Differences

This shows you the differences between two versions of the page.

--- ubuntu:spamassassin:rules_file [2020/07/15 09:30] – external edit 127.0.0.1
+++ ubuntu:spamassassin:rules_file [2023/03/06 09:27] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== Ubuntu - SpamAssassin - Rules file ======
-_active.cf
-<file>
-# SpamAssassin rules file
-#
-# Please don't modify this file as your changes will be overwritten with
-# the next update. Use /etc/mail/spamassassin/local.cf instead.
-# See 'perldoc Mail::SpamAssassin::Conf' for details.
-#
-# <@LICENSE>
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to you under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at:
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# </@LICENSE>
-#
-###########################################################################
-require_version 3.003002
-##{ AC_BR_BONANZA
-rawbody AC_BR_BONANZA   /(?:<br>\s*){30}/i
-describe AC_BR_BONANZA  Too many newlines in a row... spammy template
-#score AC_BR_BONANZA     0.001
-tflags AC_BR_BONANZA	publish
-##} AC_BR_BONANZA
-##{ AC_DIV_BONANZA
-rawbody AC_DIV_BONANZA  /(?:<div>(?:\s*<\/div>)?\s*){10}/i
-describe AC_DIV_BONANZA Too many divs in a row... spammy template
-#score AC_DIV_BONANZA    0.001
-tflags AC_DIV_BONANZA	publish
-##} AC_DIV_BONANZA
-##{ AC_HTML_NONSENSE_TAGS
-rawbody 	AC_HTML_NONSENSE_TAGS	/(?:<[A-Za-z0-9]{4,}>\s*){10}/
-describe 	AC_HTML_NONSENSE_TAGS	Many consecutive multi-letter HTML tags, likely nonsense/spam
-#score 		AC_HTML_NONSENSE_TAGS	2.0
-tflags		AC_HTML_NONSENSE_TAGS	publish
-##} AC_HTML_NONSENSE_TAGS
-##{ AC_SPAMMY_URI_PATTERNS1
-meta 		AC_SPAMMY_URI_PATTERNS1 (__AC_OUTL_URI && __AC_OUTI_URI)
-describe 	AC_SPAMMY_URI_PATTERNS1	link combos match highly spammy template
-#score 		AC_SPAMMY_URI_PATTERNS1	4.0
-tflags 		AC_SPAMMY_URI_PATTERNS1	publish
-##} AC_SPAMMY_URI_PATTERNS1
-##{ AC_SPAMMY_URI_PATTERNS10
-meta 		AC_SPAMMY_URI_PATTERNS10 __AC_PUNCTNUMS_URI
-describe 	AC_SPAMMY_URI_PATTERNS10 link combos match highly spammy template
-#score 		AC_SPAMMY_URI_PATTERNS10 4.0
-tflags 		AC_SPAMMY_URI_PATTERNS10 publish
-##} AC_SPAMMY_URI_PATTERNS10
-##{ AC_SPAMMY_URI_PATTERNS11
-meta 		AC_SPAMMY_URI_PATTERNS11 __AC_NDOMLONGNASPX_URI
-describe 	AC_SPAMMY_URI_PATTERNS11 link combos match highly spammy template
-#score 		AC_SPAMMY_URI_PATTERNS11 4.0
-tflags 		AC_SPAMMY_URI_PATTERNS11 publish
-##} AC_SPAMMY_URI_PATTERNS11
-##{ AC_SPAMMY_URI_PATTERNS12
-meta 		AC_SPAMMY_URI_PATTERNS12 (__AC_CHDSEQ_URI && __AC_MHDSEQ_URI && __AC_UHDSEQ_URI)
-describe 	AC_SPAMMY_URI_PATTERNS12 link combos match highly spammy template
-#score 		AC_SPAMMY_URI_PATTERNS12 4.0
-tflags 		AC_SPAMMY_URI_PATTERNS12 publish
-##} AC_SPAMMY_URI_PATTERNS12
-##{ AC_SPAMMY_URI_PATTERNS2
-meta 		AC_SPAMMY_URI_PATTERNS2 (__AC_LAND_URI && __AC_UNSUB_URI && __AC_REPORT_URI)
-describe 	AC_SPAMMY_URI_PATTERNS2	link combos match highly spammy template
-#score 		AC_SPAMMY_URI_PATTERNS2	4.0
-tflags 		AC_SPAMMY_URI_PATTERNS2	publish
-##} AC_SPAMMY_URI_PATTERNS2
-##{ AC_SPAMMY_URI_PATTERNS3
-meta 		AC_SPAMMY_URI_PATTERNS3 (__AC_PHPOFFTOP_URI && __AC_PHPOFFSUB_URI)
-describe 	AC_SPAMMY_URI_PATTERNS3	link combos match highly spammy template
-#score 		AC_SPAMMY_URI_PATTERNS3	4.0
-tflags 		AC_SPAMMY_URI_PATTERNS3	publish
-##} AC_SPAMMY_URI_PATTERNS3
-##{ AC_SPAMMY_URI_PATTERNS4
-meta 		AC_SPAMMY_URI_PATTERNS4 __AC_NUMS_URI
-describe 	AC_SPAMMY_URI_PATTERNS4	link combos match highly spammy template
-#score 		AC_SPAMMY_URI_PATTERNS4	4.0
-tflags 		AC_SPAMMY_URI_PATTERNS4	publish
-##} AC_SPAMMY_URI_PATTERNS4
-##{ AC_SPAMMY_URI_PATTERNS8
-meta 		AC_SPAMMY_URI_PATTERNS8 __AC_LONGSEQ_URI
-describe 	AC_SPAMMY_URI_PATTERNS8	link combos match highly spammy template
-#score 		AC_SPAMMY_URI_PATTERNS8	4.0
-tflags 		AC_SPAMMY_URI_PATTERNS8	publish
-##} AC_SPAMMY_URI_PATTERNS8
-##{ AC_SPAMMY_URI_PATTERNS9
-meta 		AC_SPAMMY_URI_PATTERNS9 (__AC_1SEQC_URI && (__AC_1SEQV_URI || __AC_RMOVE_URI))
-describe 	AC_SPAMMY_URI_PATTERNS9	link combos match highly spammy template
-#score 		AC_SPAMMY_URI_PATTERNS9	4.0
-tflags 		AC_SPAMMY_URI_PATTERNS9	publish
-##} AC_SPAMMY_URI_PATTERNS9
-##{ ADMAIL
-meta        ADMAIL            __ADMAIL && !__DKIM_EXISTS && !__COMMENT_EXISTS
-describe    ADMAIL            "admail" and variants
-tflags      ADMAIL            publish
-##} ADMAIL
-##{ ADMITS_SPAM
-meta        ADMITS_SPAM       __ADMITS_SPAM && !__TO___LOWER && !__MSOE_MID_WRONG_CASE && !__RP_MATCHES_RCVD
-describe    ADMITS_SPAM       Admits this is an ad
-##} ADMITS_SPAM
-##{ ADVANCE_FEE_2_NEW_FORM
-meta      ADVANCE_FEE_2_NEW_FORM    (__ADVANCE_FEE_2_NEW_FORM && !__ADVANCE_FEE_3_NEW_FORM && !__ADVANCE_FEE_4_NEW_FORM && !__ADVANCE_FEE_5_NEW_FORM) && !__COMMENT_EXISTS && !__THREADED && !__HTML_LINK_IMAGE && !__HDRS_LCASE && !__DOS_HAS_LIST_UNSUB && !__HAS_SENDER && !__HAS_X_LOOP
-describe  ADVANCE_FEE_2_NEW_FORM    Advance Fee fraud and a form
-#score     ADVANCE_FEE_2_NEW_FORM    2.000  # limit
-tflags    ADVANCE_FEE_2_NEW_FORM     publish
-##} ADVANCE_FEE_2_NEW_FORM
-##{ ADVANCE_FEE_2_NEW_FRM_MNY
-meta      ADVANCE_FEE_2_NEW_FRM_MNY    (__ADVANCE_FEE_2_NEW_FRM_MNY && !__ADVANCE_FEE_3_NEW_FRM_MNY && !__ADVANCE_FEE_4_NEW_FRM_MNY && !__ADVANCE_FEE_5_NEW_FRM_MNY) && !__HTML_LINK_IMAGE && !__HDRS_LCASE && !__DOS_HAS_LIST_UNSUB && !__THREADED && !__HAS_SENDER && !__HAS_X_LOOP
-describe  ADVANCE_FEE_2_NEW_FRM_MNY    Advance Fee fraud form and lots of money
-#score     ADVANCE_FEE_2_NEW_FRM_MNY    2.500
-##} ADVANCE_FEE_2_NEW_FRM_MNY
-##{ ADVANCE_FEE_2_NEW_MONEY
-meta      ADVANCE_FEE_2_NEW_MONEY    (__ADVANCE_FEE_2_NEW_MONEY && !__ADVANCE_FEE_3_NEW_MONEY && !__ADVANCE_FEE_4_NEW_MONEY && !__ADVANCE_FEE_5_NEW_MONEY) && !__DOS_HAS_LIST_UNSUB && !__TAG_EXISTS_CENTER && !__LYRIS_EZLM_REMAILER && !__COMMENT_EXISTS && !__UNSUB_LINK && !__VIA_ML && !__HTML_LINK_IMAGE && !__HDRS_LCASE && !__NAME_EQ_EMAIL && !__URI_MAILTO_MANY && !__RP_MATCHES_RCVD && !__THREADED && !__HAS_SENDER && !__HAS_X_LOOP
-describe  ADVANCE_FEE_2_NEW_MONEY    Advance Fee fraud and lots of money
-#score     ADVANCE_FEE_2_NEW_MONEY    2.000  # limit
-tflags    ADVANCE_FEE_2_NEW_MONEY    publish
-##} ADVANCE_FEE_2_NEW_MONEY
-##{ ADVANCE_FEE_3_NEW
-meta      ADVANCE_FEE_3_NEW    (__ADVANCE_FEE_3_NEW && !__FILL_THIS_FORM && !LOTS_OF_MONEY && !__ADVANCE_FEE_4_NEW && !__ADVANCE_FEE_5_NEW) && !__HTML_LINK_IMAGE && !__TAG_EXISTS_CENTER && !__COMMENT_EXISTS && !__VIA_ML && !__THREADED && !__UNSUB_LINK && !__UPPERCASE_URI && !__SURVEY && !__HAS_SENDER && !__HAS_X_LOOP && !__TO_YOUR_ORG
-describe  ADVANCE_FEE_3_NEW    Appears to be advance fee fraud (Nigerian 419)
-#score     ADVANCE_FEE_3_NEW    3.5		# limit
-tflags    ADVANCE_FEE_3_NEW          publish
-##} ADVANCE_FEE_3_NEW
-##{ ADVANCE_FEE_3_NEW_FORM
-meta      ADVANCE_FEE_3_NEW_FORM    (__ADVANCE_FEE_3_NEW_FORM && !__ADVANCE_FEE_4_NEW_FORM && !__ADVANCE_FEE_5_NEW_FORM) && !__HTML_LINK_IMAGE && !__THREADED && !__HAS_SENDER && !__HAS_X_LOOP
-describe  ADVANCE_FEE_3_NEW_FORM    Advance Fee fraud and a form
-tflags    ADVANCE_FEE_3_NEW_FORM     publish
-##} ADVANCE_FEE_3_NEW_FORM
-##{ ADVANCE_FEE_3_NEW_FRM_MNY
-meta      ADVANCE_FEE_3_NEW_FRM_MNY    (__ADVANCE_FEE_3_NEW_FRM_MNY && !__ADVANCE_FEE_4_NEW_FRM_MNY && !__ADVANCE_FEE_5_NEW_FRM_MNY) && !__HTML_LINK_IMAGE && !__THREADED && !__HAS_SENDER && !__HAS_X_LOOP
-describe  ADVANCE_FEE_3_NEW_FRM_MNY    Advance Fee fraud form and lots of money
-##} ADVANCE_FEE_3_NEW_FRM_MNY
-##{ ADVANCE_FEE_3_NEW_MONEY
-meta      ADVANCE_FEE_3_NEW_MONEY    (__ADVANCE_FEE_3_NEW_MONEY && !__ADVANCE_FEE_4_NEW_MONEY && !__ADVANCE_FEE_5_NEW_MONEY) && !__HTML_LINK_IMAGE && !__UPPERCASE_URI && !__UNSUB_LINK && !__VIA_ML && !__THREADED && !__HAS_SENDER && !__HAS_X_LOOP
-describe  ADVANCE_FEE_3_NEW_MONEY    Advance Fee fraud and lots of money
-tflags    ADVANCE_FEE_3_NEW_MONEY    publish
-##} ADVANCE_FEE_3_NEW_MONEY
-##{ ADVANCE_FEE_4_NEW
-meta      ADVANCE_FEE_4_NEW    (__ADVANCE_FEE_4_NEW && !__FILL_THIS_FORM && !LOTS_OF_MONEY && !__ADVANCE_FEE_5_NEW) && !__COMMENT_EXISTS && !__TAG_EXISTS_CENTER && !__HAS_ERRORS_TO && !__DOS_HAS_LIST_UNSUB
-describe  ADVANCE_FEE_4_NEW    Appears to be advance fee fraud (Nigerian 419)
-tflags    ADVANCE_FEE_4_NEW          publish
-##} ADVANCE_FEE_4_NEW
-##{ ADVANCE_FEE_4_NEW_FRM_MNY
-meta      ADVANCE_FEE_4_NEW_FRM_MNY    (__ADVANCE_FEE_4_NEW_FRM_MNY && !__ADVANCE_FEE_5_NEW_FRM_MNY)
-describe  ADVANCE_FEE_4_NEW_FRM_MNY    Advance Fee fraud form and lots of money
-##} ADVANCE_FEE_4_NEW_FRM_MNY
-##{ ADVANCE_FEE_4_NEW_MONEY
-meta      ADVANCE_FEE_4_NEW_MONEY    (__ADVANCE_FEE_4_NEW_MONEY && !__ADVANCE_FEE_5_NEW_MONEY) && !__HTML_LINK_IMAGE && !__TAG_EXISTS_CENTER && !__HAS_SENDER && !__HAS_X_LOOP
-describe  ADVANCE_FEE_4_NEW_MONEY    Advance Fee fraud and lots of money
-##} ADVANCE_FEE_4_NEW_MONEY
-##{ ADVANCE_FEE_5_NEW
-meta      ADVANCE_FEE_5_NEW    (__ADVANCE_FEE_5_NEW && !__FILL_THIS_FORM && !LOTS_OF_MONEY)
-describe  ADVANCE_FEE_5_NEW    Appears to be advance fee fraud (Nigerian 419)
-##} ADVANCE_FEE_5_NEW
-##{ ADVANCE_FEE_5_NEW_FRM_MNY
-meta      ADVANCE_FEE_5_NEW_FRM_MNY    __ADVANCE_FEE_5_NEW_FRM_MNY
-describe  ADVANCE_FEE_5_NEW_FRM_MNY    Advance Fee fraud form and lots of money
-##} ADVANCE_FEE_5_NEW_FRM_MNY
-##{ ADVANCE_FEE_5_NEW_MONEY
-meta      ADVANCE_FEE_5_NEW_MONEY    __ADVANCE_FEE_5_NEW_MONEY && !__BOUNCE_CTYPE
-describe  ADVANCE_FEE_5_NEW_MONEY    Advance Fee fraud and lots of money
-##} ADVANCE_FEE_5_NEW_MONEY
-##{ AD_PREFS
-body        AD_PREFS          /(?:\b|_)(?:ad(?:vert[i1l]s[i1l]ng)?|promo(?:tion)?|marketing)[- _](?:pref(?:s|erences)|settings)(?:\b|_)/i
-describe    AD_PREFS          Advertising preferences
-tflags      AD_PREFS          publish
-##} AD_PREFS
-##{ APOSTROPHE_FROM
-header		APOSTROPHE_FROM	From:addr =~ /'/
-describe	APOSTROPHE_FROM	From address contains an apostrophe
-##} APOSTROPHE_FROM
-##{ AXB_XMAILER_MIMEOLE_OL_024C2
-meta   AXB_XMAILER_MIMEOLE_OL_024C2  (__AXB_XM_OL_024C2 && __AXB_MO_OL_024C2)
-describe AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
-##} AXB_XMAILER_MIMEOLE_OL_024C2
-##{ AXB_XMAILER_MIMEOLE_OL_1ECD5
-meta   AXB_XMAILER_MIMEOLE_OL_1ECD5  (__AXB_XM_OL_1ECD5 && __AXB_MO_OL_1ECD5)
-describe AXB_XMAILER_MIMEOLE_OL_1ECD5   Yet another X header trait##} AXB_XMAILER_MIMEOLE_OL_1ECD5
-##{ AXB_XM_FORGED_OL2600
-meta            AXB_XM_FORGED_OL2600    (__AXB_XM_OL_2600  && !__AXB_MO_OL_2600 )
-describe        AXB_XM_FORGED_OL2600     Forged OE v. 6.2600
-##} AXB_XM_FORGED_OL2600
-##{ AXB_X_AOL_SEZ_S
-header          AXB_X_AOL_SEZ_S         x-aol-global-disposition =~ /^S$/
-describe        AXB_X_AOL_SEZ_S         AOL said this is S*
-##} AXB_X_AOL_SEZ_S
-##{ AXB_X_FF_SEZ_S
-header          AXB_X_FF_SEZ_S		X-Forefront-Antispam-Report =~ /\bSFV\:SPM\b/
-describe        AXB_X_FF_SEZ_S		Forefront sez this is spam
-##} AXB_X_FF_SEZ_S
-##{ BANKING_LAWS
-body		BANKING_LAWS	/banking laws/i
-describe	BANKING_LAWS	Talks about banking laws
-##} BANKING_LAWS
-##{ BASE64_LENGTH_78_79 ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-body BASE64_LENGTH_78_79        eval:check_base64_length('78','79')
-endif
-##} BASE64_LENGTH_78_79 ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-##{ BASE64_LENGTH_79_INF ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-describe BASE64_LENGTH_79_INF   base64 encoded email part uses line length of 78 or 79 characters
-body BASE64_LENGTH_79_INF       eval:check_base64_length('79')
-describe BASE64_LENGTH_79_INF   base64 encoded email part uses line length greater than 79 characters
-endif
-##} BASE64_LENGTH_79_INF ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-##{ BODY_URI_ONLY
-meta        BODY_URI_ONLY        __BODY_URI_ONLY && !__NOT_SPOOFED && !__LCL__ENV_AND_HDR_FROM_MATCH && !__TO_EQ_FROM_DOM && !__X_CRON_ENV
-describe    BODY_URI_ONLY        Message body is only a URI in one line of text or for an image
-#score       BODY_URI_ONLY        1.000   # limit
-tflags      BODY_URI_ONLY        publish
-##} BODY_URI_ONLY
-##{ BUG6152_INVALID_DATE_TZ_ABSURD
-header BUG6152_INVALID_DATE_TZ_ABSURD   Date =~ /[-+](?!(?:0\d|1[0-4])(?:[03]0|[14]5))\d{4}/
-##} BUG6152_INVALID_DATE_TZ_ABSURD
-##{ CANT_SEE_AD
-meta        CANT_SEE_AD       __CANT_SEE_AD_1 || __CANT_SEE_AD_2
-describe    CANT_SEE_AD       You really want to see our spam.
-#score       CANT_SEE_AD       3.000	# limit
-tflags      CANT_SEE_AD       publish
-##} CANT_SEE_AD
-##{ CK_HELO_DYNAMIC_SPLIT_IP
-header 		CK_HELO_DYNAMIC_SPLIT_IP 	X-Spam-Relays-Untrusted =~ /^[^\]]+helo=(?!(?:\d+\.){4})\d+[^\d\s]+\d+[^\d\s]\d+[^\d\s]\d+[^\d\s]/i
-describe 	CK_HELO_DYNAMIC_SPLIT_IP	Relay HELO'd using suspicious hostname (Split IP)
-#score		CK_HELO_DYNAMIC_SPLIT_IP	1.5
-##} CK_HELO_DYNAMIC_SPLIT_IP
-##{ CK_HELO_GENERIC
-header 		CK_HELO_GENERIC   	X-Spam-Relays-Untrusted =~ /^[^\]]+helo=(?=\S*(?:pool|dyna|lease|dial|dip|static))\S*\d+[^\d\s]+\d+[^\]]+ auth= /i
-describe	CK_HELO_GENERIC		Relay used name indicative of a Dynamic Pool or Generic rPTR
-#score		CK_HELO_GENERIC		0.25
-##} CK_HELO_GENERIC
-##{ CN_B2B_SPAMMER
-body        CN_B2B_SPAMMER         /\bWe are (?:(?:a )?(?:China|Taiwan)[-\s]based|(?:one of (?:the )?best|(?:a )?leading) (?:international|[^\.]{10,90} (?:in|from) (?:\w+, )?(?:China|Taiwan)))\b/i
-describe    CN_B2B_SPAMMER         Chinese company introducing itself
-tflags      CN_B2B_SPAMMER         publish
-##} CN_B2B_SPAMMER
-##{ COMMENT_GIBBERISH
-meta           COMMENT_GIBBERISH        __COMMENT_GIBBERISH && !__JM_REACTOR_DATE && !__RCD_RDNS_MTA_MESSY && !__SENDER_BOT
-describe       COMMENT_GIBBERISH        Nonsense in long HTML comment
-#score          COMMENT_GIBBERISH        1.50	# limit
-tflags         COMMENT_GIBBERISH        publish
-##} COMMENT_GIBBERISH
-##{ COMPENSATION
-describe COMPENSATION     "Compensation"
-#score    COMPENSATION     1.50	# limit
-##} COMPENSATION
-##{ COMPENSATION if !plugin(Mail::SpamAssassin::Plugin::DKIM)
-if !plugin(Mail::SpamAssassin::Plugin::DKIM)
-  meta   COMPENSATION     __COMPENSATION && !__DOS_HAS_LIST_UNSUB && !__HAS_X_LOOP && !__HAS_ERRORS_TO && !__UNSUB_LINK && !__OPERA_MID_NON_OP && !__FB_S_STOCK && !__COMMENT_EXISTS && !__NOT_SPOOFED && !__LOCAL_PP_NONPPURL && !__NOT_A_PERSON && !__SUBSCRIPTION_INFO && !__DKIM_EXISTS && !__HAS_SENDER && !__RP_MATCHES_RCVD
-endif
-##} COMPENSATION if !plugin(Mail::SpamAssassin::Plugin::DKIM)
-##{ COMPENSATION ifplugin Mail::SpamAssassin::Plugin::DKIM
-ifplugin Mail::SpamAssassin::Plugin::DKIM
-  meta   COMPENSATION     __COMPENSATION && !__DOS_HAS_LIST_UNSUB && !__HAS_X_LOOP && !__HAS_ERRORS_TO && !__UNSUB_LINK && !__OPERA_MID_NON_OP && !__FB_S_STOCK && !__COMMENT_EXISTS && !__NOT_SPOOFED && !__LOCAL_PP_NONPPURL && !__NOT_A_PERSON && !__SUBSCRIPTION_INFO && !__DKIM_EXISTS && !__HAS_SENDER && !__RP_MATCHES_RCVD && !__DKIM_DEPENDABLE
-endif
-##} COMPENSATION ifplugin Mail::SpamAssassin::Plugin::DKIM
-##{ CORRUPT_FROM_LINE_IN_HDRS
-meta CORRUPT_FROM_LINE_IN_HDRS (MISSING_HEADERS && __BODY_STARTS_WITH_FROM_LINE && MISSING_DATE && NO_RELAYS)
-describe CORRUPT_FROM_LINE_IN_HDRS Informational: message is corrupt, with a From line in its headers
-tflags CORRUPT_FROM_LINE_IN_HDRS userconf publish
-#score CORRUPT_FROM_LINE_IN_HDRS 0.001
-##} CORRUPT_FROM_LINE_IN_HDRS
-##{ CTYPE_001C_A
-meta CTYPE_001C_A  (0)      # obsolete
-##} CTYPE_001C_A
-##{ CTYPE_001C_B
-header CTYPE_001C_B Content-Type =~ /multipart.{0,200}boundary=\"----=_NextPart_000_0000_01C[0-9A-F]{5}\.[0-9A-F]{7}0\"/
-##} CTYPE_001C_B
-##{ CTYPE_8SPACE_GIF ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader CTYPE_8SPACE_GIF Content-Type:raw =~ /^image\/gif;\n {8}name=\".+?\"$/s
-describe CTYPE_8SPACE_GIF   Stock spam image part 'Content-Type' found (8 spc)
-endif
-##} CTYPE_8SPACE_GIF ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ CURR_PRICE
-body CURR_PRICE         /\bCurrent Price:/
-##} CURR_PRICE
-##{ DEAR_BENEFICIARY
-body     DEAR_BENEFICIARY         /\b(?:De[ae]r\s|At+(?:ention|n):?\s?)(?:\S+\s)?Ben[ei]ficiary\b/i
-describe DEAR_BENEFICIARY         Dear Beneficiary:
-##} DEAR_BENEFICIARY
-##{ DEAR_WINNER
-body DEAR_WINNER /\bdear.{1,20}winner/i
-describe DEAR_WINNER   Spam with generic salutation of "dear winner"
-##} DEAR_WINNER
-##{ DOS_ANAL_SPAM_MAILER
-header DOS_ANAL_SPAM_MAILER	X-mailer =~ /^[A-Z][a-z]{6}e \d\.\d{2}$/
-describe DOS_ANAL_SPAM_MAILER	X-mailer pattern common to anal porn site spam
-tflags DOS_ANAL_SPAM_MAILER	publish
-##} DOS_ANAL_SPAM_MAILER
-##{ DOS_FIX_MY_URI
-meta DOS_FIX_MY_URI             __MIMEOLE_1106 && __DOS_HAS_ANY_URI && __DOS_SINGLE_EXT_RELAY && __DOS_HI && __DOS_LINK
-describe DOS_FIX_MY_URI         Looks like a "fix my obfu'd URI please" spam
-##} DOS_FIX_MY_URI
-##{ DOS_HIGH_BAT_TO_MX
-meta DOS_HIGH_BAT_TO_MX		__DOS_DIRECT_TO_MX && __HIGHBITS && __LAST_UNTRUSTED_RELAY_NO_AUTH && __THEBAT_MUA
-describe DOS_HIGH_BAT_TO_MX	The Bat! Direct to MX with High Bits
-##} DOS_HIGH_BAT_TO_MX
-##{ DOS_LET_GO_JOB
-meta DOS_LET_GO_JOB	__DOS_LET_GO_JOB && __DOS_MY_OLD_JOB && __DOS_I_DRIVE_A && __DOS_TAKING_HOME
-describe DOS_LET_GO_JOB	Let go from their job and now makes lots of dough!
-##} DOS_LET_GO_JOB
-##{ DOS_OE_TO_MX
-meta DOS_OE_TO_MX		__OE_MUA && __DOS_DIRECT_TO_MX && !DOS_OE_TO_MX_IMAGE
-describe DOS_OE_TO_MX		Delivered direct to MX with OE headers
-##} DOS_OE_TO_MX
-##{ DOS_OE_TO_MX_IMAGE
-meta DOS_OE_TO_MX_IMAGE		__OE_MUA && __DOS_DIRECT_TO_MX && __ANY_IMAGE_ATTACH
-describe DOS_OE_TO_MX_IMAGE	Direct to MX with OE headers and an image
-##} DOS_OE_TO_MX_IMAGE
-##{ DOS_OUTLOOK_TO_MX
-meta DOS_OUTLOOK_TO_MX		__ANY_OUTLOOK_MUA && !__OE_MUA && __DOS_DIRECT_TO_MX && !T_DOS_OUTLOOK_TO_MX_IMAGE
-describe DOS_OUTLOOK_TO_MX	Delivered direct to MX with Outlook headers
-##} DOS_OUTLOOK_TO_MX
-##{ DOS_RCVD_IP_TWICE_C
-header DOS_RCVD_IP_TWICE_C	X-Spam-Relays-External =~ /^\s*\[ ip=(?!127)([\d.]+) [^\[]*\bhelo=(?:![\d.]{7,15}!)? [^\[]*\[ ip=\1 [^\]]*\]\s*$/
-describe DOS_RCVD_IP_TWICE_C	Received from the same IP twice in a row (only one external relay; empty or IP helo)
-##} DOS_RCVD_IP_TWICE_C
-##{ DOS_STOCK_BAT
-meta		DOS_STOCK_BAT		__THEBAT_MUA && (__DOS_BODY_STOCK || __DOS_BODY_TICKER) && (__DOS_REF_TODAY || __DOS_REF_NEXT_WK_DAY || __DOS_REF_2_WK_DAYS)
-describe	DOS_STOCK_BAT		Probable pump and dump stock spam
-##} DOS_STOCK_BAT
-##{ DOS_STOCK_BAT2
-meta		DOS_STOCK_BAT2		DOS_STOCK_BAT && (__DOS_FIN_ADVANTAGE + __DOS_STRONG_CF + __DOS_STEADY_COURSE > 2)
-##} DOS_STOCK_BAT2
-##{ DOS_URI_ASTERISK
-uri DOS_URI_ASTERISK    m{^[Hh][Tt]{2}[Pp][Ss]?://[^/:]+(?:\*[A-Za-z0-9-]*\.|\*)[A-Za-z]{2,3}(?:\.[A-Za-z]{2})?(?:$|:|/)}
-describe DOS_URI_ASTERISK       Found an asterisk in a URI
-##} DOS_URI_ASTERISK
-##{ DOS_YOUR_PLACE
-meta	DOS_YOUR_PLACE	(__DOS_COMING_TO_YOUR_PLACE && __DOS_MEET_EACH_OTHER && (__DOS_DROP_ME_A_LINE || __DOS_CORRESPOND_EMAIL || __DOS_EMAIL_DIRECTLY || __DOS_I_AM_25 || __DOS_WRITE_ME_AT || __DOS_PERSONAL_EMAIL))
-describe	DOS_YOUR_PLACE		Russian dating spam
-##} DOS_YOUR_PLACE
-##{ DRUGS_HDIA
-header DRUGS_HDIA       Subject =~ /\bhoodia\b/i
-describe DRUGS_HDIA     Subject mentions "hoodia"
-##} DRUGS_HDIA
-##{ DRUGS_STOCK_MIMEOLE
-meta DRUGS_STOCK_MIMEOLE (__MIMEOLE_1106 && __MAILER_OL_5510)
-describe DRUGS_STOCK_MIMEOLE Stock-spam forged headers found (5510)
-##} DRUGS_STOCK_MIMEOLE
-##{ DSN_NO_MIMEVERSION
-meta DSN_NO_MIMEVERSION (__BOUNCE_RPATH_NULL && !__MIME_VERSION)
-describe DSN_NO_MIMEVERSION Return-Path <> and no MIME-Version: header
-#score DSN_NO_MIMEVERSION 2
-##} DSN_NO_MIMEVERSION
-##{ DUP_SUSP_HDR
-meta      DUP_SUSP_HDR                  __DUP_SUSP_HDR
-describe  DUP_SUSP_HDR                  Duplicate suspicious message headers
-#score     DUP_SUSP_HDR                  2.500	# limit
-##} DUP_SUSP_HDR
-##{ DX_TEXT_02
-body       DX_TEXT_02       /\b(?:change|modif(?:y|ications?)) (?:of|to|(?:yo)?ur) (?:message|sub|comm) stat/i
-describe   DX_TEXT_02       "change your message stat"
-tflags     DX_TEXT_02       publish
-##} DX_TEXT_02
-##{ DX_TEXT_03
-body       DX_TEXT_03       /\b[A-Z]{3} Media (?:Group|Relations)\b/
-describe   DX_TEXT_03       "XXX Media Group"
-tflags     DX_TEXT_03       publish
-##} DX_TEXT_03
-##{ DX_TEXT_05
-body       DX_TEXT_05       /o text only message available for this email\./i
-describe   DX_TEXT_05       HTML snobbery
-##} DX_TEXT_05
-##{ DYN_RDNS_AND_INLINE_IMAGE
-meta DYN_RDNS_AND_INLINE_IMAGE     (RDNS_DYNAMIC && __ANY_IMAGE_ATTACH)
-describe DYN_RDNS_AND_INLINE_IMAGE Contains image, and was sent by dynamic rDNS
-##} DYN_RDNS_AND_INLINE_IMAGE
-##{ DYN_RDNS_SHORT_HELO_HTML
-meta DYN_RDNS_SHORT_HELO_HTML      (__HELO_NO_DOMAIN && RDNS_DYNAMIC && HTML_MESSAGE)
-describe DYN_RDNS_SHORT_HELO_HTML  Sent by dynamic rDNS, short HELO, and HTML
-##} DYN_RDNS_SHORT_HELO_HTML
-##{ DYN_RDNS_SHORT_HELO_IMAGE
-meta DYN_RDNS_SHORT_HELO_IMAGE       (__HELO_NO_DOMAIN && RDNS_DYNAMIC && __ANY_IMAGE_ATTACH)
-describe DYN_RDNS_SHORT_HELO_IMAGE    Short HELO string, dynamic rDNS, inline image
-##} DYN_RDNS_SHORT_HELO_IMAGE
-##{ FAKE_REPLY_C
-meta     FAKE_REPLY_C		(__SUBJ_RE && __MISSING_REF && __NO_INR_YES_REF)
-##} FAKE_REPLY_C
-##{ FBI_MONEY
-meta        FBI_MONEY            __FBI_SPOOF && LOTS_OF_MONEY
-describe    FBI_MONEY            The FBI wants to give you lots of money?
