# Rules used in the test suite. This allows us to change the # main ruleset without breaking the test suite. # <@LICENSE> # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to you under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at: # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # This file defines a subset of the default rules that tests can count on # If you need something else in a test, use tstpre, tstlocalrules, or tstprefs in the test # instead of adding it here, so tests can be more self-contained and maintainable. header TEST_NOREALNAME From =~ /^["\s]*\?\s*$/ describe TEST_NOREALNAME From: does not include a real name score TEST_NOREALNAME 5 header TEST_ENDSNUMS From:addr =~ /\D\d{8,}\@/i describe TEST_ENDSNUMS From: ends in many numbers score TEST_ENDSNUMS 5 header TEST_FORGED_YAHOO_RCVD eval:check_for_forged_yahoo_received_headers() describe TEST_FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers score TEST_FORGED_YAHOO_RCVD 5 uri TEST_NORMAL_HTTP_TO_IP m{^https?://\d+\.\d+\.\d+\.\d+}i describe TEST_NORMAL_HTTP_TO_IP Uses a dotted-decimal IP address in URL score TEST_NORMAL_HTTP_TO_IP 5 body TEST_EXCUSE_12 /this (?:e?-?mail|message) (?:(?:has )?reached|was sent to) you in error/i describe TEST_EXCUSE_12 Nobody's perfect score TEST_EXCUSE_12 5 body TEST_EXCUSE_4 /To Be Removed,? Please/i describe TEST_EXCUSE_4 Claims you can be removed from the list score TEST_EXCUSE_4 5 header TEST_INVALID_DATE Date !~ /^\s*(?:(?i:Mon|Tue|Wed|Thu|Fri|Sat|Sun),\s+)?[0-3\s]?[0-9]\s+(?i:Jan|Feb|Ma[ry]|Apr|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+(?:[12][901])?[0-9]{2}\s+[0-2]?[0-9](?:\:[0-5][0-9]){1,2}\s+(?:[AP]M\s+)?(?:[+-][0-9]{4}|UT|[A-Z]{2,3}T)(?:\s+\(.*\))?\s*$/ [if-unset: Wed, 31 Jul 2002 16:41:57 +0200] describe TEST_INVALID_DATE Invalid Date: header (not RFC 2822) score TEST_INVALID_DATE 5 header TEST_MSGID_OUTLOOK_INVALID eval:check_outlook_message_id() describe TEST_MSGID_OUTLOOK_INVALID Message-Id is fake (in Outlook Express format) score TEST_MSGID_OUTLOOK_INVALID 5 header MISSING_HB_SEP eval:check_msg_parse_flags('missing_head_body_separator') describe MISSING_HB_SEP Missing blank line between message header and body tflags MISSING_HB_SEP userconf header X_MESSAGE_INFO exists:X-Message-Info describe X_MESSAGE_INFO Bulk email fingerprint (X-Message-Info) found header SORTED_RECIPS eval:sorted_recipients() describe SORTED_RECIPS Recipient list is sorted by address header SUSPICIOUS_RECIPS eval:similar_recipients('0.65','undef') describe SUSPICIOUS_RECIPS Similar addresses in recipient list body GTUBE /XJS\*C4JDBQADN1\.NSBN3\*2IDNEN\*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL\*C\.34X/ describe GTUBE Generic Test for Unsolicited Bulk Email score GTUBE 1000 tflags GTUBE userconf noautolearn header __HAS_MSGID MESSAGEID =~ /\S/ header __SANE_MSGID MESSAGEID =~ /^<[^<>\\ \t\n\r\x0b\x80-\xff]+\@[^<>\\ \t\n\r\x0b\x80-\xff]+>\s*$/m header __MSGID_COMMENT MESSAGEID =~ /\(.*\)/m meta INVALID_MSGID __HAS_MSGID && !(__SANE_MSGID || __MSGID_COMMENT) describe INVALID_MSGID Message-Id is not valid, according to RFC 2822 score INVALID_MSGID 2.999 2.603 2.489 1.900 header TEST_MSGID_SPAM_CAPS Message-ID =~ /^\s*