### SpamAssassin rules file: rules under test, $Rev$
###
### This file is a placeholder for rules "under probation", i.e. checked into
### SVN for testing. It should not be distributed; if the rules have good
### stats after a mass-check or two, then fold them into the distributed
### rules files.
###
### I suggest adding a prefix to rules in this file, "T_" -- this
### helps identify probationary rules in test output.
###
### <@LICENSE>
### Copyright 2004 Apache Software Foundation
### 
### Licensed under the Apache License, Version 2.0 (the "License");
### you may not use this file except in compliance with the License.
### You may obtain a copy of the License at
### 
###     http://www.apache.org/licenses/LICENSE-2.0
### 
### Unless required by applicable law or agreed to in writing, software
### distributed under the License is distributed on an "AS IS" BASIS,
### WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
### See the License for the specific language governing permissions and
### limitations under the License.
### </@LICENSE>
###
##########################################################################
##
### partial messages; currently-theoretical attack
### unsurprisingly this hits 0/0 right now.  But should we promote it anyway
### to protect against the possibility?
##header T_FRAGMENTED_MESSAGE	Content-Type =~ /message\/partial/i
##
### I'm curious, may help explain more ALL_TRUSTED fps
##body T_SA_MARKED_UP     /Spam detection software, running on the system /
##
##########################################################################
##
### IADB
##header __RCVD_IN_IADB		eval:check_rbl('iadb', 'iadb.isipp.com.')
##tflags __RCVD_IN_IADB		net nice
##
##header T_RCVD_IN_IADB_LIST	eval:check_rbl_sub('iadb', '127.0.0.1')
##describe T_RCVD_IN_IADB_LIST	Sender is listed in ISIPP IADB
##tflags T_RCVD_IN_IADB_LIST	net nice
##
### IADB trusted
##header __RCVD_IN_IADB_T		eval:check_rbl('iadbt-firsttrusted', 'iadb.isipp.com.')
##tflags __RCVD_IN_IADB_T		net nice
##
##header T_RCVD_IN_IADB_LIST_T	eval:check_rbl_sub('iadbtr', '127.0.0.1')
##describe T_RCVD_IN_IADB_LIST_T	Sender is listed in ISIPP IADB
##tflags T_RCVD_IN_IADB_LIST_T	net nice
##
##########################################################################
##
### Updated test rules for fraud, uses existing rules and updated rules
##body __T_FRAUD_92	/youre? country/i
##body __T_FRAUD_110	/the total sum/i
##body __T_FRAUD_2	/\bass?ylum\b/i
##body __T_FRAUD_102	/foreign (?:offshore )?(?:bank|account)/i
##body __T_FRAUD_144	/\bnext of kin\b/i
