# Add your own customisations to this file.  See 'man Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
# 

# allow_user_rules 1
report_safe 0
dns_available yes

clear_trusted_networks
clear_internal_networks
trusted_networks 192.168.254.
internal_networks 192.168.254.

# header ALL_TRUSTED Did not pass through any untrusted hosts
# this test... needs more work
# http://bugzilla.spamassassin.org/show_bug.cgi?id=4055
#
# At 16:58 -0500 03/21/2005, David Brodbeck wrote:
# The problem is that disabling it doesn't solve the problem, only hides it.
# A lot of other rules depend on a proper trust path.  But all you really
# need to do is set trusted_networks and the problem will be solved.
#
# # cross your fingers...
#score ALL_TRUSTED 0


# site-wide SpamAssassin user preferences file.

ok_languages		en
ok_locales		en
report_safe 	        0 

# The following is only available globally
use_auto_whitelist 0

# Path for Bayesian probabilities databases.  Several databases will be
# created, with this as the base, with "_toks", "_seen" etc. appended to
# this filename; so the default setting results in files called
# "~/.spamassassin/bayes_seen", "~/.spamassassin/bayes_toks" etc.
#
# By default, each user has their own, in their "~/.spamassassin" directory
# with mode 0700/0600, but for system-wide SpamAssassin use, you may want
# to reduce disk space usage by sharing this across all users.  (However
# it should be noted that Bayesian filtering appears to be more effective
# with an individual database per user.)
#
# We'll take disk space reduction for 40 points, Alex!
bayes_path /etc/mail/spamassassin/bayes
bayes_auto_learn 0

# users running "spamassassin" from their procmailrc's or forward files, or  
# sysadmins editing a file in "/etc/mail/spamassassin", can create rules
#
# header SYMBOLIC_TEST_NAME header op /pattern/modifiers [if-unset: STRING]     
#    Define a test.  "SYMBOLIC_TEST_NAME" is a symbolic test name,
#    such as 'FROM_ENDS_IN_NUMS'.  "header" is the name of a mail header,       
#    such as 'Subject', 'To', etc. 'ALL' can be used to mean the text of        
#    all the message's headers.
#
#    "op" is either "=~" (contains regular expression) or "!~" (does not        
#    contain regular expression), and "pattern" is a valid Perl regular
#    expression, with "modifiers" as regexp modifiers in the usual style.  
#
#   If the "[if-unset: STRING]" tag is present, then "STRING" will be used      
#   if the header is not found in
#
# body SYMBOLIC_TEST_NAME /pattern/modifiers
#   Define a body pattern test.  "pattern" is a Perl regular expression.  
#
#   The 'body' in this case is the textual parts of the message body 
#
# uri SYMBOLIC_TEST_NAME /pattern/modifiers
#   Define a uri pattern test.  "pattern" is a Perl regular expression.
#   Note: as per the header tests, "#" must be escaped ("\#") or else it
#   is considered the beginning of a comment.
#
#   The 'uri' in this case is a list of all the URIs in the body of the
#   email, and the test will be run on each and every one of those URIs,
#   adjusting the score if a match is found. Use this test instead of one of
#   the body tests when you need to match a URI, as it is more accurately
#   bound to the start/end points of the URI, and will also be faster.
#
#
# describe SYMBOLIC_TEST_NAME description ...
#   Used to describe a test.  This text is shown to users in the detailed       
#   report.
#
# score SYMBOLIC_TEST_NAME n.nn
#   Assign a score to a given test.  Scores can be positive or negative
#   real numbers or integers.  "SYMBOLIC_TEST_NAME" is the symbolic name        
#   used by SpamAssassin as a handle for that test; e.g. 'FROM_ENDS_IN_NUMS'. 
#
# Assigning a score of 0 causes SA to ignore the test

