SpamAssassin

Update of /cvsroot/spamassassin/spamassassin/rules
In directory sc8-pr-cvs1:/tmp/cvs-serv25518/rules

Modified Files:
	70_cvs_rules_under_test.cf 
Log Message:
promote OPM subtests
promote 3 of the 4 remaining URI tests
broken rules: T_RCVD_IN_DUL_AUPADS, T_RCVD_IN_INTERSIL,
  T_RCVD_IN_VOX_SCHPIDER_COM, T_RCVD_IN_DNSRBL*, T_RCVD_IN_EASYNET_BLACKHOLES,
  T_RCVD_IN_FIVETEN*
remove HOST_EXCESSIVE_ESCAPES and PATH_EXCESSIVE_ESCAPES - apparently, these
  do not work so well on some corpuses


Index: 70_cvs_rules_under_test.cf
===================================================================
RCS file: /cvsroot/spamassassin/spamassassin/rules/70_cvs_rules_under_test.cf,v
retrieving revision 1.612
retrieving revision 1.613
diff -b -w -u -d -r1.612 -r1.613
--- 70_cvs_rules_under_test.cf	17 Jun 2003 20:59:44 -0000	1.612
+++ 70_cvs_rules_under_test.cf	18 Jun 2003 20:19:36 -0000	1.613
@@ -18,77 +18,19 @@
 #
 ###########################################################################
 
-# mixed list, still need to check for cost, policies, etc.
-header T_RCVD_IN_DNSRBLSPAM	rbleval:check_rbl('dnsrblspam', 'spam.dnsrbl.net.')
-header T_RCVD_IN_INTERSIL	rbleval:check_rbl('intersil', 'blackholes.intersil.net.')
-header T_RCVD_IN_SPAMSOURCES_FABEL	rbleval:check_rbl('fabel', 'spamsources.fabel.dk.')
-header T_RCVD_IN_VOX_SCHPIDER_COM	rbleval:check_rbl('schpider', 'vox.schpider.com.')
-tflags T_RCVD_IN_DNSRBLSPAM net
-tflags T_RCVD_IN_INTERSIL net
-tflags T_RCVD_IN_SPAMSOURCES_FABEL net
-tflags T_RCVD_IN_VOX_SCHPIDER_COM net
+# some dial-up lists that seem decent, worth testing some more
+header T_RCVD_IN_DUN_DNSRBL rbleval:check_rbl('dun-notfirsthop', 'dun.dnsrbl.net.')
+tflags T_RCVD_IN_DUN_DNSRBL net
+
+# still need to check for cost, policies, etc.
+# URL: http://www.fabel.dk/relay/
+header T_RCVD_IN_FABEL		rbleval:check_rbl('fabel', 'spamsources.fabel.dk.')
+describe T_RCVD_IN_FABEL	Received via a relay in spamsources.fabel.dk
+tflags T_RCVD_IN_FABEL net
 
