t/data/01_test_rules.cf - spamassassin - Git at Google

 # Rules used in the test suite.  This allows us to change the
 # main ruleset without breaking the test suite.

 # <@LICENSE>
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to you under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at:
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # </@LICENSE>

 # Disable dcc/razor/pyzor by default
 ifplugin Mail::SpamAssassin::Plugin::DCC
 use_dcc 0
 endif
 ifplugin Mail::SpamAssassin::Plugin::Razor2
 use_razor2 0
 endif
 ifplugin Mail::SpamAssassin::Plugin::Pyzor
 use_pyzor 0
 endif

 header TEST_NOREALNAME  From =~ /^["\s]*\<?\S+\@\S+\>?\s*$/
 describe TEST_NOREALNAME From: does not include a real name
 score TEST_NOREALNAME 5

 header TEST_ENDSNUMS    From:addr =~ /\D\d{8,}\@/i
 describe TEST_ENDSNUMS  From: ends in many numbers
 score TEST_ENDSNUMS 5

 header TEST_FORGED_YAHOO_RCVD   eval:check_for_forged_yahoo_received_headers()
 describe TEST_FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
 score TEST_FORGED_YAHOO_RCVD 5

 uri TEST_NORMAL_HTTP_TO_IP m{^https?://\d+\.\d+\.\d+\.\d+}i
 describe TEST_NORMAL_HTTP_TO_IP      Uses a dotted-decimal IP address in URL
 score TEST_NORMAL_HTTP_TO_IP  5

 body TEST_EXCUSE_12        /this (?:e?-?mail|message) (?:(?:has )?reached|was sent to) you in error/i
 describe TEST_EXCUSE_12    Nobody's perfect
 score TEST_EXCUSE_12       5

 body TEST_EXCUSE_4         /To Be Removed,? Please/i
 describe TEST_EXCUSE_4     Claims you can be removed from the list
 score TEST_EXCUSE_4        5

 header TEST_INVALID_DATE   Date !~ /^\s*(?:(?i:Mon|Tue|Wed|Thu|Fri|Sat|Sun),\s+)?[0-3\s]?[0-9]\s+(?i:Jan|Feb|Ma[ry]|Apr|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+(?:[12][901])?[0-9]{2}\s+[0-2]?[0-9](?:\:[0-5][0-9]){1,2}\s+(?:[AP]M\s+)?(?:[+-][0-9]{4}|UT|[A-Z]{2,3}T)(?:\s+\(.*\))?\s*$/ [if-unset: Wed, 31 Jul 2002 16:41:57 +0200]
 describe TEST_INVALID_DATE Invalid Date: header (not RFC 2822)
 score TEST_INVALID_DATE    5

 header TEST_MSGID_OUTLOOK_INVALID    eval:check_outlook_message_id()
 describe TEST_MSGID_OUTLOOK_INVALID  Message-Id is fake (in Outlook Express format)
 score TEST_MSGID_OUTLOOK_INVALID     5

 header MISSING_HB_SEP            eval:check_msg_parse_flags('missing_head_body_separator')
 describe MISSING_HB_SEP          Missing blank line between message header and body
 tflags MISSING_HB_SEP            userconf

 header X_MESSAGE_INFO            exists:X-Message-Info
 describe X_MESSAGE_INFO          Bulk email fingerprint (X-Message-Info) found

 header SORTED_RECIPS             eval:sorted_recipients()
 describe SORTED_RECIPS           Recipient list is sorted by address

 header SUSPICIOUS_RECIPS eval:similar_recipients('0.65','undef')
 describe SUSPICIOUS_RECIPS       Similar addresses in recipient list

 body GTUBE               /XJS\*C4JDBQADN1\.NSBN3\*2IDNEN\*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL\*C\.34X/
 describe GTUBE           Generic Test for Unsolicited Bulk Email
 score GTUBE              1000
 tflags GTUBE             userconf noautolearn

 header __HAS_MSGID               MESSAGEID =~ /\S/
 header __SANE_MSGID              MESSAGEID =~ /^<[^<>\\ \t\n\r\x0b\x80-\xff]+\@[^<>\\ \t\n\r\x0b\x80-\xff]+>\s*$/m
 header __MSGID_COMMENT           MESSAGEID =~ /\(.*\)/m
 meta INVALID_MSGID               __HAS_MSGID && !(__SANE_MSGID || __MSGID_COMMENT)
 describe INVALID_MSGID           Message-Id is not valid, according to RFC 2822
 score INVALID_MSGID              2.999 2.603 2.489 1.900