-#score       FBI_MONEY            2.00	# limit
-tflags      FBI_MONEY            publish
-##} FBI_MONEY
-##{ FBI_SPOOF
-meta        FBI_SPOOF            __FBI_SPOOF
-describe    FBI_SPOOF            Claims to be FBI, but not from FBI domain
-#score       FBI_SPOOF            2.00	# limit
-tflags      FBI_SPOOF            publish
-##} FBI_SPOOF
-##{ FILL_THIS_FORM ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  meta     FILL_THIS_FORM                 __FILL_THIS_FORM && !__THREADED && !__FB_TOUR && !__VIA_ML
-  describe FILL_THIS_FORM                 Fill in a form with personal information
-  tflags   FILL_THIS_FORM                 publish
-endif
-##} FILL_THIS_FORM ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ FILL_THIS_FORM_LOAN ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  meta     FILL_THIS_FORM_LOAN            __FILL_THIS_FORM_LOAN && !__COMMENT_EXISTS && !__HTML_LINK_IMAGE
-  describe FILL_THIS_FORM_LOAN            Answer loan question(s)
-endif
-##} FILL_THIS_FORM_LOAN ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ FILL_THIS_FORM_LONG ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  meta     FILL_THIS_FORM_LONG            __FILL_THIS_FORM_LONG && !__VIA_ML && !__DOS_HAS_LIST_UNSUB && !__THREADED && !__TRAVEL_MANY
-  describe FILL_THIS_FORM_LONG            Fill in a form with personal information
-#  score    FILL_THIS_FORM_LONG            2.00	# limit
-endif
-##} FILL_THIS_FORM_LONG ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ FORM_FRAUD
-meta     FORM_FRAUD       (__FORM_FRAUD && !__FORM_FRAUD_3 && !__FORM_FRAUD_5) && !__DOS_HAS_LIST_UNSUB && !__THREADED && !__HAS_THREAD_INDEX && !__VIA_ML && !__HTML_LINK_IMAGE && !__COMMENT_EXISTS && !__NOT_SPOOFED && !__UPPERCASE_URI && !__UNSUB_LINK
-describe FORM_FRAUD       Fill a form and a fraud phrase
-#score    FORM_FRAUD       1.000   # limit
-tflags   FORM_FRAUD       publish
-##} FORM_FRAUD
-##{ FORM_FRAUD_3
-meta     FORM_FRAUD_3    (__FORM_FRAUD_3 && !__FORM_FRAUD_5 && !__ADVANCE_FEE_3_NEW_FORM && !__ADVANCE_FEE_3_NEW_FRM_MNY) && !__DOS_HAS_LIST_UNSUB && !__THREADED && !__HAS_THREAD_INDEX && !__VIA_ML && !__HTML_LINK_IMAGE && !__MIME_QP && !__DOS_BODY_FRI && !__UNSUB_LINK && !__BUGGED_IMG && !__NOT_SPOOFED
-describe FORM_FRAUD_3    Fill a form and several fraud phrases
-tflags   FORM_FRAUD_3    publish
-##} FORM_FRAUD_3
-##{ FORM_FRAUD_5
-meta     FORM_FRAUD_5    (__FORM_FRAUD_5 && !__ADVANCE_FEE_5_NEW_FORM && !__ADVANCE_FEE_5_NEW_FRM_MNY) && !__DOS_HAS_LIST_UNSUB && !__THREADED && !__HAS_THREAD_INDEX && !__VIA_ML && !__BOUNCE_CTYPE
-describe FORM_FRAUD_5    Fill a form and many fraud phrases
-tflags   FORM_FRAUD_5    publish
-##} FORM_FRAUD_5
-##{ FORM_LOW_CONTRAST
-meta        FORM_LOW_CONTRAST     __FORM_LOW_CONTRAST && !__BUGGED_IMG && !__HAS_REPLY_TO && !__DKIM_EXISTS && !__DOS_HAS_LIST_UNSUB && !__MSGID_JAVAMAIL
-describe    FORM_LOW_CONTRAST     Fill in a form with hidden text
-#score       FORM_LOW_CONTRAST     3.00	# Limit
-tflags      FORM_LOW_CONTRAST     publish
-##} FORM_LOW_CONTRAST
-##{ FOUND_YOU
-meta        FOUND_YOU          __FOUND_YOU && !__DKIM_EXISTS && !__SUBJ_RE && !__HAS_X_REF && !__RP_MATCHES_RCVD && !__COMMENT_EXISTS && !__HAS_ERRORS_TO && !__HAS_IN_REPLY_TO
-#score       FOUND_YOU          3.25	# limit
-describe    FOUND_YOU          I found you...
-tflags      FOUND_YOU          publish
-##} FOUND_YOU
-##{ FREEMAIL_DOC_PDF_BCC ifplugin Mail::SpamAssassin::Plugin::FreeMail
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  meta         FREEMAIL_DOC_PDF_BCC   __FREEMAIL_DOC_PDF && __TO_UNDISCLOSED
-  describe     FREEMAIL_DOC_PDF_BCC   MS document or PDF attachment, from freemail, all recipients hidden
-endif
-##} FREEMAIL_DOC_PDF_BCC ifplugin Mail::SpamAssassin::Plugin::FreeMail
-##{ FREEMAIL_FORGED_FROMDOMAIN ifplugin Mail::SpamAssassin::Plugin::FreeMail ifplugin Mail::SpamAssassin::Plugin::HeaderEval if (version >= 3.004000)
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-    if (version >= 3.004000)
-      meta     FREEMAIL_FORGED_FROMDOMAIN FREEMAIL_FROM && HEADER_FROM_DIFFERENT_DOMAINS
-      describe FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different
-#      score    FREEMAIL_FORGED_FROMDOMAIN 0.25
-      tflags   FREEMAIL_FORGED_FROMDOMAIN publish
-endif
-endif
-endif
-##} FREEMAIL_FORGED_FROMDOMAIN ifplugin Mail::SpamAssassin::Plugin::FreeMail ifplugin Mail::SpamAssassin::Plugin::HeaderEval if (version >= 3.004000)
-##{ FROM_IN_TO_AND_SUBJ
-meta           FROM_IN_TO_AND_SUBJ  (__TO_EQ_FROM && __SUBJ_HAS_FROM_1)
-describe       FROM_IN_TO_AND_SUBJ  From address is in To and Subject
-tflags         FROM_IN_TO_AND_SUBJ  publish
-##} FROM_IN_TO_AND_SUBJ
-##{ FROM_MISSPACED
-meta           FROM_MISSPACED        __FROM_MISSPACED && !__RCD_RDNS_MTA_MESSY && !__CTYPE_MULTIPART_ALT && !__REPTO_QUOTE && !__MIME_QP && !__UNSUB_LINK && !__TO___LOWER && !__BUGGED_IMG && !__DOS_HAS_LIST_UNSUB && !__TO_EQ_FROM_DOM && !__MAIL_LINK && !__MTLANDROID_MUA && !__XEROXWORKCTR_MUA && !__PHP_MUA && !__AMADEUSMS_MUA && !__FLASHMAIL_MUA
-describe       FROM_MISSPACED        From: missing whitespace
-#score          FROM_MISSPACED        2.00
-##} FROM_MISSPACED
-##{ FROM_MISSP_DYNIP
-meta           FROM_MISSP_DYNIP      __FROM_RUNON && RDNS_DYNAMIC
-describe       FROM_MISSP_DYNIP      From misspaced + dynamic rDNS
-##} FROM_MISSP_DYNIP
-##{ FROM_MISSP_EH_MATCH
-meta           FROM_MISSP_EH_MATCH   __FROM_MISSP_EH_MATCH && !__RCD_RDNS_MTA_MESSY && !__UNSUB_LINK && !__COMMENT_EXISTS && !__TO___LOWER && !__MIME_QP && !__TO_EQ_FROM_DOM && !__BUGGED_IMG && !__DKIM_EXISTS && !__RCVD_ZIXMAIL && !__MTLANDROID_MUA && !__XEROXWORKCTR_MUA && !__PHP_MUA && !__AMADEUSMS_MUA && !__FLASHMAIL_MUA
-describe       FROM_MISSP_EH_MATCH   From misspaced, matches envelope
-#score          FROM_MISSP_EH_MATCH   2.00	# max
-##} FROM_MISSP_EH_MATCH
-##{ FROM_MISSP_FREEMAIL ifplugin Mail::SpamAssassin::Plugin::FreeMail
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  meta         FROM_MISSP_FREEMAIL   __FROM_MISSP_FREEMAIL && !__TO_EQ_FROM_DOM && !__MTLANDROID_MUA
-  describe     FROM_MISSP_FREEMAIL   From misspaced + freemail provider
-endif
-##} FROM_MISSP_FREEMAIL ifplugin Mail::SpamAssassin::Plugin::FreeMail
-##{ FROM_MISSP_MSFT
-meta           FROM_MISSP_MSFT       __FROM_RUNON && (__ANY_OUTLOOK_MUA || __MIMEOLE_MS)
-describe       FROM_MISSP_MSFT       From misspaced + supposed Microsoft tool
-##} FROM_MISSP_MSFT
-##{ FROM_MISSP_PHISH
-meta        FROM_MISSP_PHISH     __FROM_MISSP_PHISH
-describe    FROM_MISSP_PHISH     Malformed, claims to be from financial organization - possible phish
-#score       FROM_MISSP_PHISH     4.75	# limit
-##} FROM_MISSP_PHISH
-##{ FROM_MISSP_REPLYTO
-meta           FROM_MISSP_REPLYTO    __FROM_MISSP_REPLYTO && !__NOT_SPOOFED && !__RCD_RDNS_MTA_MESSY && !__TO___LOWER && !__COMMENT_EXISTS && !__UNSUB_LINK && !__MIME_QP && !__CTYPE_MULTIPART_ALT && !__JM_REACTOR_DATE && !__PLING_QUERY
-describe       FROM_MISSP_REPLYTO    From misspaced, has Reply-To
-##} FROM_MISSP_REPLYTO
-##{ FROM_MISSP_SPF_FAIL ifplugin Mail::SpamAssassin::Plugin::SPF
-ifplugin Mail::SpamAssassin::Plugin::SPF
-  meta           FROM_MISSP_SPF_FAIL  (__FROM_RUNON && SPF_FAIL)
-  tflags         FROM_MISSP_SPF_FAIL  net
-#  score          FROM_MISSP_SPF_FAIL  2.00	# limit
-endif
-##} FROM_MISSP_SPF_FAIL ifplugin Mail::SpamAssassin::Plugin::SPF
-##{ FROM_MISSP_TO_UNDISC
-meta           FROM_MISSP_TO_UNDISC  (__FROM_RUNON && __TO_UNDISCLOSED)
-describe       FROM_MISSP_TO_UNDISC  From misspaced, To undisclosed
-##} FROM_MISSP_TO_UNDISC
-##{ FROM_MISSP_USER
-meta           FROM_MISSP_USER       (__FROM_RUNON && NSL_RCVD_FROM_USER)
-describe       FROM_MISSP_USER       From misspaced, from "User"
-##} FROM_MISSP_USER
-##{ FROM_MISSP_XPRIO
-meta        FROM_MISSP_XPRIO   __XPRIO && __FROM_MISSPACED
-describe    FROM_MISSP_XPRIO   Misspaced FROM + X-Priority
-#score       FROM_MISSP_XPRIO   2.500   # limit
-##} FROM_MISSP_XPRIO
-##{ FSL_CTYPE_WIN1251
-header   FSL_CTYPE_WIN1251   Content-Type =~ /charset="Windows-1251"/
-describe FSL_CTYPE_WIN1251   Content-Type only seen in 419 spam
-##} FSL_CTYPE_WIN1251
-##{ FSL_FAKE_HOTMAIL_RVCD
-header  FSL_FAKE_HOTMAIL_RVCD   X-Spam-Relays-External =~ /mx[1234]\.hotmail\.com/
-##} FSL_FAKE_HOTMAIL_RVCD
-##{ FSL_HELO_BARE_IP_1
-meta    FSL_HELO_BARE_IP_1        __FSL_HELO_BARE_IP_1 && !FSL_HELO_BARE_IP_2
-##} FSL_HELO_BARE_IP_1
-##{ FSL_HELO_BARE_IP_2
-meta    FSL_HELO_BARE_IP_2      __FSL_HELO_BARE_IP_2 && !__VIA_ML && !__HAS_ERRORS_TO
-#score   FSL_HELO_BARE_IP_2      2.000
-##} FSL_HELO_BARE_IP_2
-##{ FSL_HELO_DEVICE
-header  FSL_HELO_DEVICE         X-Spam-Relays-External =~ /\bhelo=(?:(?:dsl)?device|speedtouch)\.lan\b/i
-##} FSL_HELO_DEVICE
-##{ FSL_HELO_FAKE
-header  FSL_HELO_FAKE           X-Spam-Relays-External =~ /\bhelo=(?:yandex.ru|(?:hotmail|gmail|google|yahoo|msn|microsoft)\.com)\b/i
-##} FSL_HELO_FAKE
-##{ FSL_HELO_NON_FQDN_1
-header  FSL_HELO_NON_FQDN_1     X-Spam-Relays-External =~ /^[^\]]+ helo=[a-zA-Z0-9-_]+ /i
-##} FSL_HELO_NON_FQDN_1
-##{ FSL_HELO_SETUP
-header  FSL_HELO_SETUP          X-Spam-Relays-External =~ /\bhelo=\S+\.setup\b/i
-##} FSL_HELO_SETUP
-##{ FSL_INTERIA_ABUSE
-uri FSL_INTERIA_ABUSE /\/\S+\.(?:w|eu|fm)\.interia\.pl/
-##} FSL_INTERIA_ABUSE
-##{ FSL_NEW_HELO_USER
-meta    FSL_NEW_HELO_USER   (__FSL_HELO_USER_1 || __FSL_HELO_USER_2 || __FSL_HELO_USER_3)
-describe  FSL_NEW_HELO_USER Spam's using Helo and User
-#score   FSL_NEW_HELO_USER   2.0
-tflags  FSL_NEW_HELO_USER   publish
-##} FSL_NEW_HELO_USER
-##{ FSL_PHP_EXPLOIT_41
-header   FSL_PHP_EXPLOIT_41    X-PHP-Script =~ / 41\.\d+\.\d+\.\d+\b/
-describe FSL_PHP_EXPLOIT_41    PHP Script being run by someone in Africa
-##} FSL_PHP_EXPLOIT_41
-##{ FUZZY_ANDROID ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body          FUZZY_ANDROID       /<A>(?!ndroid)<N><D><R><O><I><D>/i
-  describe      FUZZY_ANDROID       Obfuscated "android"
-  tflags        FUZZY_ANDROID       publish
-endif
-##} FUZZY_ANDROID ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ FUZZY_BROWSER ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body          FUZZY_BROWSER       /<B>(?!rowser)<R><O><W><S><E><R>/i
-  describe      FUZZY_BROWSER       Obfuscated "browser"
-  tflags        FUZZY_BROWSER       publish
-endif
-##} FUZZY_BROWSER ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ FUZZY_CLICK_HERE ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body          FUZZY_CLICK_HERE    /<C>(?!lick(?:\s|&nbsp;)here)<WS>*<L><WS>*<I><WS>*<C><WS>*<K><WS>+<H><WS>*<E><WS>*<R><WS>*<E>/i
-  describe      FUZZY_CLICK_HERE    Obfuscated "click here"
-  tflags        FUZZY_CLICK_HERE    publish
-endif
-##} FUZZY_CLICK_HERE ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ FUZZY_DR_OZ ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  meta          FUZZY_DR_OZ         __FUZZY_DR_OZ && !__VIA_ML && !__DKIM_EXISTS && !__RP_MATCHES_RCVD
-  describe      FUZZY_DR_OZ         Obfuscated Doctor Oz
-  tflags        FUZZY_DR_OZ         publish
-endif
-##} FUZZY_DR_OZ ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ FUZZY_IMPORTANT ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body          FUZZY_IMPORTANT     /<I>(?!mportant)<M><P><O><R><T><A><N><T>/i
-  describe      FUZZY_IMPORTANT     Obfuscated "important"
-  tflags        FUZZY_IMPORTANT     publish
-endif
-##} FUZZY_IMPORTANT ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ FUZZY_MERIDIA ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-body FUZZY_MERIDIA      /<inter W3><post P2>\b(?!meridia)<M><E><R><I><D><I><A>\b/i
-describe FUZZY_MERIDIA  Obfuscation of the word "meridia"
-endif
-##} FUZZY_MERIDIA ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ FUZZY_PRIVACY ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body          FUZZY_PRIVACY       /<P>(?!rivacy)<R><I><V><A><C><Y>/i
-  describe      FUZZY_PRIVACY       Obfuscated "privacy"
-  tflags        FUZZY_PRIVACY       publish
-endif
-##} FUZZY_PRIVACY ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ FUZZY_PROMOTION ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body          FUZZY_PROMOTION     /<P>(?!romotion)<R><O><M><O><T><I><O><N>/i
-  describe      FUZZY_PROMOTION     Obfuscated "promotion"
-  tflags        FUZZY_PROMOTION     publish
-endif
-##} FUZZY_PROMOTION ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ FUZZY_SAVINGS ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body          FUZZY_SAVINGS       /<S>(?!avings)<A><V><I><N><G><S>/i
-  describe      FUZZY_SAVINGS       Obfuscated "savings"
-  tflags        FUZZY_SAVINGS       publish
-endif
-##} FUZZY_SAVINGS ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ FUZZY_SECURITY ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body          FUZZY_SECURITY      /<S>(?!ecurity)(?!eguridad)<E>(?:<C>|<G>)<U><R><I>(?:<T><Y>|<D><A><D>)/i
-  describe      FUZZY_SECURITY      Obfuscated "security"
-  tflags        FUZZY_SECURITY      publish
-endif
-##} FUZZY_SECURITY ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ FUZZY_UNSUBSCRIBE ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body          FUZZY_UNSUBSCRIBE   /<U>(?!nsubscribe)<N><S><U><B><S><C><R><I><B><E>/i
-  describe      FUZZY_UNSUBSCRIBE   Obfuscated "unsubscribe"
-  tflags        FUZZY_UNSUBSCRIBE   publish
-endif
-##} FUZZY_UNSUBSCRIBE ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ GEO_QUERY_STRING
-uri	GEO_QUERY_STRING	/^http:\/\/(?:\w{2,4}\.)?geocities\.com(?::\d*)?\/.+?\/\?/i
-##} GEO_QUERY_STRING
-##{ GOOGLE_DOCS_PHISH
-meta        GOOGLE_DOCS_PHISH    (__GOOGLE_DOCS_PHISH_1 || __GOOGLE_DOCS_PHISH_2)
-describe    GOOGLE_DOCS_PHISH    Possible phishing via a Google Docs form
-#score       GOOGLE_DOCS_PHISH    3.00	# limit
-tflags      GOOGLE_DOCS_PHISH    publish
-##} GOOGLE_DOCS_PHISH
-##{ GOOGLE_DOCS_PHISH_MANY
-meta        GOOGLE_DOCS_PHISH_MANY  __URI_GOOGLE_DOC && (__EMAIL_PHISH_MANY || __ACCT_PHISH_MANY)
-describe    GOOGLE_DOCS_PHISH_MANY  Phishing via a Google Docs form
-#score       GOOGLE_DOCS_PHISH_MANY  4.00	# limit
-tflags      GOOGLE_DOCS_PHISH_MANY  publish
-##} GOOGLE_DOCS_PHISH_MANY
-##{ GOOG_MALWARE_DNLD
-meta      GOOG_MALWARE_DNLD             __GOOG_MALWARE_DNLD
-describe  GOOG_MALWARE_DNLD             File download via Google - Malware?
-#score     GOOG_MALWARE_DNLD             5.000   # limit
-tflags    GOOG_MALWARE_DNLD             publish
-##} GOOG_MALWARE_DNLD
-##{ GOOG_REDIR_SHORT
-meta      GOOG_REDIR_SHORT              __GOOG_REDIR && __KAM_BODY_LENGTH_LT_512
-describe  GOOG_REDIR_SHORT              Google redirect to obscure spamvertised website + short message
-tflags    GOOG_REDIR_SHORT              publish
-##} GOOG_REDIR_SHORT
-##{ HDR_ORDER_FTSDMCXX_001C
-meta HDR_ORDER_FTSDMCXX_001C  (__HDR_ORDER_FTSDMCXXXX && __MID_START_001C)
-describe HDR_ORDER_FTSDMCXX_001C  Header order similar to spam (FTSDMCXX/MID variant)
-##} HDR_ORDER_FTSDMCXX_001C
-##{ HDR_ORDER_FTSDMCXX_BAT
-meta HDR_ORDER_FTSDMCXX_BAT   (__HDR_ORDER_FTSDMCXXXX && __BAT_BOUNDARY)
-describe HDR_ORDER_FTSDMCXX_BAT   Header order similar to spam (FTSDMCXX/boundary variant)
-##} HDR_ORDER_FTSDMCXX_BAT
-##{ HEADER_COUNT_SUBJECT ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-header HEADER_COUNT_SUBJECT     eval:check_header_count_range('Subject','2','999')
-describe HEADER_COUNT_SUBJECT   Multiple Subject headers found
-endif
-##} HEADER_COUNT_SUBJECT ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-##{ HEADER_FROM_DIFFERENT_DOMAINS ifplugin Mail::SpamAssassin::Plugin::FreeMail ifplugin Mail::SpamAssassin::Plugin::HeaderEval if (version >= 3.004000)
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-    if (version >= 3.004000)
-      header   HEADER_FROM_DIFFERENT_DOMAINS eval:check_equal_from_domains()
-      describe HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different
-#      score    HEADER_FROM_DIFFERENT_DOMAINS 0.25
-      tflags   HEADER_FROM_DIFFERENT_DOMAINS publish
-endif
-endif
-endif
-##} HEADER_FROM_DIFFERENT_DOMAINS ifplugin Mail::SpamAssassin::Plugin::FreeMail ifplugin Mail::SpamAssassin::Plugin::HeaderEval if (version >= 3.004000)
-##{ HELO_FRIEND
-header HELO_FRIEND  X-Spam-Relays-External =~ /^[^\]]+ helo=friend /i
-##} HELO_FRIEND
-##{ HELO_LH_HOME
-header HELO_LH_HOME X-Spam-Relays-External =~ /^[^\]]+ helo=\S+\.(?:home|lan) /i
-##} HELO_LH_HOME
-##{ HELO_LH_LD
-header HELO_LH_LD   X-Spam-Relays-External =~ /^[^\]]+ helo=localhost\.localdomain /i
-##} HELO_LH_LD
-##{ HELO_LOCALHOST
-header HELO_LOCALHOST   X-Spam-Relays-External =~ /^[^\]]+ helo=localhost /i
-##} HELO_LOCALHOST
-##{ HELO_MISC_IP
-meta     	HELO_MISC_IP          	(__HELO_MISC_IP && !HELO_DYNAMIC_IPADDR && !HELO_DYNAMIC_IPADDR2 && !HELO_DYNAMIC_SPLIT_IP && !HELO_DYNAMIC_HCC && !HELO_DYNAMIC_DIALIN && ((TVD_RCVD_IP4 + TVD_RCVD_IP + RCVD_NUMERIC_HELO) <2))
-describe	HELO_MISC_IP		Looking for more Dynamic IP Relays
-#score		HELO_MISC_IP		0.25
-##} HELO_MISC_IP
-##{ HELO_OEM
-header HELO_OEM  X-Spam-Relays-External =~ /^[^\]]+ helo=(?:pc|oem\S*) /i
-##} HELO_OEM
-##{ HEXHASH_WORD
-meta        HEXHASH_WORD       (__HEXHASHWORD_S2EU > 1) && !ALL_TRUSTED && !__DKIM_EXISTS && !__RP_MATCHES_RCVD && !__LCL__ENV_AND_HDR_FROM_MATCH && !__LYRIS_EZLM_REMAILER && !__THREADED && !__HDRS_LCASE && !__MSGID_HEXISH && !__RDNS_SHORT
-describe    HEXHASH_WORD       Multiple instances of word + hexadecimal hash
-#score       HEXHASH_WORD       3.000	# limit
-tflags      HEXHASH_WORD       publish
-##} HEXHASH_WORD
-##{ HK_LOTTO
-meta		HK_LOTTO		__HK_LOTTO_1 || __HK_LOTTO_2 || __HK_LOTTO_JACKPOT || __HK_LOTTO_STAATS || __HK_LOTTO_BALLOT
-#score		HK_LOTTO		1
-##} HK_LOTTO
-##{ HK_NAME_DRUGS
-header		HK_NAME_DRUGS		From:name =~ /(viagra|\bcialis|cialis\b)/mi
-describe	HK_NAME_DRUGS		From name contains drugs
-#score		HK_NAME_DRUGS		2
-##} HK_NAME_DRUGS
-##{ HK_NAME_FM_MR_MRS ifplugin Mail::SpamAssassin::Plugin::FreeMail if (version >= 3.004000)
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-if (version >= 3.004000)
-  meta            HK_NAME_FM_MR_MRS       __HK_NAME_MR_MRS && FREEMAIL_FROM
-#  score           HK_NAME_FM_MR_MRS       1.5
-endif
-endif
-##} HK_NAME_FM_MR_MRS ifplugin Mail::SpamAssassin::Plugin::FreeMail if (version >= 3.004000)
-##{ HK_NAME_FROM ifplugin Mail::SpamAssassin::Plugin::FreeMail
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-meta		HK_NAME_FROM		__HK_NAME_FROM && !FREEMAIL_FROM
-#score           HK_NAME_FROM            1.0
-endif
-##} HK_NAME_FROM ifplugin Mail::SpamAssassin::Plugin::FreeMail
-##{ HK_NAME_MR_MRS ifplugin Mail::SpamAssassin::Plugin::FreeMail if (version >= 3.004000)
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-if (version >= 3.004000)
-  meta            HK_NAME_MR_MRS          __HK_NAME_MR_MRS && !FREEMAIL_FROM
-#  score           HK_NAME_MR_MRS          1.0
-endif
-endif
-##} HK_NAME_MR_MRS ifplugin Mail::SpamAssassin::Plugin::FreeMail if (version >= 3.004000)
-##{ HK_RANDOM_ENVFROM
-header		HK_RANDOM_ENVFROM	EnvelopeFrom =~ /^(?!(?:mail|bounce)[_.-]|[^@]*(?:[+=^~\#]|mcgr|kpmg|nlpbr|ndqv|lcgc|cplpr|-mailer@)|[^@]{20})[^@]*(?:[bcdfgjklmnpqrtvwxz]{5}|[aeiouy]{5}|([a-z]{1,2})(?:\1){3})/mi
-describe	HK_RANDOM_ENVFROM	Envelope sender username looks random
-#score		HK_RANDOM_ENVFROM	1
-##} HK_RANDOM_ENVFROM
-##{ HK_RANDOM_FROM
-header		HK_RANDOM_FROM		From:addr =~ /^(?!(?:mail|bounce)[_.-]|[^@]*(?:[+=^~\#]|mcgr|kpmg|nlpbr|ndqv|lcgc|cplpr|-mailer@)|[^@]{26}|.*?@.{0,20}\bcmp-info\.com$)[^@]*(?:[bcdfgjklmnpqrtvwxz]{5}|[aeiouy]{5}|([a-z]{1,2})(?:\1){3})/mi
-describe	HK_RANDOM_FROM		From username looks random
-#score		HK_RANDOM_FROM		1
-##} HK_RANDOM_FROM
-##{ HK_RANDOM_REPLYTO
-header		HK_RANDOM_REPLYTO	Reply-To:addr =~ /^(?!(?:mail|bounce)[_.-]|[^@]*(?:[+=^~\#]|mcgr|kpmg|nlpbr|ndqv|lcgc|cplpr|-mailer@)|[^@]{26}|.*?@.{0,20}\b(?:cmpgnr|cnn)\.com$)[^@]*(?:[bcdfgjklmnpqrtvwxz]{5}|[aeiouy]{5}|([a-z]{1,2})(?:\1){3})/mi
-describe	HK_RANDOM_REPLYTO	Reply-To username looks random
-#score		HK_RANDOM_REPLYTO	1
-##} HK_RANDOM_REPLYTO
-##{ HK_SCAM_N1
-body		HK_SCAM_N1		/\b(?:widow|son|daughter|husband|wife|brother|sister) of (?:the )?(?:late|sacked|dead|passed)\b/i
-##} HK_SCAM_N1
-##{ HK_SCAM_N2
-body		HK_SCAM_N2		/\bnext of kin\b/i
-##} HK_SCAM_N2
-##{ HK_SCAM_N3
-body		HK_SCAM_N3		/\bdirect telephone numbers?\b/i
-##} HK_SCAM_N3
-##{ HK_SCAM_N8
-body		HK_SCAM_N8		/\byour compensation\b/i
-##} HK_SCAM_N8
-##{ HK_SPAMMY_FILENAME ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-meta		HK_SPAMMY_FILENAME	__HK_SPAMMY_CTFN || __HK_SPAMMY_CDFN
-endif
-##} HK_SPAMMY_FILENAME ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ HTML_OFF_PAGE
-meta        HTML_OFF_PAGE     __HTML_OFF_PAGE && !__RP_MATCHES_RCVD && !__LONGLINE && !__DKIM_EXISTS
-describe    HTML_OFF_PAGE     HTML element rendered well off the displayed page
-#score       HTML_OFF_PAGE     2.000	# limit
-tflags      HTML_OFF_PAGE     publish
-##} HTML_OFF_PAGE
-##{ HTTPS_HTTP_MISMATCH ifplugin Mail::SpamAssassin::Plugin::HTTPSMismatch
-ifplugin Mail::SpamAssassin::Plugin::HTTPSMismatch
-body  HTTPS_HTTP_MISMATCH eval:check_https_http_mismatch('1','10')
-endif
-##} HTTPS_HTTP_MISMATCH ifplugin Mail::SpamAssassin::Plugin::HTTPSMismatch
-##{ JM_I_FEEL_LUCKY
-uri JM_I_FEEL_LUCKY         /(?:\&|\?)btnI=ec(?:$|\&)/
-tflags JM_I_FEEL_LUCKY  publish     # low hitrate, but always a good sign
-##} JM_I_FEEL_LUCKY
-##{ JM_RCVD_QMAILV1
-header JM_RCVD_QMAILV1     Received =~ /by \S+ \(Qmailv1\) with ESMTP/
-##} JM_RCVD_QMAILV1
-##{ JM_TORA_XM
-meta JM_TORA_XM     (__MAILER_OL_6626 && __MOLE_2962 && __NAKED_TO)
-##} JM_TORA_XM
-##{ KB_DATE_CONTAINS_TAB
-meta     KB_DATE_CONTAINS_TAB  __KB_DATE_CONTAINS_TAB && !__ML_TURNS_SP_TO_TAB
-#score	 KB_DATE_CONTAINS_TAB  0.5
-##} KB_DATE_CONTAINS_TAB
-##{ KB_FAKED_THE_BAT
-meta     KB_FAKED_THE_BAT      (__THEBAT_MUA && KB_DATE_CONTAINS_TAB)
-##} KB_FAKED_THE_BAT
-##{ KB_RATWARE_BOUNDARY
-meta   KB_RATWARE_BOUNDARY   __RATWARE_BOUND_A || __RATWARE_BOUND_B
-##} KB_RATWARE_BOUNDARY
-##{ KB_RATWARE_MSGID
-meta   KB_RATWARE_MSGID        (__KB_MSGID_OUTLOOK_888 && __ANY_OUTLOOK_MUA)
-##} KB_RATWARE_MSGID
-##{ KB_RATWARE_OUTLOOK_08
-header  KB_RATWARE_OUTLOOK_08  ALL =~ /^Message-Id: <....([0-9a-f]{8})\$[0-9a-f]{8}\$.{100,400}boundary="----=_NextPart_000_...._\1\./msi  # "
-##} KB_RATWARE_OUTLOOK_08
-##{ KB_RATWARE_OUTLOOK_12
-header  KB_RATWARE_OUTLOOK_12  ALL =~ /^Message-Id: <....([0-9a-f]{8})\$([0-9a-f]{4})[0-9a-f]{4}\$.{100,400}boundary="----=_NextPart_000_...._\1\.\2/msi  # "
-##} KB_RATWARE_OUTLOOK_12
-##{ KB_RATWARE_OUTLOOK_16
-header  KB_RATWARE_OUTLOOK_16  ALL =~ /^Message-Id: <....([0-9a-f]{8})\$([0-9a-f]{8})\$.{100,400}boundary="----=_NextPart_000_...._\1\.\2/msi  # "
-##} KB_RATWARE_OUTLOOK_16
-##{ KB_RATWARE_OUTLOOK_MID
-header  KB_RATWARE_OUTLOOK_MID  ALL =~ /^Message-Id: <....([0-9a-f]{8})\$([0-9a-f]{8})\$[0-9a-f]{8}\@.{100,400}boundary="----=_NextPart_000_...._\1\.\2"/msi
-##} KB_RATWARE_OUTLOOK_MID
-##{ LIST_PRTL_PUMPDUMP
-meta        LIST_PRTL_PUMPDUMP     __LIST_PRTL_PUMPDUMP && !__DKIM_EXISTS
-describe    LIST_PRTL_PUMPDUMP     Incomplete List-* headers and stock pump-and-dump
-#score       LIST_PRTL_PUMPDUMP     2.000   # limit
-tflags      LIST_PRTL_PUMPDUMP     publish
-##} LIST_PRTL_PUMPDUMP
-##{ LIST_PRTL_SAME_USER
-meta        LIST_PRTL_SAME_USER    __LIST_PRTL_SAME_USER && !__BUGGED_IMG && !__DKIM_EXISTS && !__RP_MATCHES_RCVD && !__HAS_ERRORS_TO
-describe    LIST_PRTL_SAME_USER    Incomplete List-* headers and from+to user the same
-#score       LIST_PRTL_SAME_USER    3.000   # limit
-tflags      LIST_PRTL_SAME_USER    publish
-##} LIST_PRTL_SAME_USER
-##{ LIVEFILESTORE
-uri  LIVEFILESTORE       m~livefilestore.com/~
-##} LIVEFILESTORE
-##{ LONG_HEX_URI
-meta        LONG_HEX_URI      __128_HEX_URI && !__LCL__KAM_BODY_LENGTH_LT_1024
-describe    LONG_HEX_URI      Very long purely hexadecimal URI
-#score       LONG_HEX_URI      3.000	# limit
-tflags      LONG_HEX_URI      publish
-##} LONG_HEX_URI
-##{ LONG_IMG_URI
-meta        LONG_IMG_URI        __45_ALNUM_IMG && !ALL_TRUSTED && !__HAS_ERRORS_TO
-describe    LONG_IMG_URI        Image URI with very long path component - web bug?
-#score       LONG_IMG_URI        3.000	# limit
-tflags      LONG_IMG_URI        publish
-##} LONG_IMG_URI
-##{ LONG_TERM_PRICE
-body LONG_TERM_PRICE  /long\W+term\W+(target|projected)(\W+price)?/i
-##} LONG_TERM_PRICE
-##{ LOOPHOLE_1
-body		LOOPHOLE_1	/loop-?hole in the banking/i
-describe	LOOPHOLE_1	A loop hole in the banking laws?
