# FREEMAIL-PATTERNS.RC

:0
* ! FREEMAIL ?? NONE
* ? ${TEST} -f ${FREEMAIL}
{
 LOCALTAG=no

 :0
 * ? ${GREP} -i -x "${FROMDOMAIN}" ${FREEMAIL}
 { LOCALTAG=yes }

 :0
 * ? ${GREP} -i -x "${REPLYTODOMAIN}" ${FREEMAIL}
 { LOCALTAG=yes }

 :0
 * 1^0 FROMDOMAIN ?? ^hotmail\.com$
 * 1^0 REPLYTODOMAIN ?? ^hotmail\.com$
 {
  LOCALIPREGEXP=${FIRSTEXIPREGEXP}
  LT2=no
  TESTCIDR=${SBDIR}/info/hotmail-ips.cidr
  INCLUDERC=${SBDIR}/functions/check-cidr.rc

  :0
  * LT2 ?? yes
  { LOCALTAG=no }
 }

 :0
 * 1^0 FROMDOMAIN ?? ^yahoo\.[a-z][a-z][a-z]?(\.[a-z][a-z])?$
 * 1^0 REPLYTODOMAIN ?? ^yahoo\.[a-z][a-z][a-z]?(\.[a-z][a-z])?$
 {
  LOCALIPREGEXP=${FIRSTEXIPREGEXP}
  LT2=no
  TESTCIDR=${SBDIR}/info/yahoo-ips.cidr
  INCLUDERC=${SBDIR}/functions/check-cidr.rc

  :0
  * LT2 ?? yes
  { LOCALTAG=no }
 }

 :0
 * LOCALTAG ?? yes
 {
  SBLOG="A1R-Free Email site"
  INCLUDERC=${SBDIR}/functions/loglevel.rc

  :0
  * $ ${SBSCORE}^0
  * 2^0
  { SBSCORE=$= }
 }
}

:0
* FREEMAIL ?? NONE
{
 SBLOG="A1P-No Freemail Filtering"
 INCLUDERC=${SBDIR}/functions/loglevel.rc
}

# Free or Open/Unrestricted Web Proxies/Redirector URLs
#
#  URLs containing open web proxies or redirectors are usually
#  spam except when in email from the site that owns the web
#  proxy.
#

# Yahoo open proxy/redirector
#
#   This recipe blocks email that contains a URI referring
#   to an open Yahoo proxy/redirector unless that email
#   is actually from Yahoo.
#
:0
* LEANTAG ?? no
* B ??  (^|[^-_0-9a-z])(drs|s?rd)(ÿ|\.|=2E)yahoo(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
{
 LOCALIPREGEXP=${FIRSTEXIPREGEXP}
 LT2=no
 TESTCIDR=${SBDIR}/info/yahoo-ips.cidr
 INCLUDERC=${SBDIR}/functions/check-cidr.rc

 :0
 * LT2 ?? no
 {
  SBLOG="A1R-Yahoo Web Proxy in Message Body/Not From Yahoo"
  INCLUDERC=${SBDIR}/functions/loglevel.rc

  :0
  * $ ${SBSCORE}^0
  * 5^0
  { SBSCORE=$= }
 }
}

# Checking for IPs of abused web proxies/redirectors.
#
:0
* ! SBCONFIG ?? Lite
* FREEWEB ?? yes
* LEANTAG ?? no
{
 :0
 * (FIRSTBODYHOSTIP|\
    SECONDBODYHOSTIP|\
    THIRDBODYHOSTIP|\
    FOURTHBODYHOSTIP|\
    FIFTHBODYHOSTIP|\
    SIXTHBODYHOSTIP|\
    SEVENTHBODYHOSTIP) ?? ^(70\.84\.177\.19[5-8])$
 {
  SBLOG="A1R-Body Host Resolves to Abused Web Proxy/Redirector"
  INCLUDERC=${SBDIR}/functions/loglevel.rc

  :0
  * $ ${SBSCORE}^0
  * 3^0
  { SBSCORE=$= }
 }
}

# Checking for hosts of open web proxies/redirectors
#
:0
* FREEWEB ?? yes
* LEANTAG ?? no
{
 :0 B
 * ! --.*forwarded message --
 * ! ^forwarded message:
 * -1000^0
 *  -200^1   ^[:;#>]
 *  1100^0    (^|[^-_0-9a-z])26(ÿ|\.|=2E)to([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])redirect(ÿ|\.|=2E)alexa(ÿ|\.|=2E)com/redirect\?
 *  1100^0    (^|[^-_0-9a-z])r(ÿ|\.|=2E)aol(ÿ|\.|=2E)com/cgi/redir([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])redirect(ÿ|\.|=2E)aol(ÿ|\.|=2E)ca([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])www\.aol\.com/[a-z]+/clickThruRedirect\.adp\?
 *  1100^0    (^|[^-_0-9a-z])babyurl(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])capitalone(ÿ|\.|=2E)com/redirect(ÿ|\.|=2E)html\?
 *  1100^0    (^|[^-_0-9a-z])www(ÿ|\.|=2E)congress(ÿ|\.|=2E)org/congressorg/webreturn/\?url=
 *  1100^0    (^|[^-_0-9a-z])da(ÿ|\.|=2E)ru([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])redir(ÿ|\.|=2E)internet(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])landingstrip(ÿ|\.|=2E)dell(ÿ|\.|=2E)com/landingstrip/ls(ÿ|\.|=2E)asp\?DURL=
 *  1100^0    (^|[^-_0-9a-z])www(ÿ|\.|=2E)google(ÿ|\.|=2E)com/url\?sa=
 *  1100^0    (^|[^-_0-9a-z])www(ÿ|\.|=2E)govbenefits(ÿ|\.|=2E)gov/es/govbenefits/externalLink(ÿ|\.|=2E)jhtml\?url=
 *  1100^0    (^|[^-_0-9a-z])www(ÿ|\.|=2E)govloans(ÿ|\.|=2E)gov/govloans/externalLink(ÿ|\.|=2E)jhtml\?url=
 *  1100^0    (^|[^-_0-9a-z])minerva(ÿ|\.|=2E)dce(ÿ|\.|=2E)harvard(ÿ|\.|=2E)edu/cgi-bin/redirect(ÿ|\.|=2E)cgi\?url=
 *  1100^0    (^|[^-_0-9a-z])www(ÿ|\.|=2E)bernie(ÿ|\.|=2E)house(ÿ|\.|=2E)gov/website/leavesite(ÿ|\.|=2E)asp\?url=
 *  1100^0    (^|[^-_0-9a-z])lcweb(ÿ|\.|=2E)loc(ÿ|\.|=2E)gov/cgi-bin/gourl\?URL=
 *  1100^0    (^|[^-_0-9a-z])www(ÿ|\.|=2E)microsoft(ÿ|\.|=2E)com/germany/businesssolutions/mbs_extern.asp\?url=
 *  1100^0    (^|[^-_0-9a-z])(ads|go?)(ÿ|\.|=2E)msn(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])www(ÿ|\.|=2E)nate(ÿ|\.|=2E)com/r/XY12/
 *  1100^0    (^|[^-_0-9a-z])netu(ÿ|\.|=2E)to([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])webmasterworld(ÿ|\.|=2E)com/ra(ÿ|\.|=2E)cgi\?url=
 *  1100^0    (^|[^-_0-9a-z])chkpt(ÿ|\.|=2E)zdnet(ÿ|\.|=2E)com/chkpt/
 {
  SBLOG="A1R-Web Proxy/Redirector URL"
  INCLUDERC=${SBDIR}/functions/loglevel.rc

  :0
  * $ ${SBSCORE}^0
  * 3^0
  { SBSCORE=$= }
 }
}



# Domains that don't belong to spammers, but that often appear in
# the body text of spam as web site references or redirectors to
# spam havens.  Many of these domains belong to large free email
# and web hosting services such as Geocities, Hotmail, and Yahoo.
#
# The best way to avoid blocking legitimate email with these URLs in
# it is to make heavy use of your NOBOUNCE file.
#

# Hotmail email addresses.
#
:0
* LEANTAG ?? no
* B ??  (^|[^-_0-9a-z])[0-9a-z][_0-9a-z.]+(@|[=%]40)(ÿ|\.|=2E)hotmail(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
{
 LOCALIPREGEXP=${FIRSTEXIPREGEXP}
 LT2=no
 TESTCIDR=${SBDIR}/info/hotmail-ips.cidr
 INCLUDERC=${SBDIR}/functions/check-cidr.rc

