#
#"Please make sure that the username field is at least 3 characters
#long."
-#"Please make sure that the username field is at least 3 characters
#long."
#"Your username may not exceed "+regPageData.snMax+" characters."
#"Your username must begin with a letter."
#"Please make sure that the email address is at least 3 characters long."
#"Your email address may not exceed 97 characters."
+#Missed updating the length to 32. Fixed thanks to Ramon Medina
+
header __KAM_AOL From:addr =~ /\@aol\.(com|co\.uk)/i
-# username portion must be between 3 & 16 chars, starting with a letter
-header __KAM_GOODAOL1 From:addr =~ /^[a-z].{2,15}\@aol\.(com|co\.uk)/i
+# username portion must be between 3 & 32 chars, starting with a letter
+header __KAM_GOODAOL1 From:addr =~ /^[a-z].{2,32}\@aol\.(com|co\.uk)/i
# certain punctuation not allowed - This is likely not exhaustive
header __KAM_BADAOL1 From:addr =~ /[-\!\*\$].*\@aol\.(com|co\.uk)/
replace_rules __KAM_MAILBOX1 __KAM_MAILBOX2 __KAM_MAILBOX3
#ISSUE
- body __KAM_MAILBOX1 /mailbox .{0,12}exceeded|(storage|email|mailbox).(limit|quota|size|capacity)|(box|quota) is (a<L1>most )?fu<L1><L1>|have been rejected|new version|(prevented|pending) (the )?(delivery|messages)|quota is low|annual upgrade|(held|important) message|messages pending|messages (are|placed) on.?hold|upgrade to our service|recent attack|(request(ed)? to|account) de-?activat|de-?activat(ed|e|ing) (from using|all mailbox)|close down.{0,10}account|(sync|communication) failure|de<A1>ctiv<A1>ted if no <A1>ction|invalid users|request .{0,13}shutdown|migrating all email|del<I1>v<E1>ry <O1>f \d|messages.{0,6}returned|\d.{0,2}(unreceived|failed|undelivered|incoming|valid) (undelivered|incoming|message|e?mail)|synchronize \d email|messages.{1,10}suspend|report your account|(validation|configuration|service|mail) error|updating stage|blacklisted|(server|quota|quarantine|suspension|mail|upgrade) (alert|noti)|mailbox agreement|(system|security|server) (reasons|update|upgrade|alert)|system malfunction|due for an update|mailbox managment|automatically renew|.\d. pending|due for (upgrade|update|reconfirmation)|has been outdated|(due|about) to expire|not confirmed the email|(failed|couldn't be|refused to) deliver|temporarily suspend|failure to proceed|data plan limit|blocked from (sending|receiving)|sending unsolicited|\d\% full|confirm your request|security turned off|blocked or suspended|update warning|account .{1,9}?(restricted|closed)|old versions|mail malfunction|messages now queue|password expir|virus|expire on \d+\/|DNS Upgrad|encountered error|will be shut ?down|unauthorized (person|access)|prevent (further reject|loss of account)|avoid lose access|ensure safety|problem occurred|wrong password|suspicious sign.?in|\d quarantined? (e?mail|message|incoming)|deactivated tempor|low disk space|shutdown robot|suspended email|webmail security|account hijacked|will be suspended/i
+ body __KAM_MAILBOX1 /mailbox .{0,12}exceeded|(storage|email|mailbox).(limit|quota|size|capacity)|(box|quota) is (a<L1>most )?fu<L1><L1>|have been rejected|new version|(prevented|pending) (the )?(delivery|messages)|quota is low|annual upgrade|(held|important) message|messages pending|messages (are|placed) on.?hold|upgrade to our service|recent attack|(request(ed)? to|account) de-?activat|de-?activat(ed|e|ing) (from using|all mailbox)|close down.{0,10}account|(sync|communication) failure|de<A1>ctiv<A1>ted if no <A1>ction|invalid users|request .{0,13}shutdown|migrating all email|del<I1>v<E1>ry <O1>f \d|messages.{0,6}returned|\d.{0,2}(unreceived|failed|undelivered|incoming|valid) (undelivered|incoming|message|e?mail)|synchronize \d email|messages.