-##} LOOPHOLE_1
-##{ LOTS_OF_MONEY ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  meta     LOTS_OF_MONEY    (__LOTSA_MONEY_00 || __LOTSA_MONEY_01 || __LOTSA_MONEY_02 || __LOTSA_MONEY_03 || __LOTSA_MONEY_04 || __LOTSA_MONEY_05) && !__TRAVEL_ITINERARY
-  describe LOTS_OF_MONEY    Huge... sums of money
-#  score    LOTS_OF_MONEY    0.01
-  tflags   LOTS_OF_MONEY    publish
-endif
-##} LOTS_OF_MONEY ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ LOTTERY_1
-meta LOTTERY_1      (__DBLCLAIM && __CASHPRZ)
-##} LOTTERY_1
-##{ LOTTERY_PH_004470
-meta LOTTERY_PH_004470  (__AFF_004470_NUMBER && __AFF_LOTTERY)
-##} LOTTERY_PH_004470
-##{ LOTTO_AGENT
-meta     LOTTO_AGENT      __LOTTO_AGENT && !__HAS_IN_REPLY_TO && !__THREADED && !__TO_YOUR_ORG && !__DKIM_EXISTS && !__TRAVEL_ITINERARY && !__AUTO_ACCIDENT
-describe LOTTO_AGENT      Claims Agent
-#score    LOTTO_AGENT      2.50		# limit
-##} LOTTO_AGENT
-##{ LOTTO_DEPT
-meta     LOTTO_DEPT       __LOTTO_DEPT && !__COMMENT_EXISTS && !__HAS_IN_REPLY_TO && !__THREADED && !__VIA_ML && !__TO_YOUR_ORG && !__TRAVEL_ITINERARY && !__AUTO_ACCIDENT
-describe LOTTO_DEPT       Claims Department
-#score    LOTTO_DEPT       2.00		# limit
-##} LOTTO_DEPT
-##{ LUCRATIVE
-meta     LUCRATIVE        __LUCRATIVE && !ALL_TRUSTED && !__ANY_TEXT_ATTACH && !__REPLYTO_EXISTS && !__LCL__ENV_AND_HDR_FROM_MATCH
-describe LUCRATIVE        Make lots of money!
-#score    LUCRATIVE        2.00	# limit
-tflags   LUCRATIVE        publish
-##} LUCRATIVE
-##{ L_SPAM_TOOL_13
-header L_SPAM_TOOL_13   Date =~ /\s[+-]\d(?![2358]45)\d[124-9]\d$/
-##} L_SPAM_TOOL_13
-##{ MAILER_EQ_ORG
-meta           MAILER_EQ_ORG         __MUA_EQ_ORG_1 || __MUA_EQ_ORG_2
-describe       MAILER_EQ_ORG         X-Mailer: same as Organization:
-##} MAILER_EQ_ORG
-##{ MANY_SPAN_IN_TEXT
-meta           MANY_SPAN_IN_TEXT   __MANY_SPAN_IN_TEXT && !__VIA_ML
-describe       MANY_SPAN_IN_TEXT   Many <SPAN> tags embedded within text
-tflags         MANY_SPAN_IN_TEXT   publish
-##} MANY_SPAN_IN_TEXT
-##{ MID_DEGREES
-header MID_DEGREES  Message-ID =~ /^<\d{14}\.[A-F0-9]{10}\@[A-Z0-9]+>$/
-##} MID_DEGREES
-##{ MIME_BOUND_EQ_REL
-header MIME_BOUND_EQ_REL    Content-Type =~ /boundary="=====================_\d+==\.REL"/s
-##} MIME_BOUND_EQ_REL
-##{ MIME_NO_TEXT ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  meta        MIME_NO_TEXT      __MIME_NO_TEXT && !ALL_TRUSTED && !__MSGID_APPLEMAIL && !__USER_AGENT_APPLEMAIL && !__HAS_IN_REPLY_TO && !__HAS_X_REF && !__HS_SUBJ_RE_FW && !__LCL__ENV_AND_HDR_FROM_MATCH
-#  score       MIME_NO_TEXT      2.00	# limit
-  describe    MIME_NO_TEXT      No (properly identified) text body parts
-  tflags      MIME_NO_TEXT      publish
-endif
-##} MIME_NO_TEXT ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ MIME_PHP_NO_TEXT ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  meta        MIME_PHP_NO_TEXT  (MIME_NO_TEXT && __PHP_MUA)
-  describe    MIME_PHP_NO_TEXT  No text body parts, X-Mailer: PHP
-endif
-##} MIME_PHP_NO_TEXT ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ MONEY_ATM_CARD
-meta     MONEY_ATM_CARD   __MONEY_ATM_CARD && !__COMMENT_EXISTS && !__TAG_EXISTS_STYLE
-describe MONEY_ATM_CARD   Lots of money on an ATM card
-##} MONEY_ATM_CARD
-##{ MONEY_BARRISTER
-meta     MONEY_BARRISTER  __BARRISTER && LOTS_OF_MONEY
-describe MONEY_BARRISTER  Lots of money from a UK lawyer
-#score    MONEY_BARRISTER  1.000   # limit
-##} MONEY_BARRISTER
-##{ MONEY_FORM
-meta     MONEY_FORM          __MONEY_FORM && !__FB_TOUR && !__FM_MY_PRICE && !__FR_SPACING_8 && !__COMMENT_EXISTS && !__CAN_HELP
-describe MONEY_FORM          Lots of money if you fill out a form
-##} MONEY_FORM
-##{ MONEY_FORM_SHORT
-meta     MONEY_FORM_SHORT    __MONEY_FORM_SHORT && !__DOS_HAS_LIST_UNSUB && !__VIA_ML && !__HTML_LINK_IMAGE && !__UPPERCASE_URI && !__THREADED && !__COMMENT_EXISTS && !__TAG_EXISTS_CENTER && !__THREAD_INDEX_GOOD
-describe MONEY_FORM_SHORT    Lots of money if you fill out a short form
-#score    MONEY_FORM_SHORT    2.500	# limit
-##} MONEY_FORM_SHORT
-##{ MONEY_FRAUD_3
-meta     MONEY_FRAUD_3    (__MONEY_FRAUD_3 && !__MONEY_FRAUD_5 && !__MONEY_FRAUD_8 && !__ADVANCE_FEE_3_NEW_MONEY) && !__COMMENT_EXISTS && !__TAG_EXISTS_CENTER && !__IS_EXCH && !__VIA_ML && !__HAS_THREAD_INDEX && !__UNSUB_LINK && !__DOS_HAS_LIST_UNSUB && !__HTML_LINK_IMAGE && !__THREADED && !__DOS_BODY_THU && !__URL_SHORTENER && !__TAG_EXISTS_STYLE
-describe MONEY_FRAUD_3    Lots of money and several fraud phrases
-tflags   MONEY_FRAUD_3    publish
-##} MONEY_FRAUD_3
-##{ MONEY_FRAUD_5
-meta     MONEY_FRAUD_5    (__MONEY_FRAUD_5 && !__MONEY_FRAUD_8 && !__ADVANCE_FEE_5_NEW_MONEY) && !__VIA_ML && !__HAS_THREAD_INDEX && !__COMMENT_EXISTS && !__UNSUB_LINK && !__TAG_EXISTS_CENTER && !__URL_SHORTENER && !__TAG_EXISTS_STYLE
-describe MONEY_FRAUD_5    Lots of money and many fraud phrases
-tflags   MONEY_FRAUD_5    publish
-##} MONEY_FRAUD_5
-##{ MONEY_FRAUD_8
-meta     MONEY_FRAUD_8    __MONEY_FRAUD_8 && !__VIA_ML && !__HAS_THREAD_INDEX && !__BUGGED_IMG
-describe MONEY_FRAUD_8    Lots of money and very many fraud phrases
-tflags   MONEY_FRAUD_8    publish
-##} MONEY_FRAUD_8
-##{ MONEY_FROM_41
-meta            MONEY_FROM_41             __MONEY_FROM_41
-describe        MONEY_FROM_41             Lots of money from Africa
-#score           MONEY_FROM_41             2.00	# limit
-##} MONEY_FROM_41
-##{ MONEY_FROM_MISSP
-meta     MONEY_FROM_MISSP   LOTS_OF_MONEY && __FROM_MISSPACED && !__MIME_QP
-describe MONEY_FROM_MISSP   Lots of money and misspaced From
-#score    MONEY_FROM_MISSP   2.000	# limit
-##} MONEY_FROM_MISSP
-##{ MONEY_LOTTERY
-meta     MONEY_LOTTERY    __MONEY_LOTTERY && !__CAN_HELP && !__HTML_LINK_IMAGE && !__DOS_HAS_LIST_UNSUB && !__MSGID_APPLEMAIL && __THREADED
-describe MONEY_LOTTERY    Lots of money from a lottery
-##} MONEY_LOTTERY
-##{ MSGID_MULTIPLE_AT
-header 		MSGID_MULTIPLE_AT	MESSAGEID =~ /<[^>]*\@[^>]*\@/
-describe 	MSGID_MULTIPLE_AT	Message-ID contains multiple '@' characters
-#score 		MSGID_MULTIPLE_AT	0.001
-##} MSGID_MULTIPLE_AT
-##{ MSGID_NOFQDN1
-meta     MSGID_NOFQDN1    __MSGID_NOFQDN1
-describe MSGID_NOFQDN1    Message-ID with no domain name
-##} MSGID_NOFQDN1
-##{ MSOE_MID_WRONG_CASE
-meta MSOE_MID_WRONG_CASE  (__XM_OUTLOOK_EXPRESS && __MSOE_MID_WRONG_CASE && !__MIMEOLE_1106)
-##} MSOE_MID_WRONG_CASE
-##{ NAME_EMAIL_DIFF
-meta	 NAME_EMAIL_DIFF	__NAME_IS_EMAIL && ! __NAME_EQ_EMAIL
-describe NAME_EMAIL_DIFF	Sender NAME is an unrelated email address
-##} NAME_EMAIL_DIFF
-##{ NSL_RCVD_FROM_USER
-header         NSL_RCVD_FROM_USER       Received =~ /from User [\[\(]/
-describe       NSL_RCVD_FROM_USER       Received from User
-##} NSL_RCVD_FROM_USER
-##{ NSL_RCVD_HELO_USER
-header         NSL_RCVD_HELO_USER       Received =~ /helo[= ]user\)/i
-describe       NSL_RCVD_HELO_USER       Received from HELO User
-##} NSL_RCVD_HELO_USER
-##{ NULL_IN_BODY
-full NULL_IN_BODY       /\x00/
-describe NULL_IN_BODY   Message has NUL (ASCII 0) byte in message
-##} NULL_IN_BODY
-##{ OBFU_JVSCR_ESC
-rawbody     OBFU_JVSCR_ESC         /document\.write\(unescape\("(?:%[0-9a-f]{2}){10}/i
-describe    OBFU_JVSCR_ESC         Injects content using obfuscated javascript
-tflags      OBFU_JVSCR_ESC         publish
-##} OBFU_JVSCR_ESC
-##{ OBFU_TEXT_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   OBFU_TEXT_ATTACH    Content-Type =~ m,\bapplication/octet-stream\b.+\.txt\b,i
-  describe     OBFU_TEXT_ATTACH    Text attachment with non-text MIME type
-  tflags       OBFU_TEXT_ATTACH    publish
-endif
-##} OBFU_TEXT_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ PART_CID_STOCK ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-meta PART_CID_STOCK      (__ANY_IMAGE_ATTACH&&__PART_STOCK_CID&&!__PART_STOCK_CL&&!__PART_STOCK_CD_F)
-describe PART_CID_STOCK  Has a spammy image attachment (by Content-ID)
-endif
-##} PART_CID_STOCK ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ PART_CID_STOCK_LESS ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-meta PART_CID_STOCK_LESS (__ANY_IMAGE_ATTACH&&__PART_CID_STOCK_LESS)
-describe PART_CID_STOCK_LESS Has a spammy image attachment (by Content-ID, more specific)
-endif
-##} PART_CID_STOCK_LESS ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ PDS_FROM_2_EMAILS if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-  meta       PDS_FROM_2_EMAILS        __PDS_FROM_2_EMAILS && !__VIA_ML && !__VIA_RESIGNER && !__CLICK_HERE && !__BUGGED_IMG && !__RP_MATCHES_RCVD
-endif
-##} PDS_FROM_2_EMAILS if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-##{ PP_MIME_FAKE_ASCII_TEXT ifplugin Mail::SpamAssassin::Plugin::MIMEEval if can(Mail::SpamAssassin::Plugin::MIMEEval::has_check_for_ascii_text_illegal)
-ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-  if can(Mail::SpamAssassin::Plugin::MIMEEval::has_check_for_ascii_text_illegal)
-    body     PP_MIME_FAKE_ASCII_TEXT  eval:check_for_ascii_text_illegal()
-    describe PP_MIME_FAKE_ASCII_TEXT  MIME text/plain claims to be ASCII but isn't
-#    score    PP_MIME_FAKE_ASCII_TEXT  1.0
-    tflags   PP_MIME_FAKE_ASCII_TEXT  publish
-endif
-endif
-##} PP_MIME_FAKE_ASCII_TEXT ifplugin Mail::SpamAssassin::Plugin::MIMEEval if can(Mail::SpamAssassin::Plugin::MIMEEval::has_check_for_ascii_text_illegal)
-##{ PP_TOO_MUCH_UNICODE02 ifplugin Mail::SpamAssassin::Plugin::MIMEEval if can(Mail::SpamAssassin::Plugin::MIMEEval::has_check_abundant_unicode_ratio)
-ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-  if can(Mail::SpamAssassin::Plugin::MIMEEval::has_check_abundant_unicode_ratio)
-    body     PP_TOO_MUCH_UNICODE02      eval:check_abundant_unicode_ratio(0.02)
-    describe PP_TOO_MUCH_UNICODE02      Is text/plain but has many unicode escapes
-#    score    PP_TOO_MUCH_UNICODE02      0.5
-    tflags   PP_TOO_MUCH_UNICODE02      publish
-endif
-endif
-##} PP_TOO_MUCH_UNICODE02 ifplugin Mail::SpamAssassin::Plugin::MIMEEval if can(Mail::SpamAssassin::Plugin::MIMEEval::has_check_abundant_unicode_ratio)
-##{ PP_TOO_MUCH_UNICODE05 ifplugin Mail::SpamAssassin::Plugin::MIMEEval if can(Mail::SpamAssassin::Plugin::MIMEEval::has_check_abundant_unicode_ratio)
-ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-  if can(Mail::SpamAssassin::Plugin::MIMEEval::has_check_abundant_unicode_ratio)
-    body     PP_TOO_MUCH_UNICODE05	eval:check_abundant_unicode_ratio(0.05)
-    describe PP_TOO_MUCH_UNICODE05	Is text/plain but has many unicode escapes
-#    score    PP_TOO_MUCH_UNICODE05	1.0
-    tflags   PP_TOO_MUCH_UNICODE05	publish
-endif
-endif
-##} PP_TOO_MUCH_UNICODE05 ifplugin Mail::SpamAssassin::Plugin::MIMEEval if can(Mail::SpamAssassin::Plugin::MIMEEval::has_check_abundant_unicode_ratio)
-##{ PUMPDUMP
-meta        PUMPDUMP          (__PUMPDUMP_01 || __PUMPDUMP_02 || __PUMPDUMP_03 || __PUMPDUMP_04 || __PUMPDUMP_05 || __PUMPDUMP_06 || __PUMPDUMP_07 || __PUMPDUMP_08 || __PUMPDUMP_09 || __PUMPDUMP_10) && !PUMPDUMP_MULTI
-describe    PUMPDUMP          Pump-and-dump stock scam phrase
-#score       PUMPDUMP          1.000	# limit
-tflags      PUMPDUMP          publish
-##} PUMPDUMP
-##{ PUMPDUMP_MULTI
-meta        PUMPDUMP_MULTI    (__PUMPDUMP_01+__PUMPDUMP_02+__PUMPDUMP_03+__PUMPDUMP_04+__PUMPDUMP_05+__PUMPDUMP_06+__PUMPDUMP_07+__PUMPDUMP_08+__PUMPDUMP_09+__PUMPDUMP_10) > 1
-describe    PUMPDUMP_MULTI    Pump-and-dump stock scam phrases
-#score       PUMPDUMP_MULTI    3.500	# limit
-tflags      PUMPDUMP_MULTI    publish
-##} PUMPDUMP_MULTI
-##{ PUMPDUMP_TIP
-meta        PUMPDUMP_TIP      __PD_CNT_1 && __STOCK_TIP
-describe    PUMPDUMP_TIP      Pump-and-dump stock tip
-tflags      PUMPDUMP_TIP      publish
-##} PUMPDUMP_TIP
-##{ RAND_HEADER_MANY
-meta      RAND_HEADER_MANY             __RAND_HEADER > 3
-describe  RAND_HEADER_MANY             Many random gibberish message headers
-#score     RAND_HEADER_MANY             3.500   # limit
-tflags    RAND_HEADER_MANY             publish
-##} RAND_HEADER_MANY
-##{ RCVD_BAD_ID
-header RCVD_BAD_ID      Received =~ /\bid\s+[a-zA-Z0-9_+\/\\,-]+(?:[!"\#\$\%&'()*<=>?\@\[\]^\`{|}~]|;\S)/
-describe RCVD_BAD_ID    Received header contains id field with bad characters
-##} RCVD_BAD_ID
-##{ RCVD_DBL_DQ
-header      RCVD_DBL_DQ                Received =~ /(?:\[\d+\.\d+\.\d+\.\d+\]){2}/
-describe    RCVD_DBL_DQ                Malformatted message header
-tflags      RCVD_DBL_DQ                publish
-##} RCVD_DBL_DQ
-##{ RCVD_FORGED_WROTE
-header RCVD_FORGED_WROTE    Received =~ / by \S+ with esmtp \([^a-z ]{6,} [^a-z ]{3,}\) id/
-describe RCVD_FORGED_WROTE  Forged 'Received' header found ('wrote:' spam)
-##} RCVD_FORGED_WROTE
-##{ RCVD_FORGED_WROTE2
-header RCVD_FORGED_WROTE2 Received =~ /from [0-9.]+ \(HELO \S+[A-Za-z]+\) by (\S+) with esmtp \(\S+\s\S+\) id \S{6}-\S{6}-\S\S for \S+@\1;/s
-##} RCVD_FORGED_WROTE2
-##{ RCVD_IN_BRBL_LASTEXT ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_BRBL_LASTEXT   eval:check_rbl('brbl-lastexternal','bb.barracudacentral.org')
-tflags RCVD_IN_BRBL_LASTEXT   net
-endif
-##} RCVD_IN_BRBL_LASTEXT ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_DNSWL_BLOCKED ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header	RCVD_IN_DNSWL_BLOCKED	eval:check_rbl_sub('dnswl-firsttrusted', '^127\.0\.\d+\.255$')
-describe RCVD_IN_DNSWL_BLOCKED	ADMINISTRATOR NOTICE: The query to DNSWL was blocked.  See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information.
-tflags RCVD_IN_DNSWL_BLOCKED	net noautolearn
-endif
-##} RCVD_IN_DNSWL_BLOCKED ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_DNSWL_HI ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header	RCVD_IN_DNSWL_HI	eval:check_rbl_sub('dnswl-firsttrusted', '^127\.0\.\d+\.3$')
-describe RCVD_IN_DNSWL_HI	Sender listed at http://www.dnswl.org/, high trust
-tflags RCVD_IN_DNSWL_HI		nice net
-endif
-##} RCVD_IN_DNSWL_HI ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_DNSWL_LOW ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header	RCVD_IN_DNSWL_LOW	eval:check_rbl_sub('dnswl-firsttrusted', '^127\.0\.\d+\.1$')
-describe RCVD_IN_DNSWL_LOW	Sender listed at http://www.dnswl.org/, low trust
-tflags RCVD_IN_DNSWL_LOW	nice net
-endif
-##} RCVD_IN_DNSWL_LOW ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_DNSWL_MED ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header	RCVD_IN_DNSWL_MED	eval:check_rbl_sub('dnswl-firsttrusted', '^127\.0\.\d+\.2$')
-describe RCVD_IN_DNSWL_MED	Sender listed at http://www.dnswl.org/, medium trust
-tflags RCVD_IN_DNSWL_MED	nice net
-endif
-##} RCVD_IN_DNSWL_MED ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_DNSWL_NONE ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header	RCVD_IN_DNSWL_NONE	eval:check_rbl_sub('dnswl-firsttrusted', '^127\.0\.\d+\.0$')
-describe RCVD_IN_DNSWL_NONE	Sender listed at http://www.dnswl.org/, no trust
-tflags RCVD_IN_DNSWL_NONE	nice net
-endif
-##} RCVD_IN_DNSWL_NONE ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_DK ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_DK			eval:check_rbl_sub('iadb-firsttrusted', '127.2.255.3')
-describe RCVD_IN_IADB_DK		IADB: Sender publishes Domain Keys record
-tflags RCVD_IN_IADB_DK			net nice
-endif
-##} RCVD_IN_IADB_DK ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_DOPTIN ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_DOPTIN		eval:check_rbl_sub('iadb-firsttrusted', '127.3.100.10')
-describe RCVD_IN_IADB_DOPTIN		IADB: All mailing list mail is confirmed opt-in
-tflags RCVD_IN_IADB_DOPTIN		net nice
-endif
-##} RCVD_IN_IADB_DOPTIN ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_DOPTIN_GT50 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_DOPTIN_GT50		eval:check_rbl_sub('iadb-firsttrusted', '127.3.100.9')
-describe RCVD_IN_IADB_DOPTIN_GT50	IADB: Confirmed opt-in used more than 50% of the time
-tflags RCVD_IN_IADB_DOPTIN_GT50		net nice
-endif
-##} RCVD_IN_IADB_DOPTIN_GT50 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_DOPTIN_LT50 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_DOPTIN_LT50		eval:check_rbl_sub('iadb-firsttrusted', '127.3.100.8')
-describe RCVD_IN_IADB_DOPTIN_LT50	IADB: Confirmed opt-in used less than 50% of the time
-tflags RCVD_IN_IADB_DOPTIN_LT50		net nice
-endif
-##} RCVD_IN_IADB_DOPTIN_LT50 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_EDDB ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_EDDB		eval:check_rbl_sub('iadb-firsttrusted', '127.0.2.1')
-describe RCVD_IN_IADB_EDDB		IADB: Participates in Email Deliverability Database
-tflags RCVD_IN_IADB_EDDB		net nice
-endif
-##} RCVD_IN_IADB_EDDB ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_EPIA ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_EPIA		eval:check_rbl_sub('iadb-firsttrusted', '127.0.2.2')
-describe RCVD_IN_IADB_EPIA		IADB: Member of Email Processing Industry Alliance
-tflags RCVD_IN_IADB_EPIA		net nice
-endif
-##} RCVD_IN_IADB_EPIA ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_GOODMAIL ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_GOODMAIL		eval:check_rbl_sub('iadb-firsttrusted', '127.2.255.103')
-describe RCVD_IN_IADB_GOODMAIL		IADB: Sender has been certified by GoodMail
-tflags RCVD_IN_IADB_GOODMAIL 		net nice
-endif
-##} RCVD_IN_IADB_GOODMAIL ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_LISTED ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_LISTED		eval:check_rbl_sub('iadb-firsttrusted', '^127\.0\.0\.[12]$')
-describe RCVD_IN_IADB_LISTED		Participates in the IADB system
-tflags RCVD_IN_IADB_LISTED		net nice
-endif
-##} RCVD_IN_IADB_LISTED ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_LOOSE ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_LOOSE		eval:check_rbl_sub('iadb-firsttrusted', '127.3.100.4')
-describe RCVD_IN_IADB_LOOSE		IADB: Adds relationship addrs w/out opt-in
-tflags RCVD_IN_IADB_LOOSE		net nice
-endif
-##} RCVD_IN_IADB_LOOSE ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_MI_CPEAR ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_MI_CPEAR		eval:check_rbl_sub('iadb-firsttrusted', '127.101.1.10')
-describe RCVD_IN_IADB_MI_CPEAR		IADB: Complies with Michigan's CPEAR law
-tflags RCVD_IN_IADB_MI_CPEAR		net nice
-endif
-##} RCVD_IN_IADB_MI_CPEAR ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_MI_CPR_30 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_MI_CPR_30		eval:check_rbl_sub('iadb-firsttrusted', '127.101.101.10')
-describe RCVD_IN_IADB_MI_CPR_30		IADB: Checked lists against Michigan's CPR within 30 days
-tflags RCVD_IN_IADB_MI_CPR_30		net nice
-endif
-##} RCVD_IN_IADB_MI_CPR_30 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_MI_CPR_MAT ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_MI_CPR_MAT		eval:check_rbl_sub('iadb-firsttrusted', '127.101.201.10')
-describe RCVD_IN_IADB_MI_CPR_MAT	IADB: Sends no material under Michigan's CPR
-tflags RCVD_IN_IADB_MI_CPR_MAT		net nice
-endif
-##} RCVD_IN_IADB_MI_CPR_MAT ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_ML_DOPTIN ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_ML_DOPTIN		eval:check_rbl_sub('iadb-firsttrusted', '127.3.100.100')
-describe RCVD_IN_IADB_ML_DOPTIN		IADB: Mailing list email only, confirmed opt-in
-tflags RCVD_IN_IADB_ML_DOPTIN		net nice
-endif
-##} RCVD_IN_IADB_ML_DOPTIN ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_NOCONTROL ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_NOCONTROL		eval:check_rbl_sub('iadb-firsttrusted', '127.3.100.0')
-describe RCVD_IN_IADB_NOCONTROL		IADB: Has absolutely no mailing controls in place
-tflags RCVD_IN_IADB_NOCONTROL		net nice
-endif
-##} RCVD_IN_IADB_NOCONTROL ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_OOO ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_OOO			eval:check_rbl_sub('iadb-firsttrusted', '127.3.100.200')
-describe RCVD_IN_IADB_OOO		IADB: One-to-one/transactional email only
-tflags RCVD_IN_IADB_OOO			net nice
-endif
-##} RCVD_IN_IADB_OOO ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_OPTIN ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_OPTIN		eval:check_rbl_sub('iadb-firsttrusted', '127.3.100.7')
-describe RCVD_IN_IADB_OPTIN		IADB: All mailing list mail is opt-in
-tflags RCVD_IN_IADB_OPTIN		net nice
-endif
-##} RCVD_IN_IADB_OPTIN ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_OPTIN_GT50 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_OPTIN_GT50		eval:check_rbl_sub('iadb-firsttrusted', '127.3.100.6')
-describe RCVD_IN_IADB_OPTIN_GT50	IADB: Opt-in used more than 50% of the time
-tflags RCVD_IN_IADB_OPTIN_GT50		net nice
-endif
-##} RCVD_IN_IADB_OPTIN_GT50 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_OPTIN_LT50 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_OPTIN_LT50		eval:check_rbl_sub('iadb-firsttrusted', '127.3.100.5')
-describe RCVD_IN_IADB_OPTIN_LT50	IADB: Opt-in used less than 50% of the time
-tflags RCVD_IN_IADB_OPTIN_LT50		net nice
-endif
-##} RCVD_IN_IADB_OPTIN_LT50 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_OPTOUTONLY ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_OPTOUTONLY		eval:check_rbl_sub('iadb-firsttrusted', '127.3.100.1')
-describe RCVD_IN_IADB_OPTOUTONLY 	IADB: Scrapes addresses, pure opt-out only
-tflags RCVD_IN_IADB_OPTOUTONLY		net nice
-endif
-##} RCVD_IN_IADB_OPTOUTONLY ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_RDNS ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_RDNS		eval:check_rbl_sub('iadb-firsttrusted', '127.2.255.4')
-describe RCVD_IN_IADB_RDNS		IADB: Sender has reverse DNS record
-tflags RCVD_IN_IADB_RDNS		net nice
-endif
-##} RCVD_IN_IADB_RDNS ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_SENDERID ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_SENDERID		eval:check_rbl_sub('iadb-firsttrusted', '127.2.255.2')
-describe RCVD_IN_IADB_SENDERID		IADB: Sender publishes Sender ID record
-tflags RCVD_IN_IADB_SENDERID		net nice
-endif
-##} RCVD_IN_IADB_SENDERID ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_SPF ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_SPF			eval:check_rbl_sub('iadb-firsttrusted', '127.2.255.1')
-describe RCVD_IN_IADB_SPF		IADB: Sender publishes SPF record
-tflags RCVD_IN_IADB_SPF			net nice
-endif
-##} RCVD_IN_IADB_SPF ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_UNVERIFIED_1 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_UNVERIFIED_1	eval:check_rbl_sub('iadb-firsttrusted', '127.3.100.2')
-describe RCVD_IN_IADB_UNVERIFIED_1	IADB: Accepts unverified sign-ups
-tflags RCVD_IN_IADB_UNVERIFIED_1	net nice
-endif
-##} RCVD_IN_IADB_UNVERIFIED_1 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_UNVERIFIED_2 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_UNVERIFIED_2	eval:check_rbl_sub('iadb-firsttrusted', '127.3.100.3')
-describe RCVD_IN_IADB_UNVERIFIED_2	IADB: Accepts unverified sign-ups, gives chance to opt out
-tflags RCVD_IN_IADB_UNVERIFIED_2	net nice
-endif
-##} RCVD_IN_IADB_UNVERIFIED_2 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_UT_CPEAR ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_UT_CPEAR		eval:check_rbl_sub('iadb-firsttrusted', '127.101.2.10')
-describe RCVD_IN_IADB_UT_CPEAR		IADB: Complies with Utah's CPEAR law
-tflags RCVD_IN_IADB_UT_CPEAR		net nice
-endif
-##} RCVD_IN_IADB_UT_CPEAR ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_UT_CPR_30 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_UT_CPR_30		eval:check_rbl_sub('iadb-firsttrusted', '127.101.102.10')
-describe RCVD_IN_IADB_UT_CPR_30		IADB: Checked lists against Utah's CPR within 30 days
-tflags RCVD_IN_IADB_UT_CPR_30		net nice
-endif
-##} RCVD_IN_IADB_UT_CPR_30 ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_IADB_UT_CPR_MAT ifplugin Mail::SpamAssassin::Plugin::DNSEval
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header RCVD_IN_IADB_UT_CPR_MAT		eval:check_rbl_sub('iadb-firsttrusted', '127.101.202.10')
-describe RCVD_IN_IADB_UT_CPR_MAT	IADB: Sends no material under Utah's CPR
-tflags RCVD_IN_IADB_UT_CPR_MAT		net nice
-endif
-##} RCVD_IN_IADB_UT_CPR_MAT ifplugin Mail::SpamAssassin::Plugin::DNSEval
-##{ RCVD_IN_PSBL ifplugin Mail::SpamAssassin::Plugin::DNSEval # {
-ifplugin Mail::SpamAssassin::Plugin::DNSEval # {
-header   RCVD_IN_PSBL  eval:check_rbl('psbl-lastexternal', 'psbl.surriel.com.')
-describe RCVD_IN_PSBL  Received via a relay in PSBL
-tflags   RCVD_IN_PSBL  net
-endif
-##} RCVD_IN_PSBL ifplugin Mail::SpamAssassin::Plugin::DNSEval # {
-##{ RCVD_MAIL_COM
-header RCVD_MAIL_COM        Received =~ /[\s\(\[](?:post|mail)\.com[\s\)\]]/is
-describe RCVD_MAIL_COM      Forged Received header (contains post.com or mail.com)
-##} RCVD_MAIL_COM
-##{ RDNS_LOCALHOST
-header         RDNS_LOCALHOST  X-Spam-Relays-External =~ /^\[ ip=(?!127)\d+\.\d+\.\d+\.\d+ rdns=localhost(?:\.localdomain)? /i
-describe       RDNS_LOCALHOST  Sender's public rDNS is "localhost"
-##} RDNS_LOCALHOST
-##{ REPLYTO_WITHOUT_TO_CC
-meta REPLYTO_WITHOUT_TO_CC     (__REPLYTO_EXISTS && !__TOCC_EXISTS)
-##} REPLYTO_WITHOUT_TO_CC
-##{ RISK_FREE
-meta     RISK_FREE      __FRAUD_IOV && !__UNSUB_LINK && !__VIA_ML && !__HTML_LINK_IMAGE && !__SUBSCRIPTION_INFO && !__HS_SUBJ_RE_FW && !__LCL__ENV_AND_HDR_FROM_MATCH
-describe RISK_FREE      No risk!
-##} RISK_FREE
-##{ SB_GIF_AND_NO_URIS
-meta SB_GIF_AND_NO_URIS (__GIF_ATTACH&&!__HAS_ANY_URI&&!__HAS_ANY_EMAIL)
-##} SB_GIF_AND_NO_URIS
-##{ SERGIO_SUBJECT_PORN014
-header   SERGIO_SUBJECT_PORN014     Subject =~ /f[^a-zA-Z0-9]{0,3}[uv][^a-zA-Z0-9]{0,3}c[^a-zA-Z0-9]{0,3}k/i
-describe SERGIO_SUBJECT_PORN014     F\*\*\* garbled subject
-##} SERGIO_SUBJECT_PORN014
-##{ SERGIO_SUBJECT_VIAGRA01
-header   SERGIO_SUBJECT_VIAGRA01   Subject =~ /v[^a-zA-Z0-9]{0,3}[i1l][^a-zA-Z0-9]{0,3}a[^a-zA-Z0-9 ]{0,3}g[^a-zA-Z0-9]{0,3}r[^a-zA-Z0-9]{0,3}a/i
-describe SERGIO_SUBJECT_VIAGRA01   Viagra garbled subject
-##} SERGIO_SUBJECT_VIAGRA01
-##{ SHARE_50_50
-meta     SHARE_50_50     (__SHARE_IT || __AGREED_RATIO) && __FIFTY_FIFTY
-describe SHARE_50_50     Share the money 50/50
-##} SHARE_50_50
-##{ SHORTENED_URL_SRC
-rawbody	 SHORTENED_URL_SRC	/<[^>]{1,99}\ssrc=\W?http:\/\/(?:bit\.ly|tinyurl\.com|ow\.ly|is\.gd|tumblr\.com|formspring\.me|ff\.im|youtu\.be|tl\.gd|plurk\.com|migre\.me|j\.mp|cli\.gs|goo\.gl|yfrog\.com|lnk\.ms|su\.pr|fb\.me|alturl\.com|wp\.me|ping\.fm|chatter\.com|post\.ly|twurl\.nl|tiny\.cc|4sq\.com|ustre\.am|short\.to|u\.nu|flic\.kr|budurl\.com|digg\.com|twitvid\.com|gowal\.la|om\.ly|justin\.tv|icio\.us|p\.gs|loopt\.us|tcrn\.ch|xrl\.us|wpo\.st|bkite\.com)\/[^\/]{3}/
-##} SHORTENED_URL_SRC
-##{ SHORT_HELO_AND_INLINE_IMAGE
-meta SHORT_HELO_AND_INLINE_IMAGE     (__HELO_NO_DOMAIN && __ANY_IMAGE_ATTACH)
-describe SHORT_HELO_AND_INLINE_IMAGE    Short HELO string, with inline image
-##} SHORT_HELO_AND_INLINE_IMAGE
-##{ SHORT_TERM_PRICE
-body SHORT_TERM_PRICE /short\W+term\W+(target|projected)(\W+price)?/i
-##} SHORT_TERM_PRICE
-##{ SINGLETS_LOW_CONTRAST
-meta      SINGLETS_LOW_CONTRAST         __HTML_SINGLET_MANY && __HTML_FONT_LOW_CONTRAST_MINFP
-describe  SINGLETS_LOW_CONTRAST         Single-letter formatted HTML + hidden text
-tflags    SINGLETS_LOW_CONTRAST         publish
-##} SINGLETS_LOW_CONTRAST
-##{ SPAMMY_XMAILER
-meta SPAMMY_XMAILER (__XM_OL_28001441||__XM_OL_48072300||__XM_OL_28004682||__XM_OL_10_0_4115||__XM_OL_4_72_2106_4)
-describe SPAMMY_XMAILER X-Mailer string is common in spam and not in ham
-##} SPAMMY_XMAILER
-##{ STOCK_IMG_CTYPE
-meta STOCK_IMG_CTYPE (__ANY_IMAGE_ATTACH&&__ENV_AND_HDR_FROM_MATCH&&__CTYPE_ONETAB_GIF&&__HTML_IMG_ONLY)
-describe STOCK_IMG_CTYPE  Stock spam image part, with distinctive Content-Type header
-##} STOCK_IMG_CTYPE
-##{ STOCK_IMG_HDR_FROM
-meta STOCK_IMG_HDR_FROM  (__ANY_IMAGE_ATTACH&&__ENV_AND_HDR_FROM_MATCH&&__TVD_FW_GRAPHIC_ID1&&__HTML_IMG_ONLY)
-describe STOCK_IMG_HDR_FROM Stock spam image part, with distinctive From line
-##} STOCK_IMG_HDR_FROM
-##{ STOCK_IMG_HTML
-meta STOCK_IMG_HTML  (__ANY_IMAGE_ATTACH&&__ENV_AND_HDR_FROM_MATCH&&__PART_STOCK_CID&&__HTML_IMG_ONLY)
-describe STOCK_IMG_HTML   Stock spam image part, with distinctive HTML
-##} STOCK_IMG_HTML
-##{ STOCK_IMG_OUTLOOK
-meta STOCK_IMG_OUTLOOK  (__ANY_IMAGE_ATTACH&&__ENV_AND_HDR_FROM_MATCH&&__XM_MS_IN_GENERAL&&__HTML_LENGTH_1536_2048)
-describe STOCK_IMG_OUTLOOK  Stock spam image part, with Outlook-like features
-##} STOCK_IMG_OUTLOOK
-##{ STOCK_LOW_CONTRAST
-meta        STOCK_LOW_CONTRAST    (__HTML_FONT_LOW_CONTRAST_MINFP && __FB_S_STOCK) && !__BUGGED_IMG
-describe    STOCK_LOW_CONTRAST    Stocks + hidden text
-#score       STOCK_LOW_CONTRAST    2.500   # limit
-tflags      STOCK_LOW_CONTRAST    publish
-##} STOCK_LOW_CONTRAST
-##{ STOCK_PRICES
-meta STOCK_PRICES (SHORT_TERM_PRICE && LONG_TERM_PRICE)
-##} STOCK_PRICES
-##{ STOX_AND_PRICE
-meta STOX_AND_PRICE     CURR_PRICE && STOX_REPLY_TYPE
-##} STOX_AND_PRICE
-##{ STOX_REPLY_TYPE
-header STOX_REPLY_TYPE  Content-Type =~ /text\/plain; .* reply-type=original/
-##} STOX_REPLY_TYPE
-##{ STOX_REPLY_TYPE_WITHOUT_QUOTES
-meta STOX_REPLY_TYPE_WITHOUT_QUOTES (STOX_REPLY_TYPE && !(__HS_SUBJ_RE_FW || __HS_QUOTE))
-##} STOX_REPLY_TYPE_WITHOUT_QUOTES
-##{ STYLE_GIBBERISH
-meta           STYLE_GIBBERISH          __STYLE_GIBBERISH && (__BODY_XHTML || !__STYLE_TAG_IN_BODY) && !__RCD_RDNS_MX_MESSY && !__HAS_THREAD_INDEX && !__ANY_OUTLOOK_MUA && !__MIME_QP && !ALL_TRUSTED
-describe       STYLE_GIBBERISH          Nonsense in HTML <STYLE> tag
-#score          STYLE_GIBBERISH          3.50	# limit
-tflags         STYLE_GIBBERISH          publish
-##} STYLE_GIBBERISH
-##{ SUBJECT_NEEDS_ENCODING
-meta SUBJECT_NEEDS_ENCODING    (!__SUBJECT_ENCODED_B64 && !__SUBJECT_ENCODED_QP) && __SUBJECT_NEEDS_MIME
-describe SUBJECT_NEEDS_ENCODING  Subject is encoded but does not specify the encoding
-##} SUBJECT_NEEDS_ENCODING
-##{ SYSADMIN
-meta        SYSADMIN             __SYSADMIN && !ALL_TRUSTED && !__ANY_TEXT_ATTACH && !__DKIM_EXISTS && !__LCL__ENV_AND_HDR_FROM_MATCH && !__MSGID_OK_DIGITS
-describe    SYSADMIN             Supposedly from your IT department
-#score       SYSADMIN             3.500	# limit
-tflags      SYSADMIN             publish
-##} SYSADMIN
-##{ TAB_IN_FROM
-meta		TAB_IN_FROM		__TAB_IN_FROM && !__ML_TURNS_SP_TO_TAB
-describe	TAB_IN_FROM		From starts with a tab
-#score		TAB_IN_FROM		0.5
-##} TAB_IN_FROM
-##{ TBIRD_SUSP_MIME_BDRY
-meta           TBIRD_SUSP_MIME_BDRY  __MUA_TBIRD && __TB_MIME_BDRY_NO_Z
-describe       TBIRD_SUSP_MIME_BDRY  Unlikely Thunderbird MIME boundary
-##} TBIRD_SUSP_MIME_BDRY
-##{ TEQF_USR_IMAGE
-meta      TEQF_USR_IMAGE                __TO_EQ_FROM_USR_NN_MINFP && __ANY_IMAGE_ATTACH
-describe  TEQF_USR_IMAGE                To and from user nearly same + image
-tflags    TEQF_USR_IMAGE                publish
-##} TEQF_USR_IMAGE
-##{ TEQF_USR_MSGID_HEX
-meta      TEQF_USR_MSGID_HEX            __TO_EQ_FROM_USR_NN_MINFP && __MSGID_OK_HEX && !__MSGID_NOFQDN2
-describe  TEQF_USR_MSGID_HEX            To and from user nearly same + unusual message ID
-tflags    TEQF_USR_MSGID_HEX            publish
-##} TEQF_USR_MSGID_HEX
-##{ TEQF_USR_MSGID_MALF
-meta      TEQF_USR_MSGID_MALF           __TO_EQ_FROM_USR_NN_MINFP && __MSGID_NOFQDN2
-describe  TEQF_USR_MSGID_MALF           To and from user nearly same + malformed message ID
-tflags    TEQF_USR_MSGID_MALF           publish
-##} TEQF_USR_MSGID_MALF
-##{ THEBAT_UNREG
-header  THEBAT_UNREG  X-Mailer =~ /^The Bat! .{0,20} UNREG$/
-##} THEBAT_UNREG
-##{ THIS_AD
-meta        THIS_AD           __THIS_AD && !__MOZILLA_MSGID && !__FROM_ENCODED_QP && !__CR_IN_SUBJ && !__RP_MATCHES_RCVD
-describe    THIS_AD           "This ad" and variants
-tflags      THIS_AD           publish
-##} THIS_AD
-##{ TO_EQ_FM_DOM_SPF_FAIL ifplugin Mail::SpamAssassin::Plugin::SPF
-ifplugin Mail::SpamAssassin::Plugin::SPF
-  meta           TO_EQ_FM_DOM_SPF_FAIL    __TO_EQ_FM_DOM_SPF_FAIL && !__THREADED && !ALL_TRUSTED
-  describe       TO_EQ_FM_DOM_SPF_FAIL    To domain == From domain and external SPF failed
-  tflags         TO_EQ_FM_DOM_SPF_FAIL    net
-endif
-##} TO_EQ_FM_DOM_SPF_FAIL ifplugin Mail::SpamAssassin::Plugin::SPF
-##{ TO_EQ_FM_SPF_FAIL ifplugin Mail::SpamAssassin::Plugin::SPF
-ifplugin Mail::SpamAssassin::Plugin::SPF
-  meta           TO_EQ_FM_SPF_FAIL    __TO_EQ_FM_SPF_FAIL && !__THREADED && !ALL_TRUSTED
-  describe       TO_EQ_FM_SPF_FAIL    To == From and external SPF failed
-  tflags         TO_EQ_FM_SPF_FAIL    net
-endif
-##} TO_EQ_FM_SPF_FAIL ifplugin Mail::SpamAssassin::Plugin::SPF
-##{ TO_IN_SUBJ
-meta           TO_IN_SUBJ           __TO_IN_SUBJ && !__VIA_ML && !MISSING_MIMEOLE && !__THREAD_INDEX_GOOD && !__FSL_RELAY_GOOGLE && !__LCL__ENV_AND_HDR_FROM_MATCH && !__HS_SUBJ_RE_FW
-describe       TO_IN_SUBJ           To address is in Subject
-tflags         TO_IN_SUBJ           publish
-#score          TO_IN_SUBJ           0.1
-##} TO_IN_SUBJ
-##{ TO_NO_BRKTS_FROM_MSSP
-meta       TO_NO_BRKTS_FROM_MSSP     __TO_NO_BRKTS_FROM_RUNON && !__RCD_RDNS_MTA_MESSY && !__CTYPE_MULTIPART_ALT && !__REPTO_QUOTE && !__MIME_QP && !__TO___LOWER && !__BUGGED_IMG && !__SUBJECT_ENCODED_QP && !__VIA_ML && !__FR_SPACING_8 && !__TAG_EXISTS_CENTER && !__RCVD_ZIXMAIL && !__RP_MATCHES_RCVD && !__HAS_SENDER
-#score      TO_NO_BRKTS_FROM_MSSP     2.50	# max
-describe   TO_NO_BRKTS_FROM_MSSP     Multiple formatting errors
-##} TO_NO_BRKTS_FROM_MSSP
-##{ TO_NO_BRKTS_HTML_IMG
-meta       TO_NO_BRKTS_HTML_IMG    __TO_NO_BRKTS_HTML_IMG && !__FM_TO_ALL_NUMS && !__FROM_FULL_NAME && !__HAS_THREAD_INDEX && !__DKIM_EXISTS && !__HAS_SENDER && !__THREADED && !__LONGLINE
-describe   TO_NO_BRKTS_HTML_IMG    To: misformatted and HTML and one image
-#score      TO_NO_BRKTS_HTML_IMG    2.000   # limit
-tflags     TO_NO_BRKTS_HTML_IMG    publish
-##} TO_NO_BRKTS_HTML_IMG
-##{ TO_NO_BRKTS_HTML_ONLY
-meta       TO_NO_BRKTS_HTML_ONLY   __TO_NO_BRKTS_HTML_ONLY && !RDNS_NONE && !__MIME_QP && !__MSGID_JAVAMAIL && !__CTYPE_CHARSET_QUOTED && !__SUBJECT_ENCODED_B64 && !__VIA_ML && !__MSGID_BEFORE_RECEIVED && !__MIME_BASE64 && !__RCD_RDNS_MAIL_MESSY && !__COMMENT_EXISTS && !LOTS_OF_MONEY && !__TAG_EXISTS_CENTER && !__UPPERCASE_URI && !__UNSUB_LINK && !__RCD_RDNS_MX_MESSY && !__DKIM_EXISTS && !__BUGGED_IMG && !__FM_TO_ALL_NUMS && !__URI_12LTRDOM && !__RDNS_NO_SUBDOM && !__HDRS_LCASE && !__LCL__ENV_AND_HDR_FROM_MATCH
-#score      TO_NO_BRKTS_HTML_ONLY   2.00	# limit
-describe   TO_NO_BRKTS_HTML_ONLY   To: misformatted and HTML only
-tflags     TO_NO_BRKTS_HTML_ONLY   publish
-##} TO_NO_BRKTS_HTML_ONLY
-##{ TO_NO_BRKTS_MSFT
-meta       TO_NO_BRKTS_MSFT         __TO_NO_BRKTS_MSFT && !__VIA_ML && !__LYRIS_EZLM_REMAILER && !__THREAD_INDEX_GOOD && !__IS_EXCH && !__UNSUB_LINK && !__NOT_SPOOFED && !__DOS_HAS_LIST_UNSUB && !__NAME_EQ_EMAIL && !__SUBJECT_ENCODED_QP && !__THREADED && !__HAS_THREAD_INDEX && !__HAS_X_REF && !__HAS_IN_REPLY_TO && !__FROM_ENCODED_QP && !__RP_MATCHES_RCVD
-describe   TO_NO_BRKTS_MSFT         To: misformatted and supposed Microsoft tool
-#score      TO_NO_BRKTS_MSFT         2.50	# limit
-##} TO_NO_BRKTS_MSFT
-##{ TO_NO_BRKTS_NORDNS_HTML
-meta       TO_NO_BRKTS_NORDNS_HTML      __TO_NO_BRKTS_NORDNS_HTML && !ALL_TRUSTED && !__MSGID_JAVAMAIL && !__MSGID_BEFORE_RECEIVED && !__VIA_ML && !__UA_MUTT && !__COMMENT_EXISTS && !__HTML_LENGTH_384 && !__MIME_BASE64 && !__UPPERCASE_URI && !__TO___LOWER && !__TAG_EXISTS_CENTER && !__LONGLINE && !__DKIM_EXISTS
-#score      TO_NO_BRKTS_NORDNS_HTML      2.00	# limit
-describe   TO_NO_BRKTS_NORDNS_HTML      To: misformatted and no rDNS and HTML only
-tflags     TO_NO_BRKTS_NORDNS_HTML      publish
-##} TO_NO_BRKTS_NORDNS_HTML
-##{ TO_NO_BRKTS_PCNT
-meta       TO_NO_BRKTS_PCNT         __TO_NO_BRKTS_PCNT && !__SUBJECT_ENCODED_B64 && !__DOS_HAS_LIST_UNSUB && !__VIA_ML && !__ISO_2022_JP_DELIM && !__IMS_MSGID && !__THREAD_INDEX_GOOD && !__RCD_RDNS_MX_MESSY && !__UNSUB_LINK && !__LONGLINE && !URI_HEX && !__RP_MATCHES_RCVD && !__MAIL_LINK && !__BUGGED_IMG && !__MIME_QP && !__COMMENT_EXISTS && !__TAG_EXISTS_STYLE && !__LCL__ENV_AND_HDR_FROM_MATCH && !__HAS_X_MAILER && !__HTML_LINK_IMAGE && !__SENDER_BOT && !__DKIM_EXISTS && !__KHOP_NO_FULL_NAME && !__THREADED
-describe   TO_NO_BRKTS_PCNT         To: misformatted + percentage
-#score      TO_NO_BRKTS_PCNT         2.50	# limit
-tflags     TO_NO_BRKTS_PCNT         publish
-##} TO_NO_BRKTS_PCNT
-##{ TT_MSGID_TRUNC
-header TT_MSGID_TRUNC   Message-Id =~ /^\s*<?[^<>\s]+\[\d+$/
-describe TT_MSGID_TRUNC Scora: Message-Id ends after left-bracket + digits
-##} TT_MSGID_TRUNC
-##{ TT_OBSCURED_VALIUM
-meta TT_OBSCURED_VALIUM         ( __TT_BROKEN_VALIUM || __TT_OBSCURED_VALIUM ) && ! __TT_VALIUM
-describe TT_OBSCURED_VALIUM     Scora: obscured "VALIUM" in subject
-##} TT_OBSCURED_VALIUM
-##{ TT_OBSCURED_VIAGRA
-meta TT_OBSCURED_VIAGRA         ( __TT_BROKEN_VIAGRA || __TT_OBSCURED_VIAGRA ) && ! __TT_VIAGRA
-describe TT_OBSCURED_VIAGRA     Scora: obscured "VIAGRA" in subject
-##} TT_OBSCURED_VIAGRA
-##{ TVD_ACT_193
-body TVD_ACT_193                /\bact of (?:193|nineteen thirty)/i
-describe TVD_ACT_193            Message refers to an act passed in the 1930s
-##} TVD_ACT_193
-##{ TVD_APPROVED
-body TVD_APPROVED               /you.{1,2}re .{0,20}approved/i
-describe TVD_APPROVED           Body states that the recipient has been approved
-##} TVD_APPROVED
-##{ TVD_DEAR_HOMEOWNER
-body TVD_DEAR_HOMEOWNER         /^dear homeowner/i
-describe TVD_DEAR_HOMEOWNER     Spam with generic salutation of "dear homeowner"
-##} TVD_DEAR_HOMEOWNER
-##{ TVD_EB_PHISH
-meta TVD_EB_PHISH	__FROM_EBAY && NORMAL_HTTP_TO_IP
-##} TVD_EB_PHISH
-##{ TVD_ENVFROM_APOST
-header TVD_ENVFROM_APOST        EnvelopeFrom =~ /\'/
-describe TVD_ENVFROM_APOST      Envelope From contains single-quote
-##} TVD_ENVFROM_APOST
-##{ TVD_FINGER_02
-header TVD_FINGER_02    Content-Type =~ /^text\/plain(?:; (?:format=flowed|charset="Windows-1252"|reply-type=original)){3}/i
-##} TVD_FINGER_02
-##{ TVD_FLOAT_GENERAL
-rawbody TVD_FLOAT_GENERAL       /\bstyle\s*=\s*"[^"]*\bfloat\s*:\s*[a-z]+\s*">\s*[a-zA-Z]+\s*</i
-describe TVD_FLOAT_GENERAL      Message uses CSS float style
-##} TVD_FLOAT_GENERAL
-##{ TVD_FROM_1
-header TVD_FROM_1       From:addr =~ /[^\@0-9]{2}\d{3}\.(?:com|net|org|info|biz)$/i
-#score  TVD_FROM_1	1.0
-describe TVD_FROM_1  From address appears to be a throwaway domain
-##} TVD_FROM_1
-##{ TVD_FUZZY_DEGREE ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-body TVD_FUZZY_DEGREE   /<inter W1><post P1>\b(?!degree)<D><E><G><R><E><E>\b/i
-describe TVD_FUZZY_DEGREE  Obfuscation of the word "degree"
-endif
-##} TVD_FUZZY_DEGREE ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ TVD_FUZZY_FINANCE ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-body TVD_FUZZY_FINANCE  /(?!finance)<F><I><N><A><N><C><E>/i
-describe TVD_FUZZY_FINANCE  Obfuscation of the word "finance"
-endif
-##} TVD_FUZZY_FINANCE ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ TVD_FUZZY_FIXED_RATE ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-body TVD_FUZZY_FIXED_RATE       /<inter W2><post P2>(?!fixed rate)<F><I><X><E><D>\s+<R><A><T><E>/i
-describe TVD_FUZZY_FIXED_RATE   Obfuscation of the phrase "fixed rate"
-endif
-##} TVD_FUZZY_FIXED_RATE ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ TVD_FUZZY_MICROCAP ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-body TVD_FUZZY_MICROCAP /<inter W2><post P2>(?!microcap)(?!micro-cap)<M><I><C><R><O>-?<C><A><P>/i
-describe TVD_FUZZY_MICROCAP  Obfuscation of the word "micro-cap"
-endif
-##} TVD_FUZZY_MICROCAP ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ TVD_FUZZY_PHARMACEUTICAL ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-body TVD_FUZZY_PHARMACEUTICAL   /<inter W2><post P2>(?!pharmaceutical)<P><H><A><R><M><A><C><E><U><T><I><C><A><L>/i
-describe TVD_FUZZY_PHARMACEUTICAL  Obfuscation of the word "pharmaceutical"
-endif
-##} TVD_FUZZY_PHARMACEUTICAL ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ TVD_FUZZY_SYMBOL ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-body TVD_FUZZY_SYMBOL   /<inter W2><post P2>(?!symbol)<S><Y><M><B><O><L>/i
-describe TVD_FUZZY_SYMBOL  Obfuscation of the word "symbol"
-endif
-##} TVD_FUZZY_SYMBOL ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ TVD_FW_GRAPHIC_NAME_LONG ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader TVD_FW_GRAPHIC_NAME_LONG     Content-Type =~ /\bname="[a-z]{8,}\.gif/
-describe   TVD_FW_GRAPHIC_NAME_LONG     Long image attachment name
-endif
-##} TVD_FW_GRAPHIC_NAME_LONG ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ TVD_FW_GRAPHIC_NAME_MID ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader TVD_FW_GRAPHIC_NAME_MID      Content-Type =~ /\bname="[a-z]{6,7}\.gif/
-describe   TVD_FW_GRAPHIC_NAME_MID      Medium sized image attachment name
-endif
-##} TVD_FW_GRAPHIC_NAME_MID ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ TVD_INCREASE_SIZE
-body TVD_INCREASE_SIZE          /\bsize of .{1,20}(?:penis|dick|manhood)/i
-describe TVD_INCREASE_SIZE      Advertising for penis enlargement
-##} TVD_INCREASE_SIZE
-##{ TVD_LINK_SAVE
-body TVD_LINK_SAVE              /\blink to save\b/i
-describe TVD_LINK_SAVE          Spam with the text "link to save"
-##} TVD_LINK_SAVE
-##{ TVD_PH_BODY_ACCOUNTS_PRE
-meta TVD_PH_BODY_ACCOUNTS_PRE		__TVD_PH_BODY_ACCOUNTS_PRE
-describe TVD_PH_BODY_ACCOUNTS_PRE	The body matches phrases such as "accounts suspended", "account credited", "account verification"
-##} TVD_PH_BODY_ACCOUNTS_PRE
-##{ TVD_PH_REC
-body TVD_PH_REC		/\byour .{0,40}account .{0,40}record/i
-describe TVD_PH_REC	Message includes a phrase commonly used in phishing mails
-##} TVD_PH_REC
-##{ TVD_PH_SEC
-body TVD_PH_SEC		/\byour .{0,40}account .{0,40}security/i
-describe TVD_PH_SEC	Message includes a phrase commonly used in phishing mails
-##} TVD_PH_SEC
-##{ TVD_PP_PHISH
-meta TVD_PP_PHISH	__FROM_PAYPAL && NORMAL_HTTP_TO_IP
-##} TVD_PP_PHISH
-##{ TVD_QUAL_MEDS
-body TVD_QUAL_MEDS              /\bquality med(?:ication)?s\b/i
-describe TVD_QUAL_MEDS          The body matches phrases such as "quality meds" or "quality medication"
-##} TVD_QUAL_MEDS
-##{ TVD_RATWARE_CB
-header TVD_RATWARE_CB           Content-Type =~ /\bboundary\b.{1,40}qzsoft_directmail_seperator/i
-describe TVD_RATWARE_CB         Content-Type header that is commonly indicative of ratware
-##} TVD_RATWARE_CB
-##{ TVD_RATWARE_CB_2
-header TVD_RATWARE_CB_2         Content-Type =~ /\bboundary\s*=\s*"?-+\d+=+\.MRA/
-describe TVD_RATWARE_CB_2       Content-Type header that is commonly indicative of ratware
-##} TVD_RATWARE_CB_2
-##{ TVD_RATWARE_MSGID_02
-header TVD_RATWARE_MSGID_02     Message-ID =~ /^[^<]*<[a-z]+\@/
-describe TVD_RATWARE_MSGID_02   Ratware with a Message-ID header that is entirely lower-case
-##} TVD_RATWARE_MSGID_02
-##{ TVD_RCVD_IP
-header TVD_RCVD_IP  Received =~ /^from\s+(?:\d+[^0-9a-zA-Z\s]){3}\d+[.\s]/
-describe TVD_RCVD_IP  Message was received from an IP address
-##} TVD_RCVD_IP
-##{ TVD_RCVD_IP4
-header TVD_RCVD_IP4 Received =~ /^from\s+(?:\d+\.){3}\d+\s/
-describe TVD_RCVD_IP4  Message was received from an IPv4 address
-##} TVD_RCVD_IP4
-##{ TVD_RCVD_SINGLE
-header TVD_RCVD_SINGLE Received =~ /^from\s+(?!localhost)[^\s.a-z0-9-]+\s/
-describe TVD_RCVD_SINGLE  Message was received from localhost
-##} TVD_RCVD_SINGLE
-##{ TVD_RCVD_SPACE_BRACKET
-header TVD_RCVD_SPACE_BRACKET Received =~ /\(\[(?!UNIX:)[^\[\]]*\s/
-##} TVD_RCVD_SPACE_BRACKET
-##{ TVD_SECTION
-body TVD_SECTION                /\bSection (?:27A|21B)/i
-describe TVD_SECTION            References to specific legal codes
-##} TVD_SECTION
-##{ TVD_SILLY_URI_OBFU
-body TVD_SILLY_URI_OBFU         m!https?://[a-z0-9-]+\.[a-z0-9-]*\.?[^a-z0-9.:/\s"'\@?\)>-]+[a-z0-9.-]*[a-z]{3}(?:\s|$)!i
-describe TVD_SILLY_URI_OBFU     URI obfuscation that can fool a URIBL or a uri rule
-##} TVD_SILLY_URI_OBFU
-##{ TVD_SPACED_SUBJECT_WORD3
-header TVD_SPACED_SUBJECT_WORD3 Subject =~ /^(?:(?:Re|Fw)[^:]{0,5}: )?[A-Z]+[a-z]+[A-Z]+$/
-describe TVD_SPACED_SUBJECT_WORD3  Entire subject is "UPPERlowerUPPER" with no whitespace
-##} TVD_SPACED_SUBJECT_WORD3
-##{ TVD_SPACE_ENCODED
-meta        TVD_SPACE_ENCODED      __TVD_SPACE_ENCODED && !__NOT_SPOOFED && !__VIA_ML && !__HS_SUBJ_RE_FW && !__SUBSCRIPTION_INFO && !__TO_EQ_FROM_DOM && !__RCD_RDNS_MAIL && !__ISO_2022_JP_DELIM
-#score       TVD_SPACE_ENCODED      2.500   # limit
-##} TVD_SPACE_ENCODED
-##{ TVD_SPACE_ENC_FM_MIME
-meta        TVD_SPACE_ENC_FM_MIME  __TVD_SPACE_ENCODED && __FROM_NEEDS_MIME && !__ISO_2022_JP_DELIM
-#score       TVD_SPACE_ENC_FM_MIME  2.000   # limit
-##} TVD_SPACE_ENC_FM_MIME
-##{ TVD_SPACE_RATIO_MINFP
-meta        TVD_SPACE_RATIO_MINFP  __TVD_SPACE_RATIO && !__LCL__ENV_AND_HDR_FROM_MATCH && !__SUBSCRIPTION_INFO && !__RCD_RDNS_MAIL && !__SUBJECT_ENCODED_QP && !__THREADED && !__TO_EQ_FROM_DOM && !__BOTH_INR_AND_REF && !__X_CRON_ENV && !__HAS_THREAD_INDEX && !__HDRS_LCASE_KNOWN && !__ISO_2022_JP_DELIM
-#score       TVD_SPACE_RATIO_MINFP  2.750   # limit
-##} TVD_SPACE_RATIO_MINFP
-##{ TVD_STOCK1 ifplugin Mail::SpamAssassin::Plugin::BodyEval
-ifplugin Mail::SpamAssassin::Plugin::BodyEval
-body TVD_STOCK1    eval:check_stock_info('2')
-describe TVD_STOCK1  Spam related to stock trading
-endif
-##} TVD_STOCK1 ifplugin Mail::SpamAssassin::Plugin::BodyEval
-##{ TVD_SUBJ_ACC_NUM
-header	TVD_SUBJ_ACC_NUM	Subject =~ /\b[a-zA-Z]+ [\#\s]{1,4}\d+[A-Z]+/
-describe TVD_SUBJ_ACC_NUM	Subject has spammy looking monetary reference
-##} TVD_SUBJ_ACC_NUM
-##{ TVD_SUBJ_FINGER_03
-header TVD_SUBJ_FINGER_03       Subject =~ /^\s*\*\s+(?:\w+\W+)+\*\s*$/
-describe TVD_SUBJ_FINGER_03     Entire subject is enclosed in asterisks "* like so *"
-##} TVD_SUBJ_FINGER_03
-##{ TVD_SUBJ_OWE
-header TVD_SUBJ_OWE Subject =~ /^\s*(?:\w+\s+)+you\s+(?:\w+\s+)*(?:owe|indebted)\s+(?:\w+\s+)+an\s*other/i
-describe TVD_SUBJ_OWE  Subject line states that the recipieint is in debt
-##} TVD_SUBJ_OWE
-##{ TVD_SUBJ_WIPE_DEBT
-header TVD_SUBJ_WIPE_DEBT       Subject =~ /(?:wipe out|remove|get (?:rid|out) of|eradicate) .{0,20}(?:owe|debt|obligation)/i
-describe TVD_SUBJ_WIPE_DEBT     Spam advertising a way to eliminate debt
-##} TVD_SUBJ_WIPE_DEBT
-##{ TVD_UNDER_VALUED
-body TVD_UNDER_VALUED           /(?:company|stock) .{1,20}under-?valued/i
-##} TVD_UNDER_VALUED
-##{ TVD_VISIT_PHARMA
-body TVD_VISIT_PHARMA           /Online Ph.rmacy/i
-describe TVD_VISIT_PHARMA       Body mentions online pharmacy
-##} TVD_VISIT_PHARMA
-##{ TVD_VIS_HIDDEN
-rawbody TVD_VIS_HIDDEN /<TEXTAREA[^>]+style\s*=\s*"visibility:\s*hidden\b/i
-describe TVD_VIS_HIDDEN Invisible textarea HTML tags
-##} TVD_VIS_HIDDEN
-##{ TW_GIBBERISH_MANY
-meta           TW_GIBBERISH_MANY      __TENWORD_GIBBERISH > 20
-describe       TW_GIBBERISH_MANY      Lots of gibberish text to spoof pattern matching filters
-#score          TW_GIBBERISH_MANY      2.000   # limit
-tflags         TW_GIBBERISH_MANY      publish
-##} TW_GIBBERISH_MANY
-##{ T_ACH_CANCELLED_EXE ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-	meta         T_ACH_CANCELLED_EXE   __ACH_CANCELLED_EXE
-	describe     T_ACH_CANCELLED_EXE   "ACH cancelled" probable malware
-endif
-##} T_ACH_CANCELLED_EXE ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_ANY_PILL_PRICE if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  meta        T_ANY_PILL_PRICE         (__PILL_PRICE_01 || __PILL_PRICE_02) && !__NOT_A_PERSON
-  describe    T_ANY_PILL_PRICE         Prices for pills
-endif
-##} T_ANY_PILL_PRICE if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-##{ T_CDISP_SZ_MANY ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   T_CDISP_SZ_MANY      Content-Disposition =~ /\bsize\s?=\s?\d.*\bsize\s?=\s?\d/
-  describe     T_CDISP_SZ_MANY      Suspicious MIME header
-#  score        T_CDISP_SZ_MANY      2.0  # limit
-endif
-##} T_CDISP_SZ_MANY ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_CTYPE_NULL ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  meta         T_CTYPE_NULL          __CTYPE_NULL
-  describe     T_CTYPE_NULL          Malformed Content-Type header
-endif
-##} T_CTYPE_NULL ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_DATE_IN_FUTURE_96_Q ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-header   T_DATE_IN_FUTURE_96_Q    eval:check_for_shifted_date('96', '2920')
-describe T_DATE_IN_FUTURE_96_Q    Date: is 4 days to 4 months after Received: date
-endif
-##} T_DATE_IN_FUTURE_96_Q ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-##{ T_DATE_IN_FUTURE_Q_PLUS ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-header   T_DATE_IN_FUTURE_Q_PLUS  eval:check_for_shifted_date('2920', 'undef')
-describe T_DATE_IN_FUTURE_Q_PLUS  Date: is over 4 months after Received: date
-endif
-##} T_DATE_IN_FUTURE_Q_PLUS ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-##{ T_DKIM_INVALID ifplugin Mail::SpamAssassin::Plugin::DKIM
-ifplugin Mail::SpamAssassin::Plugin::DKIM
-  meta	   T_DKIM_INVALID	__DKIM_EXISTS && !DKIM_VALID
-  describe T_DKIM_INVALID	DKIM-Signature header exists but is not valid
-endif
-##} T_DKIM_INVALID ifplugin Mail::SpamAssassin::Plugin::DKIM
-##{ T_DOC_ATTACH_NO_EXT ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  meta         T_DOC_ATTACH_NO_EXT   __ATTACH_NAME_NO_EXT && (__PDF_ATTACH || __DOC_ATTACH_MT)
-  describe     T_DOC_ATTACH_NO_EXT   Document attachment with suspicious name
-endif
-##} T_DOC_ATTACH_NO_EXT ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_DOS_OUTLOOK_TO_MX_IMAGE
-meta T_DOS_OUTLOOK_TO_MX_IMAGE		__ANY_OUTLOOK_MUA && !__OE_MUA && __DOS_DIRECT_TO_MX && __ANY_IMAGE_ATTACH
-describe T_DOS_OUTLOOK_TO_MX_IMAGE	Direct to MX with Outlook headers and an image
-##} T_DOS_OUTLOOK_TO_MX_IMAGE
-##{ T_DOS_ZIP_HARDCORE ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader    T_DOS_ZIP_HARDCORE        Content-Type =~ /^application\/zip;\sname="hardcore\.zip"$/
-  describe      T_DOS_ZIP_HARDCORE        hardcore.zip file attached; quite certainly a virus
-#  score         T_DOS_ZIP_HARDCORE        2.5
-endif
-##} T_DOS_ZIP_HARDCORE ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_EMRCP
-body     T_EMRCP            /\bExcess Maximum Return Capital Profit\b/i
-describe T_EMRCP            "Excess Maximum Return Capital Profit" Fidelity scam
-##} T_EMRCP
-##{ T_END_FUTURE_EMAILS
-describe       T_END_FUTURE_EMAILS   Spammy unsubscribe
-#score          T_END_FUTURE_EMAILS   2.500	# limit
-##} T_END_FUTURE_EMAILS
-##{ T_END_FUTURE_EMAILS if !plugin(Mail::SpamAssassin::Plugin::DKIM)
-if !plugin(Mail::SpamAssassin::Plugin::DKIM)
-  meta         T_END_FUTURE_EMAILS   __END_FUTURE_EMAILS && !__SUBJECT_ENCODED_B64 && !__HDRS_LCASE && !__HDRS_LCASE_KNOWN && !__TO___LOWER
-endif
-##} T_END_FUTURE_EMAILS if !plugin(Mail::SpamAssassin::Plugin::DKIM)
-##{ T_END_FUTURE_EMAILS ifplugin Mail::SpamAssassin::Plugin::DKIM
-ifplugin Mail::SpamAssassin::Plugin::DKIM
-  meta         T_END_FUTURE_EMAILS   __END_FUTURE_EMAILS && !__SUBJECT_ENCODED_B64 && !__HDRS_LCASE && !__HDRS_LCASE_KNOWN && !__TO___LOWER && !__DKIM_DEPENDABLE && !DKIM_SIGNED
-endif
-##} T_END_FUTURE_EMAILS ifplugin Mail::SpamAssassin::Plugin::DKIM
-##{ T_FILL_THIS_FORM_FRAUD_PHISH ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  meta     T_FILL_THIS_FORM_FRAUD_PHISH     __FILL_THIS_FORM_FRAUD_PHISH && !__UNSUB_LINK && !__SPOOFED_URL && !__DOS_LINK && !__CAN_HELP && !__VIA_ML && !__COMMENT_EXISTS && !__HAS_IN_REPLY_TO && !__THREADED
-  describe T_FILL_THIS_FORM_FRAUD_PHISH     Answer suspicious question(s)
-endif
-##} T_FILL_THIS_FORM_FRAUD_PHISH ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ T_FILL_THIS_FORM_SHORT ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  meta     T_FILL_THIS_FORM_SHORT           __FILL_THIS_FORM_SHORT && !__VIA_ML && !__MSGID_JAVAMAIL
-  describe T_FILL_THIS_FORM_SHORT           Fill in a short form with personal information
-#  score    T_FILL_THIS_FORM_SHORT           1.00	# limit
-endif
-##} T_FILL_THIS_FORM_SHORT ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ T_FORGED_TBIRD_IMG_SIZE ifplugin Mail::SpamAssassin::Plugin::ImageInfo
-ifplugin Mail::SpamAssassin::Plugin::ImageInfo
-  meta       T_FORGED_TBIRD_IMG_SIZE   __FORGED_TBIRD_IMG && __ONE_IMG && __IMG_LE_300K
-  describe   T_FORGED_TBIRD_IMG_SIZE   Likely forged Thunderbird image spam
-endif
-##} T_FORGED_TBIRD_IMG_SIZE ifplugin Mail::SpamAssassin::Plugin::ImageInfo
-##{ T_FREEMAIL_DOC_PDF ifplugin Mail::SpamAssassin::Plugin::FreeMail
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  meta         T_FREEMAIL_DOC_PDF       __FREEMAIL_DOC_PDF
-  describe     T_FREEMAIL_DOC_PDF       MS document or PDF attachment, from freemail
-endif
-##} T_FREEMAIL_DOC_PDF ifplugin Mail::SpamAssassin::Plugin::FreeMail
-##{ T_FREEMAIL_RVW_ATTCH ifplugin Mail::SpamAssassin::Plugin::FreeMail
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  meta         T_FREEMAIL_RVW_ATTCH     (__PLS_REVIEW || __DLND_ATTACH) && __FREEMAIL_DOC_PDF
-  describe     T_FREEMAIL_RVW_ATTCH     Please review attached document, from freemail
-endif
-##} T_FREEMAIL_RVW_ATTCH ifplugin Mail::SpamAssassin::Plugin::FreeMail
-##{ T_FROM_12LTRDOM
-describe       T_FROM_12LTRDOM       From a 12-letter domain
-#score          T_FROM_12LTRDOM       0.10  	# limit
-##} T_FROM_12LTRDOM
-##{ T_FROM_12LTRDOM if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-  meta         T_FROM_12LTRDOM       __FROM_12LTRDOM_1 && !__VIA_ML && !__TO___LOWER && !__FS_SUBJ_RE && !__RCD_RDNS_MAIL_MESSY && !__UNSUB_LINK && !NO_RELAYS && !__UNUSABLE_MSGID && !DATE_IN_PAST_96_XX && !ALL_TRUSTED && !__MSGID_APPLEMAIL && !__RCD_RDNS_SMTP_MESSY && !__FB_NATIONAL && !__MAIL_LINK && !__NAME_EMAIL_DIFF && !__RCD_RDNS_MX_MESSY && !__RCD_RDNS_MX && !__SENDER_BOT && !__IMS_MSGID && !__HS_SUBJ_RE_FW && !__DOS_HAS_LIST_UNSUB && !__THREAD_INDEX_GOOD && !__TO_EQ_FROM_DOM && !__URI_MAILTO && !__SUBSCRIPTION_INFO
-endif
-##} T_FROM_12LTRDOM if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-##{ T_FROM_12LTRDOM ifplugin Mail::SpamAssassin::Plugin::FreeMail
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  meta         T_FROM_12LTRDOM       __FROM_12LTRDOM_1 && !__VIA_ML && !__TO___LOWER && !__FS_SUBJ_RE && !__RCD_RDNS_MAIL_MESSY && !__freemail_safe && !__UNSUB_LINK && !NO_RELAYS && !__UNUSABLE_MSGID && !DATE_IN_PAST_96_XX && !ALL_TRUSTED && !__MSGID_APPLEMAIL && !__RCD_RDNS_SMTP_MESSY && !__FB_NATIONAL && !__MAIL_LINK && !__NAME_EMAIL_DIFF && !__RCD_RDNS_MX_MESSY && !__RCD_RDNS_MX && !__SENDER_BOT && !__IMS_MSGID && !__HS_SUBJ_RE_FW && !__DOS_HAS_LIST_UNSUB && !__THREAD_INDEX_GOOD && !__TO_EQ_FROM_DOM && !__URI_MAILTO && !__SUBSCRIPTION_INFO
-endif
-##} T_FROM_12LTRDOM ifplugin Mail::SpamAssassin::Plugin::FreeMail
-##{ T_FROM_MISSP_DKIM ifplugin Mail::SpamAssassin::Plugin::DKIM
-ifplugin Mail::SpamAssassin::Plugin::DKIM
-  meta         T_FROM_MISSP_DKIM       __FROM_MISSP_DKIM && !__CTYPE_MULTIPART_ALT && !__MIME_QP && !__BUGGED_IMG && !__DOS_HAS_LIST_UNSUB && !__MIME_BASE64 && !__MTLANDROID_MUA && !__XEROXWORKCTR_MUA && !__PHP_MUA && !__AMADEUSMS_MUA && !__FLASHMAIL_MUA
-  describe     T_FROM_MISSP_DKIM       From misspaced, DKIM dependable
-endif
-##} T_FROM_MISSP_DKIM ifplugin Mail::SpamAssassin::Plugin::DKIM
-##{ T_FUZZY_OPTOUT ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body           T_FUZZY_OPTOUT             /\b(?!opt.?out)<O><P><T>.?<O><U><T>\b/i
-  describe       T_FUZZY_OPTOUT             Obfuscated opt-out text
-endif
-##} T_FUZZY_OPTOUT ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ T_FUZZY_SPRM ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-body T_FUZZY_SPRM /<inter W1><post P2><S><P><U><R><M>/i
-endif
-##} T_FUZZY_SPRM ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ T_HDRS_LCASE
-describe       T_HDRS_LCASE            Odd capitalization of message header
-#score          T_HDRS_LCASE            0.10	# limit
-##} T_HDRS_LCASE
-##{ T_HDRS_LCASE if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-  meta         T_HDRS_LCASE            __HDRS_LCASE && !__HDRS_LCASE_KNOWN && !__VIA_ML && !__THREADED && !__UNUSABLE_MSGID && !__DOS_SINGLE_EXT_RELAY && !__DKIM_EXISTS && !__BUGGED_IMG && !__SUBSCRIPTION_INFO && !NO_RELAYS && !__RDNS_NONE && !__MIME_BASE64 && !__SUBJECT_ENCODED_B64 && !__RCD_RDNS_MX_MESSY && !__HTML_LINK_IMAGE && !__RDNS_SHORT && !__TAG_EXISTS_STYLE && !ALL_TRUSTED && !__NOT_SPOOFED && !__RCD_RDNS_SMTP_MESSY && !__NAKED_TO
-endif
-##} T_HDRS_LCASE if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-##{ T_HDRS_LCASE ifplugin Mail::SpamAssassin::Plugin::FreeMail
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  meta         T_HDRS_LCASE            __HDRS_LCASE && !__HDRS_LCASE_KNOWN && !__VIA_ML && !__freemail_safe && !__THREADED && !__UNUSABLE_MSGID && !__DOS_SINGLE_EXT_RELAY && !__DKIM_EXISTS && !__BUGGED_IMG && !__SUBSCRIPTION_INFO && !NO_RELAYS && !__RDNS_NONE && !__MIME_BASE64 && !__SUBJECT_ENCODED_B64 && !__RCD_RDNS_MX_MESSY && !__HTML_LINK_IMAGE && !__RDNS_SHORT && !__TAG_EXISTS_STYLE && !ALL_TRUSTED && !__NOT_SPOOFED && !__RCD_RDNS_SMTP_MESSY && !__NAKED_TO
-endif
-##} T_HDRS_LCASE ifplugin Mail::SpamAssassin::Plugin::FreeMail
-##{ T_HK_NAME_DR ifplugin Mail::SpamAssassin::Plugin::FreeMail
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-meta		T_HK_NAME_DR		__HK_NAME_DR && !FREEMAIL_FROM
-#score           T_HK_NAME_DR	        1.0
-endif
-##} T_HK_NAME_DR ifplugin Mail::SpamAssassin::Plugin::FreeMail
-##{ T_HK_NAME_FM_DR ifplugin Mail::SpamAssassin::Plugin::FreeMail
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-meta		T_HK_NAME_FM_DR		__HK_NAME_DR && FREEMAIL_FROM
-#score           T_HK_NAME_FM_DR           1.5
-endif
-##} T_HK_NAME_FM_DR ifplugin Mail::SpamAssassin::Plugin::FreeMail
-##{ T_HK_NAME_FM_FROM ifplugin Mail::SpamAssassin::Plugin::FreeMail
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-meta		T_HK_NAME_FM_FROM		__HK_NAME_FROM && FREEMAIL_FROM
-#score           T_HK_NAME_FM_FROM         1.5
-endif
-##} T_HK_NAME_FM_FROM ifplugin Mail::SpamAssassin::Plugin::FreeMail
-##{ T_HTML_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  meta         T_HTML_ATTACH         __HTML_ATTACH_01 || __HTML_ATTACH_02
-  describe     T_HTML_ATTACH         HTML attachment to bypass scanning?
-endif
-##} T_HTML_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_KAM_HTML_FONT_INVALID ifplugin Mail::SpamAssassin::Plugin::HTMLEval
-ifplugin Mail::SpamAssassin::Plugin::HTMLEval
-body		T_KAM_HTML_FONT_INVALID		eval:html_test('font_invalid_color')
-describe 	T_KAM_HTML_FONT_INVALID		Test for Invalidly Named or Formatted Colors in HTML
-#score		T_KAM_HTML_FONT_INVALID		0.1
-endif
-##} T_KAM_HTML_FONT_INVALID ifplugin Mail::SpamAssassin::Plugin::HTMLEval
-##{ T_LARGE_PCT_AFTER_MANY if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-   meta        T_LARGE_PCT_AFTER_MANY   __LARGE_PERCENT_AFTER > 3
-   describe    T_LARGE_PCT_AFTER_MANY   Many large percentages after...
-endif
-##} T_LARGE_PCT_AFTER_MANY if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-##{ T_LFUZ_PWRMALE ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-body T_LFUZ_PWRMALE       /<inter W1><post P2><P><O><W><E><R><M><A><L><E>/i
-endif
-##} T_LFUZ_PWRMALE ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ T_LOTTO_AGENT_FM
-header   T_LOTTO_AGENT_FM   From =~ /(?:claim(?:s|ing)?(?:[\s_.]processing)?|fiducia\w+|dispatch|reimbursement|payout|prize[\s_.]transfer|(?:international|foreign|win+ing)[\s_.]rem+it+ance)[\s_.]?(?:agent|manager|officer|secretary|director|department|dept)/i
-describe T_LOTTO_AGENT_FM   Claims Agent
-##} T_LOTTO_AGENT_FM
-##{ T_LOTTO_AGENT_RPLY
-meta     T_LOTTO_AGENT_RPLY __LOTTO_AGENT_RPLY && !__TO_YOUR_ORG
-describe T_LOTTO_AGENT_RPLY Claims Agent
-##} T_LOTTO_AGENT_RPLY
-##{ T_LOTTO_URI
-uri      T_LOTTO_URI       /(?:claim(?:s|ing)?(?:[-_]?processing)?|fiducia\w+|reimbursement|(?:international|foreign|win+ing)?[-_]?rem+it+ance|award)[-_]?(?:department|dept|unit|group|committee|office|agent|manager|secretary)/i
-describe T_LOTTO_URI       Claims Department URL
-##} T_LOTTO_URI
-##{ T_MANY_HDRS_LCASE
-describe       T_MANY_HDRS_LCASE       Odd capitalization of multiple message headers
-#score          T_MANY_HDRS_LCASE       0.10	# limit
-##} T_MANY_HDRS_LCASE
-##{ T_MANY_HDRS_LCASE if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-  meta         T_MANY_HDRS_LCASE       __MANY_HDRS_LCASE && !__HDRS_LCASE_KNOWN && !__VIA_ML && !__THREADED && !__UNUSABLE_MSGID && !__DOS_SINGLE_EXT_RELAY && !__DKIM_EXISTS && !__NOT_SPOOFED && !__BUGGED_IMG && !__MIME_QP && !__RDNS_NONE
-endif
-##} T_MANY_HDRS_LCASE if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-##{ T_MANY_HDRS_LCASE ifplugin Mail::SpamAssassin::Plugin::FreeMail
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  meta         T_MANY_HDRS_LCASE       __MANY_HDRS_LCASE && !__HDRS_LCASE_KNOWN && !__VIA_ML && !__freemail_safe && !__THREADED && !__UNUSABLE_MSGID && !__DOS_SINGLE_EXT_RELAY && !__DKIM_EXISTS && !__NOT_SPOOFED && !__BUGGED_IMG && !__MIME_QP && !__RDNS_NONE
-endif
-##} T_MANY_HDRS_LCASE ifplugin Mail::SpamAssassin::Plugin::FreeMail
-##{ T_MANY_PILL_PRICE if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  meta        T_MANY_PILL_PRICE        (__PILL_PRICE_01 + __PILL_PRICE_02) > 2
-  describe    T_MANY_PILL_PRICE        Prices for many pills
-endif
-##} T_MANY_PILL_PRICE if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-##{ T_MIME_MALF if (version >= 3.004000)
-if (version >= 3.004000)
-	meta        T_MIME_MALF        __MIME_MALF && !ALL_TRUSTED
-	describe    T_MIME_MALF        Malformed MIME: headers in body
-#	score       T_MIME_MALF        2.00	# limit
-endif
-##} T_MIME_MALF if (version >= 3.004000)
-##{ T_MONEY_PERCENT ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  meta     T_MONEY_PERCENT    LOTS_OF_MONEY && (__PCT_FOR_YOU || __PCT_OF_PMTS || __FIFTY_FIFTY)
-  describe T_MONEY_PERCENT    X% of a lot of money for you
-endif
-##} T_MONEY_PERCENT ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ T_OBFU_ATTACH_MISSP ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  meta         T_OBFU_ATTACH_MISSP   __FROM_RUNON && (T_OBFU_HTML_ATTACH || OBFU_TEXT_ATTACH || T_OBFU_DOC_ATTACH || T_OBFU_PDF_ATTACH || T_OBFU_JPG_ATTACH || T_OBFU_GIF_ATTACH)
-  describe     T_OBFU_ATTACH_MISSP   Obfuscated attachment type and misspaced From
-endif
-##} T_OBFU_ATTACH_MISSP ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_OBFU_DOC_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   T_OBFU_DOC_ATTACH     Content-Type =~ m,\bapplication/octet-stream\b.+\.(?:doc|rtf)\b,i
-  describe     T_OBFU_DOC_ATTACH     MS Document attachment with generic MIME type
-endif
-##} T_OBFU_DOC_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_OBFU_GIF_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   T_OBFU_GIF_ATTACH     Content-Type =~ m,\bapplication/octet-stream\b.+\.gif\b,i
-  describe     T_OBFU_GIF_ATTACH     GIF attachment with generic MIME type
-endif
-##} T_OBFU_GIF_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_OBFU_HTML_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   T_OBFU_HTML_ATTACH    Content-Type =~ m,\bapplication/octet-stream\b.+\.html?\b,i
-  describe     T_OBFU_HTML_ATTACH    HTML attachment with non-text MIME type
-endif
-##} T_OBFU_HTML_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_OBFU_HTML_ATT_MALW ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  meta         T_OBFU_HTML_ATT_MALW  __ZIP_ATTACH_NOFN && __HTML_ATTACH_02
-  describe     T_OBFU_HTML_ATT_MALW  HTML attachment with incorrect MIME type - possible malware
-endif
-##} T_OBFU_HTML_ATT_MALW ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_OBFU_JPG_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   T_OBFU_JPG_ATTACH     Content-Type =~ m,\bapplication/octet-stream\b.+\.jpe?g\b,i
-  describe     T_OBFU_JPG_ATTACH     JPG attachment with generic MIME type
-endif
-##} T_OBFU_JPG_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_OBFU_PDF_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   T_OBFU_PDF_ATTACH     Content-Type =~ m,\bapplication/octet-stream\b.+\.pdf\b,i
-  describe     T_OBFU_PDF_ATTACH     PDF attachment with generic MIME type
-endif
-##} T_OBFU_PDF_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_PDS_TO_EQ_FROM_NAME if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-  meta       T_PDS_TO_EQ_FROM_NAME      (__PDS_TO_EQ_FROM_NAME_1 || __PDS_TO_EQ_FROM_NAME_2)
-  describe   T_PDS_TO_EQ_FROM_NAME      From: name same as To: address
-endif
-##} T_PDS_TO_EQ_FROM_NAME if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-##{ T_PHP_NOVER_MUA
-#score     T_PHP_NOVER_MUA       3.50	# limit
-describe  T_PHP_NOVER_MUA       Mail from PHP with no version number
-##} T_PHP_NOVER_MUA
-##{ T_PHP_NOVER_MUA if !plugin(Mail::SpamAssassin::Plugin::DKIM)
-if !plugin(Mail::SpamAssassin::Plugin::DKIM)
-  meta    T_PHP_NOVER_MUA       __PHP_NOVER_MUA && !__TO_NO_BRKTS_HTML_ONLY && !__MSGID_OK_DIGITS && !__UPPERCASE_25_50 && !__RP_MATCHES_RCVD && !__GIF_ATTACH
-endif
-##} T_PHP_NOVER_MUA if !plugin(Mail::SpamAssassin::Plugin::DKIM)
-##{ T_PHP_NOVER_MUA ifplugin Mail::SpamAssassin::Plugin::DKIM
-ifplugin Mail::SpamAssassin::Plugin::DKIM
-  meta    T_PHP_NOVER_MUA       __PHP_NOVER_MUA && !__DKIM_DEPENDABLE && !__TO_NO_BRKTS_HTML_ONLY && !__MSGID_OK_DIGITS && !__UPPERCASE_25_50 && !__RP_MATCHES_RCVD && !__GIF_ATTACH
-endif
-##} T_PHP_NOVER_MUA ifplugin Mail::SpamAssassin::Plugin::DKIM
-##{ T_REMOTE_IMAGE ifplugin Mail::SpamAssassin::Plugin::MIMEHeader # {
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader # {
-  meta	T_REMOTE_IMAGE	__REMOTE_IMAGE
-  describe T_REMOTE_IMAGE	Message contains an external image
-endif
-##} T_REMOTE_IMAGE ifplugin Mail::SpamAssassin::Plugin::MIMEHeader # {
-##{ T_RP_MATCHES_RCVD if version >= 3.003000 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-if version >= 3.003000
-ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-header   T_RP_MATCHES_RCVD  eval:check_mailfrom_matches_rcvd()
-describe T_RP_MATCHES_RCVD  Envelope sender domain matches handover relay domain
-tflags   T_RP_MATCHES_RCVD  nice
-endif
-endif
-##} T_RP_MATCHES_RCVD if version >= 3.003000 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-##{ T_SUBJ_BRKN_WORDNUMS ifplugin Mail::SpamAssassin::Plugin::DKIM
-ifplugin Mail::SpamAssassin::Plugin::DKIM
-  meta      T_SUBJ_BRKN_WORDNUMS     __SUBJ_BRKN_WORDNUMS && !DKIM_SIGNED && !__TO___LOWER
-  describe  T_SUBJ_BRKN_WORDNUMS     Subject contains odd word breaks and numbers
-endif
-##} T_SUBJ_BRKN_WORDNUMS ifplugin Mail::SpamAssassin::Plugin::DKIM
-##{ T_TVD_FUZZY_SECTOR ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-body T_TVD_FUZZY_SECTOR   /(?!sector)<S><E><C><T><O><R>/i
-endif
-##} T_TVD_FUZZY_SECTOR ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ T_TVD_FUZZY_SECURITIES ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-body T_TVD_FUZZY_SECURITIES       /<inter W2><post P2>(?!securities)(?!security es)<S><E><C><U><R><I><T><I><E><S>/i
-endif
-##} T_TVD_FUZZY_SECURITIES ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ T_TVD_FW_GRAPHIC_ID2 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader T_TVD_FW_GRAPHIC_ID2   Content-Id =~ /<(?:[0-9A-F]{8}\.){3}[0-9A-F]{8}/
-endif
-##} T_TVD_FW_GRAPHIC_ID2 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_TVD_MIME_EPI ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-body T_TVD_MIME_EPI             eval:check_msg_parse_flags('mime_epilogue_exists')
-endif
-##} T_TVD_MIME_EPI ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-##{ T_TVD_MIME_NO_HEADERS ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-body T_TVD_MIME_NO_HEADERS      eval:check_msg_parse_flags('missing_mime_headers')
-endif
-##} T_TVD_MIME_NO_HEADERS ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-##{ T_WON_MONEY_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  meta       T_WON_MONEY_ATTACH   __YOU_WON && LOTS_OF_MONEY && (__PDF_ATTACH || __DOC_ATTACH)
-  describe   T_WON_MONEY_ATTACH   You won lots of money! See attachment.
-endif
-##} T_WON_MONEY_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ T_WON_NBDY_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  meta       T_WON_NBDY_ATTACH    __YOU_WON && __EMPTY_BODY && (__PDF_ATTACH || __DOC_ATTACH || __GIF_ATTACH || __JPEG_ATTACH)
-  describe   T_WON_NBDY_ATTACH    You won lots of money! See attachment.
-endif
-##} T_WON_NBDY_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ UC_GIBBERISH_OBFU
-meta        UC_GIBBERISH_OBFU  (__UC_GIBB_OBFU > 1) && !__RP_MATCHES_RCVD && !__VIA_ML && !__DKIM_EXISTS && !ALL_TRUSTED
-describe    UC_GIBBERISH_OBFU  Multiple instances of "word VERYLONGGIBBERISH word"
-#score       UC_GIBBERISH_OBFU  3.000	# Limit
-tflags      UC_GIBBERISH_OBFU  publish
-##} UC_GIBBERISH_OBFU
-##{ URIBL_RHS_DOB ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
-ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
-urirhssub URIBL_RHS_DOB         dob.sibl.support-intelligence.net  A   2
-body URIBL_RHS_DOB              eval:check_uridnsbl('URIBL_RHS_DOB')
-describe URIBL_RHS_DOB          Contains an URI of a new domain (Day Old Bread)
-tflags URIBL_RHS_DOB            net
-endif
-##} URIBL_RHS_DOB ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
-##{ URI_DQ_UNSUB
-uri            URI_DQ_UNSUB     m;^[a-z]+://(?:\d+\.){3}\d+/.*unsubscribe;i
-describe       URI_DQ_UNSUB     IP-address unsubscribe URI
-tflags         URI_DQ_UNSUB     publish
-##} URI_DQ_UNSUB
-##{ URI_GOOGLE_PROXY
-meta           URI_GOOGLE_PROXY       __URI_GOOGLE_PROXY && !__LONGLINE && !__ML1 && !__FSL_RELAY_GOOGLE && !__FROM_LOWER && !__RCD_RDNS_MAIL
-describe       URI_GOOGLE_PROXY       Accessing a blacklisted URI or obscuring source of phish via Google proxy?
-tflags         URI_GOOGLE_PROXY       publish
-##} URI_GOOGLE_PROXY
-##{ URI_OBFU_WWW ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-body          URI_OBFU_WWW  /(?<!http:\/\/)\b_*w{2,3}(?!\.[-\w]+\.(?:com|net|org|biz|info))[^[:alnum:]]{1,3}(?:<D><O><T>+[^[:alnum:]]{1,3})?[[:alnum:]][-\w]{1,20}[[:alnum:]][^[:alnum:]]{1,3}(?:<D><O><T>+[^[:alnum:]]{1,3})?(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g|b\s?i\s?z|i\s?n\s?f\s?o)_*\b/i
-describe      URI_OBFU_WWW  Obfuscated URI
-endif
-##} URI_OBFU_WWW ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-##{ URI_ONLY_MSGID_MALF
-meta      URI_ONLY_MSGID_MALF           __URI_ONLY_MSGID_MALF && !__RP_MATCHES_RCVD && !__URI_MAILTO && !__NOT_SPOOFED && !__DKIM_EXISTS && !__MSGID_JAVAMAIL && !__HAS_REPLY_TO
-describe  URI_ONLY_MSGID_MALF           URI only + malformed message ID
-tflags    URI_ONLY_MSGID_MALF           publish
-##} URI_ONLY_MSGID_MALF
-##{ URI_OPTOUT_3LD
-uri         URI_OPTOUT_3LD    m,^https?://(?:quit|bye|remove|exit|leave|disallow|halt|stop|end|herego|out|discontinue)\d*\.[^/]+\.(?:com|net)\b,i
-describe    URI_OPTOUT_3LD    Opt-out URI, suspicious hostname
-#score       URI_OPTOUT_3LD    2.000   # limit
-tflags      URI_OPTOUT_3LD    publish
-##} URI_OPTOUT_3LD
-##{ URI_OPTOUT_USME
-uri         URI_OPTOUT_USME   m,^https?://(?:quit|bye|remove|exit|leave|disallow|halt|stop|end|herego|out|discontinue)\d*\.[^/]+\.(?:us|me|mobi|club)\b,i
-describe    URI_OPTOUT_USME   Opt-out URI, unusual TLD
-tflags      URI_OPTOUT_USME   publish
-##} URI_OPTOUT_USME
-##{ URI_PHISH
-describe    URI_PHISH            Phishing using web form
-#score       URI_PHISH            4.00   # limit
-tflags      URI_PHISH            publish
-##} URI_PHISH
-##{ URI_PHISH if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta      URI_PHISH      __URI_PHISH && !ALL_TRUSTED && !__UNSUB_LINK && !__TAG_EXISTS_CENTER && !__HAS_SENDER && !__CAN_HELP && !__VIA_ML && !__UPPERCASE_URI && !__HAS_CC && !__NUMBERS_IN_SUBJ && !__PCT_FOR_YOU && !__MOZILLA_MSGID && !__FB_COST && !__hk_bigmoney
-endif
-##} URI_PHISH if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-##{ URI_PHISH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  meta      URI_PHISH      __URI_PHISH && !ALL_TRUSTED && !__UNSUB_LINK && !__TAG_EXISTS_CENTER && !__HAS_SENDER && !__CAN_HELP && !__VIA_ML && !__UPPERCASE_URI && !__HAS_CC && !__NUMBERS_IN_SUBJ && !__PCT_FOR_YOU && !__MOZILLA_MSGID && !__FB_COST && !__hk_bigmoney && !__REMOTE_IMAGE
-endif
-##} URI_PHISH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-##{ URI_TRY_3LD
-uri         URI_TRY_3LD       m,^https?://(?:try|start|get|save|check(?!out)|act|compare|join|learn|request|visit(?!or)|my(?!sub)\w)[^.]*\.[^/]+\.(?:com|net)\b,i
-describe    URI_TRY_3LD       "Try it" URI, suspicious hostname
-#score       URI_TRY_3LD       2.000   # limit
-tflags      URI_TRY_3LD       publish
-##} URI_TRY_3LD
-##{ URI_TRY_USME
-meta        URI_TRY_USME      __URI_TRY_USME && !__DKIM_EXISTS
-describe    URI_TRY_USME      "Try it" URI, unusual TLD
-tflags      URI_TRY_USME      publish
-##} URI_TRY_USME
-##{ URI_WPADMIN
-meta        URI_WPADMIN        __URI_WPADMIN
-describe    URI_WPADMIN        WordPress login/admin URI, possible phishing
-tflags      URI_WPADMIN        publish
-##} URI_WPADMIN
-##{ URI_WP_DIRINDEX
-meta        URI_WP_DIRINDEX    __URI_WPDIRINDEX
-describe    URI_WP_DIRINDEX    URI for compromised WordPress site, possible malware
-#score       URI_WP_DIRINDEX    3.000   # limit
-tflags      URI_WP_DIRINDEX    publish
-##} URI_WP_DIRINDEX
-##{ URI_WP_HACKED
-meta        URI_WP_HACKED      (__URI_WPCONTENT || __URI_WPINCLUDES) && !__VIA_ML && !__HAS_ERRORS_TO && !__RCD_RDNS_SMTP && !__THREADED && !ALL_TRUSTED && !__NOT_SPOOFED
-describe    URI_WP_HACKED      URI for compromised WordPress site, possible malware
-#score       URI_WP_HACKED      3.000   # limit
-tflags      URI_WP_HACKED      publish
-##} URI_WP_HACKED
-##{ URI_WP_HACKED_2
-meta        URI_WP_HACKED_2    (__PS_TEST_LOC_WP && !URI_WP_HACKED) && !__TO_EQ_FROM && !__THREADED
-describe    URI_WP_HACKED_2    URI for compromised WordPress site, possible malware
-#score       URI_WP_HACKED_2    2.000   # limit
-tflags      URI_WP_HACKED_2    publish
-##} URI_WP_HACKED_2
-##{ XM_PHPMAILER_FORGED
-meta        XM_PHPMAILER_FORGED    __XM_PHPMAILER_FORGED
-describe    XM_PHPMAILER_FORGED    Apparently forged header
-tflags      XM_PHPMAILER_FORGED    publish
-##} XM_PHPMAILER_FORGED
-##{ X_MAILER_CME_6543_MSN
-header X_MAILER_CME_6543_MSN	X-Mailer =~ /^CME-V6\.5\.4\.3; MSN\s*$/
-##} X_MAILER_CME_6543_MSN
-##{ YOU_INHERIT
-meta     YOU_INHERIT      __YOU_INHERIT
-describe YOU_INHERIT      Discussing your inheritance
-##} YOU_INHERIT
-##{ bayes_ignore_header_sandbox
-bayes_ignore_header X_CMAE_Category
-bayes_ignore_header X-ACL-Warn
-bayes_ignore_header X-Alimail-AntiSpam
-bayes_ignore_header X-Amavis-Modified
-bayes_ignore_header X-AntiAbuse
-bayes_ignore_header X-Antispam
-bayes_ignore_header X-Anti-Spam
-bayes_ignore_header X-Antivirus
-bayes_ignore_header X-Anti-Virus
-bayes_ignore_header X-Antivirus-Code
-bayes_ignore_header X-Antivirus-Status
-bayes_ignore_header X-Antivirus-Version
-bayes_ignore_header X-Anti-Virus-Version
-bayes_ignore_header x-aol-global-disposition
-bayes_ignore_header X-ASF-Spam-Status
-bayes_ignore_header X-ASG-Debug-ID
-bayes_ignore_header X-ASG-Orig-Subj
-bayes_ignore_header X-ASG-Recipient-Whitelist
-bayes_ignore_header X-ASG-Tag
-bayes_ignore_header X-Assp-Version
-bayes_ignore_header X-Authority-Analysis
-bayes_ignore_header X-Authvirus
-bayes_ignore_header X-Auto-Response-Suppress
-bayes_ignore_header x-avast-antispam
-bayes_ignore_header X-AV-Do-Run
-bayes_ignore_header X-AV-Status
-bayes_ignore_header X-Backend
-bayes_ignore_header X-Barracuda-Apparent-Source-IP
-bayes_ignore_header X-Barracuda-Bayes
-bayes_ignore_header X-Barracuda-BBL-IP
-bayes_ignore_header X-Barracuda-BRTS-Status
-bayes_ignore_header X-Barracuda-BRTS-URL-Found
-bayes_ignore_header X-Barracuda-Connect
-bayes_ignore_header X-Barracuda-Encrypted
-bayes_ignore_header X-Barracuda-Envelope-From
-bayes_ignore_header X-Barracuda-Fingerprint-Found
-bayes_ignore_header X-Barracuda-Orig-Rcpt
-bayes_ignore_header X-Barracuda-RBL-IP
-bayes_ignore_header X-Barracuda-RBL-Trusted-Forwarder
-bayes_ignore_header X-Barracuda-Spam-Report
-bayes_ignore_header X-Barracuda-Spam-Score
-bayes_ignore_header X-Barracuda-Spam-Status
-bayes_ignore_header X-Barracuda-Start-Time
-bayes_ignore_header X-Barracuda-UID
-bayes_ignore_header X-Barracuda-URL
-bayes_ignore_header X-Barracuda-Virus-Alert
-bayes_ignore_header X-Bayesian-Result
-bayes_ignore_header X-Bayes-Prob
-bayes_ignore_header X-BitDefender-Spam
-bayes_ignore_header X-BitDefender-SpamStamp
-bayes_ignore_header X-BL
-bayes_ignore_header X-Bogosity
-bayes_ignore_header X-Boxtrapper
-bayes_ignore_header X-Brightmail-Tracker
-bayes_ignore_header X-BTI-AntiSpam
-bayes_ignore_header X-Bugzilla-Version
-bayes_ignore_header X-CanIt-Geo
-bayes_ignore_header X-CanItPRO-Stream
-bayes_ignore_header X-Canit-Stats-ID
-bayes_ignore_header X-Clapf-spamicity
-bayes_ignore_header X-Cloud-Security
-bayes_ignore_header X-CMAE-Analysis
-bayes_ignore_header X-CMAE-Match
-bayes_ignore_header X-CMAE-Score
-bayes_ignore_header X-CMAE-Verdict
-bayes_ignore_header X-CM-Score
-bayes_ignore_header X-CNFS-Analysis
-bayes_ignore_header X-Coremail-Antispam
-bayes_ignore_header X-CRM114-CacheID
-bayes_ignore_header X-CRM114-Status
-bayes_ignore_header X-CRM114-Version
-bayes_ignore_header X-CTCH-SenderID
-bayes_ignore_header X-CTCH-SenderID-TotalBulk
-bayes_ignore_header X-CTCH-SenderID-TotalConfirmed
-bayes_ignore_header X-CTCH-SenderID-TotalMessages
-bayes_ignore_header X-CTCH-SenderID-TotalRecipients
-bayes_ignore_header X-CTCH-SenderID-TotalSpam
-bayes_ignore_header X-CTCH-SenderID-TotalSuspected
-bayes_ignore_header X-CTCH-SenderID-TotalVirus
-bayes_ignore_header X-CTCH-Spam
-bayes_ignore_header X-CTCH-VOD
-bayes_ignore_header X-CT-Spam
-bayes_ignore_header X-Drweb-SpamState
-bayes_ignore_header X-DSPAM-Confidence
-bayes_ignore_header X-DSPAM-Factors
-bayes_ignore_header X-DSPAM-Improbability
-bayes_ignore_header X-DSPAM-Probability
-bayes_ignore_header X-DSPAM-Processed
-bayes_ignore_header X-DSPAM-Result
-bayes_ignore_header X-DSPAM-Signature
-bayes_ignore_header x-eavas
-bayes_ignore_header x-eavas-action
-bayes_ignore_header x-eavas-eavasid
-bayes_ignore_header X-Enigmail-Version
-bayes_ignore_header X-EsetId
-bayes_ignore_header X-EsetResult
-bayes_ignore_header X-Exchange-Antispam-Report
-bayes_ignore_header X-EYOU-SPAMVALUE
-bayes_ignore_header X-FB-OUTBOUND-SPAM
-bayes_ignore_header X-FEAS-SBL
-bayes_ignore_header X-FILTER-SCORE
-bayes_ignore_header X-Forefront-Antispam-Report
-bayes_ignore_header X-Forefront-PRVS
-bayes_ignore_header X-Fuglu-Spamstatus
-bayes_ignore_header X-Fuglu-Suspect
-bayes_ignore_header X-getmail-filter-classifier
-bayes_ignore_header X-GFIME-MASPAM
-bayes_ignore_header X-Gmane-NNTP-Posting-Host
-bayes_ignore_header X-GMX-Antispam
-bayes_ignore_header X-GMX-Antivirus
-bayes_ignore_header X-He-Spam
-bayes_ignore_header X-hMailServer-Spam
-bayes_ignore_header X-IAS
-bayes_ignore_header X-iGspam-global
-bayes_ignore_header X-Injected-Via-Gmane
-bayes_ignore_header X-Interia-Antivirus
-bayes_ignore_header X-IP-Spam-Verdict
-bayes_ignore_header X-Ironport
-bayes_ignore_header X-IronPort-Anti-Spam-Filtered
-bayes_ignore_header X-IronPort-Anti-Spam-Result
-bayes_ignore_header X-IronPort-AV
-bayes_ignore_header X-IronPort-Outgoing-Antispam
-bayes_ignore_header X-Junkmail
-bayes_ignore_header X-Junk-Score
-bayes_ignore_header X-KLMS-AntiPhishing
-bayes_ignore_header X-Klms-Antispam
-bayes_ignore_header X-KLMS-AntiSpam-Info
-bayes_ignore_header X-KLMS-AntiSpam-Interceptor-Info
-bayes_ignore_header X-KLMS-AntiSpam-Lua-Profiles
-bayes_ignore_header X-KLMS-AntiSpam-Method
-bayes_ignore_header X-KLMS-AntiSpam-Moebius-Timestamps
-bayes_ignore_header X-KLMS-AntiSpam-Rate
-bayes_ignore_header X-KLMS-AntiSpam-Status
-bayes_ignore_header X-KLMS-AntiSpam-Version
-bayes_ignore_header X-KLMS-AntiVirus
-bayes_ignore_header X-KLMS-AntiVirus-Status
-bayes_ignore_header X-KLMS-Message-Action
-bayes_ignore_header X-KLMS-Rule-ID
-bayes_ignore_header X-KMail-EncryptionState
-bayes_ignore_header X-KMail-MDN-Sent
-bayes_ignore_header X-KMail-SignatureState
-bayes_ignore_header X-MailCleaner-SpamChec
-bayes_ignore_header X-MailCleaner-SpamCheck
-bayes_ignore_header X-MailFoundry
-bayes_ignore_header X-MDMailLookup-Result
-bayes_ignore_header X-ME-Bayesian
-bayes_ignore_header X-ME-Content
-bayes_ignore_header X-Microsoft-Antispam
-bayes_ignore_header X-Mlf-Version
-bayes_ignore_header X-MXScan-AntiSpam
-bayes_ignore_header X-MXScan-AntiVirus
-bayes_ignore_header X-MXScan-Country-Sequence
-bayes_ignore_header X-MXScan-License
-bayes_ignore_header X-MXScan-Msgid
-bayes_ignore_header X-MXScan-ProcessingTime
-bayes_ignore_header X-MXScan-Scan
-bayes_ignore_header X-NAI-Spam-Flag
-bayes_ignore_header X-NAI-Spam-Rules
-bayes_ignore_header X-NAI-Spam-Score
-bayes_ignore_header X-NAI-Spam-Threshold
-bayes_ignore_header X-NetStation-Status
-bayes_ignore_header X-OVH-SPAMCAUSE
-bayes_ignore_header X-OVH-SPAMCAUSE:
-bayes_ignore_header X-OVH-SPAMSCORE
-bayes_ignore_header X-OVH-SPAMSTATE
-bayes_ignore_header X-PerlMx-Spam
-bayes_ignore_header X-PerlMx-Virus-Scanned
-bayes_ignore_header X-PFSI-Info
-bayes_ignore_header X-PMX-Spam
-bayes_ignore_header X-PMX-Version
-bayes_ignore_header X-policyd-weight
-bayes_ignore_header X-Policy-Service
-bayes_ignore_header X-PreRBLs
-bayes_ignore_header X-Probable-Spam
-bayes_ignore_header X-PROLinux-SpamCheck
-bayes_ignore_header X-Proofpoint-Spam-Reason
-bayes_ignore_header X-Proofpoint-Virus-Version
-bayes_ignore_header x-purgate-eavas: clean
-bayes_ignore_header x-purgate-id
-bayes_ignore_header x-purgate-size
-bayes_ignore_header x-purgate-type
-bayes_ignore_header X-Qmail-Scanner-Diagnostics
-bayes_ignore_header X-Qmail-Scanner-MOVED-X-Spam-Status
-bayes_ignore_header X-Quarantine-ID
-bayes_ignore_header X-RSpam-Report
-bayes_ignore_header X-SA-Do-Not-Run
-bayes_ignore_header X-SA-Exim-Version
-bayes_ignore_header X-Scanned-by
-bayes_ignore_header X-SmarterMail-CustomSpamHeader
-bayes_ignore_header X-Spam
-bayes_ignore_header X-Spam_bar
-bayes_ignore_header X-Spam-Action
-bayes_ignore_header X-SPAM-AISP
-bayes_ignore_header X-Spambayes-Classification
-bayes_ignore_header X-Spam-Check-By
-bayes_ignore_header X-Spam-Checker-Version
-bayes_ignore_header X-Spam-CMAE-Analysis
-bayes_ignore_header X-Spam-CMAESCORE
-bayes_ignore_header X-Spam-CTCH-RefID
-bayes_ignore_header X-SpamExperts-Domain
-bayes_ignore_header X-SpamExperts-Outgoing-Class
-bayes_ignore_header X-SpamExperts-Outgoing-Evidence
-bayes_ignore_header X-SpamExperts-Username
-bayes_ignore_header X-Spamfilter-host
-bayes_ignore_header X-Spam-Flag
-bayes_ignore_header X-Spamina-Bogosity
-bayes_ignore_header X-Spamina-Spam-Report
-bayes_ignore_header X-Spamina-Spam-Score
-bayes_ignore_header X-SpamInfo
-bayes_ignore_header X-Spam-Level
-bayes_ignore_header X-Spam-Processed
-bayes_ignore_header X-Spam-Report
-bayes_ignore_header X-Spamsave
-bayes_ignore_header X-Spam-Scanned
-bayes_ignore_header X-Spam-Score
-bayes_ignore_header X-Spam-Score-Int
-bayes_ignore_header X-Spam-SmartLearn
-bayes_ignore_header X-Spam-Status
-bayes_ignore_header X-SpamTest-Group-ID
-bayes_ignore_header X-SpamTest-Info
-bayes_ignore_header X-SpamTest-Method
-bayes_ignore_header X-SpamTest-Rate
-bayes_ignore_header X-SpamTest-SPF
-bayes_ignore_header X-SpamTest-Status
-bayes_ignore_header X-SpamTest-Status-Extended
-bayes_ignore_header X-Spam-Threshold
-bayes_ignore_header X-SPF-Scan-By
-bayes_ignore_header X-STA-Metric
-bayes_ignore_header X-STA-NotSpam
-bayes_ignore_header X-StarScan-Version
-bayes_ignore_header X-STA-Spam
-bayes_ignore_header X-SurGATE-Result
-bayes_ignore_header X-SWITCHham-Score
-bayes_ignore_header X-UI-Filterresults
-bayes_ignore_header X-UI-Loop
-bayes_ignore_header X-UI-Out-Filterresults
-bayes_ignore_header X-Univie-Spam-Checker-Version
-bayes_ignore_header X-Univie-Virus-Scan
-bayes_ignore_header X-Virus
-bayes_ignore_header X-VirusChecked
-bayes_ignore_header X-Virus-Checker-Version
-bayes_ignore_header X-Virus-Scanned
-bayes_ignore_header X-Virus-Scanner-Result
-bayes_ignore_header X-Virus-Scanner-Version
-bayes_ignore_header X-Virus-Status
-bayes_ignore_header X-VR-SCORE
-bayes_ignore_header X-VR-SPAMCAUSE
-bayes_ignore_header X-VR-STATUS
-bayes_ignore_header X-WatchGuard-Mail-Client-IP
-bayes_ignore_header X-WatchGuard-Mail-From
-bayes_ignore_header X-WatchGuard-Mail-Recipients
-bayes_ignore_header X-WatchGuard-Spam-ID
-bayes_ignore_header X-WatchGuard-Spam-Score
-bayes_ignore_header X-Whitelist-Domain
-bayes_ignore_header X-WUM-CCI
-##} bayes_ignore_header_sandbox
-##{ ifplugin Mail::SpamAssassin::Plugin::DNSEval # {_sandbox
-ifplugin Mail::SpamAssassin::Plugin::DNSEval # {
-reuse    RCVD_IN_PSBL
-endif
-##} ifplugin Mail::SpamAssassin::Plugin::DNSEval # {_sandbox
-##{ ifplugin Mail::SpamAssassin::Plugin::DNSEval_sandbox
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-reuse   __RCVD_IN_DNSWL
-reuse  RCVD_IN_DNSWL_NONE
-reuse  RCVD_IN_DNSWL_LOW
-reuse  RCVD_IN_DNSWL_MED
-reuse  RCVD_IN_DNSWL_HI
-reuse  RCVD_IN_DNSWL_BLOCKED
-reuse  RCVD_IN_IADB_LISTED
-reuse  RCVD_IN_IADB_EDDB
-reuse  RCVD_IN_IADB_EPIA
-reuse  RCVD_IN_IADB_SPF
-reuse  RCVD_IN_IADB_SENDERID
-reuse  RCVD_IN_IADB_DK
-reuse  RCVD_IN_IADB_RDNS
-reuse  RCVD_IN_IADB_GOODMAIL
-reuse  RCVD_IN_IADB_NOCONTROL
-reuse  RCVD_IN_IADB_OPTOUTONLY
-reuse  RCVD_IN_IADB_UNVERIFIED_1
-reuse  RCVD_IN_IADB_UNVERIFIED_2
-reuse  RCVD_IN_IADB_LOOSE
-reuse  RCVD_IN_IADB_OPTIN_LT50
-reuse  RCVD_IN_IADB_OPTIN_GT50
-reuse  RCVD_IN_IADB_OPTIN
-reuse  RCVD_IN_IADB_DOPTIN_LT50
-reuse  RCVD_IN_IADB_DOPTIN_GT50
-reuse  RCVD_IN_IADB_DOPTIN
-reuse  RCVD_IN_IADB_ML_DOPTIN
-reuse  RCVD_IN_IADB_OOO
-reuse  RCVD_IN_IADB_MI_CPEAR
-reuse  RCVD_IN_IADB_UT_CPEAR
-reuse  RCVD_IN_IADB_MI_CPR_30
-reuse  RCVD_IN_IADB_UT_CPR_30
-reuse  RCVD_IN_IADB_MI_CPR_MAT
-reuse  RCVD_IN_IADB_UT_CPR_MAT
-endif
-##} ifplugin Mail::SpamAssassin::Plugin::DNSEval_sandbox
-##{ ifplugin Mail::SpamAssassin::Plugin::ReplaceTags_sandbox
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-replace_rules T_FUZZY_SPRM
-replace_rules FUZZY_MERIDIA
-replace_rules TVD_FUZZY_PHARMACEUTICAL
-replace_rules TVD_FUZZY_SYMBOL
-replace_rules T_TVD_FUZZY_SECURITIES
-replace_rules TVD_FUZZY_FINANCE
-replace_rules TVD_FUZZY_FIXED_RATE
-replace_rules TVD_FUZZY_MICROCAP
-replace_rules T_TVD_FUZZY_SECTOR
-replace_rules TVD_FUZZY_DEGREE
-  replace_tag FF_LNNO   (?:(?:\d{1,3}(?:[)}\]:.,]{1,80}|(?:st|nd|rd|th)[)}\]:.,]{0,3})|\W?\([\div]{1,5}\)|\W?\{\d{1,3}\}|\[\d{1,3}\]|\*{1,5}|\#{1,5}|\(?[A-K][)}\]:.,]{1,3})\s?)
-  replace_tag FF_YOUR   (?:a?\s?copy\sof\s)?(?:(?:your|din|seu|twoje)[\s,:]{1,5})?(?:present\s|c[uo]rrent\s|full(?:st[\xe4]ndigt)?\s?|complete\s|direct\s|private?\s|valid\s|personal\s|nuvarande\s|vollst[\xe4]ndige\s|aktuelle\s|pe\s(?:ne\s)?){0,3}
-  replace_tag ANDOR     (?:\s?[\/&+,]\s?|\sor\s|\sand?\s)
-  replace_tag NUMBER    (?:(?:ruf)?num(?:[bm]er)?\(?s?\)?|nos?\.|no\b|n[\xb0]|\#s?|nbrs?\.?)
-  replace_tag FF_SUFFIX (?:\sin\s(?:full|words)|\scompleto)?:?(?:\s?[({][^)}]{1,30}[)}])?
-  replace_tag FF_BLANK1 (?:[\s:;]{0,4}(?:(?:[-=_.,:;*\s\x85]|&\#\d{1,3};|[\xe2][\x80][\xa6]){3,100}))
-  replace_tag FF_BLANK2 (?:[^-=_.,:;*\w]{0,3}(?:[-=_.,:;*\s\x85]|&\#\d{1,3};|[\xe2][\x80][\xa6]){1,100})
-  replace_tag FF_A1 (?:(?:countr?y|city|province|ter+itory|(?:zip|post(?:al)?)(?:\s?code)?|st?ates?|ad+res+e?)<ANDOR>?){1,3}(?:\sof\s(?:residence|birth|employment|citizenship|origin))?
-  replace_tag FF_A2 (?:(?:contact|full|house|home|resident[ia]+l|busines+|mailing|work|delivery|ship+ing|post(?:al)?|of+ice|e-?mail|bostads|wohn)<ANDOR>?){0,3}\s?(?:ad+res+[es]{0,2}|location|endere[\xe7]o)(?:\sline)?(?:\s[0-9])?
-  replace_tag FF_N1 (?:company|first|last|all|busines+|legal|ben[ei]ficiary|user|vollstaendigen)?\s?(?:name?[sn]?|navne|nome|nazwy)(?:<ANDOR>ad+res+)?
-  replace_tag FF_P1 (?:(?:(?:busines+|contact|fax|voice|house|home|mobile?|cel+(?:ular)?|of+ice|tel+e?(?:\s?(?:ph|f)one?)?|(?:ph|f)one|private)(?:\s(?:ph|f)one)?<ANDOR>?){1,3}(?:\s?<NUMBER>)?<ANDOR>?){1,3}
-  replace_tag FF_M1 (?:(?:ages?|marital\s?statu[se]|sex|gender|male\sor\sfemale|(?:date\s(?:of\s)?)?birth|religion|nationality|(?:user )?email|next\sof\skin|alter|staatsangehoerigkeit|nationalitet|idade|weik)<ANDOR>?){1,3}
-  replace_tag FF_L1 (?:(?:previous\s)?work(?:ing)\s?experience|employment|position|profes+ion|(?:monthly|an+ual)?\s?income|purpose\sof\sl(?:oa|ao)n|an+ual\sturn\s?over|l(?:oa|ao)n\sduration|oc+up[ae]tion(?:\/position)?s?|(?:l(?:oa|ao)n\s|the\s)?amount(?:\sneed(ed)?|\sdesired)?(?:\s(?:as|of)\sloan)?|beruf|zaw(?:=F3|[\xf3])d)
-  replace_tag FF_F1 (?:(?:bank(?:ing)?|beneficiary|billing|acc(?:oun)?t|rout(?:ing)?|swift|receiver|user)<ANDOR>?){1,3}\s(?:(?:name|ad+res+(?:es)?|location|code|details|institution|a\/c|<NUMBER>)<ANDOR>?){1,3}
-  replace_tag FF_F2 (?:(?:(?:international\s)?driver'?s?\sli[sc]+(?:en[sc]e)?|pas+\s?port|id\scard|[ia]d(?:entification|entity)(?:\s(?:card|<NUMBER>|papers?))?)<ANDOR>?){1,3}(?:\s<NUMBER>)?
-  replace_tag FF_F3 (?:picture|zdj\scie|test\squestion|answer|amount\swon|(?:inheritance\s)?funds?\svalue|(?:e-?mail\s)?pas+word|e-?mai?l\sid|amount\s[\w\s]{0,30}lost[\w\s]{0,15})
-  replace_tag FF_F4 (?:log[-\s]?in|(?:e-?mail\s)?user)\s?names?
-  replace_tag FF_F5 (?:ref(?:erence)?|batch|win+ing|award|billet)[-\s]?<NUMBER>
-  replace_tag FF_ALL (?:<FF_A1>|<FF_A2>|<FF_N1>|<FF_P1>|<FF_M1>|<FF_F1>|<FF_F2>|<FF_F3>|<FF_F4>|<FF_F5>|<FF_L1>)
-  replace_rules   __FILL_THIS_FORM_LONG1
-  replace_rules   __FILL_THIS_FORM_LONG2
-  replace_rules   __FILL_THIS_FORM_PARTIAL
-  replace_rules   __FILL_THIS_FORM_PARTIAL_RAW
-  replace_rules   __FILL_THIS_FORM_SHORT1
-  replace_rules   __FILL_THIS_FORM_SHORT2
-  replace_rules   __FILL_THIS_FORM_LOAN1
-  replace_rules   __FILL_THIS_FORM_FRAUD_PHISH1
-  replace_tag  CURRENCY   [\(\[]?(?:\bU[Ss][D\$]{0,2}|\$(?:US)?|usd|CAD|GBP|=[Aa][34]|\xa3|&\#16[34];|(?i:pounds\ssterling)|\xa4|EUR(?:OS)?|(?:d')?[Ee]uro?s?|(?i:eur)\sde|CHF|FCFA|d[\xf3]lares\sde\slos\sE+\.\s?U+\.)[\]\)]?
-  replace_tag  GB_UK      \b(?:U\.?K\.?|(?:Great\s)?Brit(?:ain|ish)|G\.?B\.?)\b
-  replace_rules   __LOTSA_MONEY_00 __LOTSA_MONEY_01 __LOTSA_MONEY_02 __LOTSA_MONEY_03 __LOTSA_MONEY_04
-  replace_tag  PERCENT      \b(?:\d\d|ten|[a-z]+teen|(?:twen|thir|fou?r|fif)ty(?:-?[a-z]+)?)\s?(?:%|percent)
-  replace_rules  __PCT_FOR_YOU_1 __PCT_FOR_YOU_2 __PCT_FOR_YOU_3 __PCT_OF_PMTS
-  replace_rules  T_FUZZY_OPTOUT
-	replace_rules                  __FRT_PRICE
-  replace_rules FUZZY_UNSUBSCRIBE
-  replace_rules FUZZY_ANDROID
-  replace_rules FUZZY_PROMOTION
-  replace_rules FUZZY_PRIVACY
-  replace_rules FUZZY_BROWSER
-  replace_rules FUZZY_SAVINGS
-  replace_rules FUZZY_IMPORTANT
-  replace_rules FUZZY_SECURITY
-  replace_rules __FUZZY_DR_OZ
-  replace_rules FUZZY_CLICK_HERE
-replace_rules URI_OBFU_WWW
-replace_rules T_LFUZ_PWRMALE
-endif
-##} ifplugin Mail::SpamAssassin::Plugin::ReplaceTags_sandbox
-##{ redirector_pattern_sandbox
-redirector_pattern m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&\#])'i
-redirector_pattern m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&\#])'i
-redirector_pattern m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:site|inurl):(.*?)(?:$|%20|[\s+&\#])'i
-redirector_pattern m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&\#])'i
-redirector_pattern m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&\#])'i
-redirector_pattern m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/pagead/iclk\?.*?(?<=[?&])adurl=(.*?)(?:$|[&\#])'i
-redirector_pattern m'^http:/*(?:\w+\.)?aol\.com/redir\.adp\?.*(?<=[?&])_url=(.*?)(?:$|[&\#])'i
-redirector_pattern m'^https?/*(?:\w+\.)?facebook\.com/l/;(.*)'i
-##} redirector_pattern_sandbox
-uri         __128_HEX_URI     m,/[0-9a-f]{128},
-uri         __45_ALNUM_IMG      m;/[0-9a-z]{45,}/\w+\.(?:png|gif|jpe?g)$;i
-body        __ACCESS_RESTORE     /\bto (?:(?:restore|regain) access|(?:remove|uplift) (?:the|this) suspens|continue using your (?:account|online))/i
-body        __ACCESS_REVOKE      /(?:temporary|permanent) (?:de-?activation|removal) of your (?:\w{1,30} )?(?:access|account)/i
-body        __ACCESS_SUSPENDED   /\b?(:(?:access|account) has been (?:temporar(?:il)?y )(?:suspended|blocked|locked)|suspend (?:you from|your) access(?:ing)?)\b/i
-body        __ACCOUNT_DISRUPT    /ensure (?:that )?your (?:account|access) is not (?:disrupted|suspended|interrupted)/i
-body        __ACCOUNT_ERROR      /your account (?:is|appears to be) (?:incorrect|missing|in error|invalid)/i
-body        __ACCOUNT_REACTIV    /(?:(?:account|access) (?:has been )?(?:successfully )?(?:reviewed and )?re-?(?:activat(?:ion|ed)|new(?:al|ed))|(?:unlock|re-?activate|restore|recover) (?:your|the|this) (?:account|access))/i
-body        __ACCOUNT_UPGRADE    /(?:upgrade (?:of )your (?:account|access)|your (?:access|account) is[\w\s]{0,40}being upgraded)/i
-meta        __ACCT_PHISH         (__ACCESS_SUSPENDED + __ACCESS_RESTORE + __ACCESS_REVOKE + __VERIFY_ACCOUNT + __FAILED_LOGINS + __ACCOUNT_REACTIV + __SECURITY_DEPT + __ACCOUNT_ERROR + __ACCOUNT_DISRUPT + __ACCOUNT_UPGRADE) > 1 && !__ACCT_PHISH_MANY
-meta        __ACCT_PHISH_MANY    (__ACCESS_SUSPENDED + __ACCESS_RESTORE + __ACCESS_REVOKE + __VERIFY_ACCOUNT + __FAILED_LOGINS + __ACCOUNT_REACTIV + __SECURITY_DEPT + __ACCOUNT_ERROR + __ACCOUNT_DISRUPT + __ACCOUNT_UPGRADE) > 3
-body        __ACH_CANCELLED_01     /\b(?:(?-i:ACH)|dividend)[-_ ](?:payment|transfer|transaction|was)[-_ ](?:(?:was|is)[-_ ])?(?:rejected|cancel+ed|declined|disabled|not[-_ ]accepted|(?:technical )?error)/i
-body        __ACH_CANCELLED_02     /(?:rejected|cancel+ed|declined|your)[-_ ](?:(?-i:ACH)|direct[-_ ]deposit)[-_ ](?:payment|transfer|transaction|declin(?:ed|ing))/i
-body        __ACH_CANCELLED_03     /\bwire[-_ ]?(?:payment|transfer|transaction)[-_ ](?:(?:was|is)[-_ ])?(?:rejected|cancel+ed|declined|disabled|not[-_ ]accepted|(?:technical )?error)/i
-body        __ACH_CANCELLED_04     /\bregarding[-_ ]your[-_ ]direct[-_ ]deposit[-_ ]via[-_ ](?-i:ACH)/i
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-	meta         __ACH_CANCELLED_EXE (__ACH_CANCELLED_01 || __ACH_CANCELLED_02 || __ACH_CANCELLED_03 || __ACH_CANCELLED_04) && __EXE_ATTACH
-endif
-uri __AC_1SEQC_URI	/\/1[a-z0-9]8[a-z0-9_]{20,}\/C\//
-uri __AC_1SEQV_URI	/\/1[a-z0-9]8[a-z0-9_]{20,}\/V\//
-uri __AC_CHDSEQ_URI	/\/chd[a-z0-9]{20,}/
-uri __AC_LAND_URI	/\/land\//
-uri __AC_LONGSEQ_URI	/\/[A-Z0-9]{50,}\.(?:php|html|cgi)\b/
-uri __AC_MHDSEQ_URI	/\/mhd[a-z0-9]{20,}/
-uri __AC_NDOMLONGNASPX_URI	/[A-Za-z]+[0-9]{2}\.[A-Za-z0-9-]+\.me\/(?:[A-Za-z0-9-]{10,}\/){2}[0-9]{8,}\/[A-Za-z]+\.aspx/
-uri __AC_NUMS_URI	/(?:\/[0-9]+){5}\.[0-9a-zA-Z]+\.(:?php|html)\b/
-uri __AC_OUTI_URI	/\/outi\b/
-uri __AC_OUTL_URI	/\/outl\b/
-uri __AC_PHPOFFSUB_URI	/\/php\/off\/[0-9.]+\/sub\//
-uri __AC_PHPOFFTOP_URI	/\/php\/off\/[0-9.]+\/top\//
-uri __AC_PUNCTNUMS_URI	/\.com\/[A-Za-z+=\/.?_-]{4,}[0-9]{9,12}[a-z0-9]{1,2}[A-Za-z+=\/.?_-]+[0-9]{7,9}[A-Za-z+=\/.?_-]{6,}[0-9]{7,9}\b/
-uri __AC_REPORT_URI	/\/report\//
-uri __AC_RMOVE_URI	/\/r\/move\/[0-9]+\//
-uri __AC_UHDSEQ_URI	/\/uhd[a-z0-9]{20,}/
-uri __AC_UNSUB_URI	/\/unsub\//
-body        __ADMAIL          /(?:\b|_)ad-?(?:mail|message)s?(?:\b|_)/i
-body        __ADMITS_SPAM     /\bth(?:e[- ]+above|is)(?:\?+s|[- ]+is)[- ]+(?:intended[- ]+as[- ]+)?an?[- ]+(?:email[- ]+)?advert[i1l]sement\b/i
-meta      __ADVANCE_FEE_2_NEW  (__AFRICAN_STATE + __ATM_CARD + __BACK_SCRATCH +  __CONTACT_YOU + __COURIER + __DEAD_PARENT + __DEAL + DEAR_BENEFICIARY + DEAR_WINNER + __DECEASED + __DESTROY_ME + __DIPLOMATIC + __DORMANT_ACCT + __EARLY_DEMISE + __EX_CUSTOMER + __FOUND_YOU + __FRAUD_AON + __FRAUD_AUM + __FRAUD_AXF + __FRAUD_BEP + __FRAUD_BGP + __FRAUD_CKF + __FRAUD_DPR + __FRAUD_FVU + __FRAUD_GBW + __FRAUD_IPK + __FRAUD_IRT + __FRAUD_JNB + __FRAUD_JYG + __FRAUD_MCQ + __FRAUD_MLY + __FRAUD_MQO + __FRAUD_NEB + __FRAUD_QFY + __FRAUD_QXX + __FRAUD_SNT + __FRAUD_ULK + __FRAUD_UOQ + __FRAUD_VQE + __FRAUD_WDR + __FRAUD_WFC + __FRAUD_XJR + __FRAUD_XWW + __FRAUD_YPO + __FRAUD_YQV + __I_INHERIT + __INTL_BANK + __INVEST_MONEY + __IS_LEGAL + __I_WILL_YOU + __KAM_LOTTO2 + LOTTO_AGENT + T_LOTTO_AGENT_RPLY + __LOTTO_DEPT + __LOTTO_RELATED + T_LOTTO_URI + __LOTTO_WIN_01 + __LOTTO_WINNINGS + __LUCKY_WINNER + __NEXT_OF_KIN + __NOT_DEAD_YET + __PCT_OF_PMTS + __SCAM + __SHARE_IT + __THEY_INHERIT +  UNCLAIMED_MONEY + __WIDOW + __WILL_LEGAL + __XFER_MONEY + __YOU_ASSIST + __YOU_INHERIT + __YOUR_FUND + __YOUR_PERM + __YOU_WON > 1) && !__THREAD_INDEX_GOOD
-meta      __ADVANCE_FEE_2_NEW_FORM  __FILL_THIS_FORM && !LOTS_OF_MONEY && __ADVANCE_FEE_2_NEW
-meta      __ADVANCE_FEE_2_NEW_FRM_MNY  __FILL_THIS_FORM && LOTS_OF_MONEY && __ADVANCE_FEE_2_NEW
-meta      __ADVANCE_FEE_2_NEW_MONEY  !__FILL_THIS_FORM && LOTS_OF_MONEY && __ADVANCE_FEE_2_NEW
-meta      __ADVANCE_FEE_3_NEW  (__AFRICAN_STATE + __ATM_CARD + __BACK_SCRATCH +  __CONTACT_YOU + __COURIER + __DEAD_PARENT + __DEAL + DEAR_BENEFICIARY + DEAR_WINNER + __DECEASED + __DESTROY_ME + __DIPLOMATIC + __DORMANT_ACCT + __EARLY_DEMISE + __EX_CUSTOMER + __FOUND_YOU + __FRAUD_AON + __FRAUD_AUM + __FRAUD_AXF + __FRAUD_BEP + __FRAUD_BGP + __FRAUD_CKF + __FRAUD_DPR + __FRAUD_FVU + __FRAUD_GBW + __FRAUD_IPK + __FRAUD_IRT + __FRAUD_JNB + __FRAUD_JYG + __FRAUD_MCQ + __FRAUD_MLY + __FRAUD_MQO + __FRAUD_NEB + __FRAUD_QFY + __FRAUD_QXX + __FRAUD_SNT + __FRAUD_ULK + __FRAUD_UOQ + __FRAUD_VQE + __FRAUD_WDR + __FRAUD_WFC + __FRAUD_XJR + __FRAUD_XWW + __FRAUD_YPO + __FRAUD_YQV + __I_INHERIT + __INTL_BANK + __INVEST_MONEY + __IS_LEGAL + __I_WILL_YOU + __KAM_LOTTO2 + LOTTO_AGENT + T_LOTTO_AGENT_RPLY + __LOTTO_DEPT + __LOTTO_RELATED + T_LOTTO_URI + __LOTTO_WIN_01 + __LOTTO_WINNINGS + __LUCKY_WINNER + __NEXT_OF_KIN + __NOT_DEAD_YET + __PCT_OF_PMTS + __SCAM + __SHARE_IT + __THEY_INHERIT +  UNCLAIMED_MONEY + __WIDOW + __WILL_LEGAL + __XFER_MONEY + __YOU_ASSIST + __YOU_INHERIT + __YOUR_FUND + __YOUR_PERM + __YOU_WON > 2) && !__THREAD_INDEX_GOOD
-meta      __ADVANCE_FEE_3_NEW_FORM  __FILL_THIS_FORM && !LOTS_OF_MONEY && __ADVANCE_FEE_3_NEW
-meta      __ADVANCE_FEE_3_NEW_FRM_MNY  __FILL_THIS_FORM && LOTS_OF_MONEY && __ADVANCE_FEE_3_NEW
-meta      __ADVANCE_FEE_3_NEW_MONEY  !__FILL_THIS_FORM && LOTS_OF_MONEY && __ADVANCE_FEE_3_NEW
-meta      __ADVANCE_FEE_4_NEW  (__AFRICAN_STATE + __ATM_CARD + __BACK_SCRATCH +  __CONTACT_YOU + __COURIER + __DEAD_PARENT + __DEAL + DEAR_BENEFICIARY + DEAR_WINNER + __DECEASED + __DESTROY_ME + __DIPLOMATIC + __DORMANT_ACCT + __EARLY_DEMISE + __EX_CUSTOMER + __FOUND_YOU + __FRAUD_AON + __FRAUD_AUM + __FRAUD_AXF + __FRAUD_BEP + __FRAUD_BGP + __FRAUD_CKF + __FRAUD_DPR + __FRAUD_FVU + __FRAUD_GBW + __FRAUD_IPK + __FRAUD_IRT + __FRAUD_JNB + __FRAUD_JYG + __FRAUD_MCQ + __FRAUD_MLY + __FRAUD_MQO + __FRAUD_NEB + __FRAUD_QFY + __FRAUD_QXX + __FRAUD_SNT + __FRAUD_ULK + __FRAUD_UOQ + __FRAUD_VQE + __FRAUD_WDR + __FRAUD_WFC + __FRAUD_XJR + __FRAUD_XWW + __FRAUD_YPO + __FRAUD_YQV + __I_INHERIT + __INTL_BANK + __INVEST_MONEY + __IS_LEGAL + __I_WILL_YOU + __KAM_LOTTO2 + LOTTO_AGENT + T_LOTTO_AGENT_RPLY + __LOTTO_DEPT + __LOTTO_RELATED + T_LOTTO_URI + __LOTTO_WIN_01 + __LOTTO_WINNINGS + __LUCKY_WINNER + __NEXT_OF_KIN + __NOT_DEAD_YET + __PCT_OF_PMTS + __SCAM + __SHARE_IT + __THEY_INHERIT +  UNCLAIMED_MONEY + __WIDOW + __WILL_LEGAL + __XFER_MONEY + __YOU_ASSIST + __YOU_INHERIT + __YOUR_FUND + __YOUR_PERM + __YOU_WON > 3) && !__THREAD_INDEX_GOOD
-meta      __ADVANCE_FEE_4_NEW_FORM  __FILL_THIS_FORM && !LOTS_OF_MONEY && __ADVANCE_FEE_4_NEW
-meta      __ADVANCE_FEE_4_NEW_FRM_MNY  __FILL_THIS_FORM && LOTS_OF_MONEY && __ADVANCE_FEE_4_NEW
-meta      __ADVANCE_FEE_4_NEW_MONEY  !__FILL_THIS_FORM && LOTS_OF_MONEY && __ADVANCE_FEE_4_NEW
-meta      __ADVANCE_FEE_5_NEW  (__AFRICAN_STATE + __ATM_CARD + __BACK_SCRATCH +  __CONTACT_YOU + __COURIER + __DEAD_PARENT + __DEAL + DEAR_BENEFICIARY + DEAR_WINNER + __DECEASED + __DESTROY_ME + __DIPLOMATIC + __DORMANT_ACCT + __EARLY_DEMISE + __EX_CUSTOMER + __FOUND_YOU + __FRAUD_AON + __FRAUD_AUM + __FRAUD_AXF + __FRAUD_BEP + __FRAUD_BGP + __FRAUD_CKF + __FRAUD_DPR + __FRAUD_FVU + __FRAUD_GBW + __FRAUD_IPK + __FRAUD_IRT + __FRAUD_JNB + __FRAUD_JYG + __FRAUD_MCQ + __FRAUD_MLY + __FRAUD_MQO + __FRAUD_NEB + __FRAUD_QFY + __FRAUD_QXX + __FRAUD_SNT + __FRAUD_ULK + __FRAUD_UOQ + __FRAUD_VQE + __FRAUD_WDR + __FRAUD_WFC + __FRAUD_XJR + __FRAUD_XWW + __FRAUD_YPO + __FRAUD_YQV + __I_INHERIT + __INTL_BANK + __INVEST_MONEY + __IS_LEGAL + __I_WILL_YOU + __KAM_LOTTO2 + LOTTO_AGENT + T_LOTTO_AGENT_RPLY + __LOTTO_DEPT + __LOTTO_RELATED + T_LOTTO_URI + __LOTTO_WIN_01 + __LOTTO_WINNINGS + __LUCKY_WINNER + __NEXT_OF_KIN + __NOT_DEAD_YET + __PCT_OF_PMTS + __SCAM + __SHARE_IT + __THEY_INHERIT +  UNCLAIMED_MONEY + __WIDOW + __WILL_LEGAL + __XFER_MONEY + __YOU_ASSIST + __YOU_INHERIT + __YOUR_FUND + __YOUR_PERM + __YOU_WON > 4) && !__THREAD_INDEX_GOOD
-meta      __ADVANCE_FEE_5_NEW_FORM  __FILL_THIS_FORM && !LOTS_OF_MONEY && __ADVANCE_FEE_5_NEW
-meta      __ADVANCE_FEE_5_NEW_FRM_MNY  __FILL_THIS_FORM && LOTS_OF_MONEY && __ADVANCE_FEE_5_NEW
-meta      __ADVANCE_FEE_5_NEW_MONEY  !__FILL_THIS_FORM && LOTS_OF_MONEY && __ADVANCE_FEE_5_NEW
-body __AFF_004470_NUMBER  /(?:\+|00|011)\W{0,3}44\W{0,3}0?\W{0,3}70/
-body __AFF_LOTTERY        /(?:lottery|winner)/i
-meta     __AFRICAN_STATE  (__NIGERIA || __IVORY_COAST || __BURKINA_FASO || __GHANA || __BENIN || __AFR_UNION)
-body     __AFR_UNION      /\bafrican\sunion\b/i
-body     __AGREED_RATIO   /\b(?:agreed|sharing)\s(?:ratios?|percent\w+)\b/i
-header         __AMADEUSMS_MUA     X-Mailer =~ /^Amadeus Messaging Server/
-body     __AM_DYING       /\b(?:am\s(?:\S+\s)?dying|terminally\sill|cancer|en\sphase\sterminale|(?:become|is|devenu|maladie)\sincurable|que\sje\smeurs)\b/i
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader __ANY_IMAGE_ATTACH Content-Type =~ /image\/(?:gif|jpeg|png)/
-endif
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta        __ANY_TEXT_ATTACH 0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader  __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader __ANY_TEXT_ATTACH_DOC     Content-Type =~ /text\/\w+/i
-endif
-body     __ATM_CARD       /\b(?:your|the|this|through|via|by\smeans\sof\|that\sa)[\s\(](?:\w{1,20}\s)?(?:atm|debit|(?:money[\s-]?gram\s)?fast\scash)(?:\smaster|swift|value?|cash)?[\s\)]card/i
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __ATTACH_NAME_NO_EXT 0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __ATTACH_NAME_NO_EXT Content-Type =~ m,\bname\s?=\s?"(?!=\?)[^."]+",i
-endif
-body        __ATTN_MAIL_USER     /\b(?:att(?:entio)?n|dear|caro) (?:web ?(?:mail)?\s\S\s)?(?:web ?|e-?)?mail (?:user|DO USU(?:=E1|[\xe1]|[\xc3][\xa1])RIO)[:;,]/i
-body     __AUTO_ACCIDENT     /auto(?:mobile)? accident/i
-header __AXB_MO_OL_024C2  X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2600\.0000/
-header __AXB_MO_OL_1ECD5  X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1081/
-header          __AXB_MO_OL_2600  X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2600\.0000/
-header __AXB_XM_OL_024C2  X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2600\.0000/
-header __AXB_XM_OL_1ECD5  X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1081/
-header          __AXB_XM_OL_2600  X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2600\.0000/
-body     __BACK_SCRATCH   /\bmutual+y?\s(?:benefi(?:t|cial)|interest)\b/i
-body     __BANK_DRAFT     /\bbank\sdraft/i
-body     __BARRISTER      /\b(?:barrister|solicitor at law|barr\.)/i
