khopesh at apache
Nov 24, 2009, 6:51 AM
Post #1 of 1
(224 views)
Permalink
|
|
svn commit: r883710 - in /spamassassin/trunk/rulesrc/sandbox/khopesh: 20_khop_bl.cf 20_khop_general.cf 20_khop_sc_bug_6114.cf
|
|
Author: khopesh
Date: Tue Nov 24 14:51:53 2009
New Revision: 883710
URL: http://svn.apache.org/viewvc?rev=883710&view=rev
Log:
testing some dnsbl stuff, tweaks to khop entries
Modified:
spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_bl.cf
spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_general.cf
spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_bl.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_bl.cf?rev=883710&r1=883709&r2=883710&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_bl.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_bl.cf Tue Nov 24 14:51:53 2009
@@ -6,7 +6,7 @@
# Detect milter-greylist, scam-grey, postgrey, SQLgrey, and hopefully others
header __GREYLISTING ALL =~ /^X-(?:Scam-Grey|Greylist(?:ing)?):\s/m
-header __GREYLISTED ALL =~ /^X-(?:Scam-grey|Greylist(?:ing)?): [Dd]elay(?:ed)? (?:for )?\d+(?: ?s(?:ec(?:ond)?s?)?|:\d\d)/
+header __GREYLISTED ALL =~ /^X-(?:Scam-Grey|Greylist(?:ing)?): [Dd]elay(?:ed)? (?:for )?\d+(?: ?s(?:ec(?:ond)?s?)?|:\d\d)/m
meta KHOP_GREYED __GREYLISTED && (RDNS_NONE || RDNS_DYNAMIC || __HELO_NO_DOMAIN)
describe KHOP_GREYED Greylisted and sent from dynamically-named relay
@@ -34,3 +34,22 @@
# endif
endif
tflags __NOT_SPOOFED nice
+
+
+# Some tests:
+
+# The DNSBL side of the Manitu iXhash zone, http://www.dnsbl.manitu.net/
+# Out-performs PSBL (72.98/0.12 spam/ham to PSBL's 48.69/0.36) at Intra2net:
+# http://www.intra2net.com/en/support/antispam/blacklist.php_dnsbl=RCVD_IN_NIX_SPAM.html
+# Since this is run by Heise and already decently advertised, I don't anticipate
+# problems testing here. Flagged 'nopublish' to keep it in testing for now.
+header RCVD_IN_NIX_SPAM eval:check_rbl('nix-spam-lastexternal','ix.dnsbl.manitu.net.')
+describe RCVD_IN_NIX_SPAM Received via a relay in NiX Spam (heise.de)
+tflags RCVD_IN_NIX_SPAM net nopublish # 20091123
+
+# Limit SpamCop to LASTEXT like every other DNSBL ... why haven't we tried this?
+#header RCVD_IN_SPAMCOP eval:check_rbl_txt('spamcop-lastexternal', 'bl.spamcop.net.', '(?i:spamcop)')
+header RCVD_IN_SPAMCOP eval:check_rbl('spamcop-lastexternal', 'bl.spamcop.net.')
+describe RCVD_IN_SPAMCOP Received via a relay in bl.spamcop.net
+tflags RCVD_IN_SPAMCOP net nopublish # 20091123
+
Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_general.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_general.cf?rev=883710&r1=883709&r2=883710&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_general.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_general.cf Tue Nov 24 14:51:53 2009
@@ -5,7 +5,7 @@
# Now looks for two DIFFERENT IPs, be they HELO or rDNS or real IP. 20091008
# This does NOT hit assumed HELOs like Received: [10.2.3.4] (foo [1.2.3.4])
-# SpamAssassin has a bug(?) that reads ALL Received headers concatenated as one
+# Note \n is needed: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6224
header __TWO_IPS_RCVD Received =~ /[\[\(\s]((?:[12]?\d\d?\.){3}[12]?\d\d?)[\[\(\s][^\[\n;,]{0,99}\[.(?!\1)\d/
meta TWO_IPS_RCVD __TWO_IPS_RCVD && !ALL_TRUSTED
describe TWO_IPS_RCVD Received: Relay identifies itself as wrong IP
Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf?rev=883710&r1=883709&r2=883710&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf Tue Nov 24 14:51:53 2009
@@ -1,4 +1,4 @@
-## khop-sc-neighbors.cf v 2009112218
+## khop-sc-neighbors.cf v 200911246
## Khopesh's syndication of SpamCop's top offenders and top offending networks.
##
## Spamassassin rules written by Adam Katz <antispamATkhopiscom>
@@ -33,7 +33,7 @@
# http://www.spamcop.net/w3m?action=map;net=bmaxcnt;mask=16777215;sort=spamcnt
-header KHOP_SC_CIDR16 Received =~ /(?-xism:\b(?:1(?:8(?:9\.111|7\.4)|18\.173|22\.168|90\.24)|203\.210)(?:\.[012]?[0-9]{1,2}){2}\b)/
+header KHOP_SC_CIDR16 Received =~ /(?-xism:\b(?:1(?:1(?:8\.173|5\.75)|22\.168|89\.111|90\.24)|203\.210)(?:\.[012]?[0-9]{1,2}){2}\b)/
describe KHOP_SC_CIDR16 Relay listed in SpamCop top 12 IP/16 CIDRs
score KHOP_SC_CIDR16 0.6 0.5 0.9 0.75
@@ -53,7 +53,7 @@
# http://spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt
-header KHOP_SC_CIDR24 Received =~ /(?-xism:\b(?:2(?:20\.231\.127|09\.94\.196)|1(?:13\.161\.16|93\.108\.38)|89\.232\.105|62\.61\.164)\.[012]?[0-9]{1,2}\b)/
+header KHOP_SC_CIDR24 Received =~ /(?-xism:\b(?:1(?:40\.113\.121|93\.108\.38)|220\.231\.127|89\.232\.105|62\.61\.164|91\.132\.70)\.[012]?[0-9]{1,2}\b)/
describe KHOP_SC_CIDR24 Relay listed in SpamCop top 12 IP/24 CIDRs
score KHOP_SC_CIDR24 0.9 0.8 1.3 1.2
# http://ruleqa.spamassassin.org/week/KHOP_SC_CIDR24/detail
@@ -70,7 +70,7 @@
# http://www.spamcop.net/w3m?action=hoshame
-header KHOP_SC_TOP200 Received =~ /(?-xism:\b(?:2(?:1(?:1\.(?:1(?:9(?:1\.174\.141|8\.225\.206)|25\.117\.238|71\.255\.237|52\.12\.114)|2(?:02\.2\.(?:48|97)|45\.104\.106))|3\.(?:1(?:5(?:7\.196\.17|6\.192\.)5|86\.57\.129)|2(?:27\.(?:219\.58|72\.146)|51\.162\.218))|0\.(?:1(?:27\.253\.121|10\.49\.39)|21(?:2\.248\.22|9\.173\.6)2)|2\.(?:1(?:(?:50\.22\.14|43\.76\.9)3|98\.38\.145)|59\.22\.136)|8\.(?:248\.(?:44\.196|30\.67)|38\.1(?:2\.246|8\.201))|7\.1(?:99\.231\.249|6\.69\.8)|9\.254\.35\.45)|0(?:0\.(?:2(?:6\.1(?:48\.62|71\.86)|16\.152\.210)|1(?:41\.87\.135|60\.49\.12)|56\.224\.17|80\.140\.61)|2\.(?:75\.37\.2(?:4[03]|27|53)|181\.234\.218|31\.135\.52)|3\.(?:1(?:71\.181\.35|01\.104\.2)|90\.137\.18)|1\.(?:116\.198\.114|251\.250\.3)|9\.(?:172\.35\.112|94\.196\.170)|8\.89\.219\.1(?:34|53)|6\.169\.30\.117)|2(?:0\.(?:2(?:31\.(?:1(?:01\.214|12\.10)|69\.13)|27\.(?:170\.197|35\.234)|41\.246\.97)|95\.232\.26)|1\.(?:1(?:39\.(?:50\.41|0\.97)|20\.224\.146)|2(?:14\.164\.240|\.98\.206)|5\.67\.2)|2