{1,10}suspend|report your account|(validation|configuration|service|mail) error|updating stage|blacklisted|(server|quota|quarantine|suspension|mail|upgrade) (alert|noti)|mailbox agreement|(system|security|server) (reasons|update|upgrade|alert)|system malfunction|due for an update|mailbox managment|automatically renew|.\d. pending|due for (upgrade|update|reconfirmation)|has been outdated|(due|about) to expire|not confirmed the email|(failed|couldn't be|refused to) deliver|temporarily suspend|failure to proceed|data plan limit|blocked from (sending|receiving)|sending unsolicited|\d\% full|confirm your request|security turned off|blocked or suspended|update warning|account .{1,9}?(restricted|closed)|old versions|mail malfunction|messages now queue|password expir|virus|expire on \d+\/|DNS Upgrad|encountered error|will be shut ?down|unauthorized (person|access)|prevent (further reject|loss of account)|avoid lose access|ensure safety|problem occurred|wrong password|suspicious sign.?in|\d quarantined? (e?mail|message|incoming)|deactivated tempor|low disk space|shutdown robot|suspended email|webmail security|account hijacked|will be suspended|will.{0,2}expire.{0,2}(today|soon)|IP below was used/i
tflags __KAM_MAILBOX1 nosubject
#ACTION
- body __KAM_MAILBOX2 /(verify|update|upgrade|increase|validate|confirm|disable)"? (their|your)? {0,5}(address|password|<A1>ccount|(web-?)?mail|info|email|web ?mail|ownership)|(increase|upgrade) (my|your?) (inbox |email )?quota|(security|quota) (configuration|upgrade)|(increase disk|create some additional) storage|(setup|upgrade) (your )?mailbox|mail malfunction|click here to update|update account|validated within \d\d|deleted (automatically|in our server)|release .{0,40}(message|pending mess)|account to be close|remain active|termination of your account|choose what happens|blacklisting inactive|continue (using|the usage)|untrusted activity|(retrieve|review|view) (message|e?mail)|(verify|validate) (here|now)|reset below|verification (check|process)|email disk usage|auto extend your disk|confirm your (email|details)|mandetory file|retrieve here|expected to reactivate|keep your webmail|data will be lost|(block|release|review) (them|below)|view undelivered sent|reconfirm .{0,40}password|will be deactivat|avoid suspension|start the process|fake payment|(will be|automatically) cancel|mail verification|turn on (security|authentication)|Office 365-?Secure|an usual location|automatically delete|(retrieve|review|reload) (your )?(undelivered|pending)|view, release or delete|reload below|unblock (your )?incoming|rectify below|fix now|Company.Assigned Outlook|fix delivery|restore your roundcube|re-?authenticate (now|below)|manage your quarantine|manually fi|manually fix|review and take action|view (withheld|recent) (incoming|messages|e?mail)|use the button|reduce your mai<L1>|deliver recent mail|keep (current|same) password|change password|stop (this action|account removal)|fix your email/i
+ body __KAM_MAILBOX2 /(verify|update|upgrade|increase|validate|confirm|disable)"? (their|your)? {0,5}(address|password|<A1>ccount|(web-?)?mail|info|email|web ?mail|ownership)|(increase|upgrade) (my|your?) (inbox |email )?quota|(security|quota) (configuration|upgrade)|(increase disk|create some additional) storage|(setup|upgrade) (your )?mailbox|mail malfunction|click here to update|update account|validated within \d\d|deleted (automatically|in our server)|release .{0,40}(message|pending mess)|account to be close|remain active|termination of your account|choose what happens|blacklisting inactive|continue (using|the usage)|untrusted activity|(retrieve|review|view) (message|e?mail)|(verify|validate) (here|now)|reset below|verification (check|process)|email disk usage|auto extend your disk|confirm your (email|details)|mandetory file|retrieve here|expected to reactivate|keep your webmail|data will be lost|(block|release|review) (them|below)|view undelivered sent|reconfirm .