# SpamAssassin rules file: kam sandbox
#
# Please don't modify this file as your changes will be overwritten with
# the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead.
# See 'perldoc Mail::SpamAssassin::Conf' for details.
#
# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# @LICENSE>
#
###########################################################################
#THIS IS A SANDBOX FOR Amir Caspi's rules - cepheid@3phase.com
# Spammy URI patterns
# http://sequncilk.info/outl
uri __AC_OUTL_URI /\/outl\b/
# http://sequncilk.info/outi
uri __AC_OUTI_URI /\/outi\b/
# http://coarsely.moneusel.in/web/campaign/NDF8MjR8MTYwMg,,/land/rY2VwaGVpZEAzcGhhc2UuY29tu/
uri __AC_LAND_URI /\/land\//
# http://almond.potauron.in/web/campaign/NTEyfDI0fDE1OTE,/unsub/qY2VwaGVpZEAzcGhhc2UuY29tu/
uri __AC_UNSUB_URI /\/unsub\//
# http://nottingham.axonanip.in/report/
uri __AC_REPORT_URI /\/report\//
# http://privatizer.bolorn.net/php/off/97.25/top/
uri __AC_PHPOFFTOP_URI /\/php\/off\/[0-9.]+\/top\//
# http://courtdays.bolorn.net/php/off/97.25/sub/
uri __AC_PHPOFFSUB_URI /\/php\/off\/[0-9.]+\/sub\//
# http://www.shoosecalehhd.us/3345/174/380/1411/2938.11tt1747757AAF11.php
uri __AC_NUMS_URI /(?:\/[0-9]+){5}\.[0-9a-zA-Z]+\.(:?php|html)\b/
# http://www.chubbydiet.biz/11VP6856DOBTTT53RYM380F1073AHG1687LCS12K1907471II3470154694.php
uri __AC_LONGSEQ_URI /\/[A-Z0-9]{50,}\.(?:php|html|cgi)\b/
# http://www.losefast.us/1a83066009e4c6a4463ef4bb01/C/
uri __AC_1SEQC_URI /\/1[a-z0-9]8[a-z0-9_]{20,}\/C\//
# http://www.search-lots-archiv.com/1c8481478cf46e0b6d9dd0e40801/V/F5B03UPMP/8BJ6447LN.jpg
uri __AC_1SEQV_URI /\/1[a-z0-9]8[a-z0-9_]{20,}\/V\//
# http://www.losefast.us/r/move/254/42182/61283
uri __AC_RMOVE_URI /\/r\/move\/[0-9]+\//
# http://www.flaxchid.com/mo.n+new1844407650e8crit-ical.32153002was/es?t.816265832
uri __AC_PUNCTNUMS_URI /\.com\/[A-Za-z+=\/.?_-]{4,}[0-9]{9,12}[a-z0-9]{1,2}[A-Za-z+=\/.?_-]+[0-9]{7,9}[A-Za-z+=\/.?_-]{6,}[0-9]{7,9}\b/
#http://approbativeness57.isfient.me/caller-vulgarize-thriller-formality/forget-diet-pills-and-exercise-get-350-recipes-and-a-paleo-meal-plan/359297028/unjustifiedness.aspx
uri __AC_NDOMLONGNASPX_URI /[A-Za-z]+[0-9]{2}\.[A-Za-z0-9-]+\.me\/(?:[A-Za-z0-9-]{10,}\/){2}[0-9]{8,}\/[A-Za-z]+\.aspx/
#http://www.honkzoo.org/chd196h4d60c7347h484h886d5b
uri __AC_CHDSEQ_URI /\/chd[a-z0-9]{20,}/
#http://www.honkzoo.org/mhd196h4d60c7347h484h03c00c
uri __AC_MHDSEQ_URI /\/mhd[a-z0-9]{20,}/
#http://www.altkangaroo.com/uhd228h4da2fd0c5h49bhff5c2f
uri __AC_UHDSEQ_URI /\/uhd[a-z0-9]{20,}/
meta AC_SPAMMY_URI_PATTERNS1 (__AC_OUTL_URI && __AC_OUTI_URI)
describe AC_SPAMMY_URI_PATTERNS1 link combos match highly spammy template
score AC_SPAMMY_URI_PATTERNS1 4.0
tflags AC_SPAMMY_URI_PATTERNS1 publish
meta AC_SPAMMY_URI_PATTERNS2 (__AC_LAND_URI && __AC_UNSUB_URI && __AC_REPORT_URI)
describe AC_SPAMMY_URI_PATTERNS2 link combos match highly spammy template
score AC_SPAMMY_URI_PATTERNS2 4.0
tflags AC_SPAMMY_URI_PATTERNS2 publish
meta AC_SPAMMY_URI_PATTERNS3 (__AC_PHPOFFTOP_URI && __AC_PHPOFFSUB_URI)
describe AC_SPAMMY_URI_PATTERNS3 link combos match highly spammy template
score AC_SPAMMY_URI_PATTERNS3 4.0
tflags AC_SPAMMY_URI_PATTERNS3 publish
meta AC_SPAMMY_URI_PATTERNS4 __AC_NUMS_URI
describe AC_SPAMMY_URI_PATTERNS4 link combos match highly spammy template
score AC_SPAMMY_URI_PATTERNS4 4.0
tflags AC_SPAMMY_URI_PATTERNS4 publish
meta AC_SPAMMY_URI_PATTERNS8 __AC_LONGSEQ_URI
describe AC_SPAMMY_URI_PATTERNS8 link combos match highly spammy template
score AC_SPAMMY_URI_PATTERNS8 4.0
tflags AC_SPAMMY_URI_PATTERNS8 publish
meta AC_SPAMMY_URI_PATTERNS9 (__AC_1SEQC_URI && (__AC_1SEQV_URI || __AC_RMOVE_URI))
describe AC_SPAMMY_URI_PATTERNS9 link combos match highly spammy template
score AC_SPAMMY_URI_PATTERNS9 4.0
tflags AC_SPAMMY_URI_PATTERNS9 publish
meta AC_SPAMMY_URI_PATTERNS10 __AC_PUNCTNUMS_URI
describe AC_SPAMMY_URI_PATTERNS10 link combos match highly spammy template
score AC_SPAMMY_URI_PATTERNS10 4.0
tflags AC_SPAMMY_URI_PATTERNS10 publish
meta AC_SPAMMY_URI_PATTERNS11 __AC_NDOMLONGNASPX_URI
describe AC_SPAMMY_URI_PATTERNS11 link combos match highly spammy template
score AC_SPAMMY_URI_PATTERNS11 4.0
tflags AC_SPAMMY_URI_PATTERNS11 publish
meta AC_SPAMMY_URI_PATTERNS12 (__AC_CHDSEQ_URI && __AC_MHDSEQ_URI && __AC_UHDSEQ_URI)
describe AC_SPAMMY_URI_PATTERNS12 link combos match highly spammy template
score AC_SPAMMY_URI_PATTERNS12 4.0
tflags AC_SPAMMY_URI_PATTERNS12 publish
# Enhance Bayes scoring for super-spammy mails
# see /var/lib/spamassassin/3.003002/updates_spamassassin_org/23_bayes.cf
# and $samedir/50_scores.cf
#ifplugin Mail::SpamAssassin::Plugin::Bayes
# body AC_BAYES_99 eval:check_bayes('0.99', '0.999')
# tflags AC_BAYES_99 learn,publish
# describe AC_BAYES_99 Bayes spam probability is 99 to 99.9%
# score AC_BAYES_99 0 0 4.3 4.0
#
# body AC_BAYES_999 eval:check_bayes('0.999', '1.00')
# tflags AC_BAYES_999 learn,publish
# describe AC_BAYES_999 Bayes spam probability is 99.9 to 100%
# score AC_BAYES_999 0 0 4.8 4.5
#endif
# Too many newlines...
rawbody AC_BR_BONANZA /(?:
\s*){30}/i
describe AC_BR_BONANZA Too many newlines in a row... spammy template
score AC_BR_BONANZA 0.001
tflags AC_BR_BONANZA publish
# Too many containers
rawbody AC_DIV_BONANZA /(?: