Last active
October 25, 2016 11:02
-
-
Save rmontagud/4ca5777f533710049d9552c32bd320bc to your computer and use it in GitHub Desktop.
Personal spamassasin rules, might contain profanity, out-of-the-line refferences and offensive comments but it's all you can get from someone annoyed of receiving too much spam
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # dranor.cf a set of rules made due to major annoyance when checking my personal accounts | |
| # WARNING: It can contain profane language and offensive opinions | |
| # Deals Are Us bullshit | |
| header __DEALSAREUS_1 Subject =~ /deals are us/i | |
| header __DEALSAREUS_2 From =~ /deals-are-us/i | |
| meta DEALS_ARE_US ((__DEALSAREUS_1 + __DEALSAREUS_2) >= 1) | |
| describe DEALS_ARE_US Spanish bulk mailer, i just hope their servers burn | |
| score DEALS_ARE_US 7.0 | |
| # Several campaign bullshit things, mostly lineadirecta and other companies which use bulk email companies | |
| header __PERMISSIONMAC_1 From =~ /bounce\@ds\.(permissionmac|.*promos|improfertas\d+)\.com/i | |
| header __PERMISSIONMAC_2 List-Unsubscribe =~ /(permissionmac|ds\.impropromos\.com)/i | |
| meta PERMISSIONMAC ((__PERMISSIONMAC_1 + __PERMISSIONMAC_2) >= 1) | |
| describe PERMISSIONMAC Fuck you, gently | |
| score PERMISSIONMAC 7.0 | |
| # Spaguetti motherfuckers | |
| header __ITALIANSPAMMERS_1 From =~ /contact\@vantaggiodelgiorno\.it/i | |
| header __ITALIANSPAMMERS_2 List-Unsubscribe =~ /clicks\.vantaggiodelgiorno\.it/i | |
| header __ITALIANSPAMMERS_3 X-Feedback-ID =~ /.*/i | |
| meta ITALIANSPAM ((__ITALIANSPAMMERS_1 + __ITALIANSPAMMERS_2) >= 2) | |
| describe ITALIANSPAM I don't want to click on keepalive unsubscriptions | |
| score ITALIANSPAM 7.0 | |
| # I did unsubscribe from your bullshit, but you keep sending me more | |
| header __PEDROJOTASEFUE_1 From =~ /elmundo\@e\.elmundo\.es/i | |
| header __PEDROJOTASEFUE_2 List-Unsubscribe =~ /e\.elmundo\.es/i | |
| header __PEDROJOTASEFUE_3 To =~ /dranor\.net/i | |
| meta PEDROJOTASEFUE ((__PEDROJOTASEFUE_1 + __PEDROJOTASEFUE_2 + __PEDROJOTASEFUE_3) >= 3) | |
| describe PEDROJOTASEFUE Death to all your unsolicited email | |
| score PEDROJOTASEFUE 11.5 | |
| # bebee.com is a bullshit startup whose mission is to send spam, but | |
| # they've got good PR people, also their list-unsubscribe is ANOTHER tracking method | |
| header __SMOKESELLER_1 From =~ /hive\.bebee\.com/i | |
| header __SMOKESELLER_2 List-Unsubscribe =~ /bebee\.com/i | |
| header __SMOKESELLER_3 X-mailing =~ /bebee.*/i | |
| meta SMOKESELLER ((__SMOKESELLER_1 + __SMOKESELLER_2 + __SMOKESELLER_3) >= 3) | |
| describe SMOKESELLER You are not welcome, ever, so fuck off | |
| # Scoring fucking high to make sure amavis does not even try to quarantine the email | |
| score SMOKESELLER 101.5 | |
| # Sure I'd love to lay down with a hot Russian girl, but not using a escort service | |
| header __RUSSIAN_HOOKERS_1 From =~ /(news|newsletter)\@.*/i | |