 # easynet.nl (formerly wirehub.net)
 header T_RCVD_IN_EASYNET_DYNABLOCK	rbleval:check_rbl('dynablock-notfirsthop', 'dynablock.easynet.nl.')
 tflags T_RCVD_IN_EASYNET_DYNABLOCK net
-header T_RCVD_IN_EASYNET_BLACKHOLES	rbleval:check_rbl('easynet', 'blackholes.easynet.nl.')
-tflags T_RCVD_IN_EASYNET_BLACKHOLES net
-
-# OPM sub-tests
-# transfers: axfr/ixfr for trusted sites
-# url: http://opm.blitzed.org/
-# pay-to-use: no
-# delist: automatic expiry, no fee, retested on request (free)
-header T_RCVD_IN_OPM_WINGATE		rbleval:check_rbl_sub('opm', '1')
-tflags T_RCVD_IN_OPM_WINGATE net
-header T_RCVD_IN_OPM_SOCKS		rbleval:check_rbl_sub('opm', '2')
-tflags T_RCVD_IN_OPM_SOCKS net
-header T_RCVD_IN_OPM_HTTP_CONNECT	rbleval:check_rbl_sub('opm', '4')
-tflags T_RCVD_IN_OPM_HTTP_CONNECT net
-header T_RCVD_IN_OPM_ROUTER		rbleval:check_rbl_sub('opm', '8')
-tflags T_RCVD_IN_OPM_ROUTER net
-header T_RCVD_IN_OPM_HTTP_POST		rbleval:check_rbl_sub('opm', '16')
-tflags T_RCVD_IN_OPM_HTTP_POST net
-
-# fiveten - many blacklists, the bulk one performs well
-# transfers: yes, most of the slave servers allow zone transfers
-# url: http://blackholes.five-ten-sg.com/
-# pay-to-use: no
-# delist: email address contact provided
-header T_RCVD_IN_FIVETEN	rbleval:check_rbl('fiveten', 'blackholes.five-ten-sg.com.')
-tflags T_RCVD_IN_FIVETEN net
-# bulk mailers that don't require confirmed opt-in from their customers,
-# or that have have allowed known spammers to become clients.
-header T_RCVD_IN_FIVETEN_BULK	rbleval:check_rbl_sub('fiveten', '127.0.0.4')
-tflags T_RCVD_IN_FIVETEN_BULK net
-# retest all of the rest (since check_rbl_sub wasn't used before)
-header T_RCVD_IN_FIVETEN_SPAM	rbleval:check_rbl_sub('fiveten', '127.0.0.2')
-tflags T_RCVD_IN_FIVETEN_SPAM net
-header T_RCVD_IN_FIVETEN_DIALUP	rbleval:check_rbl('fiveten-notfirsthop', 'blackholes.five-ten-sg.com.', '127.0.0.3')
-tflags T_RCVD_IN_FIVETEN_DIALUP net
-header T_RCVD_IN_FIVETEN_MULTISTAGE	rbleval:check_rbl_sub('fiveten', '127.0.0.5')
-tflags T_RCVD_IN_FIVETEN_MULTISTAGE net
-header T_RCVD_IN_FIVETEN_SINGLESTAGE	rbleval:check_rbl_sub('fiveten', '127.0.0.6')
-tflags T_RCVD_IN_FIVETEN_SINGLESTAGE net
-header T_RCVD_IN_FIVETEN_SPAMSUPPORT	rbleval:check_rbl_sub('fiveten', '127.0.0.7')
-tflags T_RCVD_IN_FIVETEN_SPAMSUPPORT net
-header T_RCVD_IN_FIVETEN_WEBFORM	rbleval:check_rbl_sub('fiveten', '127.0.0.8')
-tflags T_RCVD_IN_FIVETEN_WEBFORM net
-header T_RCVD_IN_FIVETEN_MISC	rbleval:check_rbl_sub('fiveten', '127.0.0.9')
-tflags T_RCVD_IN_FIVETEN_MISC net
-header T_RCVD_IN_FIVETEN_KLEZ	rbleval:check_rbl_sub('fiveten', '127.0.0.10')
-tflags T_RCVD_IN_FIVETEN_KLEZ net
-header T_RCVD_IN_FIVETEN_TCPA	rbleval:check_rbl_sub('fiveten', '127.0.0.11')
-tflags T_RCVD_IN_FIVETEN_TCPA net
-header T_RCVD_IN_FIVETEN_FREE	rbleval:check_rbl_sub('fiveten', '127.0.0.12')
-tflags T_RCVD_IN_FIVETEN_FREE net
-
-# some dial-up lists that seem decent, worth testing some more
-header T_RCVD_IN_DUN_DNSRBL rbleval:check_rbl('dun-notfirsthop', 'dun.dnsrbl.net.')
-tflags T_RCVD_IN_DUN_DNSRBL net
-# another one
-header T_RCVD_IN_DUL_AUPADS rbleval:check_rbl('duinv-notfirsthop', 'duinv.aupads.org.')
-tflags T_RCVD_IN_DUL_AUPADS net
 
