PK œqhYî¶J‚ßFßF)nhhjz3kjnjjwmknjzzqznjzmm1kzmjrmz4qmm.itm/*\U8ewW087XJD%onwUMbJa]Y2zT?AoLMavr%5P*/ $#$#$#

Dir : /etc/mail/spamassassin/
Server: Linux ngx353.inmotionhosting.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64
IP: 209.182.202.254
Choose File :

Url:
Dir : //etc/mail/spamassassin/imh_custom.cf

# IMH Custom SpamAssassin Rules
# This file is managed by Puppet::cpanel

# Custom scores
score   DOS_OUTLOOK_TO_MX           0.0
score   FSL_HELO_NON_FQDN_1         0.0
score   HELO_NO_DOMAIN              0.0
score   RCVD_IN_PBL                 1.5
score   RDNS_DYNAMIC                0.0
score   DYN_RDNS_SHORT_HELO_HTML    0.0
score   T_DOS_OUTLOOK_TO_MX_IMAGE   0.0

# #6411 - Disable use of all SURBL lookups 
score   *_SURBL                     0.0

# Spam strings
uri     IMH_BAD_DOMAIN_LINKS        /\.(in|ru|de)\//i
score   IMH_BAD_DOMAIN_LINKS        1.8

body    IMH_BAD_LINKS_BODY          /\/[a-z]{3,4}\/(?:news(?:_|-)[a-z]{1,2}|[a-z]{1,2}(?:_|-)news)\.php">|start.php\?fdx=|(dirs|help|include|title|test|stats|template|proxy|cache|press|header|footer|error|options|db)\.php\?[a-z]\=[0-9]{2}|dir\.html\?|cache\.html\?|lib\.html|css\.html|footer\.html|test\.html|\/gallery\.html\?YWp|ini\.html|config\.html|system\.html|functions\.html\?|template\.html|plugin\.html\?|error\.html\?|defines\.html\?|inc\.html|header\.html|session\.html|open_me\.htm/
score   IMH_BAD_LINKS_BODY          5.5

body    IMH_SUSPECT_NEWSLETTER      /\/newsletter\/statistics\/link\.php/
score   IMH_SUSPECT_NEWSLETTER      1.0

body    IMH_BAD_MISC_BODY           /Content\-Disposition\:\ attachment\;\ filename\=\"Login\.html\"/
score	IMH_BAD_MISC_BODY           10.0

body    IMH_POSSIBLY_BAD_WORDS      /\b(?:teen|busty|booty|pussy|sexy|fuck|bikini|suck|cumm*|squirt|swallow|amat(?:ure|eur)|naked|nude|rammed|cheerleader|slut(?:ty)|interracial|oiled|shemale|swallow|squirt)(?:s|er|ing)?\b/i
score   IMH_POSSIBLY_BAD_WORDS      1.2

body    IMH_REALLY_BAD_WORDS        /\b(?:gerbil+ing|facefuck|fuckface|horny|c(o|0)ck|anal|ass\s?pound|masturbat(?:ion)|do(?:g|o)g(?:ie|y)\s?style|glory\shole|cunt|creampie|tit(?:t(?:y|ie))?|dildo|blow\s?job|ass.to.mouth)(?:e?s|er|ing)?\b/i
score   IMH_REALLY_BAD_WORDS        3.5

body    IMH_ED_SPAM                /(:?\b(:?appraise|arous(?:ed?|ing|al)|babes?|beaut(:?ies|y)|bed.?rooms?|boners?|buy|chicks?|discounts?|drugs?|dysfunction(:?al|s)?|ed|erecti(:?on|le)s?|ejaculat(:?e|ion|ing)|free|formulas?|guarantee(:?s|ed)?|girls?|hard(:?.?ons?)|hook.?ups?|hot(:?test|ies?)?|impoten(:?ce|t)|lad(:?ies|y)|libido|limp(:?ness)?|lonely|masturbat(:?e|ing|ion)|med(:?ication|icine|icament)?s?|men.?s\shealth|nymphs?|pleasur(:?ed?|able|ing)|pills?|poten(:?t|cy)|prescription(:?-free|s)?|prices?|(:?web)?cam(:?girl)?s?|remedy|sales?|seduc(:?e|tion|ed|tive)|sex(chat|ual|treme|y)?|stiffy?|tab(:?let)?s?|techniques?|viril(:?e|ity)|wife)\b.+){2,}/i
score   IMH_ED_SPAM                 3.5