{0,40}password|will be deactivat|avoid suspension|start the process|fake payment|(will be|automatically) cancel|mail verification|turn on (security|authentication)|Office 365-?Secure|an usual location|automatically delete|(retrieve|review|reload) (your )?(undelivered|pending)|view, release or delete|reload below|unblock (your )?incoming|rectify below|fix now|Company.Assigned Outlook|fix delivery|restore your roundcube|re-?authenticate (now|below)|manage your quarantine|manually fi|manually fix|review and take action|view (withheld|recent) (incoming|messages|e?mail)|use the button|reduce your mai<L1>|deliver recent mail|keep (current|same) password|change password|stop (this action|account removal)|fix your email|keep.{0,2}current.{0,2}password|verify login/i
tflags __KAM_MAILBOX2 nosubject
#SUBJECT
- header __KAM_MAILBOX3 Subject =~ /(mail|exceeded|insufficient) (storage|quota|upgrade)|Inbox almost full|(urgent|important|admin|last|suspension|server|account|administrator|system|disk ?usage|max size) (alert|rectification|attention|warning|noti)|needs to be upgraded|(incoming|pending|unreceived) +((e-?)?mail|document|message)|(del<I1>v<E1>ry|synchronization|processing) (problem|is blocked|failure|err<O1>r)|storage (is )?full|inbox full|(unread|upgrade|delayed) (messages|e?mail)|release your message|pending (new )?((e-?)?mail|message)|365 .{0,10} Update|new privacy policy|mandatory up|(sign in|Final|security|account|password|emails?) (closing|removal|update|upgrade|alert|notification|review)|quarantine|rejected|undelivered|(mailbox|limit) .{0,10}exceeded|confirmation required|(mail|mailbox|account|password) (shutdown|verification|Veirification|Verfication|account)|(blocked|held) message|technology services|(server|mail|account).{1,8}err<O1>r|validat|messages.{1,10}(suspend|hinder)|account (is )?(blocked|limited)|please verify.{1,10}account|mail.{1,6}Notice|email account.{1,11}full|final warning|help\-?desk|mail ownership|point files|(d|r)e-?activation|delayed for \d+ (hour|day)|undeliverable|confirmation required|closure of.{1,15}(\@|account)|(password|mail) (has|will) expire|did you make|password (reset|due|recovery|expir)|recovery option|\d+ new mess|email activity|Immediate action|action required|avoid block|review recent e?mail|final +alert|storage limit|ver<I1>f<I1>cat<I1>on|\@.{1,25}notification|notification \d+\/\d+\/|notification for .{1,25}\@|New Sign-in|deliver.{1,4}(cancel|issue|error|fail)|Unsuccessful Email|Mail DNS|ICT Maintenance|sync err|mailer un.?delivery|unauthorized (person|access)|configuration setting|reminder +for|re-?authenticate|change in your ip|shutdown request|Failure.{0,2}Report|\d emails? suspended|error sync|(e-?mails?|messages) (are )?pending/i
+ header __KAM_MAILBOX3 Subject =~ /(mail|exceeded|insufficient) (storage|quota|upgrade)|Inbox almost full|(urgent|important|admin|last|suspension|server|account|administrator|system|disk ?usage|max size) (alert|rectification|attention|warning|noti)|needs to be upgraded|(incoming|pending|unreceived) +((e-?)?mail|document|message)|(del<I1>v<E1>ry|synchronization|processing) (problem|is blocked|failure|err<O1>r)|storage (is )?full|inbox full|(unread|upgrade|delayed) (messages|e?mail)|release your message|pending (new )?((e-?)?mail|message)|365 .{0,10} Update|new privacy policy|mandatory up|(sign in|Final|security|account|password|emails?) (closing|removal|update|upgrade|alert|notification|review)|quarantine|rejected|undelivered|(mailbox|limit) .{0,10}exceeded|confirmation required|(mail|mailbox|account|password) (shutdown|verification|Veirification|Verfication|account)|(blocked|held) message|technology services|(server|mail|account).{1,8}err<O1>r|validat|messages.{1,10}(suspend|hinder)|account (is )?(blocked|limited)|please verify.{1,10}account|mail.