 # bug 1733: SenderBase
 # sa.senderbase.org for SpamAssassin queries
@@ -105,102 +47,6 @@
 # older corpus mail)
 uri T_YAHOO_REDIRECTOR		/^https?:\/\/rd\.yahoo\.com/i
 describe T_YAHOO_REDIRECTOR	Uses commonly-spammed redirector URL
-
-# try to supplement HTTP_EXCESSIVE_ESCAPES (which tests anywhere in
-# the URL) with two new rules:
-#
-# HOST_EXCESSIVE_ESCAPES: test escapes in hostname
-# PATH_EXCESSIVE_ESCAPES: test escapes in pathname
-
-# HOST_EXCESSIVE_ESCAPES
-# ratio	count	hex	character
-# 99.83	572	2e	.
-uri __ESCAPE_2E			m@...
-meta HOST_EXCESSIVE_ESCAPES_2E	(__ESCAPE_2E && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	331	25	%
-uri __ESCAPE_25			m@...
-meta HOST_EXCESSIVE_ESCAPES_25	(__ESCAPE_25 && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	38	2f	/
-uri __ESCAPE_2F			m@...
-meta HOST_EXCESSIVE_ESCAPES_2F	(__ESCAPE_2F && !HTTP_EXCESSIVE_ESCAPES)
-# 96.97	33	2d	-
-uri __ESCAPE_2D			m@...
-meta HOST_EXCESSIVE_ESCAPES_2D	(__ESCAPE_2D && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	16	3e	>
-uri __ESCAPE_3E			m@...
-meta HOST_EXCESSIVE_ESCAPES_3E	(__ESCAPE_3E && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	16	3c	<
-uri __ESCAPE_3C			m@...
-meta HOST_EXCESSIVE_ESCAPES_3C	(__ESCAPE_3C && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	16	20	SPACE
-uri __ESCAPE_20			m@...
-meta HOST_EXCESSIVE_ESCAPES_20	(__ESCAPE_20 && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	14	3d	=
-uri __ESCAPE_3D			m@...
-meta HOST_EXCESSIVE_ESCAPES_3D	(__ESCAPE_3D && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	13	5f	_
-uri __ESCAPE_5F			m@...
-meta HOST_EXCESSIVE_ESCAPES_5F	(__ESCAPE_5F && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	11	40	@
-uri __ESCAPE_40			m@...
-meta HOST_EXCESSIVE_ESCAPES_40	(__ESCAPE_40 && !HTTP_EXCESSIVE_ESCAPES)
-
-# PATH_EXCESSIVE_ESCAPES
-# ratio	count	hex	character
-# 96.99	1261	2f	/
-uri __ESCAPE2_2F		m@...
-meta PATH_EXCESSIVE_ESCAPES_2F	(__ESCAPE2_2F && !HTTP_EXCESSIVE_ESCAPES)
-# 99.53	1067	5f	_
-uri __ESCAPE2_5F		m@...
-meta PATH_EXCESSIVE_ESCAPES_5F	(__ESCAPE2_5F && !HTTP_EXCESSIVE_ESCAPES)
-# 97.98	595	25	%
-uri __ESCAPE2_25		m@...
-meta PATH_EXCESSIVE_ESCAPES_25	(__ESCAPE2_25 && !HTTP_EXCESSIVE_ESCAPES)
-# 95.74	446	3a	:
-uri __ESCAPE2_3A		m@...
-meta PATH_EXCESSIVE_ESCAPES_3A	(__ESCAPE2_3A && !HTTP_EXCESSIVE_ESCAPES)
-# 93.65	378	3d	=
-uri __ESCAPE2_3D		m@...
-meta PATH_EXCESSIVE_ESCAPES_3D	(__ESCAPE2_3D && !HTTP_EXCESSIVE_ESCAPES)
-# 95.02	321	26	&
-uri __ESCAPE2_26		m@...
-meta PATH_EXCESSIVE_ESCAPES_26	(__ESCAPE2_26 && !HTTP_EXCESSIVE_ESCAPES)
-# 99.61	256	2e	.
-uri __ESCAPE2_2E		m@...
-meta PATH_EXCESSIVE_ESCAPES_2E	(__ESCAPE2_2E && !HTTP_EXCESSIVE_ESCAPES)
-# 95.07	223	3f	?
-uri __ESCAPE2_3F		m@...
-meta PATH_EXCESSIVE_ESCAPES_3F	(__ESCAPE2_3F && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	168	7c	|
-uri __ESCAPE2_7C		m@...
-meta PATH_EXCESSIVE_ESCAPES_7C	(__ESCAPE2_7C && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	98	2d	-
-uri __ESCAPE2_2D		m@...
-meta PATH_EXCESSIVE_ESCAPES_2D	(__ESCAPE2_2D && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	15	a4	CURRENCY SIGN
-uri __ESCAPE2_A4		m@...
-meta PATH_EXCESSIVE_ESCAPES_A4	(__ESCAPE2_A4 && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	15	28	(
-uri __ESCAPE2_28		m@...
-meta PATH_EXCESSIVE_ESCAPES_28	(__ESCAPE2_28 && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	14	29	)
-uri __ESCAPE2_29		m@...
-meta PATH_EXCESSIVE_ESCAPES_29	(__ESCAPE2_29 && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	13	14	DC4
-uri __ESCAPE2_14		m@...
-meta PATH_EXCESSIVE_ESCAPES_14	(__ESCAPE2_14 && !HTTP_EXCESSIVE_ESCAPES)
-# 100.0	12	b0	DEGREE SIGN
-uri __ESCAPE2_B0		m@...
-meta PATH_EXCESSIVE_ESCAPES_B0	(__ESCAPE2_B0 && !HTTP_EXCESSIVE_ESCAPES)
-
-######
-
-uri T_URI_BANNEDCD	m@...
-uri T_URI_FREEHT	m@...
-uri T_URI_FAQCHAT	m@...
-uri T_URI_4YOU		m@...
-
-######################################################################
 
 # This is not necessarily intended for the 2.60 release; if it's not
 # 1.0 S/O, just leave it in here for 2.61cvs.

Update of /cvsroot/spamassassin/spamassassin/rules
In directory sc8-pr-cvs1:/tmp/cvs-serv25236/rules

Modified Files:
	70_broken_rules.cf 
Log Message:
broken rules: T_RCVD_IN_DUL_AUPADS, T_RCVD_IN_INTERSIL,
T_RCVD_IN_VOX_SCHPIDER_COM, T_RCVD_IN_DNSRBL*, T_RCVD_IN_EASYNET_BLACKHOLES,
T_RCVD_IN_FIVETEN*


Index: 70_broken_rules.cf
===================================================================
RCS file: /cvsroot/spamassassin/spamassassin/rules/70_broken_rules.cf,v
retrieving revision 1.48
retrieving revision 1.49
diff -b -w -u -d -r1.48 -r1.49
--- 70_broken_rules.cf	14 Jun 2003 05:46:17 -0000	1.48
+++ 70_broken_rules.cf	18 Jun 2003 20:18:00 -0000	1.49
@@ -1135,3 +1135,82 @@
 #describe RCVD_IN_ORBS		Received via a relay in orbs.dorkslayers.com
 #tflags RCVD_IN_ORBS             net
 #score RCVD_IN_ORBS 0 0.458 0 0.121
+
+# quinlan - 2003-06-17 - decent for a dial-up RBL, but it's down right now
+# test again later?
+#header T_RCVD_IN_DUL_AUPADS rbleval:check_rbl('duinv-notfirsthop', 'duinv.aupads.org.')
+#tflags T_RCVD_IN_DUL_AUPADS net
+
+# quinlan - 2003-06-17 - good results, no documentation that I could find
+# test again later?
+#header T_RCVD_IN_INTERSIL	rbleval:check_rbl('intersil', 'blackholes.intersil.net.')
+#tflags T_RCVD_IN_INTERSIL net
+
+# quinlan - 2003-06-18 - slow response, often slow
+# test again later?
+# still need to check for cost, policies, etc.
+# URL: http://vox.schpider.com/
+#header T_RCVD_IN_VOX_SCHPIDER_COM	rbleval:check_rbl('schpider', 'vox.schpider.com.')
+#tflags T_RCVD_IN_VOX_SCHPIDER_COM net
+
+# quinlan - 2003-06-18 - not getting any hits
+# test again later?
+# DNSRBL is a multi-RBL
+#header T_RCVD_IN_DNSRBL		rbleval:check_rbl('dnsrbl', 'spam.dnsrbl.net.')
+#header T_RCVD_IN_DNSRBL_RELAY	rbleval:check_rbl_sub('dnsrbl', '127.0.0.2')
+#header T_RCVD_IN_DNSRBL_DIALUP	rbleval:check_rbl('dnsrbl-notfirsthop', 'spam.dnsrbl.net.', '127.0.0.3')
+#header T_RCVD_IN_DNSRBL_CONFIRM	rbleval:check_rbl_sub('dnsrbl', '127.0.0.4')
+#header T_RCVD_IN_DNSRBL_SMART	rbleval:check_rbl_sub('dnsrbl', '127.0.0.5')
+#header T_RCVD_IN_DNSRBL_SW	rbleval:check_rbl_sub('dnsrbl', '127.0.0.6')
+#header T_RCVD_IN_DNSRBL_OPTIN	rbleval:check_rbl_sub('dnsrbl', '127.0.0.7')
+#header T_RCVD_IN_DNSRBL_CGI	rbleval:check_rbl_sub('dnsrbl', '127.0.0.8')
+#header T_RCVD_IN_DNSRBL_PROXY	rbleval:check_rbl_sub('dnsrbl', '127.0.0.9')
+#tflags T_RCVD_IN_DNSRBL		net
