# spamrc by Pawel Krawczyk
# $Id: spamrc.txt,v 1.140 2003/01/03 08:59:48 kravietz Exp $
#
# This file is placed in public domain.
# If you are under adult age, some contents of this file may be
# offensive or confusing for you. Sorry, c'est la vie ;)
#
# For more information see http://arch.ipsec.pl/spamrc/
# For other interesting anti-spam techniques see:
#  http://www.polspam.org/
#  http://bogofilter.sourceforge.net/
#
# A message passing through this ruleset is given a score by each
# rule (each in one line). If the result at the end is positive, the
# message matches and is thrown into a low priority folder.  See
# procmailsc(5) for more information.

# CONFIGURATION:
# To use the spamrc.txt from your .procmailrc file do the following
# in the file:
#
# 1. Define variable TARGET pointing to where the suspected mail
# will be stored. Example:
# TARGET=$HOME/Mail/spam
#
# 2. Include spamrc.txt
# INCLUDERC=$HOME/Mail/spamrc.txt

# Following rules require case sensitivity and have been commented
# out until I figure out how to mix case sensitive rules with
# insensitive ones in one ruleset.
#
#* 150^0 ^Subject.*\?big5\?Q\?.+(=[A-Z0-9][A-Z0-9][A-Z0-9]*)+
#* 150^0 ^Subject.*\?big5\?B\?[A-Za-z0-9/=]+
## Trap for laksjdbvczwe@aol.com spam series
#* 50^0 ^FROM.*\s[a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z]@.+\.com
## Trap for e24960@jubiipost.dk or  d23473@mail.ru spam series (from ZG)
#* 50^0 ^From:\ [a-z][0-9][0-9][0-9][0-9][0-9]*@.+
#* 200^0 ^X-Mailer:\ [a-zA-Z0-9][a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$[a-zA-Z0-9]$$
#* 200^0 ^X-Mailer:\ [0-9A-F][0-9A-F][0-9A-F][0-9A-F][0-9A-F][0-9A-F][0-9A-F][0-9A-F]\.[0-9A-F][0-9A-F][0-9A-F][0-9A-F][0-9A-F][0-9A-F][0-9A-F][0-9A-F]\.\[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]
#* 50^0 ^Subject.*[A-Z][A-Z][A-Z][A-Z][A-Z][A-Z]*
#* 100^0 ^Subject.*[^A-Za-z0-9.-][^A-Za-z0-9.-][^A-Za-z0-9.-][^A-Za-z0-9.-][^A-Za-z0-9.-]
#* 100^0 ^Sender.*[^A-Za-z][^A-Za-z][^A-Za-z][^A-Za-z][^A-Za-z]
#* 100^0 ^From.*[^A-Za-z0-9.-][^A-Za-z0-9.-][^A-Za-z0-9.-][^A-Za-z0-9.-][^A-Za-z0-9.-]


# First we give the message a negative credit.
:0 HB
* -250^0

* 200^0 ^X-Score: [0-9]+

# This removes many false-positives from mailing lists
# like [squid-users] etc.
* -100^0 ^Subject:.*\[.+\]

# Some common spam signatures - lack of some headers.
* 100^0 !^From:
* 50^0 !^From .+@.+
* 200^0 !^To:
* 100^0 !^Subject:

# Polish spamming service
* 300^0 (listonosz.*list.*mailing|^X-Listonosz)
* 300^0 php.manufaktura.pl
* 300^0 ^X-Mailer.*BAZA.mediator.pl
* 200^0 http://sub.4free.pl
* 200^0 (From:.*@e-mailing.pl|http://www.e-mailing.pl)

# African money spam, using name of the alleged lawyer and
# the fax number
* 50^0 abbas\ bundu
* 200^0 234-1-7594494

# Spam often has malformed Message-ID
* 100^0 ! ^Message-I[Dd]:\ <[a-zA-Z0-9$.-]+@[a-zA-Z0-9.-]+>$

# I get a lot of quite unreadable spam from Taiwan and Korea
* 20^0 ^(Received)?:.*from.*\(unknown
* 100^0  ^(From|To).*\.(tw|kr|cn|cu|(china|sinamail)\.com)$
* 100^0 ((seed(er)?|giga)\.net\.tw|hinet|hbdcb\.net\.cn)
* 100^0 (^Received)?.*from.*\.(tw|kr|cn|cu)\>
* 100^0 (Content-Type|Subject|From).*(big5|DEFAULT_CHARSET|ks_c_5601-1987|unknown-8bit|windows-874|euc-kr|ISO-2022-KR)


# This is from Zygmunt Gorszczynski <zygmunt.gorszczynski%w3.com.pl>
* 150^0 ^Subject:.+[^\ ]\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ *[0-9]+



# Well known PressBlaster spamming program
* 300^0 This\ Press\ Release\ is\ being\ sent\ to\ a\ handful\ of\ targeted

# This one is from Matthias Bauer <bauerm%immd1.informatik.uni-erlangen.de>
# Three consecutive non-printables in a row. Must be chinese spam.
* 150^0 ^Subject: [^-a-zA-Z0-9\ \.;:\&@/,\!\*\+\^\(\)\[\]\{\}=_%\?\|][^-a-zA-Z0-9\ \.;:\&@/,\!\*\+\^\(\)\[\]\{\}=_%\?\|][^-a-zA-Z0-9\ \.;:\&@/,\!\*\+\^\(\)\[\]\{\}=_%\?\|][^-a-zA-Z0-9\ \.;:\&@/,\!\*\+\^\(\)\[\]\{\}=_%\?\|]*

# Big & many attachments suck
* 10^0 ^Content-Type.*(html|word|excel|jpeg|zip-compressed|gif)

# Mails consisting only of HTML are mostly spam, even stupid OE
# users send multipart/alternative
* 260^0 ^Content-Type.*text/html
* -50^0 ^Content-Type.*multipart/alternative
* 30^0 ^Content-Type.*format=flowed

# Undisclosed-Recipient is common signature of dumb Outlook spammers.
* 100^0 ^To.*Undisclosed-Recipient

# Idiots from informacja.pl are selling spam lists
# and another idiots are using them.
* 50^0 adres.+znaleziony.+na.+stronie.+(internetowej)?

# Another common spam signatures.
* 200^0 ^(From|To).*@(public|promotion|zzn)\.com
* 100^0 ^(From|To).*friend

# Catch 12dupa@hotmail.com, dupa123@hotmail.com and similiar
* 200^0 ^(Sender|From).*([a-zA-Z]+[0-9]+|[0-9]+[a-zA-Z]+).*@((yahoo|bigfoot|hotmail|aol|email|mailstart|china|hongkong)\.com|usa\.net|ibm\.net)
* 50^0 ^From:\ [a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][a-z]@(yahoo|msn).com

# Common spam subject
* 50^0 ^Subject.*accept.+major.+credit.+cards
* 200^0 enlarge.+your.+penis

# Catch spam sent directly from UU leased lines (plenty of them)
* 150^0 Received.*Cust.+uu\.net

# DARTmail & opt-inemail.com
* 100^0 delivery\ provided\ by\ DARTmail
* 100^0 opt-inemail.com

# They try to support themselves with law.
* 100^0 This\ message\ is\ sent\ in\ compliance.*(email)?.*(bill)?
* 100^0 safeguard.*not\ inserted.*using.*registered\ version

# Email Platinum signature
* 300^0 brought\ to\ you\ by\ Email\ Platinum

# This is probably old bug in Sendmail, that allow hiding Received data
* 250^0 Received:\ from.*\.\.\.\.\.\.\.\.\.\.\.*

# Kill spam identified by RBL
* 200^0 ^X-RBL-Warning:

# Catch common bulk mailers
* 100^0 ^(X-EM-Version|X-EM-Registration)
* 200^0 Received.*(advertise|stealth|bulk|sex|mail\.robot\.(ru|ro))
* -150^0 Received.*(bulk_mailer v)
* 100^0 Received.(comanche|apache).+(net|com|org)?
* 200^0 Received.*netranger
* 100^0 (Received|X-MIME).*gb(m)?(\.)?net
* 500^0 ^X-Mailer.*(PhoenixMailer|max-email|DiffondiCool|EMailing\ List\ Pro|Dynamic\ Opt-In\ Emailer|Dynamic\ Mail\ Pro|diffondi|Microsoft\ CDO|juhi1weei4liqu16|Copia\ emailFacts|sendEmail-v|Mailer\ Signature|longtan|LK\ SendIt|JMail|\{\%xmailer\%\}|eGroups\ Message\ Poster|JBH\ Msender|OutLook\ Express\ 3\.14159|JiXing\ mailer|Juno|Foxmail|Aesop\ Mailer|Mach5|Catalyst\ SocketTools|Dundas\ Mailer\ Control|IncrediMail|PROSPER\ EMAILER|e-mage\ estrada|veeMailer)
* 500^0\ ^X-Mailer.*(Dynamic\ Opt-In\ Emailer|SafeMail\ Opt-In\ List\ Manager|MailWorkZ\ Broadcast|Aureate\ Group\ Mail|GoldMine|lightening\ mailer|ACE\ Contact\ Manager|Aristotle\ Mail|Avalanche|CTMailer|CyberCreek\ Avalanche|E-mail\ Magnet|Ellipse\ Bulk\ Emailer|Emailer\ Platinum|Extractor|Floodgate|Group\ Mail|MailKing|Mailcast|MassE-Mail|NetMailer|Quick\ (Shot|Sender)|RamoMail|WorldMerge|eMerge|massmail\.pl|\.SMTP32\ v|Vera|Advanced\ Direct\ Remailer|EPaper\ Boy|Blastoise|Mail\ Bomber|X-Mailer)
* 500^0 ^X-Server: VPOP3
* 50^0 ^Comments: This message was delivered by an evaluation copy of LSMTP
* 50^0 ^Received.*JetMail
* 300^0 ^X-Library.*(Trafficmagnet|Indy)
* 50^0 ^(From|To).*(\ sex|adult|porn|advert)
* 200^0 Message-ID.*(advert|bulk|lov(e|ing)|aegispam|marketing|edu\.blue)

* 45^0 ^Subject.*\ sex
* 45^0 ^Subject.*adult
* 45^0 ^Subject.*porn
* 45^0 ^Subject.*gay
* 45^0 ^Subject.*erotic
* 45^0 ^Subject.*advert
* 45^0 ^Subject.* xxx\ 
* 45^0 ^Subject.*zaprosz
* 45^0 ^Subject.*bulk.+email
* 45^0 ^Subject.*revenue
* 45^0 ^Subject.*expense
* 45^0 ^Subject.*profit
* 45^0 ^Subject.*sperm
* 45^0 ^Subject.*money
* 45^0 ^Subject.*earn
* 45^0 ^Subject.*zaproszen
* 45^0 ^Subject.*cash
* 45^0 ^Subject.*free
* 45^0 ^Subject.*lingerie
* 45^0 ^Subject.*(viagra|v\ i\ a\ g\ r\ a)
* 45^0 ^Subject.*purchase.*online
* 45^0 ^Subject.*oferta
* 45^0 ^Subject.*business
* 45^0 ^Subject.*opportunity
* 45^0 ^Subject.*delete
* 45^0 ^Subject.*\ ADV
* 45^0 ^Subject.*\ AD
* 45^0 ^Subject.*hot
* 45^0 ^Subject.*stock
* 45^0 ^Subject.*live\ video
* 45^0 ^Subject.*picture
* 45^0 ^Subject.*gallery
* 45^0 ^Subject.*works
* 200^0 ^Subject.*(business\ opportunity|please\ read|don\'t\ delete|free\ info)
* 100^0 ^Subject.*(The\ Contrarian|congratulation)
* 50^0 ^Subject.*Platinum
* 50^0 ^Subject.*eMarketing
* 50^0 ^Subject.*Discount
* 40^0 ^Subject.*Pricing
* 40^0 ^Subject.*Platinum
* 30^0 ^Subject.*Emailing
* 20^0 ^Subject.*\#
* 100^0 ^Subject.*\#\#
* 500^0 ^Subject.*\#\#\#
* 750^0 ^Subject.*\#\#\#
* 100^0 ^Subject.*\$\$
* 500^0 ^Subject.*\$\$\$
* 750^0 ^Subject.*\$\$\$
* 20^0 ^Subject.*\!
* 100^0 ^Subject.*\!\!
* 300^0 ^Subject.*\!\!\!

# This on is from Thomas Hartwig <t.hartwig%crapoud.com>, thanks!
* 50^0 ^Subject.*[0-9][0-9][0-9][0-9][0-9]$

* 50^0 ^PP-Warning:
* 150^0 Extractor\ Pro
* 150^0 EmailProspector
* 30^0 ^X-Authentication-Warning

* 10^0 \ sex
* 10^0 adult
* 10^0 erotic
* 10^0 gay
* 10^0 porn
* 10^0 chain.+letter
* 10^0 sponsor
* 10^0 \ xxx\ 
* 10^0 xxx\ 
* 10^0 hardcore
* 10^0 \ cum
* 10^0 advertise
* 10^0 revenue
* 10^0 sperm
* 10^0 targeted\ search
* 10^0 collect.+email
* 10^0 \ pay
* 10^0 lingerie
* 10^0 org(y|ies)
* 10^0 teens
* 10^0 virgin
* 10^0 sign\ up\ now
* 10^0 viagra
* 10^0 composed.+extractor
* 10^0 penis
* 10^0 orgasm
* 10^0 incredible
* 10^0 extrem
* 10^0 toll.*free
* 10^0 v\ i\ a\ g\ r\ a

* 10^0 (earthlink|newmail)\.(net|com)
* 50^0 Bill\ S\.1618
* 10^0 subject.+(remove|delete)
* 10^0 remove.+(subject|request|list)
* 10^0 remove.*for\ free
* 10^0 reply.*remove
* 10^0 one\ time.*(mail|message)
* 5^0 video
* 5^0 pictures
* 5^0 earn
* 5^0 photo
* 5^0 remove
* 10^0 future\ mailing
* 10^0 make\ money
* 50^0 mortgage
* 5^0 guarantee

# For the misconfigured formmail
* 50^0 Below\ is\ the\ result\ of\ your\ feedback\ form

# This removes some potential false positives *I* have noticed
* -100^0 ^Subject.*(solaris|freeswan|debian|cvs)
* -100^0 ^From\ [A-Za-z0-9.+-]+=[A-Za-z0-9.-]+@

# Habeas idea is to certify that the email is *not* a spam,
# for details see http://www.habeas.com/faq/
* -250^0 ^X-Habeas-SWE-9:\ mark\ in\ spam\ to\ \<http://www.habeas.com/report/\>.