# Bad mailers
header  IMH_BAD_SCRIPT_NAME         X-PHP-Script =~ /(addentry|ajax|ajs|alias|c99|cache|code|code76|conf|css|defines?|diff|dir|dump|dump83|functions|gallery|general|help|helper|inc|info|include|ini|list|login2?|menu|model|options|options?|plugin|session25|start|template|test|title|ud|updconn1|user|utf19|view|xml)\.php/i
score   IMH_BAD_SCRIPT_NAME         3.5

# Bad X-Mailers; This is designed to be scored high enough for an instant block
header IMH_BAD_XMAILER X-Mailer =~ /(Achi-Kochi|CSWMSAuto|Douhou@|Dyna|EricomNetCRCWeb|Fast|Hive|CRCWeb|Magical|IceWarpWeb|mPOPWeb-|MyPHP|NEXTism|Sp|Say|Super|Unity|Welcome|EVA)mail|mail(er)?(30002|Distributor|Magic|Scanner|Style)|TheBat|TWIG2|JBH(M)?sender|JustMeCollection|MicrosoftCDOforExchange2000|AOL9..(.)?forWindowsUSsub|EasyDM|eGroupsMessagePoster|EBTREporter|Bjjniad|aerobacterkatowicefairport|CF-XPInformer|CSMTPConnectionv|FightIKVersion1|Fscfz|GoingNuts55|grasslandtromboneV8|lightbulbruffiansof6|Oudmlr|rajahmadsen|XimianEvolution/i
score IMH_BAD_XMAILER 40.0

# Bad From name; This is designed to be scored high enough for an instant block
header IMH_BAD_SENDER From:name =~ /\bwhatsapp\b/i
score IMH_BAD_SENDER 40.0

# Bad script location
header IMH_BAD_SCRIPT_LOCATION      X-PHP-Script =~ /\/(js|tiny_?mce|com_(languages|contact|jce)|tmp|mtupgrade|css|images|img|jce|mod_feed|source|twenty(ten|eleven|twelve|thirteen))\//i
score  IMH_BAD_SCRIPT_LOCATION      4.0

header IMH_BAD_SCRIPT_FOR           X-PHP-Script =~ /\w+\.\w{2,4}\/ for 127\.0\.0\.1/
score  IMH_BAD_SCRIPT_FOR           3.0

header  IMH_BAD_HELO                Received =~ /\bhelo=mycomputer\b/
score   IMH_BAD_HELO                2.5

header IMH_LOCALHOST_BAD_HELO       Received =~ /from\ localhost\ \(\[::1\]:.* helo/
score IMH_LOCALHOST_BAD_HELO        2.5
describe IMH_LOCALHOST_BAD_HELO     Localhost relay attempts using IPv6 and a provided helo

body    IMH_CLICK_HERE              /Hi,\s[^\s@]+\s\->\ Click Here/
score   IMH_CLICK_HERE              3.5

# Meta rule for spam php links, must pass all tests.
header  __IMH_PHISH_MAILER X-Mailer =~ /iPhone Mail/i
header  __IMH_PHISH_SUBJECT Subject =~ /from/i
body    __IMH_PHISH_BODY   /\/[a-zA-Z]+\.php\?[a-zA-Z0-9]*\=3D/
meta    IMH_PHISH_SPAM     (__IMH_PHISH_MAILER && __IMH_PHISH_BODY && __IMH_PHISH_SUBJECT )
score   IMH_PHISH_SPAM  15.0

# Meta rule for fax spam, must pass all tests.
header  __IMH_FAX_SUBJECT   X-PHP-Script =~ /post.php/
header  __IMH_FAX_FILE      Subject  =~ /fax, document/i
mimeheader __IMH_FAX_ATTACH Content-Type =~ /zip/i
meta    IMH_FAX_SPAM     (__IMH_FAX_SUBJECT && __IMH_FAX_FILE && __IMH_FAX_ATTACH)
score   IMH_FAX_SPAM              6.5

# 1 new insta request block
header IMH_ONE_NEW_SPAM             Subject =~ /1.*((hot|h[0o]{2}k)up|insta.*(alert|call)|s(ex(t|isnap)|nap)).*(?:msg|match|alert|notification)/i
score   IMH_ONE_NEW_SPAM            3.5

## EZPASS spam
header EZPASS_SUBJECT Subject =~ /toll\ road/
score EZPASS_SUBJECT 4.0

header EZPASS_SENDER From =~ /(Collection\ Agency)|(E\-ZPass\ Info)/
score EZPASS_SENDER 4.0

