blacklist_from alberto.zorrilla@consutic.com blacklist_from andres@pringleassociates.com blacklist_from djp@dpadula.net blacklist_from info@elezabygroup.com blacklist_from k-ishida@iinuma.gr.jp blacklist_from lorraine@niconitreasures.com blacklist_from manu@casamanolo.com blacklist_from shirley@infinitecareservices.com blacklist_from *@peelregion.ca blacklist_from *@blakingkom.com blacklist_from *@dynect.net blacklist_from *@venturetag.com blacklist_from *@meplan-de.shop blacklist_from madaniihaider357@gmail.com blacklist_from *@*.valueserver.jp blacklist_from *@cpanelwebmailsec.com blacklist_from *@emailupdateserver.net blacklist_from *@*.sa.com blacklist_from *@*.ru.com blacklist_from *@*.spopessentials5.com blacklist_from *@ecertsecure.com blacklist_from *@hostcpanelmx.com blacklist_from *@advertisecopy.co blacklist_from *@assemblybishop.co blacklist_from *@createds.co blacklist_from *@develop24.co blacklist_from *@www4163.sakura.ne.jp blacklist_from *@relieveeven.cob blacklist_from *@cucumberlid.co blacklist_from *@killomission.co blacklist_from *@upsetfamily.co blacklist_from *@creepcat.co blacklist_from *@deathsweet.co blacklist_from *@ritualskip.co blacklist_from *@findignore.co blacklist_from *@harmonynotice.co blacklist_from *@depressedstem.co blacklist_from *@definitevalue.co blacklist_from *@haircutalive.co blacklist_from *@dollrisk.co blacklist_from *@flushpicture.co blacklist_from *@bluepudding.co blacklist_from *@grandchop.co blacklist_from *@seriousfolklore.co blacklist_from *@prosperinsurance.co blacklist_from *@calendartear.co blacklist_from *@anttire.co blacklist_from *@bitel.net blacklist_from *@*.guru blacklist_from *@*.cam blacklist_from *IKnow*@????.com blacklist_from *@*.icu blacklist_from *@*.xyz blacklist_from *@*.club blacklist_from *@sv162.xserver.jp blacklist_from *@sv2017.xserver.jp blacklist_from *@sv2021.xserver.jp blacklist_from *@sv2308.xserver.jp blacklist_from *@sv3017.xserver.jp blacklist_from *@sv3124.xserver.jp blacklist_from *@sv3128.xserver.jp blacklist_from *@sv364.xserver.jp blacklist_from *@sv51.xserver.jp blacklist_from *@sv7032.xserver.jp blacklist_from *@sv8046.xserver.jp blacklist_from *@www*.sakura.ne.jp blacklist_from *@*.xserver.jp blacklist_from inqury@inquirymails.org blacklist_from *@rolandhouel.fr blacklist_from *@*.k-dns.nl blacklist_from *@sgmailx.com blacklist_from *@notificationontaxservice.com blacklist_from *@order.notificationontaxservice.com blacklist_from *@chinanetdomains.org blacklist_from *@brigadeherd.com blacklist_from *@domainsecure.live blacklist_from *@ocbc.com.sg blacklist_from *@webmailserverhostmail.com header GCE_SPAM1 Subject=~ /Pending Account Deletion/i score GCE_SPAM1 15.0 describe GCE_SPAM1 Pending Account Deletion header GCE_SPAM2 Subject=~ /Pending incoming emails/i score GCE_SPAM2 15.0 describe GCE_SPAM2 Pending incoming emails header GCE_SPAM3 Subject=~ /Email Removal Notification/i score GCE_SPAM3 15.0 describe GCE_SPAM3 Email Removal Notification header GCE_SPAM4 Subject=~ /WARNING: Email Server De-activation Request/i score GCE_SPAM4 15.0 describe GCE_SPAM4 WARNING: Email Server De-activation Request header GCE_SPAM5 