# SpamAssassin - ReplaceTags configuration # # Please don't modify this file as your changes will be overwritten with # the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead. # See 'perldoc Mail::SpamAssassin::Conf' for details. # # <@LICENSE> # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to you under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at: # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # </@LICENSE> # ########################################################################### # Requires the Mail::SpamAssassin::Plugin::ReplaceTags plugin be loaded. ifplugin Mail::SpamAssassin::Plugin::ReplaceTags replace_tag A [gra\@\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xe4\xe3\xe2\xe0\xe1\xe2\xe3\xe4\xe5\xe60o] replace_tag B [b8] replace_tag C [ck\xc7\xe7@] replace_tag D [d\xd0] replace_tag E [e3\xc8\xc9\xca\xcb\xe8\xe9\xea\xeb\xa4] replace_tag F f replace_tag G [gk] replace_tag H h replace_tag I [il|!1y?\xcc\xcd\xce\xcf\xec\xed\xee\xef] replace_tag J j replace_tag K k replace_tag L [il|!1\xa3] replace_tag M (?:m|rn) replace_tag N [n\xd1\xf1] replace_tag O [go0\xd2\xd3\xd4\xd5\xd6\xd8\xf0\xf2\xf3\xf4\xf5\xf6\xf8] replace_tag P [p\xfe] replace_tag Q q replace_tag R r replace_tag S [sz\xa6\xa7] replace_tag T t replace_tag U [uv\xb5\xd9\xda\xdb\xdc\xfc\xfb\xfa\xf9\xfd] replace_tag V (?:[vu]|\\\/) replace_tag W [wv] replace_tag X (?:[x\xd7]|><) replace_tag Y [y\xff\xfd\xa5j] replace_tag Z [zs] replace_tag IMG (?:jpe?g|gif|png) replace_tag SP [\s\d_*\$\%(),.:;?!}{\[\]|\/?^\#~\xa1`'+-] replace_tag CUR [\$\xa5\xa3\xa4\xa2] replace_inter SP [\s\d_*\$\%(),.:;?!}{\[\]|\/?^\#~\xa1`'+-] replace_inter W1 \W? replace_inter W2 \W{0,2} replace_inter W3 \W{0,3} replace_post P2 {1,2} replace_post P3 {1,3} ########################################################################### # fuzzy header tests header SUBJECT_FUZZY_MEDS Subject =~ /<M><E><D><S>/i describe SUBJECT_FUZZY_MEDS Attempt to obfuscate words in Subject: replace_rules SUBJECT_FUZZY_MEDS header __SUBJECT_FUZZY_VPILL Subject =~ /<inter W2><post P3>(?!viagra)<V><I><A><G><R><A>/i replace_rules __SUBJECT_FUZZY_VPILL meta SUBJECT_FUZZY_VPILL __SUBJECT_FUZZY_VPILL && !FUZZY_VPILL describe SUBJECT_FUZZY_VPILL Attempt to obfuscate words in Subject: header SUBJECT_FUZZY_CHEAP Subject =~ /<inter W2><post P3>\b(?!cheap)<C><H><E><A><P>(?:\b|<E>)/i describe SUBJECT_FUZZY_CHEAP Attempt to obfuscate words in Subject: replace_rules SUBJECT_FUZZY_CHEAP header SUBJECT_FUZZY_PENIS Subject =~ /<inter W3><post P3>\b(?!penis)<P><E><N><I><S>/i describe SUBJECT_FUZZY_PENIS Attempt to obfuscate words in Subject: replace_rules SUBJECT_FUZZY_PENIS header SUBJECT_FUZZY_TION Subject =~ /<post P3>(?!tion)<T><I><O><N>/i describe SUBJECT_FUZZY_TION Attempt to obfuscate words in Subject: replace_rules SUBJECT_FUZZY_TION ########################################################################### # fuzzy body tests body FUZZY_AFFORDABLE /<inter W1><post P2>(?!affordable)<A><F><F><O><R><D><A><B><L><E>/i describe FUZZY_AFFORDABLE Attempt to obfuscate words in spam replace_rules FUZZY_AFFORDABLE body FUZZY_AMBIEN /<inter W1><post P2>(?!ambien)<A><M><B><I><E><N>/i describe FUZZY_AMBIEN Attempt to obfuscate words in spam replace_rules FUZZY_AMBIEN body FUZZY_BILLION /(?!billion)<B><I><L><L><I><O><N>/i describe FUZZY_BILLION Attempt to obfuscate words in spam replace_rules FUZZY_BILLION body FUZZY_CPILL /(?!ciali[sz])<C><I><A><L><I><S>/i describe FUZZY_CPILL Attempt to obfuscate words in spam replace_rules