rulesrc/sandbox/pds/20_freshfmb.cf - spamassassin - Git at Google

 header   __NUMBERONLY_TLD From:addr =~ /\@[0-9]{4,}(\.[a-z]{2,4})?\.[a-z]+$/i

 header   __NUMBEREND_TLD From:addr =~ /\@[a-z]{2,}[0-9]{4,}(\.[a-z]{2,4})?\.[a-z]+$/i

 meta     NUMBEREND_LINKBAIT __NUMBEREND_TLD && __LCL__KAM_BODY_LENGTH_LT_1024 && __BODY_URI_ONLY
 describe NUMBEREND_LINKBAIT Domain ends in a large number and very short body with link
 score    NUMBEREND_LINKBAIT 1.0 # limit

 meta     NUMBERONLY_BITCOIN_EXP __NUMBERONLY_TLD && __BITCOIN_ID && __NAKED_TO
 describe NUMBERONLY_BITCOIN_EXP Domain ends in a large number and very short body with link
 score    NUMBERONLY_BITCOIN_EXP 2.0 # limit

 meta     PDS_NAKED_TO_NUMERO __NAKED_TO && __NUMBERONLY_TLD
 describe PDS_NAKED_TO_NUMERO Naked-to, numberonly domain
 score    PDS_NAKED_TO_NUMERO 2.0

 # _AUTHORDOMAIN_ implemented only from 3.4.1
 if (version >= 3.004001)
 ifplugin Mail::SpamAssassin::Plugin::AskDNS

 askdns     __FROM_FMBLA_NEWDOM    _AUTHORDOMAIN_.fresh.fmb.la. A /^127\.2\.0\.2$/
 tflags     __FROM_FMBLA_NEWDOM    net

 askdns     __FROM_FMBLA_NEWDOM14  _AUTHORDOMAIN_.fresh.fmb.la. A /^127\.2\.0\.14$/
 tflags     __FROM_FMBLA_NEWDOM14  net

 askdns     __FROM_FMBLA_NEWDOM28  _AUTHORDOMAIN_.fresh.fmb.la. A /^127\.2\.0\.28$/
 tflags     __FROM_FMBLA_NEWDOM28  net

 askdns     __FROM_FMBLA_NDBLOCKED _AUTHORDOMAIN_.fresh.fmb.la. A /^127\.255\.255\.255$/
 tflags     __FROM_FMBLA_NDBLOCKED net

 meta       FROM_FMBLA_NEWDOM    __FROM_FMBLA_NEWDOM
 describe   FROM_FMBLA_NEWDOM    From domain was registered in last 7 days
 tflags     FROM_FMBLA_NEWDOM    net
 score      FROM_FMBLA_NEWDOM    1.5 # limit
 reuse      FROM_FMBLA_NEWDOM

 meta       FROM_FMBLA_NEWDOM14  __FROM_FMBLA_NEWDOM14
 describe   FROM_FMBLA_NEWDOM14  From domain was registered in last 7-14 days
 tflags     FROM_FMBLA_NEWDOM14  publish net
 score      FROM_FMBLA_NEWDOM14  1.0 # limit
 reuse      FROM_FMBLA_NEWDOM14

 meta       FROM_FMBLA_NEWDOM28  __FROM_FMBLA_NEWDOM28
 describe   FROM_FMBLA_NEWDOM28  From domain was registered in last 14-28 days
 tflags     FROM_FMBLA_NEWDOM28  net publish
 score      FROM_FMBLA_NEWDOM28  0.8 # limit
 reuse      FROM_FMBLA_NEWDOM28

 meta       FROM_FMBLA_NDBLOCKED __FROM_FMBLA_NDBLOCKED
 describe   FROM_FMBLA_NDBLOCKED ADMINISTRATOR NOTICE: The query to fresh.fmb.la was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information.
 tflags     FROM_FMBLA_NDBLOCKED net publish
 score      FROM_FMBLA_NDBLOCKED 0.001 # limit
 reuse      FROM_FMBLA_NDBLOCKED

 meta     __PDS_NEWDOMAIN  (__FROM_FMBLA_NEWDOM || __FROM_FMBLA_NEWDOM14 || __FROM_FMBLA_NEWDOM28)
 tflags   __PDS_NEWDOMAIN  net
 reuse    __PDS_NEWDOMAIN

 meta     FROM_NUMBERO_NEWDOMAIN __NUMBERONLY_TLD && __PDS_NEWDOMAIN
 describe FROM_NUMBERO_NEWDOMAIN Fingerprint and new domain
 score    FROM_NUMBERO_NEWDOMAIN 2.0 # limit
 tflags   FROM_NUMBERO_NEWDOMAIN net publish
 reuse    FROM_NUMBERO_NEWDOMAIN

 meta     FROM_NEWDOM_BTC __PDS_BTC_ID && __PDS_NEWDOMAIN
 describe FROM_NEWDOM_BTC Newdomain with Bitcoin ID
 score    FROM_NEWDOM_BTC 2.0 # limit
 tflags   FROM_NEWDOM_BTC net
 reuse    FROM_NEWDOM_BTC

 endif

 endif
	header __NUMBERONLY_TLD From:addr =~ /\@[0-9]{4,}(\.[a-z]{2,4})?\.[a-z]+$/i

	header __NUMBEREND_TLD From:addr =~ /\@[a-z]{2,}[0-9]{4,}(\.[a-z]{2,4})?\.[a-z]+$/i

	meta NUMBEREND_LINKBAIT __NUMBEREND_TLD && __LCL__KAM_BODY_LENGTH_LT_1024 && __BODY_URI_ONLY
	describe NUMBEREND_LINKBAIT Domain ends in a large number and very short body with link
	score NUMBEREND_LINKBAIT 1.0 # limit

	meta NUMBERONLY_BITCOIN_EXP __NUMBERONLY_TLD && __BITCOIN_ID && __NAKED_TO
	describe NUMBERONLY_BITCOIN_EXP Domain ends in a large number and very short body with link
	score NUMBERONLY_BITCOIN_EXP 2.0 # limit

	meta PDS_NAKED_TO_NUMERO __NAKED_TO && __NUMBERONLY_TLD
	describe PDS_NAKED_TO_NUMERO Naked-to, numberonly domain
	score PDS_NAKED_TO_NUMERO 2.0

	# _AUTHORDOMAIN_ implemented only from 3.4.1
	if (version >= 3.004001)
	ifplugin Mail::SpamAssassin::Plugin::AskDNS

	askdns __FROM_FMBLA_NEWDOM _AUTHORDOMAIN_.fresh.fmb.la. A /^127\.2\.0\.2$/
	tflags __FROM_FMBLA_NEWDOM net

	askdns __FROM_FMBLA_NEWDOM14 _AUTHORDOMAIN_.fresh.fmb.la. A /^127\.2\.0\.14$/
	tflags __FROM_FMBLA_NEWDOM14 net

	askdns __FROM_FMBLA_NEWDOM28 _AUTHORDOMAIN_.fresh.fmb.la. A /^127\.2\.0\.28$/
	tflags __FROM_FMBLA_NEWDOM28 net

	askdns __FROM_FMBLA_NDBLOCKED _AUTHORDOMAIN_.fresh.fmb.la. A /^127\.255\.255\.255$/
	tflags __FROM_FMBLA_NDBLOCKED net

	meta FROM_FMBLA_NEWDOM __FROM_FMBLA_NEWDOM
	describe FROM_FMBLA_NEWDOM From domain was registered in last 7 days
	tflags FROM_FMBLA_NEWDOM net
	score FROM_FMBLA_NEWDOM 1.5 # limit
	reuse FROM_FMBLA_NEWDOM

	meta FROM_FMBLA_NEWDOM14 __FROM_FMBLA_NEWDOM14
	describe FROM_FMBLA_NEWDOM14 From domain was registered in last 7-14 days
	tflags FROM_FMBLA_NEWDOM14 publish net
	score FROM_FMBLA_NEWDOM14 1.0 # limit
	reuse FROM_FMBLA_NEWDOM14

	meta FROM_FMBLA_NEWDOM28 __FROM_FMBLA_NEWDOM28
	describe FROM_FMBLA_NEWDOM28 From domain was registered in last 14-28 days
	tflags FROM_FMBLA_NEWDOM28 net publish
	score FROM_FMBLA_NEWDOM28 0.8 # limit
	reuse FROM_FMBLA_NEWDOM28

	meta FROM_FMBLA_NDBLOCKED __FROM_FMBLA_NDBLOCKED
	describe FROM_FMBLA_NDBLOCKED ADMINISTRATOR NOTICE: The query to fresh.fmb.la was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information.
	tflags FROM_FMBLA_NDBLOCKED net publish
	score FROM_FMBLA_NDBLOCKED 0.001 # limit
	reuse FROM_FMBLA_NDBLOCKED

	meta __PDS_NEWDOMAIN (__FROM_FMBLA_NEWDOM \|\| __FROM_FMBLA_NEWDOM14 \|\| __FROM_FMBLA_NEWDOM28)
	tflags __PDS_NEWDOMAIN net
	reuse __PDS_NEWDOMAIN

	meta FROM_NUMBERO_NEWDOMAIN __NUMBERONLY_TLD && __PDS_NEWDOMAIN
	describe FROM_NUMBERO_NEWDOMAIN Fingerprint and new domain
	score FROM_NUMBERO_NEWDOMAIN 2.0 # limit
	tflags FROM_NUMBERO_NEWDOMAIN net publish
	reuse FROM_NUMBERO_NEWDOMAIN

	meta FROM_NEWDOM_BTC __PDS_BTC_ID && __PDS_NEWDOMAIN
	describe FROM_NEWDOM_BTC Newdomain with Bitcoin ID
	score FROM_NEWDOM_BTC 2.0 # limit
	tflags FROM_NEWDOM_BTC net
	reuse FROM_NEWDOM_BTC

	endif

	endif