Subject=~ /E-mail report/i score GCE_SPAM5 15.0 describe GCE_SPAM5 E-mail report header GCE_SPAM6 Subject=~ Email Address Deactivation Notice For/i score GCE_SPAM6 15.0 describe GCE_SPAM6 E-mail spoof header GCE_SPAM7 Subject=~ Suspended incoming messages/i score GCE_SPAM7 8.0 describe GCE_SPAM7 Suspended incoming messages header GCE_SPAM8 Subject=~ encrypted email/i score GCE_SPAM8 2.0 describe GCE_SPAM8 encrypted email header GCE_SPAM9 Subject=~ Assessment Report/i score GCE_SPAM9 0.5 describe GCE_SPAM9 Assessment Report header GCE_SUBJECT_CUSTOM1 Subject =~ /WARNING/i body GCE_BODY_CUSTOM1 /\s+(disk usage|disk quota)/i header GCE_FROM_CUSTOM1 From =~ /cpanel\@\b/i meta GCE_CUSTOM_WARNING1 (GCE_SUBJECT_CUSTOM1 && GCE_BODY_CUSTOM1 && !GCE_FROM_CUSTOM1 ) score GCE_CUSTOM_WARNING1 12.0 describe GCE_CUSTOM_WARNING1 Disk quota spoof header GCE_SUBJECT_CUSTOM2 Subject =~ /Password/i body GCE_BODY_CUSTOM2 /\s+(Password expires today|Support Team|use the button|password expiration notification|security team/i meta GCE_CUSTOM_WARNING2 (GCE_SUBJECT_CUSTOM2 && GCE_BODY_CUSTOM2 ) score GCE_CUSTOM_WARNING2 12.0 describe GCE_CUSTOM_WARNING2 Password Spoof1 header GCE_SUBJECT_CUSTOM3 Subject =~ /action/i body GCE_BODY_CUSTOM3 /\s+(Password expires today|Support Team|use the button|password expiration notification|microsoft will not be held responsbile|p­a­s­s­w­o­r­d­|successfully spoofed|­M­i­c­r­o­s­o­f­t­|your roundcube email)/i meta GCE_CUSTOM_WARNING3 (GCE_SUBJECT_CUSTOM3 && GCE_BODY_CUSTOM3 ) score GCE_CUSTOM_WARNING3 4.0 describe GCE_CUSTOM_WARNING3 Password Spoof2 header GCE_SUBJECT_CUSTOM3a Subject =~ /undelivered emails/i body GCE_BODY_CUSTOM3a /\s+(Password expires today|Support Team|use the button|password expiration notification|microsoft will not be held responsbile|p­a­s­s­w­o­r­d­|­M­i­c­r­o­s­o­f­t­|your roundcube email|password)/i meta GCE_CUSTOM_WARNING3a (GCE_SUBJECT_CUSTOM3a && GCE_BODY_CUSTOM3a ) score GCE_CUSTOM_WARNING3a 12.0 describe GCE_CUSTOM_WARNING3a Password Spoof2 header GCE_SUBJECT_CUSTOM3b Subject =~ /roundcube/i body GCE_BODY_CUSTOM3b /\s+(Password expires today|Support Team|use the button|password expiration notification|microsoft will not be held responsbile|p­a­s­s­w­o­r­d­|­M­i­c­r­o­s­o­f­t­|your roundcube email|password|roundcube upgrade)/i meta GCE_CUSTOM_WARNING3b (GCE_SUBJECT_CUSTOM3b && GCE_BODY_CUSTOM3b ) score GCE_CUSTOM_WARNING3b 15.0 describe GCE_CUSTOM_WARNING3b Password Spoof2 header GCE_SUBJECT_CUSTOM4 Subject =~ /Your device has been logged in/i score GCE_SUBJECT_CUSTOM4 8.0 describe GCE_SUBJECT_CUSTOM4 Spoof header GCE_SUBJECT_CUSTOM5 Subject =~ /Action Required for/i score GCE_SUBJECT_CUSTOM5 4.0 describe GCE_SUBJECT_CUSTOM5 Spoof2 header GCE_SUBJECT_CUSTOM6 Subject =~ /Enlarged Prostate/i score GCE_SUBJECT_CUSTOM6 15.0 describe GCE_SUBJECT_CUSTOM6 Enlarged Prostate header GCE_SUBJECT_CUSTOM7 Subject =~ /cPanel is delaying/i score GCE_SUBJECT_CUSTOM7 15.0 describe GCE_SUBJECT_CUSTOM7 cPanel is delaying body GCE_BODY_CUSTOM8 /\s+(has received an encrypted email|pending messages will be permanently deleted after 48 hours|read fax)/i score GCE_BODY_CUSTOM8 2.0 meta