\.(?:2(?:37\.78\.177|52\.223\.2)|122\.158\.185))|4\.1(?:56\.108\.188|99\.205\.252))|1(?:1(?:8\.(?:1(?:30\.112\.235|75\.5\.77)|70\.127\.241|69\.69\.122|96\.24\.156)|3\.16(?:1\.1(?:7\.194|6\.60)|0\.248\.101|9\.176\.24)|0\.(?:1(?:39\.56\.125|72\.167\.37)|45\.146\.169)|1\.(?:224\.250\.(?:6[78]|133|70)|68\.111\.195)|6\.(?:47\.133\.40|50\.249\.2)|7\.25\.129\.200|5\.68\.2\.15)|2(?:4\.(?:(?:124\.52\.16|81\.109\.8)2|2\.205\.254|0\.18\.130)|1\.1(?:8(?:5\.156\.185|7\.85\.114)|0\.127\.158)|5\.(?:234\.18\.130|46\.73\.179|7\.221\.146)|2\.252\.234\.74|3\.30\.9\.250)|9(?:5\.(?:1(?:89\.45\.11|61\.9\.2)|24\.71\.92)|3\.1(?:08\.38\.228|89\.86\.72|98\.8\.211)|0\.(?:196\.13\.66|6\.172\.98|81\.54\.33)|4\.135\.105\.232)|74\.(?:143\.151\.(?:65|80)|36\.201\.222)|4(?:0\.113\.121\.101|8\.233\.80\.145)|89\.54\.125\.92)|9(?:1\.(?:1(?:21\.(?:1(?:4(?:8\.189|\.198)|05\.224)|(?:23\.20|77\.15)5|8(?:1\.99|3\.5))|9(?:2\.144\.9|3\.199\.4)|32\.70\.11)|2(?:00\.212\.5|14\.16\.42))|4\.(?:2(?:3\.(?:(?:215\.5|35\.18)0
|12\.122|45\.154|5\.161)|51\.113\.140)|1(?:0(?:3\.33\.128|2\.7\.104)|59\.202\.199|73\.9\.220)|77\.48\.5)|5\.(?:154\.240\.98|86\.78\.80)|2\.243\.17\.217|3\.122\.135\.4)|6(?:1\.1(?:0(?:9\.245\.206|0\.14\.234)|78\.(?:126\.206|81\.100)|48\.102\.110|58\.163\.112)|7\.2(?:2(?:7\.(?:153\.217|213\.202)|5\.17(?:7\.110|9\.86))|05\.111\.46)|6\.(?:4(?:6\.179\.10|9\.137\.29)|242\.25\.198)|2\.1(?:69\.150\.234|48\.88\.98)|5\.204\.173\.139|0\.213\.48\.250|9\.13\.42\.151|4\.6\.236\.15)|8(?:0\.(?:93\.(?:125\.18|215\.10)6|235\.105\.140|70\.96\.178)|3\.1(?:4(?:2\.111\.228|3\.151\.165)|9\.164\.58)|5\.1(?:(?:70\.32\.15|0\.194\.3)4|92\.33\.96)|4\.(?:22\.140\.186|17\.11\.114|32\.238\.19)|9\.(?:190\.197\.14|97\.183\.195)|1\.1(?:12\.190\.195|92\.1\.254)|2\.239\.205\.187|7\.117\.253\.240)|7(?:4\.(?:208\.167\.189|50\.85\.108)|7\.7(?:8\.161\.136|0\.54\.81)|2\.(?:55\.156\.41|21\.6\.17)|5\.126\.49\.149|9\.171\.18\.217|0\.38\.54\.133)|5(?:8\.1(?:8\.168\.16[2356]|20\.227\.149)|9\.160\.177\.27))\b)/
+header KHOP_SC_TOP200 Received =~ /(?-xism:\b(?:2(?:1(?:3\.(?:1(?:49\.131\.201|57\.196\.175|86\.62\.59)|227\.(?:219\.58|72\.146)|79\.125\.122)|0\.(?:1(?:07\.195\.173|27\.253\.121|10\.49\.39)|21(?:2\.248\.22|9\.173\.6)2)|1\.(?:1(?:17\.221\.11|71\.255\.23)7|2(?:45\.104\.106|02\.2\.97))|2\.(?:1(?:(?:50\.22\.14|43\.76\.9)3|98\.38\.145)|59\.22\.136)|(?:6\.66\.78\.12|9\.254\.35\.4)5|8\.(?:248\.44\.196|38\.18\.201)|7\.1(?:99\.231\.249|6\.69\.8))|0(?:0\.