##body __T_FRAUD_235	/(?:international|luckyday|overseas stake|promo|world) lott(?:o|ery)/i
##body __T_FRAUD_258	/computer ballot system/i
##body __T_FRAUD_113	/win cash/i
##body __T_FRAUD_44	/(?:may i first|to) introduce my ?self/i
##body __T_FRAUD_81	/as the beneficiary/i
##body __T_FRAUD_58	/\bcongo\b/i
##body __T_FRAUD_259	/drawn	?from.{0,10}\d{2,3},?\d{3}/i
##body __T_FRAUD_149	/as a minister/i
##body __T_FRAUD_236	/lott(?:o|ery) (?:co,?ordinator|international)/i
##body __T_FRAUD_249	/bequest/i
##body __T_FRAUD_125	/(?:white|black|zimbabwean) farmers?/i
##body __T_FRAUD_252	/modalit(?:y|ies)/i
##body __T_FRAUD_132	/(?:who was a|as a|an? honest|you being a|to any) foreigner/i
##body __T_FRAUD_227	/(?:negotiate|reasonable|acc?or?ding|certain|agg?ree).{1,20}percentage/i
##body __T_FRAUD_100	/(?:claim|concerning) (?:the|this) money/i
##body __T_FRAUD_26	/charity organization/i
##body __T_FRAUD_88	/remains unclaimed/i
##body __T_FRAUD_16	/land dispute/i
##body __T_FRAUD_240	/award notification/i
##body __T_FRAUD_157	/god gives .{1,10}second chance/i
##body __T_FRAUD_46	/i am contacting you/i
##body __T_FRAUD_133	/foreign (?:business partner|customer)/i
##body __T_FRAUD_228	/percentage.{1,10}(?:indicat|previous|involved)/i
##body __T_FRAUD_120	/letter of authority/i
##body __T_FRAUD_114	/you are.{0,8}winner/i
##body __T_FRAUD_142	/my late (?:husband|wife|brother|uncle|aunt|father|mother) (?:is|[hw]a[ds])\b/i
##body __T_FRAUD_94	/(?:huge|substantial) amount of m[o0]ney/i
##body __T_FRAUD_146	/the (?:wife|heir) (?:to|of)\b/i
##body __T_FRAUD_96	/(?:will share the money|your share.{1,10}(?:shall|sum|total|money|funds))/i
##body __T_FRAUD_41	/prize award dept/i
##body __T_FRAUD_216	/reliable person/i
##body __T_FRAUD_137	/fiduciary agent/i
##body __T_FRAUD_82	/compliments? of the season/i
##body __T_FRAUD_251	/magnanimity/i
##body __T_FRAUD_19	/political crisis/i
##body __T_FRAUD_254	/\bnumbered time\b/i
##body __T_FRAUD_241	/urgent and(?: very)? (?:profitable|confidential) business propos(?:al|ition)/i
##body __T_FRAUD_35	/international court of justice/i
##body __T_FRAUD_217	/secrecy and confidentiality/i
##body __T_FRAUD_221	/(?:the importance of|utmost) secrecy/i
##body __T_FRAUD_124	/vital documents/i
##body __T_FRAUD_18	/over-invoice/i
##body __T_FRAUD_42	/(?:finance|holding|securit(?:ies|y)) (?:company|firm|storage house)/i
##body __T_FRAUD_31	/embassy/i
##body __T_FRAUD_115	/your share shall be\b/i
##body __T_FRAUD_3	/assassinate/i
##body __T_FRAUD_220	/\bto assure you\b/i