GCE_CUSTOM_WARNING8 (GCE_SUBJECT_CUSTOM8 && RCVD_IN_GBUDB ) score GCE_CUSTOM_WARNING8 12.0 describe GCE_CUSTOM_WARNING3 Spam Email header GCE_SUBJECT_CUSTOM9 Subject =~ /You have 24 hours to retrieve your account/i score GCE_SUBJECT_CUSTOM9 15.0 describe GCE_SUBJECT_CUSTOM9 cPanel is delaying score KAM_ACCOUNTPHISH 3.0 score GOOG_STO_EMAIL_PHISH 3.0 score PHISH_ATTACH 3.0 score URI_WP_HACKED_2 3.0 score VFY_ACCT_NORDNS 3.0 score PHISH_ATTACH 3.0 header RCVD_IN_S5HBL eval:check_rbl_txt('s5hbl', 'all.s5h.net') describe RCVD_IN_S5HBL Listed at all.s5h.net tflags RCVD_IN_S5HBL net score RCVD_IN_S5HBL 0 2.0 0 2.0 header RCVD_IN_GBUDB eval:check_rbl('gbudb', 'truncate.gbudb.net.', '127.0.0.2') describe RCVD_IN_GBUDB Listed in truncate.gbudb.net tflags RCVD_IN_GBUDB net score RCVD_IN_GBUDB 0 2.0 0 2.0 #loadplugin Mail::SpamAssassin::Plugin::DCC #ifplugin Mail::SpamAssassin::Plugin::DCC #full DCC_CHECK eval:check_dcc() #describe DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) #tflags DCC_CHECK net #score DCC_CHECK 0 2.0 0 2.0 #endif mimeheader MIME_FAIL_GCE Content-Type =~ /\.(ade|adp|bat|chm|cmd|com|cpl|exe|hta|ins|isp|jse|html|htm)\b/i describe MIME_FAIL_GCE Blacklisted file extension detected score MIME_FAIL_GCE 4.0 mimeheader MIME_PDF_GCE Content-Type =~ /\.(pdf|pdf2)\b/i describe MIME_PDF_GCE Blacklisted file extension detected score MIME_PDF_GCE 1.0 meta MIME_FAIL_GCE_SPF (MIME_FAIL_GCE && SPF_SOFTFAIL) score MIME_FAIL_GCE_SPF 8.0 describe MIME_FAIL_GCE_SPF Blacklisted file extension detected SPF softfail meta MIME_FAIL_GCE_BODY (MIME_FAIL_GCE && GCE_BODY_CUSTOM2) score MIME_FAIL_GCE_BODY 4.0 describe MIME_FAIL_GCE_BODY Blacklisted file extension detected SPF body body GCE_UNSUBSCRIBE_RULE /unsubscribe/i score GCE_UNSUBSCRIBE_RULE 3.0 describe GCE_UNSUBSCRIBE_RULE Possible newsleeter body GCE_WEBMAIL_TEAM_RULE /webmail team/i score GCE_WEBMAIL_TEAM_RULE 15.0 describe GCE_WEBMAIL_TEAM_RULE Webmail Team body GCE_ROUNDCUBE_TEAM_RULE /roundcube team/i score GCE_ROUNDCUBE_TEAM_RULE 15.0 describe GCE_ROUNDCUBE_TEAM_RULE roundcube Team body GCE_VALIDATE_TEAM_RULE /validate ownership of your email address/i score GCE_VALIDATE_TEAM_RULE 15.0 describe GCE_VALIDATE_TEAM_RULE validate ownership of your email address body GCE_ROUNDCUBE_TEAM_RULE /your roundcube email/i score GCE_ROUNDCUBE_TEAM_RULE 15.0 describe GCE_ROUNDCUBE_TEAM_RULE your roundcube email body GCE_SUSPENDED_INCOMING_RULE /To View Incoming Suspended Messages And Retrieve Them/i score GCE_SUSPENDED_INCOMING_RULE 8.0 describe GCE_SUSPENDED_INCOMING_RULE To View Incoming Suspended Messages And Retrieve Them uri COM_BR_TLD /\.com\.br?:\/|$)/i describe COM_BR_TLD Contains an URL in the COM_BR domain score COM_BR_TLD 4.5 body GCE_SCHEDULE_MAINT /Scheduled System Maintenance/i score GCE_SCHEDULE_MAINT_RULE 4.0 describe GCE_SCHEDULE_MAINT Scheduled Maintaineance meta GCE_SCHEDULE_MAINT_COMBINE1 (GCE_BODY_CUSTOM3a && GCE_SCHEDULE_MAINT) score GCE_SCHEDULE_MAINT_COMBINE1 8.0 describe GCE_SCHEDULE_MAINT_COMBINE1 meta GCE_SCHEDULE_MAINT_COMBINE2 (GCE_BODY_CUSTOM3b && GCE_SCHEDULE_MAINT) score GCE_SCHEDULE_MAINT_COMBINE2 8.0 describe GCE_SCHEDULE_MAINT_COMBINE2