bignose
/
debian_pkg-listmaster


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104
							# This configuration file contains lists.debian.org specific rulessets

# our MTAs fix up headers for a slew of spams, so mark these as suspicious
# -- joy, 2003-06-28
# deactivated as this rule is also part of SA itself.
#header OUR_MTA_MSGID		Message-Id =~ /\@(bendel|master|gluck)\.debian\.org/
#describe OUR_MTA_MSGID		Sounds like a MsgId autogenerated by our MTAs
#score OUR_MTA_MSGID		1

# -- joy, 2003-08-15
header SENDER_FOR_US	From =~ /\@(bendel|master|gluck|lists)\.debian\.org/
describe SENDER_FOR_US	Sounds like a mail aimed at tricking our MTAs
score SENDER_FOR_US	2

# exception... --joy, 2003-07-12
header WEBSUBS			X-Remote-IP =~ /./
describe WEBSUBS		Sounds like a subscription request from the web
score WEBSUBS			-2

# another exception... --joy, 2003-07-27
header SUBSCONFIRM		Subject =~ /CONFIRM [su]\d+/
describe SUBSCONFIRM		Sounds like a subscription request confirmation
score SUBSCONFIRM		-2

# some valid autogenerated mail of ours
# -- joy, 2003-07-09
header OUR_SCRIPTS_1		Orig-From =~ /.+\@debian\.org \(.+ as listmaster\)/
describe OUR_SCRIPTS_1		Mail likely generated by .bin/mladmin
score OUR_SCRIPTS_1		-5

# our daily un/subscription report gets ~8 SA points !
# lower it to 3
# -- zobel, 2006-12-10
header _OUR_UNSUB_CHANGES1	Subject =~ /Daily un\/subscription report/
meta OUR_UNSUB_CHANGES		(_OUR_UNSUB_CHANGES1 && OUR_MTA_MSGID)
describe OUR_UNSUB_CHANGES	Daily mail sent to listmaster about un/subscriptions
score OUR_UNSUB_CHANGES		-5

# exception... --joy, 2003-08-15
body MDOMOSUBS		/^Request forwarded.$/
describe MDOMOSUBS	Sounds like a subscription request via majorsmart
score MDOMOSUBS		-2

# another exception --joy, 2004-05-27
#body OURCRONMAILS	Subject =~ /^Cron \<list\@.*\/var\/list\//
#describe OURCRONMAILS	Sounds like a legitimate cron job mail
#score OURCRONMAILS	-3

header BENDEL_LOCAL_FORWARDED	Resent-From =~ /bendel\.debian\.org/
describe BENDEL_LOCAL_FORWARDED	Mail has been locally forwarded.
score BENDEL_LOCAL_FORWARDED	-5

# temp work-around for d-l-f

header RFR  Subject =~ /\[RFR\]/
describe RFR Request for revision
score RFR -5

# pasc 2004-02-02
header AM_REPORT	Subject =~ /AM Report for Week Ending/
describe AM_REPORT	Auto-generated AM summary
score AM_REPORT		-5

# automated reports on debian-l10n-french
header MURPHY_MIGUS_REPORT	Subject =~ /Etat dans le CVS des/
describe MURPHY_MIGUS_REPORT	Auto-generated report from migus on translations
score MURPHY_MIGUS_REPORT	-5

# our own whitelisting of subscribers
header LDOSUBSCRIBER		X-Subscriber-lists.debian.org =~ /./
describe LDOSUBSCRIBER		Sender is a lists.debian.org subscriber
score LDOSUBSCRIBER		-6

# whitelist mails to majordomo
header MAJORDOMOMAIL	Delivered-To =~ /lists-majordomo@/
describe MAJORDOMOMAIL	mail to major domo
score MAJORDOMOMAIL	-0.1

meta  	 MAJORDOMOWHITE	(MAJORDOMO && (NOSUBJECT || MISSING_SUBJECT))
describe MAJORDOMOWHITE	Counteract no subject score for majordomo mails
score	 MAJORDOMOWHITE	-3

# count recipients and score those with Too Many. -cord
describe TO_TOO_MANY To: too many recipients
header   TO_TOO_MANY To =~ /(?:,[^,]{1,80}){5}/
score    TO_TOO_MANY 1

describe TO_WAY_TOO_MANY To: way too many recipients
header   TO_WAY_TOO_MANY To =~ /(?:,[^,]{1,80}){10}/
score    TO_WAY_TOO_MANY 3

describe CC_TOO_MANY CC: too many recipients
header   CC_TOO_MANY CC =~ /(?:,[^,]{1,80}){10}/
score    CC_TOO_MANY 3

score CORRUPT_FROM_LINE_IN_HDRS	0
score FM_DDDD_TIMES_2           0
score FM_SEX_HOSTDDDD	        0
score NO_HEADERS_MESSAGE	0
score SARE_HEAD_SUBJ_RAND	0
score SARE_SPEC_PROLEO_M2a	0
score SHACKOUTLOOK	        0
score MSGID_FROM_MTA_ID		0