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader # {
-  full	__BASE64_MDAW	/^(?:MDAw){12}/
-endif
-body     __BENEFICIARY    /\bb(?:e|=E9|[\xe9]|[\xc3][\xa9])n(?:e|=E9|[\xe9]|[\xc3][\xa9])fi(?:c|sh)i?ai?r(?:y|ies|es?)/i
-body     __BENIN          /\bb(?:e|=E9|[\xe9]|[\xc3][\xa9])nin\b/i
-body __BODY_STARTS_WITH_FROM_LINE /^From \S+ \S\S\S \S\S\S .. ..:..:.. \S+\s+\S+\: /s
-body        __BODY_TEXT_LINE     /^\s*\S/
-tflags      __BODY_TEXT_LINE     multiple maxhits=3
-meta        __BODY_URI_ONLY      __BODY_TEXT_LINE < 3 && __HAS_ANY_URI && !__SMIME_MESSAGE
-body           __BODY_XHTML             /<x-html>/i
-meta     __BOTH_INR_AND_REF	(__XM_BALSA || __XM_CALYPSO || __XM_FORTE || __XM_MHE || __XM_SQRLMAIL || __XM_SYLPHEED || __XM_THEBAT || __XM_VM || __XM_XIMEVOL || __UA_KMAIL || __UA_MOZ5 || __UA_OPERA7)
-rawbody  __BUGGED_IMG	m{<img\b[^>]{0,100}\ssrc=.?https?://[^>]{6,80}(?:\?[^>]{8}|[^a-z](?![a-f]{3}|20\d\d[01]\d[0-3]\d)[0-9a-f]{8})}i
-body     __BURKINA_FASO   /\bburkina\s?faso\b/i
-body        __CANT_SEE_AD_1   /\b(?:can(?:no|')?t|(?:aren'?t[-,!\s]{1,3}|not[-,!\s]{1,3}|un)able[-,!\s]{1,3}to)[-,!\s]{1,3}(?:(?!our|this|the)\w{1,12}[-,\s]{1,3}){1,2}(?:our|this|the)[-.,\s*]{1,3}(?:commercial[-.,\s]{1,3}|ad(?:v[-.]?ert[i1l]se-?ment)?[-.,\s]{1,3}|images |newsletter |mailing ){1,2}(?:at all|(?:(?:down )?(?:below|underneath))|in (?:your|this) mail|(?:due to|because(?: of)?|as|from) (?:no |missing |unloaded |blocked )?(?:images|graphics))\b/i
-body        __CANT_SEE_AD_2   /\b(?:issue|problem|trouble) (?:getting|viewing|with) (?:(?:our|the) )?(?:message|content|e-?mail|details)(?: below)?[.?] (?:please|go ahead and) (?:click|browse)\b/i
-body        __CAN_HELP         /\bcan help\b/i
-body __CASHPRZ      /cash prize of/
-body     __CHARITY        /\b(?:charit(?:y|[ai]ble)|orphans?|homeless|orphelins|sans\sabri)\b/i
-body        __CLEAN_MAILBOX      /\b(?:(?:e-?mail|mail\s?box|violation:|(?-i:CLICK)) (?:quota size|clean(?:-?up))|clean ?up click ?here)\b/i
-body        __CLICK_HERE       /\bclick\shere\b/i
-rawbody        __COMMENT_GIBBERISH      /<!--(?:\s{1,10}[-\w'"]{1,40}){100}/im
-body     __COMPENSATION   /\b(?:compensat(?:e|ion)|recompensed?|ausgleich)\b/i
-body     __CONTACT_ATTY   /\bcontact(?:er)?\s(?:my|(?:de\s)?mon)\s(?:barrister|attou?rney|lawyer|avocat|gestionnaire)\b/i
-body     __CONTACT_YOU    /\b(?:contact(?:ing)\syou|vous\scontacter?)\b/i
-body     __COURIER        /\bcourier\s(?:company|service)\b/i
-header      __CR_IN_SUBJ      Subject:raw =~ /\015/
-header  __CTYPE_MULTIPART_ANY Content-Type =~ /multipart\/\w+/i
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __CTYPE_NULL        0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __CTYPE_NULL        Content-Type =~ /^\s*;/
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader __CTYPE_ONETAB_GIF Content-Type:raw =~ /^image\/gif;\n\tname=\".+?\"$/s
-endif
-body __DBLCLAIM     /avoid double claiming/
-body     __DEAD_PARENT    /\b(?:my|meu)\s(?:(?:deceased|dead)\s(?:father|mother|husband)|(?:father|dad|mother|mom|husband|marido)(?:'?s)?\s(?:death|died|passed\saway|murder|was\s(?:killed|murdered|poisoned)|faleceu))/i
-body     __DEAL           /\b(?:(?:business|financial|this|the|mutual|die(?:se)?r?|cette|profitable)\s(?:deal|transa[ck]tion|proposal|off[er]{2}|venture|suggestion|partnership)|your\spartnership)/i
-body     __DECEASED       /\b(?:the|my|your|der|du|le|meu?)\s(?:deceased|late|verstorbenen|d(?:i|e|=E9|[\xe9]|[\xc3][\xa9])funto?|d(?:e|=E9|[\xe9]|[\xc3][\xa9])nt|falecido)\b/i
-body     __DESTROY_ME     /\b(?:destroy|hunt|quemar)\sm[eyi]\b/i
-body     __DIED_IN        /\bdied\sin\b/i
-body     __DIPLOMATIC     /\bdiplomatic\b/i
-header	 __DKIM_EXISTS	exists:DKIM-Signature
-tflags	 __DKIM_EXISTS	nice
-body           __DLND_ATTACH      /\bdownload\sthe\sattach(?:ed|ment)\b/i
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __DOC_ATTACH       0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  meta         __DOC_ATTACH       (__DOC_ATTACH_MT || __DOC_ATTACH_FN1 || __DOC_ATTACH_FN2)
-endif
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __DOC_ATTACH_FN1   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __DOC_ATTACH_FN1   Content-Type =~ /="[^"]+\.(?:docx?|rtf)"/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __DOC_ATTACH_FN2   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __DOC_ATTACH_FN2   Content-Disposition =~ /="[^"]+\.(?:docx?|rtf)"/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __DOC_ATTACH_MT    0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __DOC_ATTACH_MT    Content-Type =~ m,\bapplication/(?:msword|rtf|vnd\.ms-word|vnd\.openxmlformats-officedocument\.wordprocessingml\.document)\b,i
-endif
-body     __DORMANT_ACCT   /\b(?:(?:dormant|abandoned|left\s?over)\s(?:account|fund|transaction|sum|deposit)|fonds\sdorment)/i
-body	__DOS_BODY_FRI	/\bfri(?:day)?\b/i
-body	__DOS_BODY_MON	/\bmon(?:day)?\b/i
-body	__DOS_BODY_SAT	/\bsat(?:day)?\b/i
-body		__DOS_BODY_STOCK	/\bstock\b/i
-body	__DOS_BODY_SUN	/\bsun(?:day)?\b/i
-body	__DOS_BODY_THU	/\bthu(?:r(?:s(?:day)?)?)?\b/i
-body		__DOS_BODY_TICKER	/\b[A-Z]{4}\.(?:OB|PK)\b/
-body	__DOS_BODY_TUE	/\btue(?:s(?:day)?)?\b/i
-body	__DOS_BODY_WED	/\bwed(?:nesday)?\b/i
-body	__DOS_COMING_TO_YOUR_PLACE	/I (?:am|might(?: be)?) c[a-z]?o[a-z]?m[a-z]?(?:i[a-z]?n[a-z]?g[a-z]{0,2}|e down) to y[!a-z]{2,4}r (?:city|place[a-z]{0,2}|co[a-z]?u[a-z]?n[a-z]?t[a-z]?ry) in (?:f[a-z]?e[a-z]?w|\d{1,2}) (?:day|week)s/
-body	__DOS_CORRESPOND_EMAIL		/correspond with me using my email/
-meta __DOS_DIRECT_TO_MX		__DOS_SINGLE_EXT_RELAY && !__DOS_HAS_LIST_ID && !__DOS_HAS_LIST_UNSUB && !__DOS_HAS_MAILING_LIST && !__DOS_RELAYED_EXT
-body	__DOS_DROP_ME_A_LINE		/Drop me a line at/
-body	__DOS_EMAIL_DIRECTLY		/(?:Email m[a-z]?e|address) direc(?:tl|lt)y at/
-body		__DOS_FIN_ADVANTAGE	/\bfinancial advantage/i
-uri __DOS_HAS_ANY_URI		/./
-header __DOS_HAS_LIST_ID	exists:List-ID
-header __DOS_HAS_LIST_UNSUB	exists:List-Unsubscribe
-header __DOS_HAS_MAILING_LIST	exists:Mailing-List
-body __DOS_HI                   /^Hi,$/
-body	__DOS_I_AM_25			/I a.?m 25/
-body __DOS_I_DRIVE_A	/I drive a/
-body __DOS_LET_GO_JOB	/I was (?:let go|fired|layed off|dismissed) from a job I h(?:el|a)d for (?:2\d years|\d{3} months)/
-body __DOS_LINK                 /\blink\b/
-body	__DOS_MEET_EACH_OTHER		/(?:meet each other|[Mm]ay ?be we can meet)/
-body __DOS_MY_OLD_JOB	/my old job/
-body	__DOS_PERSONAL_EMAIL		/personal email at/
-header	__DOS_RCVD_FRI	Received =~ / Fri, /
-header	__DOS_RCVD_MON	Received =~ / Mon, /
-header	__DOS_RCVD_SAT	Received =~ / Sat, /
-header	__DOS_RCVD_SUN	Received =~ / Sun, /
-header	__DOS_RCVD_THU	Received =~ / Thu, /
-header	__DOS_RCVD_TUE	Received =~ / Tue, /
-header	__DOS_RCVD_WED	Received =~ / Wed, /
-meta	__DOS_REF_2_WK_DAYS	(__DOS_RCVD_MON && __DOS_BODY_WED) || (__DOS_RCVD_TUE && __DOS_BODY_THU) || (__DOS_RCVD_WED && __DOS_BODY_FRI) || (__DOS_RCVD_THU && __DOS_BODY_MON) || (__DOS_RCVD_FRI && __DOS_BODY_TUE) || (__DOS_RCVD_SAT && __DOS_BODY_TUE) || (__DOS_RCVD_SUN && __DOS_BODY_TUE)
-meta	__DOS_REF_NEXT_WK_DAY	(__DOS_RCVD_MON && __DOS_BODY_TUE) || (__DOS_RCVD_TUE && __DOS_BODY_WED) || (__DOS_RCVD_WED && __DOS_BODY_THU) || (__DOS_RCVD_THU && __DOS_BODY_FRI) || (__DOS_RCVD_FRI && __DOS_BODY_MON) || (__DOS_RCVD_SAT && __DOS_BODY_MON) || (__DOS_RCVD_SUN && __DOS_BODY_MON)
-meta	__DOS_REF_TODAY		(__DOS_RCVD_MON && __DOS_BODY_MON) || (__DOS_RCVD_TUE && __DOS_BODY_TUE) || (__DOS_RCVD_WED && __DOS_BODY_WED) || (__DOS_RCVD_THU && __DOS_BODY_THU) || (__DOS_RCVD_FRI && __DOS_BODY_FRI) || (__DOS_RCVD_SAT && __DOS_BODY_SAT) || (__DOS_RCVD_SUN && __DOS_BODY_SUN)
-header __DOS_RELAYED_EXT	ALL-EXTERNAL =~ /(?:^|\n)[Rr][eE][cC][eE][iI][vV][eE][dD]:\s.+\n[Rr][eE][cC][eE][iI][vV][eE][dD]:\s/s
-header __DOS_SINGLE_EXT_RELAY   X-Spam-Relays-External =~ /^\[ [^\]]+ \]$/
-body		__DOS_STEADY_COURSE	/\bsteady (?:and increasing )?course\b/i
-body		__DOS_STRONG_CF		/\bstrong cash flow/i
-body __DOS_TAKING_HOME	/Taking home \d (?:digit level|figures) in \d{1,2} months/
-body	__DOS_WRITE_ME_AT		/[Ww].?r.?i.?t.?e me at/
-header    __DUP_SUSP_HDR                ALL =~ /\n(X-No-Relay)\s*:[ 	][^\n]{1,100}\n\1\s*:[ 	]/ism
-body     __EARLY_DEMISE   /\buntimely\sdeath\b/i
-meta        __EMAIL_PHISH        (__WEBMAIL_ACCT + __MAILBOX_FULL + __MAILBOX_FULL_SE + __CLEAN_MAILBOX + __VALIDATE_MAILBOX + __VALIDATE_MBOX_SE + __UPGR_MAILBOX + __LOCK_MAILBOX + __SYSADMIN + __ATTN_MAIL_USER + __MAIL_ACCT_ACCESS1 + __MAIL_ACCT_ACCESS2 + __ACCESS_REVOKE + (__TVD_PH_SUBJ_META || __TVD_PH_BODY_META || __TVD_PH_BODY_ACCOUNTS_PRE || __TVD_PH_BODY_ACCOUNTS_POST) > 1)
-meta        __EMAIL_PHISH_MANY   (__WEBMAIL_ACCT + __MAILBOX_FULL + __MAILBOX_FULL_SE + __CLEAN_MAILBOX + __VALIDATE_MAILBOX + __VALIDATE_MBOX_SE + __UPGR_MAILBOX + __LOCK_MAILBOX + __SYSADMIN + __ATTN_MAIL_USER + __MAIL_ACCT_ACCESS1 + __MAIL_ACCT_ACCESS2 + __ACCESS_REVOKE + (__TVD_PH_SUBJ_META || __TVD_PH_BODY_META || __TVD_PH_BODY_ACCOUNTS_PRE || __TVD_PH_BODY_ACCOUNTS_POST) > 3)
-meta        __EMPTY_BODY         __BODY_TEXT_LINE < 2 && !__SMIME_MESSAGE
-body           __END_FUTURE_EMAILS /\b(?:end|stop(?! receiving these (?:alerts|emails))|cease|discontinue|removed?|(?:do(?! not wish to receive [\w\s]{0,20}emails)|would|you(?:'d)?) (?:not (?:wish|want|like|desire)|(?:prefer|wish|want|like|desire) not) to|exclude yourself|fore?go)[- ](?:get |receiv(?:ing|e) |or |(?:a-z{1,30} ){0,4}from )?(?:these|our|(?:any )?(?:future|further)) (?:(?:e|ad)?-?m(?:ail(?:ing)?|es+[age]{3})|alert|PSA|marketing|notice)[- ]?(?:ad|update)?s?\b/i
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-	meta         __EXE_ATTACH        0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-	mimeheader   __EXE_ATTACH        Content-Type =~ /\.exe\b/i
-endif
-body     __EX_CUSTOMER    /\b(?:(?:dead|deceased|late|verstorbenen|death\sof\sthe)\s(?:[ck]lient|customer|ac+ount|invest[eo]r|beneficiary|depositor|mr\.|kunde|engr?\.?)|titulaire\sdu\scompte\sest\sd(?:e|=E9|[\xe9]|[\xc3][\xa9])c(?:e|=E9|[\xe9]|[\xc3][\xa9])d(?:e|=E9|[\xe9]|[\xc3][\xa9])|invest[eo]r\sdied|(?:e|=E9|[\xe9]|[\xc3][\xa9])tranger\sd(?:e|=E9|[\xe9]|[\xc3][\xa9])c(?:e|=E9|[\xe9]|[\xc3][\xa9])d(?:e|=E9|[\xe9]|[\xc3][\xa9])|(?:[ck]lient|customer|ac+ount|invest[eo]r|beneficiary|mr\.|kunde|engr?\.?)\s(?:[a-z]{1,10}\s)?(?:dead|deceased|verstorbenen))/i
-body        __FAILED_LOGINS      /unsuc+es+ful log-?[io]n at+empts/i
-body        __FBI_BODY_SHOUT_1   /^FEDERAL BUREAU OF INVESTIGATIONS?\b/
-rawbody     __FBI_BODY_SHOUT_2   /^FEDERAL BUREAU OF INVESTIGATIONS?\b/m
-header      __FBI_FM_DOM         From:addr =~ /\bfbi\.gov$/
-header      __FBI_FM_NAME        From:name =~ /federal\sbureau\sof\sinvestigation/i
-header      __FBI_RCVD_DOM       X-Spam-Relays-External =~ / rdns=\S+\bfbi\.gov /
-meta        __FBI_SPOOF          (__FBI_FM_NAME || __FBI_FM_DOM || __FBI_BODY_SHOUT_1 || __FBI_BODY_SHOUT_2) && !__FBI_RCVD_DOM && __REPLYTO_EXISTS
-body        __FB_COST          /\bcost\b/i
-body        __FB_NATIONAL      /national/i
-body        __FB_NUM_PERCNT    /\d\s?\%/
-body        __FB_S_PRICE       /pri{1,2}c[a-z]?e/i
-body        __FB_S_STOCK       /\bstock/i
-body        __FB_TOUR          /\btour/i
-body     __FEES           /\b(?:security|safe\w*|courier|registration|pay|paid|up-?front|processing|delivery|transfer|keeping)[\s\w]{0,15}\s(?:fee|charge)s?\b/i
-body     __FIFTY_FIFTY    /\b(?:50|fifty)(?:%?[\/:]50%?|%|\spercent)/i
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __FILL_THIS_FORM               0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  meta     __FILL_THIS_FORM               (__FILL_THIS_FORM_LONG || __FILL_THIS_FORM_PARTIAL > 4 || __FILL_THIS_FORM_PARTIAL_RAW > 4)
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __FILL_THIS_FORM_FRAUD_PHISH   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  meta     __FILL_THIS_FORM_FRAUD_PHISH   (__FILL_THIS_FORM || __FILL_THIS_FORM_SHORT) && (__FILL_THIS_FORM_FRAUD_PHISH1 || __EMAIL_PHISH)
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __FILL_THIS_FORM_FRAUD_PHISH1  0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __FILL_THIS_FORM_FRAUD_PHISH1   /<FF_YOUR>(?:<FF_F1>|<FF_F2>|<FF_F3>|<FF_F4>|<FF_F5>)<FF_SUFFIX>(?:<FF_BLANK1>|<FF_BLANK2>$)/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __FILL_THIS_FORM_LOAN          0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  meta     __FILL_THIS_FORM_LOAN          __FILL_THIS_FORM && __FILL_THIS_FORM_LOAN1
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __FILL_THIS_FORM_LOAN1         0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __FILL_THIS_FORM_LOAN1         /<FF_YOUR><FF_L1><FF_SUFFIX>(?:<FF_BLANK1>|<FF_BLANK2>$)/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __FILL_THIS_FORM_LONG          0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  meta     __FILL_THIS_FORM_LONG          __FILL_THIS_FORM_LONG1 || __FILL_THIS_FORM_LONG2
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __FILL_THIS_FORM_LONG1         0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __FILL_THIS_FORM_LONG1         /(?:<FF_LNNO><FF_YOUR><FF_ALL><FF_SUFFIX>(?:<FF_BLANK2>(?:P[a-z\.\s]{10,30})?|<ANDOR>)){5}/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __FILL_THIS_FORM_LONG2         0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __FILL_THIS_FORM_LONG2         /(?:<FF_YOUR><FF_ALL><FF_SUFFIX>(?:<FF_BLANK2>(?:P[a-z\.\s]{10,30})?|<ANDOR>)){5}/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __FILL_THIS_FORM_PARTIAL       0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __FILL_THIS_FORM_PARTIAL       /^\s?<FF_LNNO>?<FF_YOUR>(?:<FF_ALL><ANDOR>?){1,3}<FF_SUFFIX>(?:<FF_BLANK1>|(?:[-=_.,:;*\s]|=20){1,4}$)/im
-  tflags   __FILL_THIS_FORM_PARTIAL       multiple maxhits=5
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __FILL_THIS_FORM_PARTIAL_RAW   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  rawbody  __FILL_THIS_FORM_PARTIAL_RAW   /^(?>\s{0,50})<FF_LNNO>?<FF_YOUR>(?:<FF_ALL><ANDOR>?){1,3}<FF_SUFFIX>(?:<FF_BLANK1>|(?:[-=_.,:;*\s]|=20|&nbsp;|<\/\w+>){0,4}$)/im
-  tflags   __FILL_THIS_FORM_PARTIAL_RAW   multiple maxhits=5
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __FILL_THIS_FORM_SHORT         0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  meta     __FILL_THIS_FORM_SHORT         !__FILL_THIS_FORM && (__FILL_THIS_FORM_SHORT1 || __FILL_THIS_FORM_SHORT2 || __FILL_THIS_FORM_PARTIAL > 2 || __FILL_THIS_FORM_PARTIAL_RAW > 2)
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __FILL_THIS_FORM_SHORT1        0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __FILL_THIS_FORM_SHORT1        /(?:<FF_LNNO><FF_YOUR><FF_ALL><FF_SUFFIX>(?:<FF_BLANK2>|<ANDOR>)){3}/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __FILL_THIS_FORM_SHORT2        0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __FILL_THIS_FORM_SHORT2        /(?:<FF_YOUR><FF_ALL><FF_SUFFIX>(?:<FF_BLANK2>|<ANDOR>)){3}/i
-endif
-header         __FLASHMAIL_MUA     X-Mailer =~ /^NetEase Flash Mail \d/
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-	meta        __FM_MY_PRICE      __FB_S_PRICE
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-	meta        __FM_MY_PRICE      (__FB_S_PRICE || __FRT_PRICE)
-endif
-meta           __FM_TO_ALL_NUMS     __FROM_ALL_NUMS && __TO_ALL_NUMS
-meta       __FORGED_TBIRD_IMG      __MUA_TBIRD && __JPEG_ATTACH && __MIME_BDRY_0D0D
-describe   __FORGED_TBIRD_IMG      Possibly forged Thunderbird image spam
-meta     __FORM_FRAUD     (__FILL_THIS_FORM || __FILL_THIS_FORM_SHORT) && (__FRAUD_VQE + __FRAUD_KJV + __FRAUD_IRJ + __FRAUD_NEB + __FRAUD_XJR + __FRAUD_DPR + __FRAUD_BEP + __FRAUD_TDP + __FRAUD_GAN + __FRAUD_IRT + __FRAUD_AON + __FRAUD_WNY + __FRAUD_IPK + __FRAUD_QXX + __FRAUD_IOV + __FRAUD_MLY + __FRAUD_ULK + __FRAUD_BGP + __FRAUD_YWW + __FRAUD_JYG + __FRAUD_XWW + __FRAUD_UUY + __FRAUD_SNT + __FRAUD_JNB + __FRAUD_QFY + __FRAUD_WDR + __FRAUD_WFC + __FRAUD_AUM + __FRAUD_MCQ + __FRAUD_PVN + __FRAUD_FVU + __FRAUD_CKF + __FRAUD_MQO + __FRAUD_TCC + __FRAUD_GBW + __FRAUD_AXF + __FRAUD_THJ + __FRAUD_YQV + __FRAUD_YJA + __FRAUD_YPO + __FRAUD_UOQ + __AFRICAN_STATE + __AGREED_RATIO + __AM_DYING + __ATM_CARD + __BACK_SCRATCH +  __BARRISTER + __BENEFICIARY + __COMPENSATION + __CONTACT_ATTY + __CONTACT_YOU + __COURIER + __DEAD_PARENT + __DEAL + DEAR_BENEFICIARY + DEAR_WINNER + __DECEASED + __DESTROY_ME + __DIED_IN + __DIPLOMATIC + __DORMANT_ACCT + __EARLY_DEMISE + T_EMRCP + __EX_CUSTOMER + __FEES + __FIFTY_FIFTY + __FOUND_YOU + __FRAUD + __FRAUD_PTX + __HUSH_HUSH + __I_INHERIT + __INHERIT_PMT + __INTL_BANK + __INVEST_COUNTRY + __INVEST_MONEY + __IS_LEGAL + __I_WILL_YOU + __KAM_LOTTO2 + __LOTTO_ADMITS + LOTTO_AGENT + __LOTTO_DEPT + __LOTTO_RELATED + __LOTTO_VERIFY + T_LOTTO_URI + __LOTTO_WIN_01 + __LOTTO_WINNINGS + __LUCKY_WINNER + __LUCRATIVE + __MILLIONS + __MY_FORTUNE + __NEXT_OF_KIN + __NOT_DEAD_YET + __NOT_SCAM + __OUR_BEHALF + __SCAM + __SHARE_IT + __SUM_OF_FUND + __SURVIVORS + __THEY_INHERIT + __TRTMT_DEFILED + __TRUNK_BOX +  __UN + UNCLAIMED_MONEY + __WIDOW + __WILL_LEGAL + __XFER_MONEY + __YOU_ASSIST + __YOU_INHERIT + __YOUR_BANK + __YOUR_FUND + __YOUR_PERM + __YOUR_PROFIT + __YOU_WON + T_LOTTO_AGENT_FM + T_LOTTO_AGENT_RPLY + __PCT_FOR_YOU + __PCT_OF_PMTS + __RANDOM_PICK + __CHARITY > 1)
-meta     __FORM_FRAUD_3  (__FILL_THIS_FORM || __FILL_THIS_FORM_SHORT) && (__FRAUD_VQE + __FRAUD_KJV + __FRAUD_IRJ + __FRAUD_NEB + __FRAUD_XJR + __FRAUD_DPR + __FRAUD_BEP + __FRAUD_TDP + __FRAUD_GAN + __FRAUD_IRT + __FRAUD_AON + __FRAUD_WNY + __FRAUD_IPK + __FRAUD_QXX + __FRAUD_IOV + __FRAUD_MLY + __FRAUD_ULK + __FRAUD_BGP + __FRAUD_YWW + __FRAUD_JYG + __FRAUD_XWW + __FRAUD_UUY + __FRAUD_SNT + __FRAUD_JNB + __FRAUD_QFY + __FRAUD_WDR + __FRAUD_WFC + __FRAUD_AUM + __FRAUD_MCQ + __FRAUD_PVN + __FRAUD_FVU + __FRAUD_CKF + __FRAUD_MQO + __FRAUD_TCC + __FRAUD_GBW + __FRAUD_AXF + __FRAUD_THJ + __FRAUD_YQV + __FRAUD_YJA + __FRAUD_YPO + __FRAUD_UOQ + __AFRICAN_STATE + __AGREED_RATIO + __AM_DYING + __ATM_CARD + __BACK_SCRATCH +  __BARRISTER + __BENEFICIARY + __COMPENSATION + __CONTACT_ATTY + __CONTACT_YOU + __COURIER + __DEAD_PARENT + __DEAL + DEAR_BENEFICIARY + DEAR_WINNER + __DECEASED + __DESTROY_ME + __DIED_IN + __DIPLOMATIC + __DORMANT_ACCT + __EARLY_DEMISE + T_EMRCP + __EX_CUSTOMER + __FEES + __FIFTY_FIFTY + __FOUND_YOU + __FRAUD + __FRAUD_PTX + __HUSH_HUSH + __I_INHERIT + __INHERIT_PMT + __INTL_BANK + __INVEST_COUNTRY + __INVEST_MONEY + __IS_LEGAL + __I_WILL_YOU + __KAM_LOTTO2 + __LOTTO_ADMITS + LOTTO_AGENT + __LOTTO_DEPT + __LOTTO_RELATED + __LOTTO_VERIFY + T_LOTTO_URI + __LOTTO_WIN_01 + __LOTTO_WINNINGS + __LUCKY_WINNER + __LUCRATIVE + __MILLIONS + __MY_FORTUNE + __NEXT_OF_KIN + __NOT_DEAD_YET + __NOT_SCAM + __OUR_BEHALF + __SCAM + __SHARE_IT + __SUM_OF_FUND + __SURVIVORS + __THEY_INHERIT + __TRTMT_DEFILED + __TRUNK_BOX +  __UN + UNCLAIMED_MONEY + __WIDOW + __WILL_LEGAL + __XFER_MONEY + __YOU_ASSIST + __YOU_INHERIT + __YOUR_BANK + __YOUR_FUND + __YOUR_PERM + __YOUR_PROFIT + __YOU_WON + T_LOTTO_AGENT_FM + T_LOTTO_AGENT_RPLY + __PCT_FOR_YOU + __PCT_OF_PMTS + __RANDOM_PICK + __CHARITY > 3)
-meta     __FORM_FRAUD_5  (__FILL_THIS_FORM || __FILL_THIS_FORM_SHORT) && (__FRAUD_VQE + __FRAUD_KJV + __FRAUD_IRJ + __FRAUD_NEB + __FRAUD_XJR + __FRAUD_DPR + __FRAUD_BEP + __FRAUD_TDP + __FRAUD_GAN + __FRAUD_IRT + __FRAUD_AON + __FRAUD_WNY + __FRAUD_IPK + __FRAUD_QXX + __FRAUD_IOV + __FRAUD_MLY + __FRAUD_ULK + __FRAUD_BGP + __FRAUD_YWW + __FRAUD_JYG + __FRAUD_XWW + __FRAUD_UUY + __FRAUD_SNT + __FRAUD_JNB + __FRAUD_QFY + __FRAUD_WDR + __FRAUD_WFC + __FRAUD_AUM + __FRAUD_MCQ + __FRAUD_PVN + __FRAUD_FVU + __FRAUD_CKF + __FRAUD_MQO + __FRAUD_TCC + __FRAUD_GBW + __FRAUD_AXF + __FRAUD_THJ + __FRAUD_YQV + __FRAUD_YJA + __FRAUD_YPO + __FRAUD_UOQ + __AFRICAN_STATE + __AGREED_RATIO + __AM_DYING + __ATM_CARD + __BACK_SCRATCH +  __BARRISTER + __BENEFICIARY + __COMPENSATION + __CONTACT_ATTY + __CONTACT_YOU + __COURIER + __DEAD_PARENT + __DEAL + DEAR_BENEFICIARY + DEAR_WINNER + __DECEASED + __DESTROY_ME + __DIED_IN + __DIPLOMATIC + __DORMANT_ACCT + __EARLY_DEMISE + T_EMRCP + __EX_CUSTOMER + __FEES + __FIFTY_FIFTY + __FOUND_YOU + __FRAUD + __FRAUD_PTX + __HUSH_HUSH + __I_INHERIT + __INHERIT_PMT + __INTL_BANK + __INVEST_COUNTRY + __INVEST_MONEY + __IS_LEGAL + __I_WILL_YOU + __KAM_LOTTO2 + __LOTTO_ADMITS + LOTTO_AGENT + __LOTTO_DEPT + __LOTTO_RELATED + __LOTTO_VERIFY + T_LOTTO_URI + __LOTTO_WIN_01 + __LOTTO_WINNINGS + __LUCKY_WINNER + __LUCRATIVE + __MILLIONS + __MY_FORTUNE + __NEXT_OF_KIN + __NOT_DEAD_YET + __NOT_SCAM + __OUR_BEHALF + __SCAM + __SHARE_IT + __SUM_OF_FUND + __SURVIVORS + __THEY_INHERIT + __TRTMT_DEFILED + __TRUNK_BOX +  __UN + UNCLAIMED_MONEY + __WIDOW + __WILL_LEGAL + __XFER_MONEY + __YOU_ASSIST + __YOU_INHERIT + __YOUR_BANK + __YOUR_FUND + __YOUR_PERM + __YOUR_PROFIT + __YOU_WON + T_LOTTO_AGENT_FM + T_LOTTO_AGENT_RPLY + __PCT_FOR_YOU + __PCT_OF_PMTS + __RANDOM_PICK + __CHARITY > 5)
-meta        __FORM_LOW_CONTRAST   (__FILL_THIS_FORM_SHORT2 || __FILL_THIS_FORM_SHORT2) && __HTML_FONT_LOW_CONTRAST_MINFP
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  body        __FOR_SALE_LTP            /00\.? (?:less 10%|LTP)/i
-  tflags      __FOR_SALE_LTP            multiple maxhits=11
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  meta        __FOR_SALE_LTP_MANY       __FOR_SALE_LTP > 10
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  body        __FOR_SALE_NET            /00\.? NET/i
-  tflags      __FOR_SALE_NET            multiple maxhits=11
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  meta        __FOR_SALE_NET_MANY       __FOR_SALE_NET > 10
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  body        __FOR_SALE_OBO            /\bor best offer\b/i
-  tflags      __FOR_SALE_OBO            multiple maxhits=6
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  meta        __FOR_SALE_OBO_MANY       __FOR_SALE_OBO > 5
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  body        __FOR_SALE_PRC_100K       /\bprice:? \$\d\d\d,\d\d\d/i
-  tflags      __FOR_SALE_PRC_100K       multiple maxhits=11
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  meta        __FOR_SALE_PRC_100K_MANY  __FOR_SALE_PRC_100K > 5
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  body        __FOR_SALE_PRC_10K        /\bprice:? \$\d\d,\d\d\d/i
-  tflags      __FOR_SALE_PRC_10K        multiple maxhits=11
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  meta        __FOR_SALE_PRC_10K_MANY   __FOR_SALE_PRC_10K > 10
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  body        __FOR_SALE_PRC_1K         /\bprice:? \$\d,?\d\d\d[.\s]/i