 header TEST_MSGID_SPAM_CAPS      Message-ID =~ /^\s*<?[A-Z]+\@(?!(?:mailcity|whowhere)\.com)/
 score TEST_MSGID_SPAM_CAPS       5

 header INVALID_DATE              Date !~ /^\s*(?:(?i:Mon|Tue|Wed|Thu|Fri|Sat|Sun),\s)?\s*(?:[12]\d|3[01]|0?[1-9])\s+(?i:Jan|Feb|Ma[ry]|Apr|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+(?:19[7-9]\d|2\d{3})\s+(?:[01]?\d|2[0-3])\:[0-5]\d(?::(?:[0-5]\d|60))?(?:\s+[AP]M)?(?:\s+(?:[+-][0-9]{4}|UT|[A-Z]{2,3}T|0000 GMT|"GMT"))?(?:\s*\(.*\))?\s*$/m [if-unset: Wed, 31 Jul 2002 16:41:57 +0200]
 describe INVALID_DATE            Invalid Date: header (not RFC 2822)
 score INVALID_DATE               2.303 1.651 1.329 1.245

 redirector_pattern      /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
 redirector_pattern      /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
 redirector_pattern      /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
 redirector_pattern      /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
 redirector_pattern      /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
 redirector_pattern      m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i
 redirector_pattern      m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i

 ifplugin Mail::SpamAssassin::Plugin::DKIM
 adsp_override sa-test-nxd.spamassassin.org  nxdomain
 adsp_override sa-test-unk.spamassassin.org  unknown
 adsp_override sa-test-all.spamassassin.org  all
 adsp_override sa-test-dis.spamassassin.org  discardable
 adsp_override sa-test-di2.spamassassin.org
 endif
	# Rules used in the test suite. This allows us to change the
	# main ruleset without breaking the test suite.

	# <@LICENSE>
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to you under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at:
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	# </@LICENSE>

	# Disable dcc/razor/pyzor by default
	ifplugin Mail::SpamAssassin::Plugin::DCC
	use_dcc 0
	endif
	ifplugin Mail::SpamAssassin::Plugin::Razor2
	use_razor2 0
	endif
	ifplugin Mail::SpamAssassin::Plugin::Pyzor
	use_pyzor 0
	endif

	header TEST_NOREALNAME From =~ /^["\s]\<?\S+\@\S+\>?\s$/
	describe TEST_NOREALNAME From: does not include a real name
	score TEST_NOREALNAME 5

	header TEST_ENDSNUMS From:addr =~ /\D\d{8,}\@/i
	describe TEST_ENDSNUMS From: ends in many numbers
	score TEST_ENDSNUMS 5

	header TEST_FORGED_YAHOO_RCVD eval:check_for_forged_yahoo_received_headers()
	describe TEST_FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
	score TEST_FORGED_YAHOO_RCVD 5

	uri TEST_NORMAL_HTTP_TO_IP m{^https?://\d+\.\d+\.\d+\.\d+}i
	describe TEST_NORMAL_HTTP_TO_IP Uses a dotted-decimal IP address in URL
	score TEST_NORMAL_HTTP_TO_IP 5

	body TEST_EXCUSE_12 /this (?:e?-?mail\|message) (?:(?:has )?reached\|was sent to) you in error/i
	describe TEST_EXCUSE_12 Nobody's perfect
	score TEST_EXCUSE_12 5

	body TEST_EXCUSE_4 /To Be Removed,? Please/i
	describe TEST_EXCUSE_4 Claims you can be removed from the list
	score TEST_EXCUSE_4 5

	header TEST_INVALID_DATE Date !~ /^\s(?:(?i:Mon\|Tue\|Wed\|Thu\|Fri\|Sat\|Sun),\s+)?[0-3\s]?[0-9]\s+(?i:Jan\|Feb\|Ma[ry]\|Apr\|Ju[nl]\|Aug\|Sep\|Oct\|Nov\|Dec)\s+(?:[12][901])?[0-9]{2}\s+[0-2]?[0-9](?:\:[0-5][0-9]){1,2}\s+(?:[AP]M\s+)?(?:[+-][0-9]{4}\|UT\|[A-Z]{2,3}T)(?:\s+\(.\))?\s*$/ [if-unset: Wed, 31 Jul 2002 16:41:57 +0200]
	describe TEST_INVALID_DATE Invalid Date: header (not RFC 2822)
	score TEST_INVALID_DATE 5

