL /(?!viagra)/i describe FUZZY_VPILL Attempt to obfuscate words in spam replace_rules FUZZY_VPILL body FUZZY_XPILL /(?!xanax)/i describe FUZZY_XPILL Attempt to obfuscate words in spam replace_rules FUZZY_XPILL endif # Mail::SpamAssassin::Plugin::ReplaceTags