| header __RUSSIAN_HOOKERS_2 Subject =~ /\(.*\).*/i | |
| header __RUSSIAN_HOOKERS_3 Received =~ /(servercrate|baxet|vooservers|gigahost|poweruphosting)/i | |
| header __RUSSIAN_HOOKERS_4 Reply-to =~ /spracently/i | |
| body __RUSSIAN_HOOKERS_5 /(hook-up|milf|banged|crazy|good in bed|findsinglesonly|bang older women|tinder for milfs|dating|russian women|best night)/i | |
| meta RUSSIANHOTTIES ((__RUSSIAN_HOOKERS_1 + __RUSSIAN_HOOKERS_2 + __RUSSIAN_HOOKERS_3 + __RUSSIAN_HOOKERS_4 + __RUSSIAN_HOOKERS_5) >= 3) | |
| describe RUSSIANHOTTIES Kill all that Russian Girlfriend/Hook-up dating bullshit if i want to lay down with someone it won't be by getting scammed in the proccess | |
| score RUSSIANHOTTIES 101.5 | |
| # I can't even describe how unconfortable i feel about receiving emails from escort services | |
| header __SEXDATE_1 From =~ /(sexdate|realescort)/i | |
| header __SEXDATE_2 Reply-to =~ /(sexdate|realescort)/i | |
| header __SEXDATE_3 Subject =~ /(cock|fuck)/i | |
| meta NORWAYSEXDATE ((__SEXDATE_1 + __SEXDATE_2 + __SEXDATE_3) >= 2) | |
| describe NORWAYSEXDATE Norway sex date, escorting services and such | |
| score NORWAYSEXDATE 5.0 | |
| # webbstart, bulk mailer, scoring high but not batshit high, for now | |
| header __WEBBSTARTG_1 From =~ /.*\@www.*webbstart\.(net|com|org|fr)/i | |
| header __WEBBSTARTG_2 Return-Path =~ /ofertas\@/i | |
| header __WEBBSTARTG_3 Received =~ /webbstart/i | |
| body __WEBBSTARTG_4 /(cheque|ventaja administrativa)/i | |
| meta WEBBSTARTG ((__WEBBSTARTG_1 + __WEBBSTARTG_2 + __WEBBSTARTG_3 + __WEBBSTARTG_4) >= 3) | |
| describe WEBBSTARTG I just don't know how to describe how annoying can be this | |
| score WEBBSTARTG 4.0 | |
| # French advertiser, very annoying, using multiple domains to avoid detecton | |
| header __FRENCHVERTISING_1 From =~ /.*\@\.fr/i | |
| header __FRENCHVERTISING_2 X-Mailer =~ /(lipskymedia|sendinblue)/i | |
| header __FRENCHVERTISING_3 Reply-To =~ /(ndmarketing|top-conso|actu-france-net)/i | |
| header __FRENCHVERTISING_4 X-Abuse =~ /(modes-francaises)/i | |
| meta FRENCHVERTISING ((__FRENCHVERTISING_1 + __FRENCHVERTISING_2 + __FRENCHVERTISING_3 + __FRENCHVERTISING_4) >= 2) | |
| describe FRENCHVERTISING I just don't know how to describe how annoying can be this | |
| score FRENCHVERTISING 4.0 | |
| # Rules taken from John GALLET ( http://www.saphirtech.com/spamassassin_fr.txt ) | |
| # Spam is legal in France ! | |
| body FR_SPAMISLEGAL /\b(Conform.+ment|En vertu).{0,5}(article.{0,4}34.{0,4})?la loi\b/i | |
| describe FR_SPAMISLEGAL French: pretends spam is (l)awful. | |
| lang fr describe FR_SPAMISLEGAL Invoque la loi informatique et libertes. | |
| score FR_SPAMISLEGAL 2.5 | |
| body FR_SPAMISLEGAL_2 /\bdroit d.acc.+s.{1,3}(de modification)?.{0,5}de rectification\b/i | |
| describe FR_SPAMISLEGAL_2 French: pretends spam is (l)awful. | |
