# SpamAssassin - ReplaceTags configuration
#
# Please don't modify this file as your changes will be overwritten with
# the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead.
# See 'perldoc Mail::SpamAssassin::Conf' for details.
#
# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# </@LICENSE>
#
###########################################################################
# Requires the Mail::SpamAssassin::Plugin::ReplaceTags plugin be loaded.
ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
replace_tag A [gra\@\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xe4\xe3\xe2\xe0\xe1\xe2\xe3\xe4\xe5\xe60o]
replace_tag B [b8]
replace_tag C [ck\xc7\xe7@]
replace_tag D [d\xd0]
replace_tag E [e3\xc8\xc9\xca\xcb\xe8\xe9\xea\xeb\xa4]
replace_tag F f
replace_tag G [gk]
replace_tag H h
replace_tag I [il|!1y?\xcc\xcd\xce\xcf\xec\xed\xee\xef]
replace_tag J j
replace_tag K k
replace_tag L [il|!1\xa3]
replace_tag M (?:m|rn)
replace_tag N [n\xd1\xf1]
replace_tag O [go0\xd2\xd3\xd4\xd5\xd6\xd8\xf0\xf2\xf3\xf4\xf5\xf6\xf8]
replace_tag P [p\xfe]
replace_tag Q q
replace_tag R r
replace_tag S [sz\xa6\xa7]
replace_tag T t
replace_tag U [uv\xb5\xd9\xda\xdb\xdc\xfc\xfb\xfa\xf9\xfd]
replace_tag V (?:[vu]|\\\/)
replace_tag W [wv]
replace_tag X (?:[x\xd7]|><)
replace_tag Y [y\xff\xfd\xa5j]
replace_tag Z [zs]
replace_tag IMG (?:jpe?g|gif|png)
replace_tag SP [\s\d_*\$\%(),.:;?!}{\[\]|\/?^\#~\xa1`'+-]
replace_tag CUR [\$\xa5\xa3\xa4\xa2]
replace_inter SP [\s\d_*\$\%(),.:;?!}{\[\]|\/?^\#~\xa1`'+-]
replace_inter W1 \W?
replace_inter W2 \W{0,2}
replace_inter W3 \W{0,3}
replace_post P2 {1,2}
replace_post P3 {1,3}
###########################################################################
# fuzzy header tests
header SUBJECT_FUZZY_MEDS Subject =~ /<M><E><D><S>/i
describe SUBJECT_FUZZY_MEDS Attempt to obfuscate words in Subject:
replace_rules SUBJECT_FUZZY_MEDS
header __SUBJECT_FUZZY_VPILL Subject =~ /<inter W2><post P3>(?!viagra)<V><I><A><G><R><A>/i
replace_rules __SUBJECT_FUZZY_VPILL
meta SUBJECT_FUZZY_VPILL __SUBJECT_FUZZY_VPILL && !FUZZY_VPILL
describe SUBJECT_FUZZY_VPILL Attempt to obfuscate words in Subject:
header SUBJECT_FUZZY_CHEAP Subject =~ /<inter W2><post P3>\b(?!cheap)<C><H><E><A><P>(?:\b|<E>)/i
describe SUBJECT_FUZZY_CHEAP Attempt to obfuscate words in Subject:
replace_rules SUBJECT_FUZZY_CHEAP
header SUBJECT_FUZZY_PENIS Subject =~ /<inter W3><post P3>\b(?!penis)<P><E><N><I><S>/i
describe SUBJECT_FUZZY_PENIS Attempt to obfuscate words in Subject:
replace_rules SUBJECT_FUZZY_PENIS
header SUBJECT_FUZZY_TION Subject =~ /<post P3>(?!tion)<T><I><O><N>/i
describe SUBJECT_FUZZY_TION Attempt to obfuscate words in Subject:
replace_rules SUBJECT_FUZZY_TION
###########################################################################
# fuzzy body tests
body FUZZY_AFFORDABLE /<inter W1><post P2>(?!affordable)<A><F><F><O><R><D><A><B><L><E>/i
describe FUZZY_AFFORDABLE Attempt to obfuscate words in spam
replace_rules FUZZY_AFFORDABLE
body FUZZY_AMBIEN /<inter W1><post P2>(?!ambien)<A><M><B><I><E><N>/i
describe FUZZY_AMBIEN Attempt to obfuscate words in spam
replace_rules FUZZY_AMBIEN
body FUZZY_BILLION /(?!billion)<B><I><L><L><I><O><N>/i
describe FUZZY_BILLION Attempt to obfuscate words in spam
replace_rules FUZZY_BILLION
body FUZZY_CPILL /(?!ciali[sz])<C><I><A><L><I><S>/i
describe FUZZY_CPILL Attempt to obfuscate words in spam
replace_rules FUZZY_CPILL
body FUZZY_CREDIT /<inter W1>(?!credit)<C><R><E><D><I><T>/i