FUZZY_CPILL body FUZZY_CREDIT /<inter W1>(?!credit)<C><R><E><D><I><T>/i describe FUZZY_CREDIT Attempt to obfuscate words in spam replace_rules FUZZY_CREDIT body FUZZY_ERECT /<inter W2><post P3>(?!erection)<E><R><E><C><T><I><O><N>/i describe FUZZY_ERECT Attempt to obfuscate words in spam replace_rules FUZZY_ERECT body FUZZY_GUARANTEE /<inter W1><post P2>(?!guarantee)<G><U><A><R><A><N><T><E><E>/i describe FUZZY_GUARANTEE Attempt to obfuscate words in spam replace_rules FUZZY_GUARANTEE body FUZZY_MEDICATION /<inter W1><post P2>(?!medication)<M><E><D><I><C><A><T><I><O><N>/i describe FUZZY_MEDICATION Attempt to obfuscate words in spam replace_rules FUZZY_MEDICATION body FUZZY_MILLION /(?!million)<M><I><L><L><I><O><N>/i describe FUZZY_MILLION Attempt to obfuscate words in spam replace_rules FUZZY_MILLION body FUZZY_MONEY /(?!money)<M><O><N><E><Y>/i describe FUZZY_MONEY Attempt to obfuscate words in spam replace_rules FUZZY_MONEY body FUZZY_MORTGAGE /<inter W1><post P2>(?!mortgage)<M><O><R><T><G><A><G><E>/i describe FUZZY_MORTGAGE Attempt to obfuscate words in spam replace_rules FUZZY_MORTGAGE body FUZZY_OBLIGATION /<inter W1><post P2>(?!obligation)<O><B><L><I><G><A><T><I><O><N>/i describe FUZZY_OBLIGATION Attempt to obfuscate words in spam replace_rules FUZZY_OBLIGATION body FUZZY_OFFERS /(?!offers)<O><F><F><E><R><S>/i describe FUZZY_OFFERS Attempt to obfuscate words in spam replace_rules FUZZY_OFFERS body FUZZY_PHARMACY /<inter W2><post P2>(?!pharmacy)<P><H><A><R><M><A><C><Y>/i describe FUZZY_PHARMACY Attempt to obfuscate words in spam replace_rules FUZZY_PHARMACY body FUZZY_PHENT /<inter W1><post P2>(?!phentermine)<P><H><E><N><T><E><R><M><I><N><E>/i describe FUZZY_PHENT Attempt to obfuscate words in spam replace_rules FUZZY_PHENT body FUZZY_PRESCRIPT /<inter W2><post P2>(?!prescription)<P><R><E><S><C><R><I><P><T><I><O><N>/i describe FUZZY_PRESCRIPT Attempt to obfuscate words in spam replace_rules FUZZY_PRESCRIPT # left S off of negative look-ahead on purpose body FUZZY_PRICES /<inter W2><post P2>(?!price)<P><R><I><C><E><S>/i describe FUZZY_PRICES Attempt to obfuscate words in spam replace_rules FUZZY_PRICES body FUZZY_REFINANCE /<inter W2><post P2>(?!refinance)<R><E><F><I><N><A><N><C><E>/i describe FUZZY_REFINANCE Attempt to obfuscate words in spam replace_rules FUZZY_REFINANCE body FUZZY_REMOVE /(?!remove)<R><E><M><O><V><E>/i describe FUZZY_REMOVE Attempt to obfuscate words in spam replace_rules FUZZY_REMOVE body FUZZY_ROLEX /(?!rolex)<R><O><L><E><X>/i describe FUZZY_ROLEX Attempt to obfuscate words in spam replace_rules FUZZY_ROLEX body FUZZY_SOFTWARE /(?!software)<S><O><F><T><W><A><R><E>/i describe FUZZY_SOFTWARE Attempt to obfuscate words in spam replace_rules FUZZY_SOFTWARE body FUZZY_THOUSANDS /(?!thousands)<T><H><O><U><S><A><N><D><S>/i describe FUZZY_THOUSANDS Attempt to obfuscate words in spam replace_rules FUZZY_THOUSANDS body FUZZY_VLIUM /<inter W1><post P2>(?!valium)<V><A><L><I><U><M>/i describe FUZZY_VLIUM Attempt to obfuscate words in spam replace_rules FUZZY_VLIUM body FUZZY_VIOXX /<inter W1><post P2>(?!vioxx)<V><I><O><X><X>/i describe FUZZY_VIOXX Attempt to obfuscate words in spam replace_rules FUZZY_VIOXX body FUZZY_VPILL /(?!viagra)<V><I><A><G><R><A>/i describe FUZZY_VPILL Attempt to obfuscate words in spam replace_rules FUZZY_VPILL body FUZZY_XPILL /<inter W3><post P2>(?!xanax)<X><A><N><A><X>/i describe FUZZY_XPILL Attempt to obfuscate words in spam replace_rules FUZZY_XPILL endif # Mail::SpamAssassin::Plugin::ReplaceTags