{1,6}Notice|email account.{1,11}full|final warning|help\-?desk|mail ownership|point files|(d|r)e-?activation|delayed for \d+ (hour|day)|undeliverable|confirmation required|closure of.{1,15}(\@|account)|(password|mail) (has|will) expire|did you make|password (reset|due|recovery|expir)|recovery option|\d+ new mess|email activity|Immediate action|action required|avoid block|review recent e?mail|final +alert|storage limit|ver<I1>f<I1>cat<I1>on|\@.{1,25}notification|notification \d+\/\d+\/|notification for .{1,25}\@|New Sign-in|deliver.{1,4}(cancel|issue|error|fail)|Unsuccessful Email|Mail DNS|ICT Maintenance|sync err|mailer un.?delivery|unauthorized (person|access)|configuration setting|reminder +for|re-?authenticate|change in your ip|shutdown request|Failure.{0,2}Report|\d emails? suspended|error sync|(e-?mails?|messages) (are )?pending|\d \(?new\)? notice|new IP address/i
meta KAM_MAILBOX (__KAM_MAILBOX1 + __KAM_MAILBOX2 + __KAM_MAILBOX3 >=2) && (T_FREEMAIL_DOC_PDF + (KAM_SENDGRID + KAM_SENDGRID2 >= 1) + HTML_MIME_NO_HTML_TAG >= 2)
score KAM_MAILBOX 7.75
describe KAM_GRIPPY Spam for sticky grip products
# LIMITED / DISABLED ACCOUNT, ACTIVATION, SECURITY ALERTS, AND OTHER ACCOUNT PHISHES
-header __KAM_ACCOUNTPHISH1 From =~ /[il]tunes|account|costco|walgreen|amazon|ebay|internal|admin|gold|webmail|provider|marketing/i
+header __KAM_ACCOUNTPHISH1 From =~ /[il]tunes|account|costco|walgreen|amazon|ebay|internal|admin|gold|webmail|provider|marketing|Bank of America/i
header __KAM_ACCOUNTPHISH2 Subject =~ /your.account|is.limited|activate|recover|acknowledgment|of.order|buying.from|order.(status|confirm)|help.?desk|update.your|security|document|(^secure$)|download.failed|click.to.activate|status.approved|notification.message|storage.exceeded|maintenance routine|storage.warning|size.notification|administrative.notice/i
body __KAM_ACCOUNTPHISH3 /update.your.information|problems.with.your|billing.information|order.details|personal.data|detailed.order|order.information|for.activation|account.{1,30}.inactive|information.required|secure.browser|recently.compromised|classified.document|with.your.email|complete.your.account|account.confirmed|claim.your.order|free.money|forced.to.cancel|immediate.access|upgrading.all.staff|advice.to.update|confirm.your.account/i
body __KAM_ACCOUNTPHISH4 /webmail|all.systems|storage.limit|get.back.into|update.your.account|kindly.click|very.private.message|this.is.honest|fill.the.form|click.on.send|follow.here|for.all.user|one.click.away|mail.desk/i
score KAM_HEARTPROD 7.0
# LINES FULL OF SHORT WORDS. SCC='SOLID CLUES CONSULTING'=BILL COLE
-
+# NOTE: Some languages and people using things like ZWNJ repeatedly will cause FPs for this rule.
+# This rule disabled in deadweight anyway!
describe __SCC_SHORT_WORDS A line with lots of short words
body __SCC_SHORT_WORDS /\W(\D\w{1,3}\W{1,3}){11}/
tflags __SCC_SHORT_WORDS multiple maxhits=40
#trusted_networks 38.124.232.0/24
# CONTACTS / LISTS - This would be a good rule for tflags nosubject which requires 3.4.3 release
-header __KAM_LIST3_1 Subject =~ /Contacts|Visitor|Attendee|User|Professional|Meeting|Expo|Emails|Exhibit|Companies|trade ?show|marketing|retailer|list|outreach|customers|campaign|show|data|leaders|partnership|lead|(accou?nt|Contacts?|buyers?) (list|information)|install base|offices and clinics|healthcare/i
+header __KAM_LIST3_1 Subject =~ /Contacts|Visitor|Attendee|User|Professional|Meeting|Expo|Emails|Exhibit|Companies|trade ?show|marketing|retailer|list|outreach|customers|campaign|show|data|leaders|partnership|lead|(accou?nt|Contacts?|buyers?) (list|information)|install base|offices and clinics|healthcare|reach qualified buyers/i
#title
