Random Ramblings of a Neo-Post-Modern Geek (I have no idea what that means)
SpamAssassin
Here are the custom SpamAssassin rules I use on my mail server … they’re based on my observations of spam that didn’t have a high enough score to get tossed into the bit bucket (anything that has a SpamAssassin score of 10 or higher gets automatically dumped).
uri UK_GEOCITIES_COM /geocities.com/ describe UK_GEOCITIES_COM References uk.geocities.com score UK_GEOCITIES_COM 5.0 blacklist_from *@postcards1001.com header FROM_CHASE from:addr =~ /chase.com/i describe FROM_CHASE Message appears to be from chase.com score FROM_CHASE 3.0 header FROM_126 from:addr =~ /126.com/i describe FROM_126 Message appears to be from 126.com score FROM_126 3.0 header FROM_VIRGILIO from:addr =~ /virgilio.it/i describe FROM_VIRGILIO Message is from virgilio.it score FROM_VIRGILIO 3.0 header FROM_LOTTERY from:addr =~ /lottery|lotto/i describe FROM_LOTTERY From address contains the a lottery reference score FROM_LOTTERY 3.0 header SUBJ_FORWARDED subject =~ /^(fwd\:|fw\:)/i describe SUBJ_FORWARDED Message was forwarded score SUBJ_FORWARDED 2.0 header SUBJ_MILLIONS subject =~ /million/i describe SUBJ_MILLIONS Subject mentions millions score SUBJ_MILLIONS 2.0 header SUBJ_EUROMILLION subject =~ /euromillion/i describe SUBJ_EUROMILLION Subject references 'Euromillion' score SUBJ_EUROMILLION 3.0 header SUBJ_EQSE subject =~ /EQSE/i describe SUBJ_EQSE Subject contains EQSE stock reference score SUBJ_EQSE 3.0 header SUBJ_FROM subject =~ /^from/i describe SUBJ_FROM Subject starts with 'from' score SUBJ_FROM 3.0 uri NAMESDATABASE /namesdatabase.com/ describe NAMESDATABASE References namesdatabase.com score NAMESDATABASE 3.0 #uri MIDRANGE_COM /midrange.com/ #describe MIDRANGE_COM References midrange.com #score MIDRANGE_COM -3.0 header SUBJ_REPRESENTATIVE subject =~ /^REPRESENTATIVE$/i describe SUBJ_REPRESENTATIVE Subject is only 'REPRESENTATIVE' score SUBJ_REPRESENTATIVE 2.0 header SUBJ_EXECS_VENTURES subject =~ /execs ventures/i describe SUBJ_EXECS_VENTURES Subject contains 'execs ventures' score SUBJ_EXECS_VENTURES 5.0 header SUBJ_RE_HELLO subject =~ /re\:\sHello/i describe SUBJ_RE_HELLO Subject contains 'Re: Hello' score SUBJ_RE_HELLO 3.0 header SUBJ_MUSTAFA subject =~ /mustafa/i describe SUBJ_MUSTAFA Subject contains 'Mustafa' score SUBJ_MUSTAFA 3.0 header SUBJ_EUROMILLION subject =~ /Euromillion/i describe SUBJ_EUROMILLION Subject contains 'Euromillion' score SUBJ_EUROMILLION 3.0 header SUBJ_CONFIDENTIAL subject =~ /Confidential/i describe SUBJ_CONFIDENTIAL Subject claims to be Confidential score SUBJ_CONFIDENTIAL 3.0 header SUBJ_DEAREST subject =~ /Dearest/i describe SUBJ_DEAREST Subject mentions Dearest score SUBJ_DEAREST 3.0 header SUBJ_DEAR_SOMETHING subject =~ /^dear/i describe SUBJ_DEAR_SOMETHING Subject starts with Dear score SUBJ_DEAR_SOMETHING 5.0 header SUBJ_FRIEND subject =~ /Friend/i describe SUBJ_FRIEND Subject claims to be your Friend score SUBJ_FRIEND 3.0 header SUBJ_CONGRATULATION subject =~ /CONGRATULATION/i describe SUBJ_CONGRATULATION Subject wishes you Congratulations score SUBJ_CONGRATULATION 3.0 header SUBJ_GOOD_DAY subject =~ /Good day/i describe SUBJ_GOOD_DAY Subject wishes you a good day score SUBJ_GOOD_DAY 3.0 header LOTTERY ALL =~ /(LOTERIA|LOTTERY|LOTTO)/i describe LOTTERY Header refers to a lottery score LOTTERY 9.0 header SUBJ_NOTIFICATION subject =~ /NOTIFICATION/i describe SUBJ_NOTIFICATION Subject claims to be notifying you of something score SUBJ_NOTIFICATION 3.0 header SUBJ_URGENT subject =~ /URGENT/i