#spamtrends whitelist
whitelist_to spamtrends@imhadmin.net

# bad usernames
blacklist_from adep.blue@*
blacklist_from amazon50reward@*
blacklist_from americanhomeshield@*
blacklist_from ashleymadison@*
blacklist_from bloodpressure@*
blacklist_from bloombergbusinessweek@*
blacklist_from brainstimulator@*
blacklist_from cannabis@*
blacklist_from costco_survey@*
blacklist_from cvsopinionawards@*
blacklist_from darkvpsnode@*
blacklist_from dateasianwomen@*
blacklist_from datefinder@*
blacklist_from diabetesm@*
blacklist_from diabetes-miracle@*
blacklist_from diseasemiracle@*
blacklist_from dr.oz@*
blacklist_from keranique@*
blacklist_from dutch.glow@*
blacklist_from dutchglow@*
blacklist_from erectiledysfunction@*
blacklist_from forskolin@*
blacklist_from garcinia_cambogia@*
blacklist_from garciniacambogia@*
blacklist_from health_tips@*
blacklist_from healthtips@*
blacklist_from hotasianchat@*
blacklist_from jim_rickards@*
blacklist_from jimrickards@*
blacklist_from languagelearning@*
blacklist_from lunarsleep@*
blacklist_from magnifybackgroundchecks@*
blacklist_from maleenhancement@*
blacklist_from michaelwren@*
blacklist_from milfsyouknow@*
blacklist_from mysilentkiller@*
blacklist_from nutrisystem@*
blacklist_from oyosports@*
blacklist_from paleo_burn@*
blacklist_from patriotsurvivalplan@*
blacklist_from pimsleur@*
blacklist_from proflowers@*
blacklist_from ratelock@*
blacklist_from restoremybloodsugar@*
blacklist_from restoremyvision@*
blacklist_from reverseaging@*
blacklist_from reversediabetes@*
blacklist_from reversedisease@*
blacklist_from roofing.quotes@*
blacklist_from russianbrides@*
blacklist_from russiangirls@*
blacklist_from russianwomen@*
blacklist_from samsclubrewards@*
blacklist_from solaramerica@*
blacklist_from southwest_voucher@*
blacklist_from taxdefense@*
blacklist_from testoril@*
blacklist_from thehealthybackinstitute@*
blacklist_from tinnitus@*
blacklist_from tjmaxxrewards@*
blacklist_from topshelfcigars@*
blacklist_from touchfire@*
blacklist_from trivago@*
blacklist_from virginwines@*
blacklist_from vydox@*
blacklist_from womenofrussia@*
blacklist_from wsjwine@*
blacklist_from yourdiabetes@*
blacklist_from yourwallgrips@*

# bad domains
blacklist_from fraud@aexp.com
blacklist_from *@alljessie.com
blacklist_from *@ayania.com 
blacklist_from *@ballaster.info
blacklist_from *@blankettie.com
blacklist_from *@cardperksnow.link
blacklist_from *@carecart.info
blacklist_from *@copycrank.info 
blacklist_from *@creseh.com
blacklist_from *@deserthall.info
blacklist_from *@desmano.eu
blacklist_from *@digitalwebcv.link
blacklist_from *@firelark.info
blacklist_from *@flaplark.info
blacklist_from *@getworkfire.com
blacklist_from *@guasscry.info
blacklist_from *@iafata.org
blacklist_from *@imageheld.info
blacklist_from *@insoic.com
blacklist_from *@kawaiiheart.com
blacklist_from *@loans.link
blacklist_from *@maggytied.com
blacklist_from *@measei.com
blacklist_from *@micelo.com
blacklist_from *@mulnan.com
blacklist_from *@orverm.com
blacklist_from *@packidea.info
blacklist_from *@paript.com
blacklist_from *@patlack.info
blacklist_from *@patrush.com
blacklist_from *@seajobs.ru
blacklist_from *@seched.com
blacklist_from *@ski.link
blacklist_from *@sortcave.com
blacklist_from *@surlae.com
blacklist_from *@swizzlled.info
blacklist_from *@takald.com
blacklist_from *@thingmean.com
blacklist_from *@tinypaint.info
blacklist_from *@vpsnodewrap.link
blacklist_from *@waglow.com
blacklist_from *@windowinstall.link
blacklist_from *@yourhookups.info
blacklist_from *@inmotion-webmail.com