##meta T_NIGERIAN_BODY_1	( __NIGERIAN_BODY_1 + __NIGERIAN_BODY_2 + __NIGERIAN_BODY_3 + __NIGERIAN_BODY_5 + __NIGERIAN_BODY_6 + __NIGERIAN_BODY_7 + __NIGERIAN_BODY_8 + __NIGERIAN_BODY_9 + __NIGERIAN_BODY_10 + __NIGERIAN_BODY_11 + __NIGERIAN_BODY_12 + __NIGERIAN_BODY_13 + __NIGERIAN_BODY_14 + __NIGERIAN_BODY_16 + __NIGERIAN_BODY_17 + __NIGERIAN_BODY_18 + __NIGERIAN_BODY_19 + __NIGERIAN_BODY_20 + __NIGERIAN_BODY_21 + __NIGERIAN_BODY_22 + __NIGERIAN_BODY_25 + __NIGERIAN_BODY_26 + __NIGERIAN_BODY_27 + __NIGERIAN_BODY_28 + __NIGERIAN_BODY_29 + __NIGERIAN_BODY_30 + __NIGERIAN_BODY_31 + __NIGERIAN_BODY_32 + __NIGERIAN_BODY_33 + __NIGERIAN_BODY_34 + __NIGERIAN_BODY_35 + __NIGERIAN_BODY_36 + __NIGERIAN_BODY_37 + __NIGERIAN_BODY_39 + __NIGERIAN_BODY_40 + __NIGERIAN_BODY_41 + __NIGERIAN_BODY_42 + __NIGERIAN_BODY_43 + __NIGERIAN_BODY_44 + __NIGERIAN_BODY_45 + __NIGERIAN_BODY_46 + __T_FRAUD_92 + __T_FRAUD_110 + __T_FRAUD_2 + __T_FRAUD_102 + __T_FRAUD_144 + __T_FRAUD_235 + __T_FRAUD_258 + __T_FRAUD_113 + __T_FRAUD_44 + __T_FRAUD_81 + __T_FRAUD_58 + __T_FRAUD_259 + __T_FRAUD_149 + __T_FRAUD_236 + __T_FRAUD_249 + __T_FRAUD_125 + __T_FRAUD_252 + __T_FRAUD_132 + __T_FRAUD_227 + __T_FRAUD_100 + __T_FRAUD_26 + __T_FRAUD_88 + __T_FRAUD_16 + __T_FRAUD_240 + __T_FRAUD_157 + __T_FRAUD_46 + __T_FRAUD_133 + __T_FRAUD_228 + __T_FRAUD_120 + __T_FRAUD_114 + __T_FRAUD_142 + __T_FRAUD_94 + __T_FRAUD_146 + __T_FRAUD_96 + __T_FRAUD_41 + __T_FRAUD_216 + __T_FRAUD_137 + __T_FRAUD_82 + __T_FRAUD_251 + __T_FRAUD_19 + __T_FRAUD_254 + __T_FRAUD_241 + __T_FRAUD_35 + __T_FRAUD_217 + __T_FRAUD_221 + __T_FRAUD_124 + __T_FRAUD_18 + __T_FRAUD_42 + __T_FRAUD_31 + __T_FRAUD_115 + __T_FRAUD_3 + __T_FRAUD_220 ) > 1
##meta T_NIGERIAN_BODY_2	( __NIGERIAN_BODY_1 + __NIGERIAN_BODY_2 + __NIGERIAN_BODY_3 + __NIGERIAN_BODY_5 + __NIGERIAN_BODY_6 + __NIGERIAN_BODY_7 + __NIGERIAN_BODY_8 + __NIGERIAN_BODY_9 + __NIGERIAN_BODY_10 + __NIGERIAN_BODY_11 + __NIGERIAN_BODY_12 + __NIGERIAN_BODY_13 + __NIGERIAN_BODY_14 + __NIGERIAN_BODY_16 + __NIGERIAN_BODY_17 + __NIGERIAN_BODY_18 + __NIGERIAN_BODY_19 + __NIGERIAN_BODY_20 + __NIGERIAN_BODY_21 + __NIGERIAN_BODY_22 + __NIGERIAN_BODY_25 + __NIGERIAN_BODY_26 + __NIGERIAN_BODY_27 + __NIGERIAN_BODY_28 + __NIGERIAN_BODY_29 + __NIGERIAN_BODY_30 + __NIGERIAN_BODY_31 + __NIGERIAN_BODY_32 + __NIGERIAN_BODY_33 + __NIGERIAN_BODY_34 + __NIGERIAN_BODY_35 + __NIGERIAN_BODY_36 + __NIGERIAN_BODY_37 + __NIGERIAN_BODY_39 + __NIGERIAN_BODY_40 + __NIGERIAN_BODY_41 + __NIGERIAN_BODY_42 + __NIGERIAN_BODY_43 + __NIGERIAN_BODY_44 + __NIGERIAN_BODY_45 + __NIGERIAN_BODY_46 + __T_FRAUD_92 + __T_FRAUD_110 + __T_FRAUD_2 + __T_FRAUD_102 + __T_FRAUD_144 + __T_FRAUD_235 + __T_FRAUD_258 + __T_FRAUD_113 + __T_FRAUD_44 + __T_FRAUD_81 + __T_FRAUD_58 + __T_FRAUD_259 + __T_FRAUD_149 + __T_FRAUD_236 + __T_FRAUD_249 + __T_FRAUD_125 + __T_FRAUD_252 + __T_FRAUD_132 + __T_FRAUD_227 + __T_FRAUD_100 + __T_FRAUD_26 + __T_FRAUD_88 + __T_FRAUD_16 + __T_FRAUD_240 + __T_FRAUD_157 + __T_FRAUD_46 + __T_FRAUD_133 + __T_FRAUD_228 + __T_FRAUD_120 + __T_FRAUD_114 + __T_FRAUD_142 + __T_FRAUD_94 + __T_FRAUD_146 + __T_FRAUD_96 + __T_FRAUD_41 + __T_FRAUD_216 + __T_FRAUD_137 + __T_FRAUD_82 + __T_FRAUD_251 + __T_FRAUD_19 + __T_FRAUD_254 + __T_FRAUD_241 + __T_FRAUD_35 + __T_FRAUD_217 + __T_FRAUD_221 + __T_FRAUD_124 + __T_FRAUD_18 + __T_FRAUD_42 + __T_FRAUD_31 + __T_FRAUD_115 + __T_FRAUD_3 + __T_FRAUD_220 ) > 2
##meta T_NIGERIAN_BODY_3	( __NIGERIAN_BODY_1 + __NIGERIAN_BODY_2 + __NIGERIAN_BODY_3 + __NIGERIAN_BODY_5 + __NIGERIAN_BODY_6 + __NIGERIAN_BODY_7 + __NIGERIAN_BODY_8 + __NIGERIAN_BODY_9 + __NIGERIAN_BODY_10 + __NIGERIAN_BODY_11 + __NIGERIAN_BODY_12 + __NIGERIAN_BODY_13 + __NIGERIAN_BODY_14 + __NIGERIAN_BODY_16 + __NIGERIAN_BODY_17 + __NIGERIAN_BODY_18 + __NIGERIAN_BODY_19 + __NIGERIAN_BODY_20 + __NIGERIAN_BODY_21 + __NIGERIAN_BODY_22 + __NIGERIAN_BODY_25 + __NIGERIAN_BODY_26 + __NIGERIAN_BODY_27 + __NIGERIAN_BODY_28 + __NIGERIAN_BODY_29 + __NIGERIAN_BODY_30 + __NIGERIAN_BODY_31 + __NIGERIAN_BODY_32 + __NIGERIAN_BODY_33 + __NIGERIAN_BODY_34 + __NIGERIAN_BODY_35 + __NIGERIAN_BODY_36 + __NIGERIAN_BODY_37 + __NIGERIAN_BODY_39 + __NIGERIAN_BODY_40 + __NIGERIAN_BODY_41 + __NIGERIAN_BODY_42 + __NIGERIAN_BODY_43 + __NIGERIAN_BODY_44 + __NIGERIAN_BODY_45 + __NIGERIAN_BODY_46 + __T_FRAUD_92 + __T_FRAUD_110 + __T_FRAUD_2 + __T_FRAUD_102 + __T_FRAUD_144 + __T_FRAUD_235 + __T_FRAUD_258 + __T_FRAUD_113 + __T_FRAUD_44 + __T_FRAUD_81 + __T_FRAUD_58 + __T_FRAUD_259 + __T_FRAUD_149 + __T_FRAUD_236 + __T_FRAUD_249 + __T_FRAUD_125 + __T_FRAUD_252 + __T_FRAUD_132 + __T_FRAUD_227 + __T_FRAUD_100 + __T_FRAUD_26 + __T_FRAUD_88 + __T_FRAUD_16 + __T_FRAUD_240 + __T_FRAUD_157 + __T_FRAUD_46 + __T_FRAUD_133 + __T_FRAUD_228 + __T_FRAUD_120 + __T_FRAUD_114 + __T_FRAUD_142 + __T_FRAUD_94 + __T_FRAUD_146 + __T_FRAUD_96 + __T_FRAUD_41 + __T_FRAUD_216 + __T_FRAUD_137 + __T_FRAUD_82 + __T_FRAUD_251 + __T_FRAUD_19 + __T_FRAUD_254 + __T_FRAUD_241 + __T_FRAUD_35 + __T_FRAUD_217 + __T_FRAUD_221 + __T_FRAUD_124 + __T_FRAUD_18 + __T_FRAUD_42 + __T_FRAUD_31 + __T_FRAUD_115 + __T_FRAUD_3 + __T_FRAUD_220 ) > 3
##meta T_NIGERIAN_BODY_4	( __NIGERIAN_BODY_1 + __NIGERIAN_BODY_2 + __NIGERIAN_BODY_3 + __NIGERIAN_BODY_5 + __NIGERIAN_BODY_6 + __NIGERIAN_BODY_7 + __NIGERIAN_BODY_8 + __NIGERIAN_BODY_9 + __NIGERIAN_BODY_10 + __NIGERIAN_BODY_11 + __NIGERIAN_BODY_12 + __NIGERIAN_BODY_13 + __NIGERIAN_BODY_14 + __NIGERIAN_BODY_16 + __NIGERIAN_BODY_17 + __NIGERIAN_BODY_18 + __NIGERIAN_BODY_19 + __NIGERIAN_BODY_20 + __NIGERIAN_BODY_21 + __NIGERIAN_BODY_22 + __NIGERIAN_BODY_25 + __NIGERIAN_BODY_26 + __NIGERIAN_BODY_27 + __NIGERIAN_BODY_28 + __NIGERIAN_BODY_29 + __NIGERIAN_BODY_30 + __NIGERIAN_BODY_31 + __NIGERIAN_BODY_32 + __NIGERIAN_BODY_33 + __NIGERIAN_BODY_34 + __NIGERIAN_BODY_35 + __NIGERIAN_BODY_36 + __NIGERIAN_BODY_37 + __NIGERIAN_BODY_39 + __NIGERIAN_BODY_40 + __NIGERIAN_BODY_41 + __NIGERIAN_BODY_42 + __NIGERIAN_BODY_43 + __NIGERIAN_BODY_44 + __NIGERIAN_BODY_45 + __NIGERIAN_BODY_46 + __T_FRAUD_92 + __T_FRAUD_110 + __T_FRAUD_2 + __T_FRAUD_102 + __T_FRAUD_144 + __T_FRAUD_235 + __T_FRAUD_258 + __T_FRAUD_113 + __T_FRAUD_44 + __T_FRAUD_81 + __T_FRAUD_58 + __T_FRAUD_259 + __T_FRAUD_149 + __T_FRAUD_236 + __T_FRAUD_249 + __T_FRAUD_125 + __T_FRAUD_252 + __T_FRAUD_132 + __T_FRAUD_227 + __T_FRAUD_100 + __T_FRAUD_26 + __T_FRAUD_88 + __T_FRAUD_16 + __T_FRAUD_240 + __T_FRAUD_157 + __T_FRAUD_46 + __T_FRAUD_133 + __T_FRAUD_228 + __T_FRAUD_120 + __T_FRAUD_114 + __T_FRAUD_142 + __T_FRAUD_94 + __T_FRAUD_146 + __T_FRAUD_96 + __T_FRAUD_41 + __T_FRAUD_216 + __T_FRAUD_137 + __T_FRAUD_82 + __T_FRAUD_251 + __T_FRAUD_19 + __T_FRAUD_254 + __T_FRAUD_241 + __T_FRAUD_35 + __T_FRAUD_217 + __T_FRAUD_221 + __T_FRAUD_124 + __T_FRAUD_18 + __T_FRAUD_42 + __T_FRAUD_31 + __T_FRAUD_115 + __T_FRAUD_3 + __T_FRAUD_220 ) > 4
##
##########################################################################
##
### McFadden Associates - SpamAssassin Recipe
### 1/20/2004 - http://bl.csma.biz/
##header T_RCVD_IN_CSMA_BL	eval:check_rbl('csma_bl', 'bl.csma.biz.')
##describe T_RCVD_IN_CSMA_BL	Received via a blocked site in bl.csma.biz
##tflags T_RCVD_IN_CSMA_BL	net
##
##header T_DNS_FROM_SECURITYSAGE	eval:check_rbl_envfrom('securitysage', 'blackhole.securitysage.com.')
##describe T_DNS_FROM_SECURITYSAGE	Envelope sender in blackholes.securitysage.com
##tflags T_DNS_FROM_SECURITYSAGE	net
##
##########################################################################
##
### header T_FORGED_IN_WHITELIST      eval:check_forged_in_whitelist()
### describe T_FORGED_IN_WHITELIST    Forged From: is in user's white-list
### tflags T_FORGED_IN_WHITELIST      userconf
### 
### header T_FORGED_DEF_WHITELIST     eval:check_forged_in_default_whitelist()
### describe T_FORGED_DEF_WHITELIST   Forged From: is in default white-list
### tflags T_FORGED_DEF_WHITELIST     userconf