Kevin A. McGrail skrev den 2017-09-08 19:03:
Yes, it's called an anchor and Shane Williams a long time ago gave me
some advice on that I used in this rule:
uri __KAM_SHORT
/(\/|^|\b)(?:j\.mp|bit\.ly|goo\.gl|x\.co|t\.co|t\.cn|tinyurl\.com|hop\.kz|urla\.ru|fw\.to)(\/|$|\b)/i
why make it complicated ?
enlist_url_host (MYTLD) ru
enlist_url_host (MYTLD) dk
and i have forgot my own rules to this list :=)
googled:
https://lists.gt.net/spamassassin/devel/154398
Example 1:
enlist_uri_host (LOW) geocities.com
enlist_uri_host (MED) geocities.yahoo.com.br
enlist_uri_host (LOW) AutoFinanceUK.co.uk
enlist_uri_host (HIGH) blasdutro buckrea.com
enlist_uri_host (MED) True.com
enlist_uri_host (LOW) imageshack.us
and the corresponding rules:
header URI_HOST_LOW eval:check_uri_host_listed('LOW')
describe URI_HOST_LOW Host or domain found in URI is listed in the LOW
list
tflags URI_HOST_LOW userconf noautolearn
score URI_HOST_LOW 1.5
header URI_HOST_MED eval:check_uri_host_listed('MED')
describe URI_HOST_MED Host or domain found in URI is listed in the MED
list
tflags URI_HOST_MED userconf noautolearn
score URI_HOST_MED 4
header URI_HOST_HIGH eval:check_uri_host_listed('HIGH')
describe URI_HOST_HIGH Host or domain found in URI is listed in the HIGH
list
tflags URI_HOST_HIGH userconf noautolearn
score URI_HOST_HIGH 12
Example 2:
blacklist_uri_host www.need-lust.com www.crave-lust
blacklist_uri_host sommerphantasie.com klick2go.com lucymeier.com
blacklist_uri_host www.replaceftpsmtp.com www.aectransfer.org
blacklist_uri_host epsore.com www.alveal.com
blacklist_uri_host reppsetinte.com preprotissit.com
blacklist_uri_host www.weinportale.de www.fasctvideos.cn
blacklist_uri_host www.dilcasino.com www.hotgoldgambling.net
blacklist_uri_host www.antos.si www.omegaic.net www.clickonevent.com
blacklist_uri_host www.exorcism.org www.eturning.com
www.piramidasunca.ba
blacklist_uri_host 64.15.147.100
blacklist_uri_host bot.tormaxusa.net www.qtechna.si www.clecle.si
blacklist_uri_host www.ninadesign.co.nr constructionfiles.net
aecfiles02.com
blacklist_uri_host filetransfer00.com filetransfer01.com
filetransfer02.com
blacklist_uri_host filetransfer03.com filetransfer04.com
filetransfer05.com
blacklist_uri_host filetransfer06.com filetransfer07.com
filetransfer08.com
blacklist_uri_host filetransfer09.com
header URI_HOST_IN_BLACKLIST eval:check_uri_host_listed('BLACK')
describe URI_HOST_IN_BLACKLIST Host or domain found in URI is
blacklisted
tflags URI_HOST_IN_BLACKLIST userconf noautolearn
score URI_HOST_IN_BLACKLIST 8
header URI_HOST_IN_WHITELIST eval:check_uri_host_listed('WHITE')
describe URI_HOST_IN_WHITELIST Host or domain found in URI is
blacklisted
tflags URI_HOST_IN_WHITELIST userconf nice noautolearn
score URI_HOST_IN_WHITELIST -10
Example 3:
enlist_uri_host (RCKT) ru !aaa.example.kr cn kr tr
header URI_HOST_RCKT eval:check_uri_host_listed('RCKT')
score URI_HOST_RCKT 0.1
enlist_uri_host (RU) ru
header URI_HOST_RU eval:check_uri_host_listed('RU')
score URI_HOST_RU 1.8
enlist_uri_host (CN) cn
header URI_HOST_CN eval:check_uri_host_listed('CN')
score URI_HOST_CN 1.2
enlist_uri_host (KR) kr
header URI_HOST_KR eval:check_uri_host_listed('KR')
score URI_HOST_KR 1.5
enlist_uri_host (TR) tr
header URI_HOST_TR eval:check_uri_host_listed('TR')
score URI_HOST_TR 1.5
sorry for spamming with more examples, it was intended to make more good
rules