(?:1(?:(?:95\.158\.16|41\.87\.13)5|60\.49\.12)|2(?:6\.1(?:48\.62|71\.86)|16\.152\.210)|80\.140\.61|91\.248\.84)|1\.(?:116\.198\.114|251\.250\.3|59\.14\.107|6\.119\.118)|2\.(?:75\.37\.2(?:4[03]|27|53)|31\.135\.52)|3\.(?:210\.249\.19|101\.104\.2|90\.137\.18)|9\.(?:172\.(?:35\.112|44\.13)|94\.196\.170)|8\.89\.219\.1(?:34|53)|6\.169\.30\.117)|2(?:0\.(?:2(?:27\.(?:170\.197|35\.234)|31\.1(?:01\.214|12\.10)|41\.246\.97)|95\.232\.26)|1\.(?:1(?:39\.(?:50\.41|0\.97)|20\.224\.146)|2\.98\.206)|2\.(?:2(?:37\.78\.177|52\.223\.2)|122\.158\.185))
|4\.1(?:56\.108\.188|99\.205\.252))|1(?:1(?:0\.(?:1(?:39\.56\.125|72\.167\.37)|45\.146\.169)|8\.(?:9(?:1\.117\.165|6\.24\.156)|130\.112\.235)|6\.(?:47\.133\.40|1\.10\.195|50\.249\.2)|1\.224\.250\.(?:7[01]|133|67)|3\.16(?:1\.17\.19|9\.176\.2)4|7\.25\.129\.200|5\.68\.2\.15)|2(?:1\.(?:1(?:8(?:5\.156\.185|7\.85\.114)|0\.127\.158)|241\.32\.49|52\.145\.2)|4\.(?:(?:124\.52\.16|81\.109\.8)2|2\.205\.254|0\.18\.130)|5\.(?:(?:7\.221\.14|20\.67\.6)6|46\.(?:49\.131|73\.179))|2\.252\.234\.74)|9(?:0\.(?:14(?:7\.205\.103|4\.93\.154)|254\.222\.210|6\.172\.98|81\.54\.33)|5\.(?:1(?:89\.45\.11|61\.9\.2)|245\.211\.36)|3\.1(?:08\.38\.228|89\.86\.72|98\.8\.211)|6\.28\.237\.185)|74\.(?:143\.1(?:51\.(?:65|80)|45\.248)|36\.201\.222)|8(?:8\.217\.20\.96|9\.52\.28\.132|6\.24\.19\.3)|(?:40\.113\.121\.10|39\.175\.55\.22)1)|9(?:1\.(?:1(?:21\.(?:1(?:4(?:8\.1(?:17|89)|\.198)|20\.108)|(?:77\.15|9\.18)5|2(?:3\.205|8\.84)|8(?:1\.99|3\.5))|9(?:2\.144\.9|3\.199\.4|7\.5\.1)|32\.70\.11)|2(?:00\.212\.5|14\.16\.42))|
4\.(?:2(?:3\.(?:2(?:15\.50|5\.113)|12\.122|35\.180|45\.154|5\.161)|51\.113\.140)|1(?:0(?:3\.33\.128|2\.7\.104)|59\.202\.199|73\.9\.220)|77\.48\.5)|5\.(?:154\.240\.98|86\.78\.80)|2\.243\.17\.217|3\.122\.135\.4|8\.116\.37\.60)|8(?:2\.(?:1(?:46\.245\.105|93\.140\.168)|2(?:39\.205\.187|28\.64\.89))|5\.1(?:(?:70\.32\.15|0\.194\.3)4|92\.33\.96)|4\.(?:22\.140\.186|17\.11\.114|32\.238\.19)|0\.(?:235\.105\.140|93\.125\.186)|3\.14(?:2\.111\.228|3\.151\.165)|9\.(?:190\.197\.14|97\.183\.195)|1\.1(?:12\.190\.195|92\.1\.254)|7\.117\.253\.240|8\.84\.200\.97|\.7\.26\.142)|6(?:1\.(?:1(?:48\.102\.110|58\.163\.112|78\.126\.206|00\.14\.234)|0\.70\.9)|6\.(?:4(?:6\.179\.10|9\.137\.29)|242\.25\.198)|2\.1(?:69\.150\.234|48\.88\.98)|5\.204\.173\.139|0\.213\.48\.250|7\.205\.111\.46|4\.6\.236\.15)|7(?:4\.(?:208\.167\.189|50\.85\.108)|7\.(?:124\.61\.155|70\.54\.81)|5\.126\.49\.149|0\.38\.54\.133|2\.21\.6\.17)|5(?:8\.(?:1(?:8\.168\.16[2356]|20\.227\.149)|20\.46\.11)|9\.160\.177\.27))\b)/