#
# Local scores

# Black list scores
# jm@jmason.org (Justin Mason) wrote, in users@spamassassin.apache.org
# (March 2005)
# ...there is a big difference between the SURBL policy of zero FPs and
# the SBL policy, which I can best state as "kill the spammers".
# SURBLs rarely have `collateral' damage and their default scores reflect
# that;  The URIBL_SBL is only assigned scores of
#  "0 0.629 0 0.996"
# in 3.0.2 - Only URIBL_AB_SURBL with set 3 and URIBL_WS_SURBL with set 
# 1 are ever assigned lower scores than the URIBL_SBL.  All the other 
# SURBL have significantly higher scores - URIBL_SC_SURBL is many times
# what URIBL_SBL is.
#
# Jeff Chan wrote>
# In particular try setting the score of URIBL_SBL to 0 since its style
# of SBL lookups is significantly slower than SURBL lookups, and its FP
#(false positive rate) is higher.
#
# (URIBL_SBL needs to resolve the NS records of the URI domain and check
# them against SBL using another DNS resolution.  That initial resolution
# of the wild domain can potentially be quite slow since it uses various
# external name servers, potentially including ones that belong to spammers.)
#
#
# leave these at the default (for now)
# URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist (?.?)
#
# raise these
# URIBL_SC Contains an URL listed in the SBL blocklist (0.6)
score URIBL_SC_SURBL 1.0
# URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist (2.0)
score URIBL_OB_SURBL 3.0
# URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist (0.5)
score URIBL_WS_SURBL 1.0
# and lower this one
# URIBL_SBL Contains an URL listed in the SBL blocklist (0.6)
score URIBL_SBL 0.0


# header DRUGS_PAIN Refers to a pain relief drug
score DRUGS_PAIN	6.0
# header DRUGS_ERECTILE_OBFU Obfuscated reference to an erectile drug
score DRUGS_ERECTILE_OBFU	6.0
# body IMPOTENCE BODY: Impotence cure
score IMPOTENCE	6.0
# header DRUGS_ERECTILE Refers to an erectile drug
score DRUGS_ERECTILE	6.0
# header DRUGS_ANXIETY Refers to an anxiety control drug
score DRUGS_ANXIETY 0.5
# header RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
score RCVD_NUMERIC_HELO	4.0
# header RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should
score RCVD_HELO_IP_MISMATCH	4.0
# body BODY_ENHANCEMENT Information on growing body parts
score BODY_ENHANCEMENT 2.0
# body BODY_ENHANCEMENT2 Information on getting larger body parts
score BODY_ENHANCEMENT2 2.0


#
# Local rules

#
# OK
#
body EZMLM_OK			/Hi! This is the ezmlm program/i
score EZMLM_OK			-4.0
describe EZMLM_OK		Response from ezmlm mailing list

header CF_RCVD_LOCAL            Received =~ /192.168.254/
score CF_RCVD_LOCAL             -5.0
describe CF_RCVD_LOCAL          Received from LAN

# Typical ploys
# These are indicators; however, good mail may match these too.
# Scores are therefore fairly low

header CF_FALSE_FRIEND		Subject =~ /[\s']Friend[\s',-]/i
score CF_FALSE_FRIEND   	2.0
describe CF_FALSE_FRIEND   	Mail to "Friend"
  
header CF_AD			Subject =~ /^AD[:\s]|^\[AD\]|^ADV[:\s]|\[ADV\]/
score CF_AD			3.0
describe CF_AD			Advertisement (at least they followed the rules)

# User-specific. Match on some headers procmail can put in

header CF_DEAR_OCCUPANT		X-Procmail =~ /\[DEAR-OCCUPANT\]/i
score CF_DEAR_OCCUPANT		0.5
describe CF_DEAR_OCCUPANT	Not explicitly To (or Cc) me

header CF_NAME_IN_SUBJECT	X-Procmail =~ /\[NAME-IN-SUBJECT\]/i
score CF_NAME_IN_SUBJECT	0.5
describe CF_NAME_IN_SUBJECT	My name in the Subject: line

header CF_MAYBE_FORGED		X-Procmail =~ /\[MAYBE-FORGED\]/i
score CF_MAYBE_FORGED		0.5
describe CF_MAYBE_FORGED	Did I send this? I don't think so.