describe FUZZY_CREDIT Attempt to obfuscate words in spam
replace_rules FUZZY_CREDIT
body FUZZY_ERECT /<inter W2><post P3>(?!erection)<E><R><E><C><T><I><O><N>/i
describe FUZZY_ERECT Attempt to obfuscate words in spam
replace_rules FUZZY_ERECT
body FUZZY_GUARANTEE /<inter W1><post P2>(?!guarantee)<G><U><A><R><A><N><T><E><E>/i
describe FUZZY_GUARANTEE Attempt to obfuscate words in spam
replace_rules FUZZY_GUARANTEE
body FUZZY_MEDICATION /<inter W1><post P2>(?!medication)<M><E><D><I><C><A><T><I><O><N>/i
describe FUZZY_MEDICATION Attempt to obfuscate words in spam
replace_rules FUZZY_MEDICATION
body FUZZY_MILLION /(?!million)<M><I><L><L><I><O><N>/i
describe FUZZY_MILLION Attempt to obfuscate words in spam
replace_rules FUZZY_MILLION
body FUZZY_MONEY /(?!money)<M><O><N><E><Y>/i
describe FUZZY_MONEY Attempt to obfuscate words in spam
replace_rules FUZZY_MONEY
body FUZZY_MORTGAGE /<inter W1><post P2>(?!mortgage)<M><O><R><T><G><A><G><E>/i
describe FUZZY_MORTGAGE Attempt to obfuscate words in spam
replace_rules FUZZY_MORTGAGE
body FUZZY_OBLIGATION /<inter W1><post P2>(?!obligation)<O><B><L><I><G><A><T><I><O><N>/i
describe FUZZY_OBLIGATION Attempt to obfuscate words in spam
replace_rules FUZZY_OBLIGATION
body FUZZY_OFFERS /(?!offers)<O><F><F><E><R><S>/i
describe FUZZY_OFFERS Attempt to obfuscate words in spam
replace_rules FUZZY_OFFERS
body FUZZY_PHARMACY /<inter W2><post P2>(?!pharmacy)<P><H><A><R><M><A><C><Y>/i
describe FUZZY_PHARMACY Attempt to obfuscate words in spam
replace_rules FUZZY_PHARMACY
body FUZZY_PHENT /<inter W1><post P2>(?!phentermine)<P><H><E><N><T><E><R><M><I><N><E>/i
describe FUZZY_PHENT Attempt to obfuscate words in spam
replace_rules FUZZY_PHENT
body FUZZY_PRESCRIPT /<inter W2><post P2>(?!prescription)<P><R><E><S><C><R><I><P><T><I><O><N>/i
describe FUZZY_PRESCRIPT Attempt to obfuscate words in spam
replace_rules FUZZY_PRESCRIPT
# left S off of negative look-ahead on purpose
body FUZZY_PRICES /<inter W2><post P2>(?!price)<P><R><I><C><E><S>/i
describe FUZZY_PRICES Attempt to obfuscate words in spam
replace_rules FUZZY_PRICES
body FUZZY_REFINANCE /<inter W2><post P2>(?!refinance)<R><E><F><I><N><A><N><C><E>/i
describe FUZZY_REFINANCE Attempt to obfuscate words in spam
replace_rules FUZZY_REFINANCE
body FUZZY_REMOVE /(?!remove)<R><E><M><O><V><E>/i
describe FUZZY_REMOVE Attempt to obfuscate words in spam
replace_rules FUZZY_REMOVE
body FUZZY_ROLEX /(?!rolex)<R><O><L><E><X>/i
describe FUZZY_ROLEX Attempt to obfuscate words in spam
replace_rules FUZZY_ROLEX
body FUZZY_SOFTWARE /(?!software)<S><O><F><T><W><A><R><E>/i
describe FUZZY_SOFTWARE Attempt to obfuscate words in spam
replace_rules FUZZY_SOFTWARE
body FUZZY_THOUSANDS /(?!thousands)<T><H><O><U><S><A><N><D><S>/i
describe FUZZY_THOUSANDS Attempt to obfuscate words in spam
replace_rules FUZZY_THOUSANDS
body FUZZY_VLIUM /<inter W1><post P2>(?!valium)<V><A><L><I><U><M>/i
describe FUZZY_VLIUM Attempt to obfuscate words in spam
replace_rules FUZZY_VLIUM
body FUZZY_VIOXX /<inter W1><post P2>(?!vioxx)<V><I><O><X><X>/i
describe FUZZY_VIOXX Attempt to obfuscate words in spam
replace_rules FUZZY_VIOXX
body FUZZY_VPILL /(?!viagra)<V><I><A><G><R><A>/i
describe FUZZY_VPILL Attempt to obfuscate words in spam
replace_rules FUZZY_VPILL
body FUZZY_XPILL /<inter W3><post P2>(?!xanax)<X><A><N><A><X>/i
describe FUZZY_XPILL Attempt to obfuscate words in spam
replace_rules FUZZY_XPILL
endif # Mail::SpamAssassin::Plugin::ReplaceTags