	header TEST_MSGID_OUTLOOK_INVALID eval:check_outlook_message_id()
	describe TEST_MSGID_OUTLOOK_INVALID Message-Id is fake (in Outlook Express format)
	score TEST_MSGID_OUTLOOK_INVALID 5

	header MISSING_HB_SEP eval:check_msg_parse_flags('missing_head_body_separator')
	describe MISSING_HB_SEP Missing blank line between message header and body
	tflags MISSING_HB_SEP userconf

	header X_MESSAGE_INFO exists:X-Message-Info
	describe X_MESSAGE_INFO Bulk email fingerprint (X-Message-Info) found

	header SORTED_RECIPS eval:sorted_recipients()
	describe SORTED_RECIPS Recipient list is sorted by address

	header SUSPICIOUS_RECIPS eval:similar_recipients('0.65','undef')
	describe SUSPICIOUS_RECIPS Similar addresses in recipient list

	body GTUBE /XJS\C4JDBQADN1\.NSBN3\2IDNEN\GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL\C\.34X/
	describe GTUBE Generic Test for Unsolicited Bulk Email
	score GTUBE 1000
	tflags GTUBE userconf noautolearn

	header __HAS_MSGID MESSAGEID =~ /\S/
	header __SANE_MSGID MESSAGEID =~ /^<[^<>\\ \t\n\r\x0b\x80-\xff]+\@[^<>\\ \t\n\r\x0b\x80-\xff]+>\s*$/m
	header __MSGID_COMMENT MESSAGEID =~ /\(.*\)/m
	meta INVALID_MSGID __HAS_MSGID && !(__SANE_MSGID \|\| __MSGID_COMMENT)
	describe INVALID_MSGID Message-Id is not valid, according to RFC 2822
	score INVALID_MSGID 2.999 2.603 2.489 1.900

	header TEST_MSGID_SPAM_CAPS Message-ID =~ /^\s*<?[A-Z]+\@(?!(?:mailcity\|whowhere)\.com)/
	score TEST_MSGID_SPAM_CAPS 5

	header INVALID_DATE Date !~ /^\s(?:(?i:Mon\|Tue\|Wed\|Thu\|Fri\|Sat\|Sun),\s)?\s(?:[12]\d\|3[01]\|0?[1-9])\s+(?i:Jan\|Feb\|Ma[ry]\|Apr\|Ju[nl]\|Aug\|Sep\|Oct\|Nov\|Dec)\s+(?:19[7-9]\d\|2\d{3})\s+(?:[01]?\d\|2[0-3])\:[0-5]\d(?::(?:[0-5]\d\|60))?(?:\s+[AP]M)?(?:\s+(?:[+-][0-9]{4}\|UT\|[A-Z]{2,3}T\|0000 GMT\|"GMT"))?(?:\s\(.\))?\s*$/m [if-unset: Wed, 31 Jul 2002 16:41:57 +0200]
	describe INVALID_DATE Invalid Date: header (not RFC 2822)
	score INVALID_DATE 2.303 1.651 1.329 1.245

	redirector_pattern /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
	redirector_pattern /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
	redirector_pattern /^http:\/\/.+\.gov\/(?:.\/)?externalLink\.jhtml\?.url=(.?)(?:&.)?$/i
	redirector_pattern /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
	redirector_pattern /^http:\/\/(?:.?\.)?adtech\.de\/.(?:;\|\\|)link=(.*?)(?:;\|$)/i
	redirector_pattern m'^http.?/redirect\.php\?.(?<=[?&])goto=(.*?)(?:$\|[&\#])'i
	redirector_pattern m'^https?:/(?:[^/]+\.)?emf\d\.com/r\.cfm.?&r=(.*)'i

	ifplugin Mail::SpamAssassin::Plugin::DKIM
	adsp_override sa-test-nxd.spamassassin.org nxdomain
	adsp_override sa-test-unk.spamassassin.org unknown
	adsp_override sa-test-all.spamassassin.org all
	adsp_override sa-test-dis.spamassassin.org discardable
	adsp_override sa-test-di2.spamassassin.org
	endif