| lang fr describe FR_SPAMISLEGAL_2 Invoque le droit de rectification cnil. | |
| score FR_SPAMISLEGAL_2 2.5 | |
| ##### | |
| # yeah, sure. | |
| body FR_NOTSPAM /\b(ceci|ce).{1,9} n.est pas.{1,5}spam\b/i | |
| describe FR_NOTSPAM French: claims not to be spam. | |
| lang fr describe FR_NOTSPAM Affirme ne pas etre du spam. | |
| score FR_NOTSPAM 4.0 | |
| ##### | |
| ## I can pay my taxes | |
| body FR_PAYLESSTAXES /\b(paye|calcul|simul|r.+dui|investi).{1,7}(moins|vo|ses).{0,5}imp.+t(s)?\b/i | |
| describe FR_PAYLESSTAXES French: Pay less taxes | |
| lang fr describe FR_PAYLESSTAXES Simulateurs et reductions d'impots. | |
| score FR_PAYLESSTAXES 2.0 | |
| body FR_REALESTATE_INVEST /\b(loi)? (de.robien|girardin).{1,15}(neuf|recentr.+|ancien|IR|IS|imp.+t(s)?|industriel(le)?)\b/i | |
| describe FR_REALESTATE_INVEST French: Invest in real-estate with tax-reductions | |
| lang fr describe FR_REALESTATE_INVEST Reduction impots immobilier. | |
| score FR_REALESTATE_INVEST 2.5 | |
| ##### | |
| # I won at the casino | |
| body FR_ONLINEGAMBLING /\b(casino(s)?|jeu(x)?|joueur(s)?) (en ligne|de grattage)\b/i | |
| describe FR_ONLINEGAMBLING French: Online gambling | |
| lang fr describe FR_ONLINEGAMBLING Jeux en ligne. | |
| score FR_ONLINEGAMBLING 2.0 | |
| ##### | |
| # Baby, did you forget to take your meds ? | |
| body FR_ONLINEMEDS /\bpharmacie(s)? (en ligne|internet)\b/i | |
| describe FR_ONLINEMEDS French: Online meds ordering | |
| lang fr describe FR_ONLINEMEDS Achat de medicaments en ligne. | |
| score FR_ONLINEMEDS 3.0 | |
| ###### | |
| # Tell me why | |
| body FR_REASON_SUBSCRIBE /\bVous recevez ce(t|tte)? (message|mail|m.+l|lettre|news.+) (car|parce que)\b/i | |
| describe FR_REASON_SUBSCRIBE French: you subscribed to my spam. | |
| lang fr describe FR_REASON_SUBSCRIBE Indique pourquoi vous recevez le courrier. | |
| score FR_REASON_SUBSCRIBE 1.5 | |
| ##### | |
| # How to unsubscribe | |
| body FR_HOWTOUNSUBSCRIBE /\b(souhaitez|d.+sirez|pour).{1,10}(plus.{1,}recevoir|d.+sincrire|d.+sinscription|d.+sabonner).{0,10}(information|email|mail|mailing|newsletter|lettre|liste|message|offre|promotion|programme)(s)?\b/i | |
| describe FR_HOWTOUNSUBSCRIBE French: how to unsubscribe | |
| lang fr describe FR_HOWTOUNSUBSCRIBE Indique comment se desabonner. | |
| score FR_HOWTOUNSUBSCRIBE 2.0 | |
| #### | |
| # Various "CRM" (Could Remove Me) | |
| ##### | |
| header FR_MAILER_1 X-Mailer =~ /(delosmail|cabestan|ems|mp6|wamailer|phpmailer|eMailink|Accucast|Benchmail)/i | |
| describe FR_MAILER_1 French spammy X-Mailer | |
| lang fr describe FR_MAILER_1 X-Mailer couramment employe pour des spams en francais. | |
| score FR_MAILER_1 4.0 | |
| header FR_MAILER_2 X-EMV-CampagneId =~ /.+/ | |
| describe FR_MAILER_2 French spammy mailer header | |
| lang fr describe FR_MAILER_2 X-Mailer couramment employe pour des spams en francais. | |
| score FR_MAILER_2 4.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment