#
#                            "SPAMtag" filter rules...
#
# Uses procmail weighted scoring and marks suspected articles (originating
# from outside Cisco) with a '[SPAM]' tag in the subject heading, as well
# as a header 'X-SPAM'
#

# Default location for "formail"
#
:0
* FORMAIL ?? ^^^^
{ FORMAIL=/usr/bin/formail }

# REQUIRED; be able to handle the long rule below (else procmail dumps core)
#
LINEBUF=32776

# PATTERN MATCHING
#
# Procmail weighted "scoring technique" used to analyze body text of
# email to spot spam which cannot be spotted by analyzing the headers
# of the spam -- spam sent from throwaway accounts or "whackamole"
# spam.
#
# The first recipe sets the email's default score at negative 1000 --
# only if the cumulative "score" of header and body string "hits", or
# recipes which result in a match, equals or exceeds 1000 will the
# email be tagged as probable spam.
#
# The numbers between the "*" at the beginning of each condition and
# the start of the actual condition represent the score given to a
# match for that condition.  The first number represents the score
# for the first match.  The second number, after the caret "^", represents
# the exponent used to calculate the score for a second and subsequent
# matches.
#
# For example, a scoring formula of 100^1 means that the first match is
# given a score of 100, and subsequent matches are modified by an exponent,
# or "power", of one.  Since any number to the first power equals itself,
# this means that each match for this recipe will be given a score of 100.
# Ten such matches will result in a score of 1000, which (unless other
# recipes reduced this score) would cause the Spam Bouncer to classify this
# particular piece of email as probable spam and divert it to the BLOCKFOLDER.
#
# A scoring formula of 300^.5 means that the first match is given a score
# of 300; the second of 300^.5, which is 150; the third a score of 300^(.5*2),
# which is 75, and so on.  The cumulative score would be 300+150+75....
# A recipe of this type weighs first mention of the suspect word or phrase
# more heavily than subsequent mentions, and thus avoids classifying email
# as spam based solely on the presence of a single suspect word or phrase
# since the cumulative score for any number of matches can never exceed a
# certain maximum number.
#
# A scoring formula of 50^2, on the other hand, weighs the first occurrence
# of a suspect word or phrase relatively lightly, but subsequent mentions
# ever more heavily.  This is useful for catching spam based on common spam
# keywords which may appear once or twice in non-spam email, but frequently
# appear many times in the text of a spam email.
#
# A scoring formula of 300^0 weighs the first occurrence of a suspect
# word or phrase at 300, and ignores subsequent matches.  This is useful
# for tests for a typical spam phrase in the Subject: header, where the
# phrase will not appear twice -- it speeds up processing.
#
# For more information on how Procmail Scoring works, consult the Procmail
# scoring manual on your system by typing "man procmailsc".
#

:0 BHhf
#* ^X-SMAP-Received-From: outside
#* !^Subject: Cisco Headlines,
* !^From:.*Open Class Daemon
* !^From:.*Shuman
* !^From:.*Carlberg
* !^From:.*@vtext\.com
* !^From:.*Foster
* !^From:.*Hanson
* !^From:.*bidconfirm@ebay.com
* !^From:.*outbidnotice@ebay.com
* !^From: aw-confirm@ebay.com
* !^From:.*@internic\.net
* !^From:.*discoverinteractive@discoverfinancial.com
* !^TO.*@internic\.net
#* !^- ?--.*(f|F)orwarded message
#* !^forwarded message:
#* !^-----BEGIN PGP SIGNED MESSAGE-----
* -1000^0
*    500^0  ^TO.*(friend|hello|winner|professional|hardcore|([0-9][0-9]*\.?@))
*    600^0  ^Message-ID: <>
*   1000^0  ^Subject: The Greatest Dental Plan \$2-\$3/week...
*   1000^0  ^Subject:.*Findout About Anyone Fast
*    500^0  ^From:.*@UNKOWN\.EXTERNAL\.SENDER
*    500^0  ^From:.*@yahoo.com
*    500^0  ^From:.*@hotmail.com
*    500^0  ^From:.*tshirtnews
*   1000^0  ^To:.*undisclosed-recipients
*   -50^1.5  case
*  -200^1    (close|open)-par
*  -200^1    def(const|group|un|var)
*   -50^1.5  define
*  -100^1    java
*  -100^1    loadable
*  -100^1    module
*  -200^1    regexp
*  -200^1    science fiction
*  -200^1    sci-fi
*  -100^1.5  spam
*   -50^1.5  syntax
*   -50^1.5  variable
*   300^0   ^Received:.*[^0-9a-z](ix\.netcom\.(ca|com|uk)[^\.]|\
	                   prodigy\.(com|net)[^\.]|\
	                   sprynet\.(com|net)[^\.])
*   200^1   ^Subject: .*\$
*   200^1   ^Subject: .*!
*   300^0   ^Subject: .*[:;%\|][-=]?[>\)D]
*   300^0   ^Subject: .*hello
*   200^1    ^<HTML><|<A HREF=\"mailto:|</FONT><FONT COLOR
*   100^1    \$\$
*   100^1    ,000 e-?mail addresses
*   100^1    1-?\(?800\)?
*   100^1    24-hour
*   200^1    900\#
*   300^1    900 number
*    50^1    action
*   100^1    advertis(e|ing)
*   200^1    advertising agency
*   100^1    adult
*   300^1    all expense paid
*   300^1    (amazing|exciting) new technology
*   100^1    american express
*   100^1    [^0-9a-z]ass[^0-9a-z]
*   100^1    as low as \$
*   200^1    autoresponder
*   100^1    baseball
*   100^1    Be (happy|healthy|free)
*   100^1    Best of all
*   200^1    bulk.*mail
*   300^1    BulkMate
*    50^1    business
*   300^1    business.*home
*   100^1    call anytime
*   200^1    call today
*   100^1    capital
*   100^1    cash
*   100^1    check it out
*   200^1    cherrypicker
*   100^1    click (here|below)( to enter)?
*   100^1    cock
*    50^1    confidential
*    50^1    congratulations
*    50^1    credit
*   400^1    [^0-9a-z]cum[^0-9a-z]
*   400^1    cunts?
*   100^1    deal
*   200^1    (d|D)ear (educator|friend|professional)[,;:]
*   200^1    delete
*   300^1    direct.*mail
*   300^1    do not.*reply
*   200^1    downline
*    50^1    easy
*   200^1    Earn \$.*per (week|month)
*   200^1    e-mail announcement
*   100^1    (enormous|huge|vast) market
*   200^1    entrepreneur
*   300^1    erotic
*   300^1    exclusive.*offer
*   100^1    everything to gain
*   100^1    fantasy
*    50^1    [^0-9a-z]fast[^0-9a-z]
*   100^1    financ(e|ial)
*   200^1    floodgate
*   200^1    for full details
*   100^1    free
*   100^1    fuck
*   200^1    fully functional
*    50^1    gay
*   300^1    get.*rich.*quick
*   200^1    goldrush
*   100^1    grand prize
*   100^1    great
*   300^0    great gift idea
*   100^1    growth
*   100^1    guarantee
*   100^1    happiness
*   200^0    Have you ever (wanted|wondered)
*   300^0    hello (,|my) friend
*   200^1    hard to believe
*   300^1    home( |-)(business|employment)
*   100^1    home( |-)work
*    50^1.5  [^0-9a-z]hot[^0-9a-z]
*    50^1    illegal
*    50^1.5  immediate
*   100^1    income
*   300^1    income opportunity
*   300^1    information hot(-| )line
*    50^1    innovative
*   100^1    instant
*   100^1    invest
*   200^1    investment opportunity
*   200^1    join this (club|company|group|exclusive)
*   100^1    just visit
*    50^1.5  leads?
*    50^1    legal
*   100^1    list service
*   300^1    live.*adult
*   300^1    live.*girl
*   300^1    live.*sex
*   300^1    live.*XXX
*    50^1    lonely
*   200^1    Long Distance.*Phone Card
*   100^1    lottery
*   100^1    loved ones
*   100^1    low price
*   100^1    low rate
*    50^1    mail bomb
*   100^1    mailing list
*   100^1    mailto:
*   200^1    (A|a)mazing(\?|!)
*   200^1    (major )?credit card
*   200^1    make.*money.*fast
*   100^1    (make|send) (your )?check or money order
*    50^1    market
*    50^1.5  mastercard
*   300^1    matrix system
*   200^1    meet new (friends|people)
*    50^1.5  money
*   200^1    money back
*   300^1    morningstar
*   300^1    multi-?level
*   300^0    must be 18
*   200^1    (never|don\'t) want(ed)? you to (know|find out)
*   200^1    no (catch|obligation|gamble|hype|prospecting|selling|signup)
*   200^1    no (purchase necessary)
*   100^1    nothing to lose
*   400^1    one[- ]?time invitation
*   400^1    one[- ]?time mailing
*   100^1    on[- ]?line relationship
*   100^1    opportunity
*   300^1    orgasm
*   100^1    our (phone|fax) number
*   200^1    Pay No Money Now
*   100^1    Perhaps You \?
*   100^1    PLEASE READ
*   100^1    PLEASE CALL
*   100^1    porn
*    50^1    power
*   300^1    pre-approv(e|al)
*    50^1.5  price
*   100^1    profit
*    50^1    product
*   100^1    pussy
*   100^1    qualif(y|ied)
*    50^1.5  quality
*   100^1    quit (smoking|your job)
*   100^1    read.*again
*   200^1    read this
*   200^1    read.*twice
*   200^1    Real-Spider
*   100^1    red.*tape
*   200^1    reply now
*   100^1    report \#
*   100^1    report #
*   100^1    representative will call you
*   100^1    rich(es|er)
*   100^1    romance
*   100^0    S&H
*   100^1    search engine
*   200^1    self(-| )help
*   200^1    Save [1-9]0\% on
*   200^1    seduc(e|tion)
*   100^1.5  sexy?
*   1000^1.5  SEX
*   100^1    Start NOW
*   100^1    stealth
*   200^1    subliminal
*   200^1    sweepstakes
*   200^1    Syrynx
*    50^1    targeted
*   200^0    ^Thank you for your (time|attention)\.?$
*   400^1    tits
*   400^1    To be removed from ((our|this) (mailing )?list)|(future e?-?mail)
*   300^1    travel representative
*   300^1    type.*remove
*   100^1    ultimate
*   100^1    uncensored
*   100^1    unsecured
*   200^1    upline
*    50^1.5  valu(able|e)
*   100^1    venture
*   300^1    via E[-]?(mail|MAIL)\!