describe KHOP_SC_TOP200 Relay listed in SpamCop top 200 spammer IPs
score KHOP_SC_TOP200 3.4 3.2 3.7 3.5
# http://ruleqa.spamassassin.org/week/KHOP_SC_TOP200/detail
@@ -81,7 +81,7 @@
#counts KHOP_SC_TOP200 1s/0h of 35244 corpus (10278s/24966h jm) 05/25/09
# assumed overlap: 98+% of hits also hit RCVD_IN_BL_SPAMCOP_NET (1.960)
-#header KHOP_SC_TOP100 Received =~ /(?-xism:\b(?:2(?:0(?:2\.(?:75\.37\.2(?:4[03]|27)|31\.135\.52)|0\.(?:160\.49\.12|26\.171\.86)|3\.(?:101\.104\.2|90\.137\.18)|6\.169\.30\.117|9\.172\.35\.112)|1(?:(?:3\.227\.72\.14|8\.248\.44\.19)6|0\.1(?:27\.253\.121|10\.49\.39)|2\.(?:150\.22\.143|59\.22\.136)|7\.1(?:99\.231\.249|6\.69\.8))|2(?:0\.(?:227\.35\.234|95\.232\.26)|1\.(?:139\.50\.41|2\.98\.206)|2\.237\.78\.177)|4\.1(?:56\.108\.188|99\.205\.252))|1(?:9(?:0\.(?:196\.13\.66|6\.172\.98)|5\.1(?:89\.45\.11|61\.9\.2)|3\.108\.38\.228)|2(?:1\.1(?:0\.127\.158|87\.85\.114)|2\.252\.234\.74|4\.124\.52\.162)|1(?:3\.160\.248\.101|1\.68\.111\.195|6\.50\.249\.2)|74\.(?:143\.151\.(?:65|80)|36\.201\.222)|40\.113\.121\.101)|9(?:4\.(?:2(?:3\.(?:(?:215\.5|35\.18)0|45\.154|5\.161)|51\.113\.140)|159\.202\.199)|1\.1(?:21\.(?:14(?:8\.189|\.198)|8(?:1\.99|3\.5)|23\.205)|92\.144\.9)|2\.243\.17\.217|3\.122\.135\.4|5\.86\.78\.80)|6(?:1\.1(?:48\.102\.110|78\.126\.206)|2\.1(?:69\.150\.234|48\.88\.98)|6\.(?:2
42\.25\.198|49\.137\.29)|5\.204\.173\.139|7\.225\.179\.86)|8(?:9\.(?:190\.197\.14|97\.183\.195)|0\.235\.105\.140|2\.239\.205\.187|3\.143\.151\.165|4\.17\.11\.114|5\.192\.33\.96)|7(?:4\.(?:208\.167\.189|50\.85\.108)|5\.126\.49\.149|0\.38\.54\.133|7\.70\.54\.81|2\.21\.6\.17)|5(?:8\.18\.168\.16[35]|9\.160\.177\.27))\b)/
+#header KHOP_SC_TOP100 Received =~ /(?-xism:\b(?:2(?:0(?:0\.(?:2(?:16\.152\.210|6\.171\.86)|160\.49\.12|91\.248\.84)|3\.(?:101\.104\.2|90\.137\.18)|2\.75\.37\.2(?:4[03]|27|53)|6\.169\.30\.117|9\.172\.35\.112)|1(?:0\.(?:1(?:27\.253\.121|10\.49\.39)|212\.248\.222)|(?:3\.227\.72\.14|8\.248\.44\.19)6|2\.1(?:50\.22\.14|43\.76\.9)3|7\.199\.231\.249|6\.66\.78\.125)|2(?:1\.(?:1(?:20\.224\.146|39\.50\.41)|2\.98\.206)|0\.227\.35\.234|2\.237\.78\.177)|4\.1(?:56\.108\.188|99\.205\.252))|1(?:2(?:1\.1(?:0\.127\.158|87\.85\.114)|4\.