body __KAM_LIST3_2 /list services|email campaign|global marketing|(sales|event|campaign) manager|marketing (coordinator|campaign|manager|exec|project|team)|(lead|demand) generation|(business|Data|event) (analyst|coordinator)|(potential|professionals?|qualified) lead|(marketing|lead|attendees?|data) specialist|(marketing|Business) Co-?ordinator|marketing and comm|inside sales|pre-?sales|(email|attendee)s? list|global leads/i
#db for sale
-body __KAM_LIST3_3 /(information|data) field|verified email|(\d{4,8}|complete) (contact|details)|with email address|target geograph|counts and pric|decision maker|specific parameters|job titles|Specific lists|current attendee|each record|post show attendee|(attendees|counts)\:|(List|contacts|fields) (consists?|Contains?|includes?)|visitors and price|pricing, counts|information about the list|sample (file|record)|direct email|100\% populated|installed users|(compiled|selling) (a )?list|pricing and further|(validated|buy a) dataset|counts, pricing|procure the list|samples for (your )?review|attendees who might|decision.makers|samples and pricing|pricing details|demographics|few samples|database (organization|provider)|expense and count|(samples|counts?) and cost|multichannel marketing|count of email|users of the following/i
+body __KAM_LIST3_3 /(information|data) field|verified email|(\d{4,8}|complete) (contact|details)|with email address|target geograph|counts and pric|decision maker|specific parameters|job titles|Specific lists|current attendee|each record|post show attendee|(attendees|counts)\:|(List|contacts|fields) (consists?|Contains?|includes?)|visitors and price|pricing, counts|information about the list|sample (file|record)|direct email|100\% populated|installed users|(compiled|selling) (a )?list|pricing and further|(validated|buy a) dataset|counts, pricing|procure the list|samples for (your )?review|attendees who might|decision.makers|samples and pricing|pricing details|demographics|few samples|database (organization|provider)|expense and count|(samples|counts?) and cost|multichannel marketing|count of email|users of the following|your marketing campaign/i
#db what
-body __KAM_LIST3_4 /contacts and email|(visitors?|contacts?|attendee.?s?|users?) (mailing )?(list|record|database)|end users|our lists|\d\+? (attendee|contact)|users? database|Opt-in email list|(professionals?|user'?s|attendees?) (contact|list)|not spammer|delegates|marketing (analyst|campaigns)|(complete|emailed) list|unique account|contacts\:|titles\:|business profiles|database of|list from USA|(complete|contact) (Name|information|details)|geography|target audience|list.database|data (intelligence|include)|emails, phone|marketing list|unlimited usage|target (attendees|audience|industry)|opt-?in (contact|emails)|offices and clinics|specialties\:|showcase our capabilit|share samples|list includes|recently compiled/i
+body __KAM_LIST3_4 /contacts and email|(visitors?|contacts?|attendee.?s?|users?) (contacts? |mailing )?(list|record|database)|end users|our lists|\d\+? (attendee|contact)|users? database|Opt-in email list|(professionals?|user'?s|attendees?) (contact|list)|not spammer|delegates|marketing (analyst|campaigns)|(complete|emailed) list|unique account|contacts\:|titles\:|business profiles|database of|list from USA|(complete|contact) (Name|information|details)|geography|target audience|list.database|data (intelligence|include)|emails, phone|marketing list|unlimited usage|target (attendees|audience|industry)|opt-?in (contact|emails)|offices and clinics|specialties\:|showcase our capabilit|share samples|list includes|recently compiled/i
meta KAM_LIST3 (__KAM_LIST3_1 + __KAM_LIST3_2 + __KAM_LIST3_3 + __KAM_LIST3_4 >= 4)
describe KAM_LIST3 Mailing List Purveyor Spam
#BEAL AND SIMILAR IMPERSONATOR
ifplugin Mail::SpamAssassin::Plugin::KAMOnly
- header __KAM_BEAL1 From:name =~ /Geoff White|(Robert|Bob)( E.)? Beal|(James|Jim) Hoffman|Kevin (A\. )?Mc ?Grail|Chad Coney|Frederic Beuter|Chris(topher)? Surprise|(mike|michael) Charvat|Sheryl Brissett Chapman|janet smith/i
+ header __KAM_BEAL1 From:name =~ /Geoff White|(Robert|Bob)( E.)? Beal|(James|Jim) Hoffman|Kevin (A\. )?Mc ?Grail|Chad Coney|Frederic Beuter|Chris(topher)? Surprise|(mike|michael) Charvat|Sheryl Brissett Chapman|janet smith|Jeff Gardner|Geoff(rey)? White|Jason Davis/i
#header __KAM_BEAL2 From:addr =~ /\@gmail\.com|\@mail\.ru/i
- body __KAM_BEAL3 /(Robert|Bob).{1,4}Beal|Geoff White|(James|Jim).{1,4}Hoffman|Kevin (A\. )?Mc ?Grail|Frederic Beuter|Chris(topher)? Surprise|(mike|michael) Charvat|SHERYL Brissett Chapman|Janet Smith/i
- body __KAM_BEAL4 /(reply with|forward|send me|let me have) your (Cell|Mobile)|task (real quick|quickly)|(urgent|quick|fast) (reply|errand|response|task|request)|make (some|a) purchase|reimburse you|do something for me fast|spare time right now|confirm if you are free|physical or electronic gift card|(done for me|send out) ASAP|available at the moment|(desk|moment) right now/i
- body __KAM_BEAL5 /can't talk on the phone|receivable aging report|summary of all w\-?2/i
+ body __KAM_BEAL3 /(Robert|Bob).{1,4}Beal|Geoff White|(James|Jim).{1,4}Hoffman|Kevin (A\. )?Mc ?Grail|Frederic Beuter|Chris(topher)? Surprise|(mike|michael) Charvat|SHERYL Brissett Chapman|Janet Smith|Jeff Gardner|Geoff(rey)? White|Jason Davis/i
+ body __KAM_BEAL4 /(reply with|forward|send me|let me have) your (Cell|Mobile)|task (real quick|quickly)|(urgent|quick|fast) (reply|errand|response|task|request)|make (some|a) purchase|reimburse you|do something for me fast|spare time right now|confirm if you are free|physical or electronic gift card|(done for me|send out|task done) ASAP|available at the moment|(desk|moment) right now|get some .{0,10}gift card|reconfirm your cell|important task for me/i
+ body __KAM_BEAL5 /can't talk on the phone|receivable aging report|summary of all w\-?2|look forward to my text|are you in the office/i
meta KAM_BEAL ((__KAM_BEAL1 + __KAM_BEAL3 >= 1) + (SPF_SOFTFAIL + FREEMAIL_FROM + FREEMAIL_FORGED_REPLYTO >= 1) + __KAM_BEAL4 + __KAM_BEAL5 >= 3)
describe KAM_BEAL IMPOSTER! Will the real slim shady, please stand up?
- score KAM_BEAL 11.0
+ score KAM_BEAL 14.0
endif
#PROJECT
score KAM_CITIZEN 7.5
#BAD PRODUCTS
-header __KAM_PRODUCT2_1 Subject =~ /meal delivery|no chopping|(sticker|Children'?s?) book|\$[\d,\.]{5,10} Fast|Car ?Shield|Top Vet|Chew a day|trugreen|(perfect|healthy|your) lawn|slice.?n.?seal|kitchen (device|gadget)|butter knive|small penis|make you bigger/i
-body __KAM_PRODUCT2_2 /meal delivery|no chopping|i ?can ?read|zippy ?loan|car ?shield|Lick their paws|excessive scratching|trugreen|slice.?n.?seal|kitchen (device|gadget)|Better Butter|savage.?grow/i
-header __KAM_PRODUCT2_3 From =~ /veestro|i ?can ?read|zippy ?loan|car ?shieldi|petscy|trugreen|slice.?n.?seal|better.?butter|savage.?grow/i
+header __KAM_PRODUCT2_1 Subject =~ /meal delivery|no chopping|(sticker|Children'?s?) book|\$[\d,\.]{5,10} Fast|Car ?Shield|Top Vet|Chew a day|trugreen|(perfect|healthy|your) lawn|slice.?n.?seal|kitchen (device|gadget)|butter knive|small penis|make you bigger|ACs|Wifi Booster|anti.?snore|visceral fat/i
+body __KAM_PRODUCT2_2 /meal delivery|no chopping|i ?can ?read|zippy ?loan|car ?shield|Lick their paws|excessive scratching|trugreen|slice.?n.?seal|kitchen (device|gadget)|Better Butter|savage.?grow|coolair|Wifi Booster|sleeplab|belly.flat/i
+header __KAM_PRODUCT2_3 From =~ /veestro|i ?can ?read|zippy ?loan|car ?shieldi|petscy|trugreen|slice.?n.?seal|better.?butter|savage.?grow|CoolMe|wifi repeater|sleep.?lab|lost.?\d+lbs/i
meta KAM_PRODUCT2 ( __KAM_PRODUCT2_1 + __KAM_PRODUCT2_2 + __KAM_PRODUCT2_3 >= 3)
describe KAM_PRODUCT2 Scammy Products prevalent in spam
projects / proxmox-spamassassin.git / commitdiff