*   200^1    Virtual Boyfriend
*   200^1    Virtual Girlfriend
*    50^1.5  visa
*   200^1    wealth
*    50^1    website
*   200^1    web site.*secret
*   200^1    weight loss
*   200^1.5  work.*home
*   200^1.5  Work.*Home
*   200^1    world's (largest|number|leading|#1)
*   300^1    worldwide exporter
*   300^1    WOULD YOU (LIKE|LOVE|ENJOY)
*   100^0    [^X]XXX[^X]
*   500^1    \.BIZ
*   500^1    \.INFO
*   500^1    \
	.*Home Business|\
	.*Homebuyers handbook|\
	100\%.*GUARANTEED|\
	@answerme\.com[^\.]|\
	@peopleschatnetwork\.com[^\.]|\
	@spica\.net[^\.]|\
	absolutely FREE|\
	ABSOLUTELY GUARANTEED|\
	adking@hotmail\.com|\
	Adult XXX Entertainment - NOW PAYS YOU !!!|\
	adult.*site|\
	Advertise To Millions For Free!|\
	Advertisement[^0-9a-z]|\
	ALERT - Internet Fraud and Spying|\
	Allanté Appreciation Group|\
	Alternative Wealth Generator|\
	America's E-Mail Service|\
	Animated Musical Holiday Cards|\
	ARE YOU BEING INVESTIGATED \?|\
	Are you a sports fan ?\?|\
	Are You In Need Of A Lifestyle Change|\
	Are You Ready For Financial Change\?\?|\
	Aren\'t you the person....\?|\
	Best Things In Life Are FREE!|\
	BroadLeaf Communications Inc\.|\
	CALL COULD CHANGE YOUR LIFE|\
	CAN'T AFFORD TO MISS|\
   wbtu8@worldpeace\.com|\
   CASINO|\
	Club Celebrity X|\
	Connection Navigator software|\
	Demand Research|\
	direct marketing|\
	Directory of Human Resources Executives|\
	Directory of Human Resources Executives|\
	DO NOT DELETE THIS!|\
	DRIVE YOUR DREAM CAR|\
	D\.J\. Distributors|\
	e-mail robot will remove|\
	Earn (big|huge) (money|income).*from your home|\
	Easy Money selling \"How to\" booklets|\
	Eat cookies, Lose weight and Earn Money!|\
	Email your AD to 57 MILLION People|\
	Extractor Pro Bulk E-.*Software|\
	finally found the secrets (I|you)\'ve been looking for\.|\
	For Adults Only|\
	Free Adult Internet Connection|\
	FREE Commercial Websites|\
	Free Money|\
	Free National Advertising!|\
	Free Poetry Contest|\
	FREE Seiko Message Watch or Motorola Flex Pager!!!!|\
	FREE website and free email autoresponder for you!|\
	Freebies, Samples, and Discounts|\
	From the Beaches of Florida|\
	Fullfill Your Wildest Fantasy|\
	Get a FREE|\
	Get A \$5,000 Offshore Credit Card, Guaranteed!!!|\
	Get the power of Internet Marketing|\
	Hi !!?!?|\
	Hi Tech Sales Techniques|\
	Home Based Income|\
	Homemade Moonshine|\
	Hottest Thing On The Internet Today!|\
	How to Really Make Money on the Information Superhighway!|\
	http://203\.36\.89\.240|\
	http://205\.152\.95\.38/|\
	http://207\.36\.70\.47|\
	http://208\.158\.114\.56|\
	http://209\.117\.|\
	http://christmas-village\.com|\
	http://cus\.alpina1\.net/|\
	http://freedom-mall\.com/virtual/lists\.html|\
	http://members\.tripod\.com/\~abei/k0003\.html|\
	http://strategis\.ic\.gc\.ca/|\
	http://world-space\.ids\.on\.ca/|\
	http://www\.1stfamily\.com|\
	http://www\.1stlady\.com|\
	http://www\.2001ns\.com/fbk|\
	http://www\.action2000\.com/|\
	http://www\.actioncd\.com|\
	http://www\.bedroomsports\.com|\
	http://www\.bookiescafe\.com|\
	http://www\.crazywhore\.com|\
	http://www\.cum-2-me-baby\.com|\
	http://www\.DoMeLive\.com|\
	http://www\.dreambiz\.com|\
	http://www\.easydiscovery\.com|\
	http://www\.econ-ergy\.com|\
	http://www\.emagnet\.com/lists\.htm|\
	http://www\.freepages\.cban\.com/Free900/|\
	http://www\.hotlovin\.com[^\.]|\
	http://www\.industrialsex\.com[^\.]|\
	http://www\.inexchange\.net[^\.]|\
	http://www\.insidermall\.com[^\.]|\
	http://www\.interconnection\.com[^\.]|\
	http://www\.lti-infosystems\.com[^\.]|\
	http://www\.mallnetglobal\.com/|\
	http://www\.megamarketing\.net/|\
	http://www\.microsoft-windows\.com|\
	http://www\.mkt-america\.com/|\
	http://www\.moneyaction\.com/pls/rl/index\.htm|\
	http://www\.motionpixels\.com|\
	http://www\.mountainmicro\.com|\
	http://www\.moviecd\.com|\
	http://www\.mtcnet\.com|\
	http://www\.nccol\.com/fna|\
	http://www\.netpromo\.net[^\.]|\
	http://www\.nevwest\.com/|\
	http://www\.peopleschatnetwork\.com|\
	http://www\.pinkpussyclub\.com[^\.]|\
	http://www\.recruitment\.scotland\.net[^\.]|\
	http://www\.sendasong\.inter\.net/|\
	http://www\.shop-smart\.com|\
	http://www\.sinotrade\.net|\
	http://www\.spck\.se|\
	http://www\.strippersinc\.com[^\.]|\
	http://www\.submit200\.com[^\.]|\
	http://www\.t-1net\.com[^\.]|\
	http://www\.tarika\.com[^\.]|\
	http://www\.traceit\.com[^\.]|\
	http://www\.ultramax\.net/members/larrymc\.html|\
	http://www\.unique-shopping-mall\.com[^\.]|\
	http://www\.vpm\.com/hallofnames/|\
	http://www\.webcreations\.com|\
	http://www\.xxx-sex-world\.com|\
	http://www\.yesic\.com/prosper/4series\.htm|\
	http://www\.your_site_address\.com|\
	http://www\.zoomtel\.com|\
	http://zack\.ecs\.sk\.ca/addremove|\
	http[:;]//www\.usawebsite\.com/\~helpingh/index2\.html|\
	http://http://www\.PrivateGirlFriend\.com|\
	Important Advisory!!|\
	income.*opportunity|\
	INTERNATIONAL COMPANY SEEKS HELP!!|\
	INTERNET CREDIT CARD PRE-APPROVAL LETTER|\
	Internet Specialist 007|\
	INTERTRACK RESEARCH SERVICE|\
	Is Your Web Site A Secret\?$|\
	IT WORKS! Earn Income\.\.\.|\
	It\'s amazing\!|\
	Let Us Do Your Bulk Email !!!|\
	letter from the internet|\
	LOCATE ANYONE SEARCH ALL USA|\
	LOOK AT THESE LOW PRICES|\
	Lose [0-9]*-[0-9]* Pounds!|\
   LOSE WEIGHT\
   lose weight\
	Millions of copies have|\
	MAKE HUGE PROFITS ON THE INTERNET!!|\
	Managers and Brokers|\
	Marketects Medical Research|\
	must be 18 to read this message|\
	National Software Company|\
	Nation\'s Little Secret|\
   Need a Home Loan\?|\
	Need a Loan\?|\
	Need QUICK cash\?|\
	nettunnel@mailexcite.com[^\.]|\
	No Money Down|\
	No Work - Just Cash|\
	noic\.org[^\.]|\
	nternet.*marketing|\
	NTyme Publishing|\
	ORIENTAL/MEXICAN TRADE DIRECTORIES|\
	Password to 1[0-9]00 sex sites|\
	please accept our apolog(y|ies)|\
	powerful wealth building program|\
	prestigious non-accredited universities|\
	PROFITS!!!|\
	Quiet Home-Based Business|\
	Re: Regarding your web site\.\.\.|\
	read this twice.*then do the math|\
	READ THIS TWICE|\
	READ THIS!!!|\
	Recruitment Scotland|\
	research@infoname\.com|\
	Restore Your Health|\
	rtor@wainfleet\.ids\.on\.ca|\
	Search for Paradise|\