$TARGET

# $Log: spamrc.txt,v $
# Revision 1.140  2003/01/03 08:59:48  kravietz
# - added several charset specs from Bodyn
#
# Revision 1.139  2002/12/15 10:17:41  kravietz
# - added several new X-Mailers from Jacek Lipkowski
#
# Revision 1.138  2002/12/11 12:41:25  kravietz
# - added X-Server: VPOP3 V1.5.0 - Registered
#
# Revision 1.137  2002/11/05 14:27:25  kravietz
# - removed unnecessary double Subject !!! trap
#
# Revision 1.136  2002/10/31 08:01:44  kravietz
# - added X-Mailer: Aesop Mailer
#
# Revision 1.135  2002/10/10 06:42:54  kravietz
# - added previously disabled traps for big5
# - added windows-874 trap
#
# Revision 1.134  2002/10/04 15:19:14  kravietz
# - added Foxmail mailer:
#   X-Mailer: Foxmail
#
# Revision 1.133  2002/10/04 11:30:59  kravietz
# - added Quick Sender based on the signature:
#   X-Mailer: QuickSender 1.05
#
# Revision 1.131  2002/09/27 08:27:53  kravietz
# - added Juno mailer based on the "X-Mailer: Juno 3.9" signature
#
# Revision 1.130  2002/09/27 07:59:33  kravietz
# - added habeas.com support
# - added notes on Polspam and bogofilter
#
# Revision 1.129  2002/09/25 14:25:53  kravietz
# - added viagra subjects
#
# Revision 1.128  2002/08/12 18:42:20  kravietz
# - temporarily commented out rules requiring case sensitivity
#
# Revision 1.127  2002/08/11 09:04:36  kravietz
# - added JiXing mailer
#
# Revision 1.126  2002/08/05 11:46:13  kravietz
# - poprawki
#
# Revision 1.125  2002/06/30 09:46:05  kravietz
# - added X-Mailer containing only "X-Mailer" string
#
# Revision 1.124  2002/05/31 08:23:24  depesz
# new address of spmmer
#
# Revision 1.123  2002/05/04 08:30:32  kravietz
# - added charset unknown-8bit
#
# Revision 1.122  2002/05/03 17:21:55  kravietz
# - added EmailProspector
# - added X-Authentication-Warning
#
# Revision 1.121  2002/05/02 13:37:28  kravietz
# - added JBH Msender mailer
#
# Revision 1.120  2002/04/30 21:18:16  kravietz
# - corrected URL
#
# Revision 1.119  2002/04/30 13:39:57  kravietz
# - X-Mailer: eGroups Message Poster added
# - added trap for "From " without full email address
#
# Revision 1.118  2002/04/28 08:09:03  kravietz
# - new keywords
# - fixed the qmail rule
#
# Revision 1.117  2002/04/28 08:03:07  kravietz
# - smaller score for Windows attachments
#
# Revision 1.116  2002/04/28 07:55:39  kravietz
# - added mortgage keyword
# - added %xmailer% trap
#
# Revision 1.115  2002/04/18 13:22:09  kravietz
# - added more keywords
# - added formmail trap
#
# Revision 1.114  2002/04/05 10:32:14  kravietz
# - added D flag where necessary
# - added one more rule from Thomas Hartwig
#
# Revision 1.113  2002/03/17 20:47:46  kravietz
# - new signature for Polish spamming program Listonosz
#
# Revision 1.112  2002/03/08 15:45:33  kravietz
# - lowered score for X-EM-Registration
# - simplified qmail negative trap
#
# Revision 1.111  2002/03/07 10:54:25  kravietz
# - improved regexps to match non-printable characters in From, Subject
# - added rule giving negative score for messages seemingly sent by ezmlm
#   (removes many false positives form mailing lists)
#
# Revision 1.110  2002/03/07 10:21:08  kravietz
# - corrected one mistake in regexp
#
# Revision 1.109  2002/03/06 11:58:55  kravietz
# - additional keywords
#
# Revision 1.108  2002/02/28 16:26:34  depesz
# new spam charset
#
# Revision 1.107  2002/02/25 13:56:08  kravietz
# - added msn.com to domains with 14x spams
#
# Revision 1.106  2002/02/25 08:20:19  kravietz
# - added "14x[a-z]"@yahoo.com trap
#
# Revision 1.105  2002/02/18 19:25:45  kravietz
# - lowered all exponents to ^0
#
# Revision 1.104  2002/02/18 19:20:25  kravietz
# - lowered exponent for Received from Far East matches
#
# Revision 1.103  2002/02/16 11:40:47  kravietz
# - added rule removing some of the false postivies I have noticed
#   in my mailbox
# - *temporarily* disabled case sensitivity for the whole ruleset,
#   I'll see what happens (flag D from the beginning)
#
# Revision 1.102  2002/02/16 11:35:36  kravietz
# - some mailers generate Message-Id instead of ID, e.g. Postfix; this
#   caused a lot of false positives
#
# Revision 1.101  2002/02/16 11:29:28  kravietz
# - removed second "Received...from unknown" rule, as it was unnecesary
#
# Revision 1.100  2002/02/16 11:26:23  kravietz
# - removed one $ in Subject match, as it caused a lot of false positives,
#   by giving high score to mails with many $ - like output from crond
#   quoting many strings like $PATH etc.
#
# Revision 1.99  2002/02/14 13:21:20  kravietz
# - removed all {m,n} perlisms, replaced by egrep compatible expressions
#
# Revision 1.98  2002/02/14 12:36:52  kravietz
# - added African money scam trap
# - fixed one \d perlism
#
# Revision 1.97  2002/02/06 21:02:06  kravietz
# - Number of digits in r12345@orgio.net type spams increased to 6
#
# Revision 1.96  2002/02/06 15:06:00  kravietz
# - Added trap for e24960@jubiipost.dk or  d23473@mail.ru spam series (from ZG)
#
# Revision 1.95  2002/02/06 14:59:31  kravietz
# Added trap for laksjdbvczwe@aol.com spam series
#
# Revision 1.94  2002/02/05 13:00:33  kravietz
# - another changes in the "25 spaces" regexp
# - one \s changed to "\ "
#
# Revision 1.93  2002/02/05 12:52:20  kravietz
# - added a negative match to remove some of the false
#   positives based on the fact, that most legitimate
#   mailing lists add their name in []'s to the Subject
#
# Revision 1.92  2002/02/05 12:45:09  kravietz
# - corrected regexp in the "25 spaces" rule
#
# Revision 1.91  2002/02/04 14:57:45  kravietz
# - removed CVS conflisct indicators
#
# Revision 1.90  2002/02/04 14:56:58  kravietz
# - added PressBlaster trap
#
# Revision 1.89  2002/02/04 14:18:23  kravietz
# - added rule for "25 spaces and number" spams
# - obscured all email addresses in the file to protect innocent from
#   spambots
#
# Revision 1.88  2002/01/29 14:25:13  kravietz
# - IMPORTANT: target is now defined EXTERNALLY, read the comments
#   at the beginning o the file
#
# Revision 1.87  2002/01/29 14:20:33  kravietz
# - IMPORTANT corrected a typo that fscked up the whole ruleset
#
# Revision 1.86  2002/01/29 09:34:39  kravietz
# - added LK SendIT mailer
#
# Revision 1.85  2002/01/04 12:42:19  kravietz
# - added huge collection of bulk mailers (X-Mailer)
# - corrected regexp typical for perl, not procmail
# - both were reported/suggested by Ought! <ashton%pyro.net>, big thanks!
#
# Revision 1.84  2001/11/14 13:58:36  kravietz
# - added  Email Platinum signature
#
# Revision 1.83  2001/11/09 12:02:48  kravietz
# - added X-RBL-Warning trap from Thomas Hurst (thanks!)
#
# Revision 1.82  2001/10/12 07:19:37  kravietz
# - trap for Chinese mailer with signature:
#   X-Mailer: longtan
#
# Revision 1.81  2001/10/08 07:11:07  kravietz
# - added trap for some stupid mailer with following signature:
#   X-Mailer: Mailer Signature
#
# Revision 1.80  2001/10/03 15:09:30  kravietz
# - added low score filter for suspicious JetMail mailer
#
# Revision 1.79  2001/10/03 12:28:39  kravietz
# - added trap for Base64 Chinese Subjects like:
#   Subject: =?big5?B?V2hhdCdzICJvci1lZCIgbWVhbnM/IChmcm9t
#
# Revision 1.78  2001/10/03 12:26:43  kravietz
# - added trap for Chinese spam with Subject like:
#   Subject: =?big5?Q?=A5N=AB=C8=BE=E3=A6X=A6=E6=BEP=A5=F8=B9=BA
#
# Revision 1.77  2001/09/27 11:29:27  kravietz
# - added a small weight trap for messages sent with evaluation
#   copy of L-Soft LSMTP
#
# Revision 1.76  2001/09/26 09:59:11  kravietz
# - Subject and body keywords are now matched in spearate rules, what means
#   that each keyword will be matched, not only one occurence of either; maybe
#   it will require lowering the weights, we'll see...
#
# Revision 1.75  2001/09/19 17:29:16  kravietz
# - added trap for software used by bastards from aol.pl
#
# Revision 1.74  2001/09/15 06:38:59  kravietz
# - added new mailer trap based on:
#   X-Mailer: 77962EEA.7F92CA2E.b267627f9bf8ef50451fa7829a8af5c9
#
# Revision 1.73  2001/09/10 08:53:27  kravietz
# - added trap for Copia emailFacts mailer
#
# Revision 1.72  2001/07/26 07:48:40  kravietz
# - added terminator $ to the previously edited rule for the {20} match
#   to be exact
#
# Revision 1.71  2001/07/26 07:48:01  kravietz
# - added trap for some unknown spam software with such signature:
#   X-Mailer: WUVl0vjciTkA1O0TfRpP
#
# Revision 1.70  2001/07/23 21:07:56  kravietz
# - added Indy library signature (seen Indy 8.0.22)
#
# Revision 1.69  2001/07/23 18:24:32  kravietz
# - added DEFAULT_CHARSET trap, seems like many Far East spam comes with such
#   a signature
#
# Revision 1.68  2001/07/13 21:32:13  kravietz
# - added Trafficmagnet spam software
#
# Revision 1.67  2001/07/13 07:38:36  kravietz
# - added new names to X-Mailer trap
#
# Revision 1.66  2001/07/13 07:16:17  kravietz
# - Extended dupa12@hotmail.com trap to Sender header
#
# Revision 1.65  2001/06/29 14:19:00  kravietz
# - added extension to the dupa1243@hotmail.com trap
#   from Bartlomiej Czardybon <czar%pik-net.pl>
#
# Revision 1.64  2001/06/19 11:58:54  kravietz
# - added old Sendmail bug which allows obscuring the Received data,
#   reported by Cezary Cichocki <cezar%cyber.cs.net.pl>
#
# Revision 1.63  2001/06/19 09:44:34  kravietz
# - added GIF trap
#
# Revision 1.62  2001/06/18 15:09:00  kravietz
# - added zip-compressed to potential spam attachments, many idiots
#   send huge Word documents this way
#
# Revision 1.61  2001/06/18 11:28:43  kravietz
# - added Dynamic Mail Pro
#
# Revision 1.60  2001/06/16 08:31:50  kravietz
# - added JPEG trap
# - added giga.net.tw trap
# - added sinamail.com trap
#
# Revision 1.59  2001/06/14 09:21:11  kravietz
# - more points for HTML attachments
#
# Revision 1.58  2001/06/04 12:36:24  kravietz
# - e-mailing.pl added
#
# Revision 1.57  2001/06/01 21:00:13  kravietz
# - Added "safeguard" trap for unknown bulk mailer which adds this
#   sentence for unregistered versions.
#
# Revision 1.56  2001/05/31 15:24:06  kravietz
# - Added "this message is sent in compliance with new email bill" trap.
#
# Revision 1.55  2001/05/31 15:18:37  kravietz
# - Added X-EM-Version trap. Currently I'm not sure which product
#   generates it, but I only seen it in spams.
#
# Revision 1.54  2001/05/29 09:54:50  kravietz
# - added sub4.pl
#
# Revision 1.53  2001/05/29 09:53:11  kravietz
# - added BAZA.mediator.pl
#
# Revision 1.52  2001/05/25 11:12:54  kravietz
# - another two "\s" changed to "\ "
#
# Revision 1.51  2001/05/25 11:11:53  kravietz
# - added $ to characters allowed in Message-ID (Outlook does so) and
#   changed "\s" to "\ ", because the first didn't work as expected ;)
#
# Revision 1.50  2001/05/24 20:55:37  kravietz
# - added DARTmail and opt-inemail.com
#
# Revision 1.49  2001/05/24 20:32:11  kravietz
# - drobne poprawki i uaktualnienia
#
# Revision 1.48  2001/05/24 20:27:39  kravietz
# - drobne poprawki
#
# Revision 1.47  2001/05/24 20:21:39  kravietz
# - Removed my private rules, preventing false positives and positive
#   negatives ;) so you no longer need to remove them when downloading
#   latest ruleset. Such additions should be added in user's .procmailrc,
#   just above the INCLUDERC
#
# Revision 1.46  2001/05/24 20:09:38  kravietz
# - added Dynamic Opt-In Emailer
#
# Revision 1.45  2001/05/18 08:27:21  kravietz
# - added 'Congratulations' trap
#
# Revision 1.44  2001/03/22 23:49:46  kravietz
# - added ,,enlarge your penis'' trap after 20th spam on that ;)
#
# Revision 1.43  2001/02/13 13:09:41  kravietz
# - Added trap for Listonosz - Polish spamming service
#
# Revision 1.42  2001/02/09 13:04:11  kravietz
# - added "Received: from ... (unknown [aaa.bbb.ccc.ddd])"
#
# Revision 1.41  2001/02/02 20:01:44  kravietz
# - Removed a false positive reporter by Michal Kosek <michau%intertel.com.pl>
#   Thanks!
#
# Revision 1.40  2000/12/18 21:32:48  kravietz
# - Added `subject=delete' trap
#
# Revision 1.39  2000/12/17 11:51:35  kravietz
# - Added Coderpunks score
#
# Revision 1.38  2000/12/15 08:54:19  kravietz
# - An attempt to trap informacja.pl
#
# Revision 1.37  2000/12/14 17:55:33  kravietz
# - Added Chinese subjects trap from Matthias Bauer
#
# Revision 1.36  2000/12/13 17:40:00  kravietz
# - less keywords in keyword trap
# - fixed one obvious bug
#
# Revision 1.35  2000/12/12 18:55:55  kravietz
# - More Taiwan traps
#
# Revision 1.34  2000/12/12 17:53:45  kravietz
# - Added hbdcb.net.cn trap
#
# Revision 1.33  2000/12/10 18:10:17  kravietz
# - Added another china.com trap
#
# Revision 1.32  2000/12/10 10:32:31  kravietz
# - Added charset=big5 trap
# - seed.net sometimes appears as seeder.net
#
# Revision 1.31  2000/12/09 19:10:26  kravietz
# - Fixed potential false positive in parsing Message-ID
#
# Revision 1.30  2000/12/09 19:06:30  kravietz
# - Fixed a false positive on mail sent with bulk_mailer, commonly used
#   for mailing lists
#
# Revision 1.29  2000/12/09 19:03:13  kravietz
# - Fixed seed.net/hinet trap
#
# Revision 1.28  2000/12/09 19:00:10  kravietz
# - added another Far East trap
#
# Revision 1.27  2000/11/08 02:33:23  kravietz
# - added seed.net.tw and hinet traps
#
# Revision 1.26  2000/10/12 15:57:47  kravietz
# - added netranger trap
#
# Revision 1.25  2000/10/02 12:14:26  kravietz
# - added USD and $ 50,000 traps
#
# Revision 1.24  2000/10/02 11:57:23  kravietz
# - added case sensitivity flag to the whole ruleset
# - added all upperacase Subject trap again
#
# Revision 1.23  2000/10/02 11:54:33  kravietz
# - added newmail.net trap
# - fixed some problems pointed out by mkochano%pld.org.pl, specifically
#   changed all `sex' and `ad' to `\ sex' and `\ ad'; not ideal, but should
#   help for most false-positives
#
# Revision 1.22  2000/09/30 14:32:39  mkochano
# - Some changes and bugfiexes. Differences with previous version:
# 	1. \S doesn't work as expected. It does not mach some characters used
# 	   in message IDs by tin (a-z0-9.-). Replaced with sqaure brackets
# 	   expression.
# 	2. Commented out trap for "shouted" subjects. Procmail ignores case by
# 	   default!
# 	3. Added note about problems with domains such as "susSEX.ac.uk".
# 	4. Added (commented out) possible solution for above problem.
# 	5. Added note about problems with subjects such as "downloAD".
# 	6. Added note about problems with domains such as "susSEX.ac.uk".
#
# Revision 1.21  2000/09/28 17:50:05  kravietz
# - added GBNET trap
# - added ibm.net
#
# Revision 1.20  2000/09/21 14:56:13  kravietz
# - fixed zzn.com trap
#
# Revision 1.19  2000/09/21 14:55:17  kravietz
# - added zzn.com trap
#
# Revision 1.18  2000/09/19 11:54:39  kravietz
# - added trap for promotions.com
#
# Revision 1.17  2000/06/17 19:02:13  kravietz
# - Undisclosed-Recipient trap
#
# Revision 1.16  2000/06/14 12:24:17  kravietz
# - added DiffondiCool trap
#
# Revision 1.15  2000/05/30 22:59:36  kravietz
# - added .cu trap
#
# Revision 1.14  2000/05/29 12:41:21  kravietz
# - added China .cn trap
#
# Revision 1.13  2000/05/15 11:33:10  kravietz
# added china.com and hongkong.com traps
#
# Revision 1.12  2000/05/10 14:48:29  kravietz
# added 'From: advert' trap
#
# Revision 1.11  2000/05/09 20:57:46  kravietz
# minor changes
#
# Revision 1.10  2000/04/21 17:17:17  kravietz
# - earthlink trap added
#
# Revision 1.9  2000/04/17 21:50:03  kravietz
# - cryptography false positives fixed
#
# Revision 1.8  2000/03/21 14:50:40  kravietz
# - Message-ID checking rule, first version
#
# Revision 1.7  2000/03/18 18:34:43  kravietz
# - more false positive fixes
#
# Revision 1.6  2000/03/17 17:45:37  kravietz
# - disable false-positives for politech mailing list
#
# Revision 1.5  2000/03/16 14:32:37  kravietz
# - updated list of often spammed accounts
#
# Revision 1.4  2000/03/15 11:45:50  kravietz
# - added credit cards subject
# - added some comments
#
# Revision 1.3  2000/03/01 19:00:13  kravietz
# - added some rules from
#   http://alcor.concordia.ca/topics/email/auto/procmail/spam/
#
# Revision 1.2  2000/03/01 17:34:09  kravietz
# - update for CVS
#