+#tflags T_RCVD_IN_DNSRBL_RELAY	net
+#tflags T_RCVD_IN_DNSRBL_DIALUP	net
+#tflags T_RCVD_IN_DNSRBL_CONFIRM	net
+#tflags T_RCVD_IN_DNSRBL_SMART	net
+#tflags T_RCVD_IN_DNSRBL_SW	net
+#tflags T_RCVD_IN_DNSRBL_OPTIN	net
+#tflags T_RCVD_IN_DNSRBL_CGI	net
+#tflags T_RCVD_IN_DNSRBL_PROXY	net
+
+# quinlan - 2003-06-18 - too much stuff in one result
+# might revisit later if they split it up a bit
+# easynet.nl (formerly wirehub.net)
+#header T_RCVD_IN_EASYNET_BLACKHOLES	rbleval:check_rbl('easynet', 'blackholes.easynet.nl.')
+#tflags T_RCVD_IN_EASYNET_BLACKHOLES net
+
+# quinlan - 2003-06-18 - too many FPs across the board, just asking for trouble
+# fiveten - many blacklists, the bulk one performs well
+# transfers: yes, most of the slave servers allow zone transfers
+# url: http://blackholes.five-ten-sg.com/
+# pay-to-use: no
+# delist: email address contact provided
+#header T_RCVD_IN_FIVETEN	rbleval:check_rbl('fiveten', 'blackholes.five-ten-sg.com.')
+#tflags T_RCVD_IN_FIVETEN net
+# bulk mailers that don't require confirmed opt-in from their customers,
+# or that have have allowed known spammers to become clients.
+#header T_RCVD_IN_FIVETEN_BULK	rbleval:check_rbl_sub('fiveten', '127.0.0.4')
+#tflags T_RCVD_IN_FIVETEN_BULK net
+# retest all of the rest (since check_rbl_sub wasn't used before)
+#header T_RCVD_IN_FIVETEN_SPAM	rbleval:check_rbl_sub('fiveten', '127.0.0.2')
+#tflags T_RCVD_IN_FIVETEN_SPAM net
+#header T_RCVD_IN_FIVETEN_DIALUP	rbleval:check_rbl('fiveten-notfirsthop', 'blackholes.five-ten-sg.com.', '127.0.0.3')
+#tflags T_RCVD_IN_FIVETEN_DIALUP net
+#header T_RCVD_IN_FIVETEN_MULTISTAGE	rbleval:check_rbl_sub('fiveten', '127.0.0.5')
+#tflags T_RCVD_IN_FIVETEN_MULTISTAGE net
+#header T_RCVD_IN_FIVETEN_SINGLESTAGE	rbleval:check_rbl_sub('fiveten', '127.0.0.6')
+#tflags T_RCVD_IN_FIVETEN_SINGLESTAGE net
+#header T_RCVD_IN_FIVETEN_SPAMSUPPORT	rbleval:check_rbl_sub('fiveten', '127.0.0.7')
+#tflags T_RCVD_IN_FIVETEN_SPAMSUPPORT net
+#header T_RCVD_IN_FIVETEN_WEBFORM	rbleval:check_rbl_sub('fiveten', '127.0.0.8')
+#tflags T_RCVD_IN_FIVETEN_WEBFORM net
+#header T_RCVD_IN_FIVETEN_MISC	rbleval:check_rbl_sub('fiveten', '127.0.0.9')
+#tflags T_RCVD_IN_FIVETEN_MISC net
+#header T_RCVD_IN_FIVETEN_KLEZ	rbleval:check_rbl_sub('fiveten', '127.0.0.10')
+#tflags T_RCVD_IN_FIVETEN_KLEZ net
+#header T_RCVD_IN_FIVETEN_TCPA	rbleval:check_rbl_sub('fiveten', '127.0.0.11')
+#tflags T_RCVD_IN_FIVETEN_TCPA net
+#header T_RCVD_IN_FIVETEN_FREE	rbleval:check_rbl_sub('fiveten', '127.0.0.12')
+#tflags T_RCVD_IN_FIVETEN_FREE net