	Search for Paradise|\
	SEND-A-SONG|\
	sexual activities.*on computer|\
	Show Me The Money!!|\
	Smoky Mountain|\
	Software to spy people on the net|\
	software will automatically block you|\
	Something for Poetry Lovers|\
	SONGMAIL -- Unique Valentine's Day Gift Idea|\
	Subliminally Seduce Women|\
	taim\.org|\
	take less than 30 seconds to read this|\
	TECH KIDS, Inc.|\
	The Best Services On The Internet Newsletter|\
	The Card!!!!!|\
	This is a.*(new )?bulk emailer|\
	This is no SPAM\..*direct mail \"email\" list|\
	Try EVO for free!|\
	ULTIMATE MATRIX SYSTEM|\
	UNITED CREDIT CARD SYSTEMS|\
	UNLIMITED Legal Counsel|\
	U\.S\. IMMIGRATION|\
	Virtual Girlfriend and Virtual Boyfriend|\
	VIRUS WARNING!!|\
	We Do All The Work And You Collect All The Cash|\
	We ship worldwide|\
	Web Pages Don't Make Money.*Hi-Tech Alternative|\
	Web Site? Submission|\
	wheelt@speedlink\.com|\
	World\'s Largest Family History Database|\
	Writers Seeking Publication|\
	www\.BooksAmerica\.com|\
	www\.greatdeals\.net|\
	www\.sexfantasy\.com[^\.]|\
	www\.technomail\.com|\
	www\.usaemail\.com[^\.]|\
	xsend\.com[^\.]|\
	XXX ADULT ENTERTAINMENT|\
	XXX ADULT SEX|\
	XXX LIVE SEX|\
	XXX VIDEOS|\
	You Also Have Rights!|\
	You must be over 21|\
	you owe it to yourself to|\
	YOU WILL NOT BE DISAPPOINTED|\
	you wish to be removed from this advertiser\'s future mailings|\
	Your AD to [0-9]*,000!|\
	Your e-?mail sent to me by mistake|\
	Your Family Name|\
	YOUR STEALTH MAIL BOMBER !!|\
	Your \$25.*Domain Name|\
	Your.*address was given to me as a person interested|\
	You\'re a Winner!!!|\
	\" Very IMPORTANT Announcement \" !|\
	\"Fresh!!Email List\"|\
	\"How to E-X-P-0-S-E Infidelity\" \. \. \.|\
	\"Insider\'s Guide to Credit Repair Secrets\.\"|\
	\"JOIN THE CREW\" DO NOT open|\
	\"next generation theme park\.\"|\
	\"PRINT AND READ TWICE\"|\
	\*Satellite TV\*|\
	\{Removal instructions at bottom... \}|\
	^DO NOT DELETE THIS!|\
	^For senior professionals|\
	^If you would like not to receive further information|\
	^@netcenter.netscape.com\
   Decrease your debt\
   Second Mortgage\
   Great Mortgage Rates\
   background check\
   criminal record\
	^Welcome to Tip Mail!
* !^Resent-(By|From|To):
| $FORMAIL -A"X-SPAM: Pattern Match" -a"Subject: (no subject)" | \
	sed 's/^Subject:/Subject: [SPAM]/'

# Dial-up users forging their way into Cisco should be treated as suspect :
#
# UUNet|ATT.Net|Sprint.net customer dial-up SPAMmers
#   Usually from something like: 1cust186.tnt1.lexington.ky.da.uu.net
#                                215.minneapolis-05.mn.dial-access.att.net
#                                sdn-ts-003cabakep12.dialsprint.net
#   with a server derived message-id
#
:0E
* ^Received:.*(1cust[0-9][0-9][0-9]?\.(tnt|max)[0-9][0-9]?.*uu\.net)|\
                (dial-access\.att\.net)|\
                (dialsprint\.net)|unknown\([0-9]*\..*[0-9]*\)
* ^Message-Id:.*cisco\.com
* !^Resent-(By|From|To):
| $FORMAIL -A"X-SPAM: No Message-Id" -a"Subject: (no subject)" | \
	sed 's/^Subject:/Subject: [DIRECT DIALER]/'

# Last update: Thu May 14 14:49:21 PDT 1998