describe SUBJ_URGENT Subject stress urgegncy score SUBJ_URGENT 3.0 header SUBJ_REPRESENTATIVE subject =~ /REPRESENTATIVE/i describe SUBJ_REPRESENTATIVE Subject refers to Representative score SUBJ_REPRESENTATIVE 3.0 header SUBJ_LUCK subject =~ /luck/i describe SUBJ_LUCK Luck of the irish? score SUBJ_LUCK 3.0 header SUBJ_TICKET subject =~ /ticket/i describe SUBJ_TICKET Did you get a ticket? score SUBJ_TICKET 3.0 header SUBJ_CONSIGNMENT subject =~ /consignment/i describe SUBJ_CONSIGNMENT Subject mentions consignment score SUBJ_CONSIGNMENT 3.0 header SUBJ_ATTENTION subject =~ /ATTENTION/i describe SUBJ_ATTENTION Wants your attention score SUBJ_ATTENTION 3.0 header SUBJ_CONCERN subject =~ /concern/i describe SUBJ_CONCERN Thinks you should be concerned score SUBJ_CONCERN 3.0 header SUBJ_SWEEPSTAKE subject =~ /sweepstake/i describe SUBJ_SWEEPSTAKE Wants to tell you about a Sweepstake score SUBJ_SWEEPSTAKE 3.0 uri SIMURL /simurl.com/ describe SIMURL References simurl.com score SIMURL 5.0 header FROM_GEORGE_MICHAEL from =~ /George Michael/i describe FROM_GEORGE_MICHAEL From George Michael? score FROM_GEORGE_MICHAEL 3.0 header SUBJ_FROM_GEORGE_MICHAEL subject =~ /Mesage from George Michael/i describe SUBJ_FROM_GEORGE_MICHAEL Sobject is 'From George Michael' score SUBJ_FROM_GEORGE_MICHAEL 9.0 header SUBJ_WINNER subject =~ /winner/i describe SUBJ_WINNER Sobject contains 'WINNER' score SUBJ_WINNER 5.0 header SUBJ_PRIZE subject =~ /prize/i describe SUBJ_PRIZE Sobject contains 'PRIZE' score SUBJ_PRIZE 5.0 header SUBJ_FAITH subject =~ /faith/i describe SUBJ_FAITH Sobject contains 'FAITH' score SUBJ_FAITH 5.0 header SUBJ_GOD subject =~ /god/i describe SUBJ_GOD Sobject contains 'GOD' score SUBJ_GOD 5.0 header SUBJ_BELOVED subject =~ /BELOVED/i describe SUBJ_BELOVED Sobject contains 'BELOVED' score SUBJ_BELOVED 5.0 header HEADER_ESQ ALL =~ /Esq/i describe HEADER_ESQ A header contains 'Esq' score HEADER_ESQ 5.0 header SUBJ_INVESTOR_ALERT subject =~ /otc|investor/i describe SUBJ_INVESTOR_ALERT Subject references investor alert related words score SUBJ_INVESTOR_ALERT 5.0 header SUBJ_AWARD subject =~ /award/i describe SUBJ_AWARD Subject references 'AWARD' score SUBJ_AWARD 5.0 header SUBJ_WON subject =~ /won/i describe SUBJ_WON Subject claims you have won something score SUBJ_WON 5.0 header SUBJ_ACKNOWLEDGE subject =~ /ACKNOWLEDGE/i describe SUBJ_ACKNOWLEDGE Subject contains the word 'ACKNOWLEDGE' score SUBJ_ACKNOWLEDGE 5.0 header FROM_SALUTATION from:name =~ /^(mr.|mrs.)/i describe FROM_SALUTATION From name starts with a salutation score FROM_SALUTATION 5.0 header SUB_JOB_OFFER subject =~ /job offer/i describe SUB_JOB_OFFER Subject indicates a job offer score SUB_JOB_OFFER 5.0 header SUB_SECRETARY subject =~ /SECRETARY/i describe SUB_SECRETARY Subject mentions someons secretary score SUB_SECRETARY 3.0 header SUB_IMPORTANT subject =~ /IMPORTANT/i describe SUB_IMPORTANT Subject claims importants score SUB_IMPORTANT 3.0 uri URI_RIPWAY /h1.ripway.com/ describe URI_RIPWAY References h1.ripway.com score URI_RIPWAY 3.0 header SUB_ECARD subject =~ /has sent you an e-card/ describe SUB_ECARD Someone sent you an ecard score SUB_ECARD 3.0 body STOCK_PUMP_N_DUMP /(SREA|ERMX)/ describe STOCK_PUMP_N_DUMP Mentions a pump & dump stock score STOCK_PUMP_N_DUMP 5.0 header SUB_POSTCARD subject =~ /postcard/ describe SUB_POSTCARD Subject references the word postcard score SUB_POSTCARD 3.0 full CONTAINS_PDF /Content-Type: application\/pdf;/ describe CONTAINS_PDF PDF is attached ... possibly spam score CONTAINS_PDF 3.0
Popularity: unranked