Update of /cvsroot/spamassassin/spamassassin/rules
In directory sc8-pr-cvs1:/tmp/cvs-serv25131/rules

Modified Files:
	20_uri_tests.cf 
Log Message:
add some URI tests from 70_cvs


Index: 20_uri_tests.cf
===================================================================
RCS file: /cvsroot/spamassassin/spamassassin/rules/20_uri_tests.cf,v
retrieving revision 1.66
retrieving revision 1.67
diff -b -w -u -d -r1.66 -r1.67
--- 20_uri_tests.cf	16 Jun 2003 05:35:43 -0000	1.66
+++ 20_uri_tests.cf	18 Jun 2003 20:16:17 -0000	1.67
@@ -139,3 +139,13 @@
 
 uri URI_OFFERS			m/offer([sz]|-\S+)?\.(?:com|bi?z)/i
 describe URI_OFFERS		Message has link to company offers
+
+uri URI_BANNEDCD		m@...
+describe URI_BANNEDCD		Message has URI for bannedcd
+
+uri URI_FREEHT			m@...
+describe URI_FREEHT		Message has URI for freeht
+
+uri URI_4YOU			m@...
+describe URI_4YOU		Message has URI 4you
+

Update of /cvsroot/spamassassin/spamassassin/rules
In directory sc8-pr-cvs1:/tmp/cvs-serv24930/rules

Modified Files:
	20_head_tests.cf 
Log Message:
just adding some comments and tweaking descriptions


Index: 20_head_tests.cf
===================================================================
RCS file: /cvsroot/spamassassin/spamassassin/rules/20_head_tests.cf,v
retrieving revision 1.278
retrieving revision 1.279
diff -b -w -u -d -r1.278 -r1.279
--- 20_head_tests.cf	17 Jun 2003 20:59:44 -0000	1.278
+++ 20_head_tests.cf	18 Jun 2003 20:15:51 -0000	1.279
@@ -745,12 +745,15 @@
 header NO_RDNS_DOTCOM_HELO	eval:check_for_no_rdns_dotcom_helo()
 describe NO_RDNS_DOTCOM_HELO	Host HELO'd as a big ISP, but had no rDNS
 
+header X_ORIG_HOST		X-Originating-Host =~ /^\[/
+describe X_ORIG_HOST		Message has X-Originating-Host header
+
+# Hotmail's DAV interface uses this and it's heavily exploited right now.  As
+# far as I can tell, it requires an msn.com or hotmail.com X-Originating-Email:
+# but allows anything for From: so use that as a spamsign.
 header __HAS_MSN_RCVD_DAV       Received =~ / by \S+\.(?:hotmail|msn)\.com with (?:HTTP|DAV)\;/
 header __HAS_MSN_ORIG_EMAIL     X-Originating-Email =~ /(?:hotmail|msn)\.com\b/
 header __HAS_MSN_FROM           From =~ /(?:hotmail|msn)\.com\b/
 meta FAKED_HOTMAIL_DAV		(__HAS_MSN_RCVD_DAV && __HAS_MSN_ORIG_EMAIL && !__HAS_MSN_FROM)
-describe FAKED_HOTMAIL_DAV	'X-Originating-Email' header does not match 'From'
-
-header HAS_X_ORIG_HOST		X-Originating-Host =~ /^\[/
-describe HAS_X_ORIG_HOST	Has an 'X-Originating-Host' header
+describe FAKED_HOTMAIL_DAV	X-Originating-Email header does not match From

Update of /cvsroot/spamassassin/spamassassin/rules
In directory sc8-pr-cvs1:/tmp/cvs-serv24146/rules

Modified Files:
	20_dnsbl_tests.cf 
Log Message:
promote OPM subtests


Index: 20_dnsbl_tests.cf
===================================================================
RCS file: /cvsroot/spamassassin/spamassassin/rules/20_dnsbl_tests.cf,v
retrieving revision 1.23
retrieving revision 1.24
diff -b -w -u -d -r1.23 -r1.24
--- 20_dnsbl_tests.cf	12 Jun 2003 06:41:16 -0000	1.23
+++ 20_dnsbl_tests.cf	18 Jun 2003 20:14:39 -0000	1.24
@@ -130,18 +130,43 @@
 tflags RCVD_IN_SORBS_ZOMBIE	net
 