header CF_NO_REALNAME           X-Procmail =~ /\[NO-REALNAME\]/i
score CF_NO_REALNAME            0.1
describe CF_NO_REALNAME         Addressed to me but not by name

# Getting into "bulk" mail...

header CF_TO_THREE		To =~ /,[^,]+,[^,]+,/
score CF_TO_THREE		0.5
describe CF_TO_THREE		To contains at least 3 addresses

header CF_CC_THREE		Cc =~ /,[^,]+,[^,]+,/
score CF_CC_THREE		0.5
describe CF_CC_THREE		Cc contains at least 3 addresses

header CF_TO_MANY		To =~ /,[^,]+,[^,]+,[^,]+,/
score CF_TO_MANY		0.5
describe CF_TO_MANY		To contains more than 3 addresses

header CF_CC_MANY		Cc =~ /,[^,]+,[^,]+,[^,]+,/
score CF_CC_MANY		0.5
describe CF_CC_MANY		Cc contains more than 3 addresses

# i18n - Sprechen sie what?

header CF_FROM_8BITS            From =~ /[\x80-\xff]{3,}/
score CF_FROM_8BITS		8.0
describe CF_FROM_8BITS          From: includes 3 consecutive 8-bit characters

body CF_I18N			/charset="(?:GB2312|big5|134|koi8-r|ks_c_|euc-kr|iso-8859-1)/
score CF_I18N			9.0
describe CF_I18N		International character sets

#
# Buy! Sell! Trade!
#

header CF_SPAM_OFFER_1		Subject =~ /printer'? '?cartridge/i
score CF_SPAM_OFFER_1		2.0
describe CF_SPAM_OFFER_1	typical SPAM offer

header CF_SPAM_OFFER_2		Subject =~ /[\s'_]toner[\s'_]/i
score CF_SPAM_OFFER_2		2.0
describe CF_SPAM_OFFER_2	typical SPAM offer

header CF_SPAM_OFFER_2b		Subject =~ /[\s'_]inkjet[\s'_]/i
score CF_SPAM_OFFER_2b		2.0
describe CF_SPAM_OFFER_2b	typical SPAM offer

header CF_SPAM_OFFER_3		Subject =~ /[\s'_]business'? '?card/i
score CF_SPAM_OFFER_3		2.0
describe CF_SPAM_OFFER_3	typical SPAM offer

header CF_SPAM_OFFER_4		Subject =~ /[\s'_]free[\s',!_]/i
score CF_SPAM_OFFER_4		2.0
describe CF_SPAM_OFFER_4	typical SPAM offer

header CF_SPAM_OFFER_5		Subject =~ /[\s'_]weight[\s'_]/i
score CF_SPAM_OFFER_5		2.0
describe CF_SPAM_OFFER_5	typical SPAM offer

header CF_SPAM_OFFER_6		Subject =~ /[\s'_]credit[\s'_]/i
score CF_SPAM_OFFER_6		2.0
describe CF_SPAM_OFFER_6	typical SPAM offer

header CF_Junk1        	Subject =~ /\bViagra\b|\bHgH\b|\bBuspar\b|\bSuden[ae]fil\b|\bClaritin\b|\bPhentermine\b/i
score CF_Junk1		8.0
describe CF_Junk1       Junk topics

header CF_Junk2        	Subject =~ /\bHoroscope\b|\bSpy\b|\binsurance\b/i
score CF_Junk2		0.5
describe CF_Junk2       Junk topics
 
header CF_Junk3        	Subject =~ /\bpre-approval\b|\bpre-approved\b|\bloan\b|\byour application\b/i
score CF_Junk3		0.5
describe CF_Junk3       Junk topics

header CF_Junk4         Subject =~ /Work With us and Ebay/i
score CF_Junk4          8.0
describe CF_Junk4       Junk topics