spamassassin - なんか:かんがえて-6

postfix の *_checks, .procmailrc, おまけに spamassassin と蹴り機構がわけわかになっていたのでspamassassin だけにしてみる。

足してみた ~/.spamassassin/user_prefs

header ISO2022JP_CHARSET Content-Type =~ /charset=['"]?iso-2022-jp['"]?/i
describe ISO2022JP_CHARSET ISO-2022-JP message
score ISO2022JP_CHARSET -0.182

header GB2312_CHARSET Content-Type =~ /charset= ?['"]?GB2312['"]?/i
describe GB2312_CHARSET GB2312 message
score GB2312_CHARSET 10.00

header MISYOUDAKU Subject =~ /L\$>5Bz9-9p\"\(/
describe MISYOUDAKU Misyoudaku-Koukoku
score MISYOUDAKU 7.00

header KOUKOKU Subject =~ /(!\*|\033\$[B@])9-9p(!\*|\033\([BJ]!)/
describe KOUKOKU !KOUKOKU!
score KOUKOKU 7.00

body HAISHINTEISHI /G\[\?\.(..)*(Dd;_|ITMW)/
describe HAISHINTEISHI Haishin Teishi
score HAISHINTEISHI 5.4

body KOUDOKUKAIJO /9XFI(..)*2r=\|/
describe KOUDOKUKAIJO Koudoku Kaijo
score KOUDOKUKAIJO 5.4

body MURYOU /L5NA/
describe MURYOU Muryou
score MURYOU 3.4

body ISO2022JP_BODY /\033\$[B@]/
describe ISO2022JP_BODY ISO-2022-JP message
score ISO2022JP_BODY -2.394

ok_languages ja en
ok_locales ja en

report_header 1
use_terse_report 1
rewrite_subject 0

required_hits 10.00

header X_MAILER X-Mailer =~ /(GpsMailer|SpireMail|IM2000 Version|Pinta Magazine|MultiMail|BSMTP DLL|E-Magazine|Direct Email|Achi-Kochi Mail|MagicalMail|InternetPost for Active Platform|Web Based Pronto)/
describe X_MAILER spammer's choice of X-Mailer
score X_MAILER 10.0

header X_MAILER_U X-MAILER =~ /Mail Explorer For Internet /
describe X_MAILER_U spammer's choice of X-MAILER
score X_MAILER_U 10.0

header X_MAIL_AGENT X-Mail-Agent =~ /(Extra Japan)/
describe X_MAIL_AGENT spammer's choice of X-Mail-Agent
score X_MAIL_AGENT 10.0

header KS5601_CHARSET Content-Type =~ /charset= ?['"]?ks_c_5601/i
describe KS5601_CHARSET KS_C_5601 message
score KS5601_CHARSET 10.00

header REPLY_TO_REMOVE Reply-To =~ /remove\@/
describe REPLY_TO_REMOVE Reply-To set to remove@...
score REPLY_TO_REMOVE 5.0

body CIRCAM /Content-(Disposition|Type):.+file.+="?.*\.(pif|com|scr|lnk|vbs)/
describe CIRCAM SirCam & like
score CIRCAM 20.0

body CIRCAM2 /TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/
describe CIRCAM2 SirCam & like
score CIRCAM2 20.0

body DOS_EXE /TVpQAAIAAAAEAA8A\/\/8AALgAAAAAAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/
describe DOS_EXE DOS Executable
score DOS_EXE 20.0

body KLEZ /TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/
describe KLEZ Klez.E
score KLEZ 20.0

body MYPARTY /^begin 666 www.myparty.yahoo.com/
describe MYPARTY myparty (2002/1/29)
score MYPARTY 20.0

いや spamassassin にマジに virus check をさせる気はないんですが。