 :0
 * LT2 ?? no
 {
  SBLOG="A1R-Hotmail email address in Message Body/Not From Hotmail"
  INCLUDERC=${SBDIR}/functions/loglevel.rc

  :0
  * $ ${SBSCORE}^0
  * 3^0
  { SBSCORE=$= }
 }
}


# Yahoo email addresses.
:0
* LEANTAG ?? no
* B ??  (^|[^-_0-9a-z])[0-9a-z][_0-9a-z.]+(@|[=%]40)(ÿ|\.|=2E)yahoo(ÿ|\.|=2E)[a-z][a-z][a-z]?((ÿ|\.|=2E)[a-z][a-z])?([^a-z0-9.]|\. |\.$|$)
{
 LOCALIPREGEXP=${FIRSTEXIPREGEXP}
 LT2=no
 TESTCIDR=${SBDIR}/info/hotmail-ips.cidr
 INCLUDERC=${SBDIR}/functions/check-cidr.rc

 :0
 * LT2 ?? no
 {
  SBLOG="A1R-Yahoo email address in Message Body/Not From Yahoo"
  INCLUDERC=${SBDIR}/functions/loglevel.rc

  :0
  * $ ${SBSCORE}^0
  * 3^0
  { SBSCORE=$= }
 }
}

# Generic Free Email addresses or web sites in message body.
#
:0
* FREEWEB ?? yes
* LEANTAG ?? no
* LOCALTAG ?? no
{
 :0 B
 * !--.*forwarded message --
 * !^forwarded message:
 * -1000^0
 *  -200^1   ^[:;#>]
 *  1100^0    (^|[^-_0-9a-z])1stok(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])altern(ÿ|\.|=2E)org([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])bl(ÿ|\.|=2E)am([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])btamail(ÿ|\.|=2E)net(ÿ|\.|=2E)cn([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])buy(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])cjb(ÿ|\.|=2E)net([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])come(ÿ|\.|=2E)to([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])cordoba(ÿ|\.|=2E)net([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])faithweb(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])fortunecity(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])freechinapages(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])freecoolhost(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])freepage(ÿ|\.|=2E)gr([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])freeservers(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])freewebs(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])fullzero(ÿ|\.|=2E)com(ÿ|\.|=2E)ar([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])geocities(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])gnaps(ÿ|\.|=2E)net([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])homestead(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])hostadultwithus4free(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])icq(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])infoseek(ÿ|\.|=2E)co(ÿ|\.|=2E)jp([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])netfirms(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])netman(ÿ|\.|=2E)ru([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])nifty(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])online(ÿ|\.|=2E)com\.ua([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])paypal(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])pcpages(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])post(ÿ|\.|=2E)cz([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])response-o-matic\.com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])ris(ÿ|\.|=2E)org([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])rocksolidfree(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])seed(ÿ|\.|=2E)net(ÿ|\.|=2E)tw([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])seeder(ÿ|\.|=2E)net(ÿ|\.|=2E)tw([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])shopping(ÿ|\.|=2E)seoul(ÿ|\.|=2E)kr([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])sina(ÿ|\.|=2E)com(ÿ|\.|=2E)cn([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])survivormail(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])thefreeserver(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])tripod(ÿ|\.|=2E)cl([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])tripod(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])tripod(ÿ|\.|=2E)com(ÿ|\.|=2E)[a-z][a-z]([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])tripod(ÿ|\.|=2E)co(ÿ|\.|=2E)uk([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])uol(ÿ|\.|=2E)com\.co([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])uole(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])vze(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])xoom(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])yahoo(ÿ|\.|=2E)co(ÿ|\.|=2E)uk([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])yawadoo(ÿ|\.|=2E)com([^a-z0-9.]|\. |\.$|$)
 {
  SBLOG="A1R-Free Email or Web Site in message body"
  INCLUDERC=${SBDIR}/functions/loglevel.rc

  :0
  * $ ${SBSCORE}^0
  * 2^0
  { SBSCORE=$= }
 }
}