 # ---------------------------------------------------------------------------
+# OPM (recommended, supports TXT queries, but A queries needed for sub-tests)
+# transfers: axfr/ixfr for trusted sites
+# url: http://opm.blitzed.org/
+# pay-to-use: no
+# delist: automatic expiry, no fee, retested on request (free)
+
+header RCVD_IN_OPM		rbleval:check_rbl('opm', 'opm.blitzed.org.')
+describe RCVD_IN_OPM		Received via a relay in opm.blitzed.org
+tflags RCVD_IN_OPM              net
+
+header RCVD_IN_OPM_WINGATE	rbleval:check_rbl_sub('opm', '1')
+describe RCVD_IN_OPM_WINGATE	OPM: sender is open WinGate proxy
+tflags RCVD_IN_OPM_WINGATE	net
+
+header RCVD_IN_OPM_SOCKS	rbleval:check_rbl_sub('opm', '2')
+describe RCVD_IN_OPM_SOCKS	OPM: sender is open SOCKS proxy
+tflags RCVD_IN_OPM_SOCKS	net
+
+header RCVD_IN_OPM_HTTP		rbleval:check_rbl_sub('opm', '4')
+describe RCVD_IN_OPM_HTTP	OPM: sender is open HTTP CONNECT proxy
+tflags RCVD_IN_OPM_HTTP		net
+
+header RCVD_IN_OPM_ROUTER	rbleval:check_rbl_sub('opm', '8')
+describe RCVD_IN_OPM_ROUTER	OPM: sender is open router proxy
+tflags RCVD_IN_OPM_ROUTER	net
+
+header RCVD_IN_OPM_HTTP_POST	rbleval:check_rbl_sub('opm', '16')
+describe RCVD_IN_OPM_HTTP_POST	OPM: sender is open HTTP POST proxy
+tflags RCVD_IN_OPM_HTTP_POST	net
+
+# ---------------------------------------------------------------------------
 # Now, single zone BLs follow:
 
 # SBL is the Spamhaus Block List: http://www.spamhaus.org/sbl/
 header RCVD_IN_SBL		rbleval:check_rbl_txt('sbl', 'sbl.spamhaus.org.')
 describe RCVD_IN_SBL		Received via a relay in Spamhaus Block List
 tflags RCVD_IN_SBL              net
-
-# http://www.blitzed.org/opm/ - a recommended open-proxies list
-# OPM supports TXT queries, but A queries are needed for sub-tests
-header RCVD_IN_OPM		rbleval:check_rbl('opm', 'opm.blitzed.org.')
-describe RCVD_IN_OPM		Received via a relay in opm.blitzed.org
-tflags RCVD_IN_OPM              net
 
 # DSBL catches open relays, badly-installed CGI scripts and open SOCKS and
 # HTTP proxies.  list.dsbl.org lists servers tested by "trusted" users,

Update of /cvsroot/spamassassin/spamassassin/lib/Mail/SpamAssassin
In directory sc8-pr-cvs1:/tmp/cvs-serv912/lib/Mail/SpamAssassin

Modified Files:
	Conf.pm 
Log Message:
Bug 2080: add_header didnt allow numbers

Index: Conf.pm
===================================================================
RCS file: /cvsroot/spamassassin/spamassassin/lib/Mail/SpamAssassin/Conf.pm,v
retrieving revision 1.223
retrieving revision 1.224
diff -b -w -u -d -r1.223 -r1.224
--- Conf.pm	17 Jun 2003 02:30:55 -0000	1.223
+++ Conf.pm	18 Jun 2003 02:44:32 -0000	1.224
@@ -682,7 +682,7 @@
 
 =cut
 
-    if (/^add_header\s+([A-Za-z_-]+)\s+(ham|spam|all)\s+(.*?)\s*$/) {
+    if (/^add_header\s+([A-Za-z0-9_-]+)\s+(ham|spam|all)\s+(.*?)\s*$/) {
       my ($name, $type, $line) = ($1, $2, $3);
       if ($line =~ /^"(.*)"$/) {
 	$line = $1;