(?:124\.52\.162|0\.18\.130)|5\.(?:46\.49\.131|7\.221\.146)|2\.252\.234\.74)|9(?:0\.(?:144\.93\.154|6\.172\.98|81\.54\.33)|3\.108\.38\.228|6\.28\.237\.185|5\.189\.45\.11)|1(?:1\.224\.250\.71|3\.169\.176\.24|8\.91\.117\.165|6\.50\.249\.2)|74\.(?:143\.151\.(?:65|80)|36\.201\.222))|8(?:2\.(?:146\.245\.105|239\.205\.187)|0\.(?:235\.105\.140|93\.125\.186)|(?:9\.190\.197\.|4\.17\.11\.1)14|3\.14(?:2\.111\.228|3\.151\.165)|5\.192\.33\.96)|9(?:1\.1(?:21\.(?:14(?:8\.189
|\.198)|23\.205)|92\.144\.9)|4\.2(?:3\.(?:215\.50|45\.154|5\.161)|51\.113\.140)|2\.243\.17\.217|3\.122\.135\.4|5\.86\.78\.80)|6(?:1\.1(?:48\.102\.110|78\.126\.206)|5\.204\.173\.139|6\.242\.25\.198)|5(?:8\.(?:18\.168\.16[235]|20\.46\.11)|9\.160\.177\.27)|7(?:(?:4\.208\.167\.18|5\.126\.49\.14)9|7\.70\.54\.81))\b)/
#describe KHOP_SC_TOP100 Relay listed in SpamCop top 100 spammer IPs
#score KHOP_SC_TOP100 1.4 1.3 1.8 1.7
# http://ruleqa.spamassassin.org/week/KHOP_SC_TOP100/detail
@@ -95,12 +95,12 @@
# notable overlap: 98% of hits also hit RCVD_IN_XBL (3.033)
# notable overlap: 80% of hits also hit RCVD_IN_SORBS_WEB (0.619)
-#header KHOP_SC_TOP20 Received =~ /(?-xism:\b(?:2(?:00\.(?:216\.152\.210|141\.87\.135|80\.140\.61)|22\.252\.223\.2)|1(?:1(?:1\.224\.250\.133|7\.25\.129\.200)|25\.46\.73\.179)|(?:61\.158\.163\.11|58\.18\.168\.16)2|80\.93\.125\.186)\b)/
+#header KHOP_SC_TOP20 Received =~ /(?-xism:\b(?:2(?:00\.(?:1(?:95\.158\.16|41\.87\.13)5|80\.140\.61)|19\.254\.35\.45|22\.252\.223\.2)|1(?:1(?:1\.224\.250\.(?:133|67)|7\.25\.129\.200)|25\.46\.73\.179|95\.161\.9\.2))\b)/
#describe KHOP_SC_TOP20 Relay listed in SpamCop top 20 spammer IPs
#score KHOP_SC_TOP20 1.9 1.7 2.2 2.0
# assumed overlap: 99+% of hits also hit RCVD_IN_BL_SPAMCOP_NET (1.960)
-#header KHOP_SC_TOP10 Received =~ /(?-xism:\b(?:2(?:1(?:3\.227\.219\.58|9\.254\.35\.45)|09\.94\.196\.170)|(?:58\.18\.168\.16|84\.22\.140\.18)6|6(?:0\.213\.48\.25|1\.178\.81\.10)0|111\.224\.250\.(?:67|70)|91\.132\.70\.11)\b)/
+#header KHOP_SC_TOP10 Received =~ /(?-xism:\b(?:1(?:40\.113\.121\.101|11\.224\.250\.70|93\.189\.86\.72)|2(?:09\.94\.196\.170|13\.227\.219\.58)|6(?:1\.158\.163\.112|0\.213\.48\.250)|(?:58\.18\.168\.16|84\.22\.140\.18)6|91\.132\.70\.11)\b)/
#describe KHOP_SC_TOP10 Relay listed in SpamCop top 10 spammer IPs
#score KHOP_SC_TOP10 2.2 2.0 2.6 2.4
# assumed overlap: 99+% of hits also hit RCVD_IN_BL_SPAMCOP_NET (1.960)
|