-  tflags      __FOR_SALE_PRC_1K         multiple maxhits=11
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  meta        __FOR_SALE_PRC_1K_MANY    __FOR_SALE_PRC_1K > 10
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  rawbody     __FOR_SALE_PRC_EOL        /\s\$\d{1,3},\d00(?:\.00)?$/m
-  tflags      __FOR_SALE_PRC_EOL        multiple maxhits=11
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  meta        __FOR_SALE_PRC_EOL_MANY   __FOR_SALE_PRC_EOL > 10
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  meta        __FOR_SALE_PRC_MANY       (__FOR_SALE_PRC_1K + __FOR_SALE_PRC_10K + __FOR_SALE_PRC_100K) > 20
-endif
-body     __FOUND_YOU      /\b(?:I|we)\sfound\syour?\b/i
-body     __FRAUD          /\b(?:de)?fraud/i
-body __FRAUD_IOV	/\b(?:no risks?|risky?[- ]{0,3}free|free of risks?|100% safe|v\S{1,3}llig Risikofrei ist)\b/i
-body __FRAUD_PTX	/\b(?:ass?ass?inat(?:ed|ion)|murder(?:e?d)?|poison(?:e?d)?|kill(?:ed|ing|ers)\b[^.]{0,99}\b(?:war veterans|rebels?)|les tueurs)\b/i
-body __FRAUD_XWW	/\b(?:honest(?:ly)?\sco(?:-?operat(?:e|ion)|llaborat(?:e|ion))|ehrliche\szusammenarbeit|sichere [kc]o+p[eo]ration|col+aboration\swith\sme)\b/i
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  meta         __FREEMAIL_DOC_PDF     (__DOC_ATTACH || __PDF_ATTACH) && (FREEMAIL_FROM || FREEMAIL_REPLYTO)
-endif
-header         __FROM_12LTRDOM_1   From =~ /\@(?!facebookmail)[a-z]{12}\./
-if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-  meta         __FROM_41_FREEMAIL         0
-endif
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  meta         __FROM_41_FREEMAIL         (__NSL_ORIG_FROM_41 || __NSL_RCVD_FROM_41) && (FREEMAIL_FROM || FREEMAIL_REPLYTO) && !__THREADED
-  describe     __FROM_41_FREEMAIL         Sent from Africa + freemail provider
-endif
-header         __FROM_ALL_NUMS      From:addr =~ /^\d+@/
-header      __FROM_AMEX          From =~ /american\s?express/i
-header      __FROM_ASB_BANK      From:addr =~ /\basb\.co\.nz$/i
-header      __FROM_BANK_LOOSE    From =~ /ban(?:k|co)/i
-header      __FROM_CHASE         From:addr =~ /chase(?:2?-?paymentech)\.com$/i
-header      __FROM_CMNWLTH_BANK  From:addr =~ /\bcommonwealth\.com\.au$/i
-header	 __FROM_DNS		From =~ /(?<![^\w.-])dns(?:admin)?\@/i
-header __FROM_EBAY	From:addr =~ /\@ebay\.com$/i
-header      __FROM_EBAY_LOOSE    From =~ /\be-?bay\b/i
-header	 __FROM_FULL_NAME	From:name =~ /^[^a-z[:punct:][:cntrl:]\d\s][^[:punct:][:cntrl:]\d\s]*[[:punct:]\s]+[^a-z[:punct:][:cntrl:]\d\s]/
-tflags	 __FROM_FULL_NAME	nice
-header      __FROM_HSBC          From:addr =~ /\bhsbc\.co\.uk$/i
-header	 __FROM_INFO		From =~ /(?<![^\w.-])info\@/i
-header      __FROM_LLOYDSTSB     From:addr =~ /\blloyds(?:tsb)\.(?:co\.uk|com)$/i
-header      __FROM_LOWER       ALL =~ /from:\s\S{5}/
-header         __FROM_MISSPACED      From =~ /^\s*"[^"]*"</
-if !plugin(Mail::SpamAssassin::Plugin::DKIM)
-  meta         __FROM_MISSP_DKIM     0
-endif
-ifplugin Mail::SpamAssassin::Plugin::DKIM
-  meta         __FROM_MISSP_DKIM     (__FROM_RUNON_UNCODED && __DKIM_DEPENDABLE)
-  tflags       __FROM_MISSP_DKIM     net
-endif
-meta           __FROM_MISSP_EH_MATCH __FROM_RUNON_UNCODED && __LCL__ENV_AND_HDR_FROM_MATCH
-if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-  meta         __FROM_MISSP_FREEMAIL 0
-endif
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  meta         __FROM_MISSP_FREEMAIL __FROM_RUNON && (FREEMAIL_FROM || FREEMAIL_REPLYTO)
-endif
-meta        __FROM_MISSP_PHISH   __FROM_MISSPACED && (__FROM_ASB_BANK || __FROM_AMEX || __FROM_BANK_LOOSE || __FROM_CHASE || __FROM_CMNWLTH_BANK || __FROM_EBAY_LOOSE || __FROM_HSBC || __FROM_LLOYDSTSB || __FROM_PAYPAL_LOOSE || __FROM_WELLSFARGO || __FROM_WESTERNUNION)
-meta           __FROM_MISSP_REPLYTO  __FROM_RUNON && __REPLYTO_EXISTS
-header __FROM_PAYPAL	From:addr =~ /\@paypal\.com$/i
-header      __FROM_PAYPAL_LOOSE  From =~ /paypal/i
-header         __FROM_RUNON          From =~ /\S+<\w+/
-header         __FROM_RUNON_UNCODED  From:raw =~ /\S+(?<!\?=)<\w+/
-header      __FROM_WELLSFARGO    From:addr =~ /wellsfargo\.com$/i
-header      __FROM_WESTERNUNION  From:addr =~ /westernunion\.com$/i
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-	meta        __FRT_PRICE        0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-	body        __FRT_PRICE        /<inter SP2><post P2>\b(?!price)<P><R><IX><C><E>\b/i
-endif
-rawbody     __FR_SPACING_8     /[a-z0-9]{6}\s{8}[a-z0-9]{5}/i
-header  __FSL_HELO_BARE_IP_1      X-Spam-Relays-External =~ /^[^\]]+ helo=(?!127)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} /i
-header  __FSL_HELO_BARE_IP_2    X-Spam-Relays-External =~ /helo=(?!127)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} /i
-header  __FSL_HELO_USER_1   X-Spam-Relays-External =~ / helo=user /i
-header  __FSL_HELO_USER_2   Received =~ /from User(?:\s+by|\s*[\[\(]|$)/i
-header  __FSL_HELO_USER_3   Received =~ /(?:eh|he)lo(?:=|\s)User\)/i
-header   __FSL_RELAY_GOOGLE	X-Spam-Relays-External =~ /^[^\]]+ rdns=[^ ]+\.google\.com /i
-header      __FS_SUBJ_RE       Subject =~ /^Re: /
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body          __FUZZY_DR_OZ       /\bD(?!(?-i:(?:r.|octor)(?:\s|&nbsp;)Oz))(?:<R>|<O><C>(?:<T><O><R>)?)\.?<WS>*<O><Z>(?:$|\W)/i
-endif
-body     __GET_TICKET       /\b(?:buy|order) your (?:lott(?:o|ery) )?tickets?\b/i
-body     __GHANA          /\bghana\b/i
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader __GIF_ATTACH Content-Type =~ /^image\/gif\b/i
-endif
-body     __GIVE_MONEY     /\b(?:(?:give\syou\s(?:this\s)?(?:money|fund|inheritance))|(?:donated?\s(?:\w\+\s){0,3}(?:the\ssum\sof|(?:(?:the|this|some)\s(?:money|funds?|inheritance)|to\s)(?:you|(?:(?:the|a)\s)?church|charit(?:y|ies)|humanit\w+|needy|poor|orphan(?:age)?s?|philanthropists\?)))|de vous donner cet argent|faire don de la somme|voudrais en faire don|tego funduszu do dom(?:=F3|[\xf3])w (?:dziecka|wdowy))\b/i
-meta        __GOOGLE_DOCS_PHISH_1  __URI_GOOGLE_DOC && (__TVD_PH_SUBJ_META || __TVD_PH_BODY_META || __TVD_PH_BODY_ACCOUNTS_PRE || __TVD_PH_BODY_ACCOUNTS_POST)
-meta        __GOOGLE_DOCS_PHISH_2  __URI_GOOGLE_DOC && (__EMAIL_PHISH || __ACCT_PHISH)
-uri       __GOOG_MALWARE_DNLD           m;^https?://[^/]*\.google\.com/[^?]*url\?.*[\?&]download=1;i
-uri       __GOOG_REDIR                  m;^https?://[^/]*\.google\.com/url\?;i
-body __HAS_ANY_EMAIL /\w@\S+\.\w/
-uri __HAS_ANY_URI   /./
-header __HAS_THREAD_INDEX  exists:Thread-Index
-body     __HAS_WON_01    /\bque ha ganado\b/i
-header         __HDRS_LCASE          ALL =~ /\n(?:Message-id|Content-type|X-MSMail-priority|from|subject|to|cc|Disposition-notification-to):/sm
-tflags         __HDRS_LCASE          multiple maxhits=3
-meta           __HDRS_LCASE_KNOWN    __MSGID_JAVAMAIL || __UA_MSOEMAC || __UA_MSOMAC || __MSGID_APPLEMAIL || __MSGID_HEX_UID || __MSGID_HEXISH
-header __HDR_ORDER_FTSDMCXXXX ALL =~ /\nFrom: .{1,80}?\nTo: .{1,80}?\nSubject: .{1,200}?\nDate: .{1,40}?\nMIME-Version: .{1,40}?\nContent-Type: .{1,120}?\nX-Priority: .{1,40}?\nX-MSMail-Priority: .{1,40}?\nX-Mailer: .{1,80}?\nX-MimeOLE:/s
-header   __HELO_MISC_IP        	X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[^a-z\?]\S{0,30}(?:\d{1,3}[^\d]){4}[^\]]+ auth= /i
-header __HELO_NO_DOMAIN   X-Spam-Relays-External =~ /^[^\]]+ helo=[^\.]+ /
-body        __HEXHASHWORD_S2EU /\s[A-Z]?[a-z]{1,15}\s(?![a-z]{10,20}\s)[a-z]{0,10}(?!-?\d{1,5}-)(?!\d{10}\s)(?:(?!--)[-0-9a-f]){10,64}(?:[g-z][a-z]{0,10})?\s[A-Z]?[a-z]{1,15}\b/
-tflags      __HEXHASHWORD_S2EU multiple maxhits=4
-body		__HK_LOTTO_1		/\b(?:(?:inter)?national|foundation|mercato|univers|euro ?million|e-?mail|euro-pw|bill ?gates|swiss|prestige|cristal|am.ricaine|coca.?cola|fiduciary|department) ?lot(?:eri[ej]|t(?:ery|o))/i
-body		__HK_LOTTO_2		/\blot(?:eri[ej]|t(?:ery|o)) ?(?:(?:inter)?national|foundation|mercato|univers|euro ?million|e-?mail|euro-pw|bill ?gates|swiss|prestige|cristal|am.ricaine|coca.?cola|fiduciary|department)/i
-body		__HK_LOTTO_BALLOT	/\b(?:promotional|on.?line|computer|internet|e-?mail|fran.aise) (?:ballot|draw|sweepstake)/i
-body		__HK_LOTTO_JACKPOT	/\bmega jackpot\b/i
-body		__HK_LOTTO_STAATS	/\bstaatsloteri/i
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-header		__HK_NAME_DR		From:name =~ /^DR\b/mi
-endif
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-header		__HK_NAME_FROM		From:name =~ /^FROM\b/mi
-endif
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-if (version >= 3.004000)
-  header		__HK_NAME_MR_MRS	From:name =~ /^M(?:RS?|ISS)\b/mi
-endif
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader	__HK_SPAMMY_CDFN	Content-Disposition =~ /name=.*?(?:lot(?:eri[ej]|t(?:ery|o))|award|prize|winn(?:er|ing)|microsoft|congrat|urgent)/mi
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader	__HK_SPAMMY_CTFN	Content-Type =~ /name=.*?(?:lot(?:eri[ej]|t(?:ery|o))|award|prize|winn(?:er|ing)|microsoft|congrat|urgent)/mi
-endif
-rawbody __HS_QUOTE /^> /
-header __HS_SUBJ_RE_FW Subject =~ /^(?i:re|fw):/
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __HTML_ATTACH_01    0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __HTML_ATTACH_01    Content-Type =~ m,\btext/html\b.+\.html?\b,i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __HTML_ATTACH_02    0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __HTML_ATTACH_02    Content-Disposition =~ m,\bfilename="?[^"]+\.html?\b,i
-endif
-ifplugin Mail::SpamAssassin::Plugin::HTMLEval
-body __HTML_COMMENT_10000 eval:html_text_match('comment', '(?s)^(?=.{10000})')
-endif
-ifplugin Mail::SpamAssassin::Plugin::HTMLEval
-body __HTML_COMMENT_20000 eval:html_text_match('comment', '(?s)^(?=.{20000})')
-endif
-ifplugin Mail::SpamAssassin::Plugin::HTMLEval
-body __HTML_COMMENT_30000 eval:html_text_match('comment', '(?s)^(?=.{30000})')
-endif
-ifplugin Mail::SpamAssassin::Plugin::HTMLEval
-body __HTML_COMMENT_50000 eval:html_text_match('comment', '(?s)^(?=(?:.{25000}){2})')
-endif
-meta        __HTML_FONT_LOW_CONTRAST_MINFP	HTML_FONT_LOW_CONTRAST && !__HAS_SENDER && !__VIA_ML && !__RP_MATCHES_RCVD && !__THREADED && !__HAS_THREAD_INDEX && !ALL_TRUSTED && !__NOT_SPOOFED && !__HDRS_LCASE_KNOWN && !__DKIM_EXISTS && !__SENDER_BOT
-rawbody     __HTML_OFF_PAGE   /;(?:top|left):-\d{3,9}px;/i
-rawbody   __HTML_SINGLET                />\s*(?:[a-z"]|&\#(?:\d+|x[0-9a-f]+);)\s*</i
-tflags    __HTML_SINGLET                multiple, maxhits=21
-meta      __HTML_SINGLET_MANY           __HTML_SINGLET > 20
-body     __HUSH_HUSH      /\b(?:confiden[tc]i[ae]l(?:\b|ity\b|it(?:=E9|[\xe9]|[\xc3][\xa9]))|private\b|secr[e\xe8](?:te?|cy)\b|sensitive\b|concealed\b|obscured?\b|discre(?:et|tion)\b|very\sdiscrete|top\ssecret|vertraulich(?:en)?\b|geheim\b|priv(?:e|=E9|[\xe9]|[\xc3][\xa9]))/i
-if !plugin(Mail::SpamAssassin::Plugin::ImageInfo)
-  meta       __IMG_LE_300K           0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ImageInfo
-  body       __IMG_LE_300K           eval:pixel_coverage('all',62500,300000)
-endif
-body     __INHERIT_PMT    /\binheritance\spayment\s/i
-body     __INTL_BANK      /\b(?:international\s(?:\w+\s)?bank|banque\sinternationale)\b/i
-body     __INVEST_COUNTRY /\binvest\sin\syour?\scountry\b/i
-body     __INVEST_MONEY   /\binvest(?:ir)?\s(?:this|ces|d[ae]s|sur ce|de ces)\s(?:money|f[ou]nds?)\b/i
-body     __IS_LEGAL       /\b(?:(?:(this|esta)\s(?:deal|offer|transac[tc]i(?:o|[\xc3][\xb3])n|proposal|exchange|arrangement|work)|it)?\s[ie]s\s(?:(?:guaranteed|completely|absolutely|perfectly|100%|very|fully)\s)?(?:legal|hitch-free|seguro|legitimate)|legitimate\sarrangement|toute?\sl(?:e|=E9|[\xe9]|[\xc3][\xa9])gale)\b/i
-body     __IVORY_COAST    /\b(?:Cote\s?D.Ivoire|Ivory\s?Coast|Costa\sde\sMarfil)\b/i
-body     __I_INHERIT      /\b(?:I|eu)\s[a-z\s]{0,30}(?:inherited|herdei)\b/i
-body     __I_WILL_YOU     /\bwill(?:ed)?\s(?:[a-z\s]{0,20}(?:fortune|money|\$[\d,]+[a-z]{0,9})\s)?to\syou\b/i
-header __JM_REACTOR_DATE    Date =~ / \+0000$/
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader __JPEG_ATTACH           Content-Type =~ /image\/jpeg/i
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader 	__KAM_BLOCK_UTF7_2     	Content-Type =~ /charset=(?:unicode-\d+-\d+-)?utf-7/i
-endif
-ifplugin Mail::SpamAssassin::Plugin::BodyEval
-  if can(Mail::SpamAssassin::Plugin::BodyEval::has_check_body_length)
-        body            __KAM_BODY_LENGTH_LT_1024       eval:check_body_length('1024')
-        describe        __KAM_BODY_LENGTH_LT_1024       The length of the body of the email is less than 1024 bytes.
-endif
-endif
-ifplugin Mail::SpamAssassin::Plugin::BodyEval
-  if can(Mail::SpamAssassin::Plugin::BodyEval::has_check_body_length)
-	body            __KAM_BODY_LENGTH_LT_128        eval:check_body_length('128')
-        describe        __KAM_BODY_LENGTH_LT_128        The length of the body of the email is less than 128 bytes.
-endif
-endif
-ifplugin Mail::SpamAssassin::Plugin::BodyEval
-  if can(Mail::SpamAssassin::Plugin::BodyEval::has_check_body_length)
-        body            __KAM_BODY_LENGTH_LT_256        eval:check_body_length('256')
-        describe        __KAM_BODY_LENGTH_LT_256        The length of the body of the email is less than 256 bytes.
-endif
-endif
-ifplugin Mail::SpamAssassin::Plugin::BodyEval
-  if can(Mail::SpamAssassin::Plugin::BodyEval::has_check_body_length)
-        body            __KAM_BODY_LENGTH_LT_512        eval:check_body_length('512')
-        describe        __KAM_BODY_LENGTH_LT_512        The length of the body of the email is less than 512 bytes.
-endif
-endif
-body            __KAM_LOTTO2    /((ticket|serial|lucky) number|secret pin ?code|batch number|reference number|promotion date)/is
-header   __KB_DATE_CONTAINS_TAB  Date:raw =~ /^\t/
-header __KB_MSGID_OUTLOOK_888  Message-Id =~ /^<[0-9a-f]{8}(?:\$[0-9a-f]{8}){2}\@/
-meta	 __KHOP_NO_FULL_NAME	!(__NOT_A_PERSON || __FROM_ENCODED_QP || __FROM_NEEDS_MIME || __FROM_FULL_NAME)
-if !(can(Mail::SpamAssassin::Conf::feature_bug6558_free))
-   meta        __LARGE_PERCENT_AFTER  0
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-   body        __LARGE_PERCENT_AFTER  /\d{3}% after/i
-   tflags      __LARGE_PERCENT_AFTER  multiple maxhits=4
-endif
-if !plugin(Mail::SpamAssassin::Plugin::HeaderEval)
-  meta      __LCL__ENV_AND_HDR_FROM_MATCH     0
-endif
-ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-  meta      __LCL__ENV_AND_HDR_FROM_MATCH     __ENV_AND_HDR_FROM_MATCH
-endif
-if !plugin(Mail::SpamAssassin::Plugin::BodyEval)
-  meta      __LCL__KAM_BODY_LENGTH_LT_1024    0
-endif
-ifplugin Mail::SpamAssassin::Plugin::BodyEval
-if !(can(Mail::SpamAssassin::Plugin::BodyEval::has_check_body_length))
-    meta      __LCL__KAM_BODY_LENGTH_LT_1024    0
-endif
-endif
-ifplugin Mail::SpamAssassin::Plugin::BodyEval
-  if can(Mail::SpamAssassin::Plugin::BodyEval::has_check_body_length)
-    meta      __LCL__KAM_BODY_LENGTH_LT_1024    __KAM_BODY_LENGTH_LT_1024
-endif
-endif
-if !plugin(Mail::SpamAssassin::Plugin::BodyEval)
-  meta      __LCL__KAM_BODY_LENGTH_LT_512     0
-endif
-ifplugin Mail::SpamAssassin::Plugin::BodyEval
-if !(can(Mail::SpamAssassin::Plugin::BodyEval::has_check_body_length))
-    meta      __LCL__KAM_BODY_LENGTH_LT_512     0
-endif
-endif
-ifplugin Mail::SpamAssassin::Plugin::BodyEval
-  if can(Mail::SpamAssassin::Plugin::BodyEval::has_check_body_length)
-    meta      __LCL__KAM_BODY_LENGTH_LT_512     __KAM_BODY_LENGTH_LT_512
-endif
-endif
-meta        __LIST_PARTIAL         __DOS_HAS_LIST_UNSUB && !__DOS_HAS_LIST_ID
-meta        __LIST_PRTL_PUMPDUMP   __LIST_PARTIAL && __PD_CNT_1
-meta        __LIST_PRTL_SAME_USER  __LIST_PARTIAL && __TO_EQ_FROM_USR
-uri __LOCAL_PP_NONPPURL		m'https?://(?:[A-Za-z0-9-_]+)\.(?!paypal\.com)(?:[A-Za-z0-9-_\.]+)'i
-body        __LOCK_MAILBOX       /\b(?:(?:deactivate|lock|lose ac+ess to|los[se] (?:of )?(?:important )?(?:information|mail|messages) in) (?:your )?(?:mail\s?box|(?:web ?|e-?)mail)|your (?:mail\s?box|(?:(?:web ?|e-?)mail)(?: account)?) (?:(?:will|may) be(?:come)? )?(?:in-?a(?:ctive|cess[ia]ble)|locked|disabled|deleted|removed)\b|ditt konto vara "?deaktiverad"?|begr(?:=E4|\xe4|[\xc3][\xa4])nsad tillg(?:=E5|[\xe5]|[\xc3][\xa5])ng till din brevl(?:=E5|[\xe5]|[\xc3][\xa5])da|contas? de (?:web ?|e-?)mail (?:ser(?:=E1|[\xe1]|[\xc3][\xa1]) (?:desativado|exclu(?:=ED|[\xed]|[\xc3][\xad])do)|(?:=E9|[\xe9]|[\xc3][\xa9]) exclu(?:=ED|[\xed]|[\xc3][\xad])do)|destruir a sua caixa de (?:correio|entrada)|tw(?:=F3|[\xf3])j konto zostalo ograniczone|straci swoje e-?mail na sta[\xc5][\x82]e|konto zostanie automatycznie wy[\xc5][\x82][\xc4][\x85]czona|e-?mail account[^.]{0,30}deactivated (?:in|from) our (?:database|system|server))/i
-rawbody  __LONGLINE	/^.{998}[^\r\n]/
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __LOTSA_MONEY_00   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __LOTSA_MONEY_00   /<CURRENCY>[\s\.]?[1-9][\dOo][,\.][\dOo]{3}(?:(?!\d)|\b)/
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __LOTSA_MONEY_01   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __LOTSA_MONEY_01   /(?:(?i:sum\sof\s)[\(\[]?|<CURRENCY>\s?)[\s\.]?[1-9][\d.,\sOo]{5,20}[\dOo](?<!\.00)/
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __LOTSA_MONEY_02   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __LOTSA_MONEY_02   /(?<!\d)[1-9][\d.,\sOo]{5,20}[\dOo][\)\]\(]?\s?(?:<CURRENCY>|Pounds|(?i:dollars?|bucks))\b/
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __LOTSA_MONEY_03   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __LOTSA_MONEY_03   /(?:(?i:sum\sof\s)[\(\[]?|<CURRENCY>\s?)[1-9][\d.,\sOo]{0,5}[\)\]]?\s?(?i:M(?i:il)?\b|mil+(?i:io|<O>)n|hund?[re]+a?[dt]|thousand|tausend|milh[\xf5]es)/
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __LOTSA_MONEY_04   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __LOTSA_MONEY_04   /(?:(?<!\d)[1-9][\d\.,]{0,4}(?:M|\smilli?one?s|\s?mln)|million(?!s)|mill<O>n|hund?rea?d(?!s)[^\.]{1,25}thousand(?!s)|cents?[^\.]{1,25}mille|hundert[^\.]{1,30}tausend|ientos?[^\.]{1,20}mil|cent[a-z\s]{1,20}mil\s[a-z]{1,20}centos)[^\.\$]{0,50}?(?:(?:U\.?\s?S\.?\s?(?:A\.?\s?)?|united\s?states\s|E\.\s?U\.\s|canad(?:ian|a)\s|(?:ia\s)?de\s)?d(?:[o\xf3]|[\xc3][\xb3])l+are?s?|bucks|USD|GBP|<GB_UK>\spounds?|(?:<GB_UK>\s)?pounds?\ssterling|pounds(?!\sof)|(?:d'\s?)?euros?|francs?)\b/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __LOTSA_MONEY_05   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __LOTSA_MONEY_05   /(?:(?:sum|value|amount)\sof\s)[1-9][\d.,\sO]{7,20}[\dO\.][\)\]\(\s]{0,3}(?:pounds?|dollars?|euros?|bucks)\b/i
-endif
-meta     __LOTTO_ADMITS     __LOTTO_ADMITS_1 || __LOTTO_ADMITS_2 || __LOTTO_ADMITS_3 || __LOTTO_ATTACH_1 || __LOTTO_ATTACH_2
-body     __LOTTO_ADMITS_1 /\b(?:on-?line|e-?mail|ballot|(?:inter)?national|state|(?:UK|euro)[- ]?(?:mil+ions?|PW)|Canada|Microsoft|MSN|internet|mega|jackpot+|Royal Heritage|foundation|cash\sgrant|mercato|univers|staatsloterij|bill\s?gates|Olympics?|swiss|this|est[ea]|internationaux de gagnants de)(?:\s(?!lot|swe|prom)\w{1,20}){0,3}\s?(?:lot(?:to|t+ery|eri[ea])|sweepstakes?|promo(?:tion|cao|cion)?|jackpot+)\b/i
-body     __LOTTO_ADMITS_2 /\b(?:free)?(?:lot(?:to|tery|erie)|sweepstakes)\s(?:(?:inter)?na[tz]ional|department|bureau|group|award|microsoft)/i
-uri      __LOTTO_ADMITS_3 /lott+ery/i
-meta     __LOTTO_AGENT    __LOTTO_AGENT_01 || __LOTTO_AGENT_02
-body     __LOTTO_AGENT_01 /\b(?:(?:(?:the|y?our)(?:\s\w{1,20})?|contact|accredited|listed)\sclaim(?:s|ing)?(?:\sprocessing)?|fiducia\w+|reimbursement|(?:prize|international|intl|foreign|win+ing)(?:[\s,.]+(?:rem+it+ance|settlement|payment|payout|award|transfer))+|payment|payout|immunity|(?<!memory\s)grants?)\s?(?:agent|manager|officer|secretary|director|mgr\b)/i
-body     __LOTTO_AGENT_02 /\blot+ery[^\.]{1,40} ticket agent/i
-header   __LOTTO_AGENT_RPLY Reply-To =~ /(?:claim(?:s|ing)?(?:[\s_.]processing)?|fiducia\w+|dispatch|reimbursement|payout|prize\stransfer|(?:international|foreign|win+ing)[\s_.]rem+it+ance)[\s_.]?(?:agent|manager|officer|secretary|director|department|dept)/i
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __LOTTO_ATTACH_1   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __LOTTO_ATTACH_1   Content-Type =~ /lott(?:o|ery)/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __LOTTO_ATTACH_2   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __LOTTO_ATTACH_2   Content-Disposition =~ /lott(?:o|ery)/i
-endif
-body     __LOTTO_DEPT       /\b(?:claim(?:s|ing)?(?:\sprocessing)?|fiducia\w+|reimbursement|(?:international|foreign|win+ing)(?:\s(?:rem+it+ance|settlement|payment|award))+|payment|award|compensation|lot+ery)(?:\s\w+)?\s?(?:department|dept|unit|group|committee|bureau)/i
-body     __LOTTO_RELATED    /\b(?:lot+(?:o|ery)|sweepstakes)\s(?:prize|draw(?:s|ing)?|(?:ge)?win(?:n?er|n?ing)?|jackpot+|award|fund|com+it+e+|com+is+ion|guild|promotion|promocao|program|day|online|company|(?:in)?corporat|agent|co[-,]?ordinator|team)/i
-body     __LOTTO_VERIFY     /\bpromo\sverification/i
-body     __LOTTO_WINNINGS   /\b(?:claim|process(?:ing)?|transfert?(?:\s\w+)?|redeem|payment|virement|zahlung|reivindicar|demandar|remise)\s(?:(?:[a-z]{1,5}\s)?(?:your|of|the|this|de|ihrer|seu|tu)\s)+(?:win+ings?|money|(?:cash\s)?prize|award|f[ou]nds?|grant|gewinne|premio|gain)\b/i
-body     __LOTTO_WIN_01     /\bwin+ing\s(?:prize|number|notification|draw|check|cheque|details|information|payment)/i
-body     __LUCKY_WINNER   /\b(?:lucky|gl.cklich(?:en)?|afortunados)\s(?:(?:ge)?win+ers?|ganador(?:es)?|individuals?)\b/i
-body     __LUCRATIVE      /\b(?:lucrative|profitable|tr[\xe8]s\ssalutaire)\b/i
-body        __MAILBOX_FULL       /\b(?:you(?:r (?:mail\s?box|(?:e-?|web ?)mail))? (?:is (?:almost )?full|(?:quota )?ha(?:s|ve) (?:reached|exceeded|passed) (?:the|your|it'?s?) (?:university )?(?:size|storage|set|(?:e-?|web ?)mail|quota|folder|mail ?box)[\/\s](?:limit |quota |account )+)|over your mail\s?box (?:size )?(?:limit|quota)|maximum mail\s?box (?:size )?(?:limit|quota) exceeded|sua (?:conta|caixa) de (?:(?:e-?|web ?)mail|correio) (?:excedeu (?:sua|o) limite|est(?:=E1|[\xe1]|[\xc3][\xa1]) quase cheio))\b/i
-body        __MAILBOX_FULL_SE    /(?:\b=F6|[\xf6]|[\xc3][\xb6])verskridit gr(?:=E4|[\xe4]|[\xc3][\xa4])nsen f(?:=F6|[\xf6]|[\xc3][\xb6])r din postl(?:=E5|[\xe5]|[\xc3][\xa5])da\b/i
-header __MAILER_OL_5510 X-Mailer =~ /^Microsoft Office Outlook, Build 11.0.5510$/
-header __MAILER_OL_6626 X-Mailer =~ /^Microsoft Outlook, Build 10\.0\.6626$/
-body        __MAIL_ACCT_ACCESS1  /\b(?:your (?:web ?|e-?)?mail (?:account|log-?in) (?:has )?been accessed|r(?:=F3|[\xf3])zne komputery zalogowaniu sie)\b/i
-body        __MAIL_ACCT_ACCESS2  /\blo+se ac+es+ to your (?:web|e-?)?mail (?:account|log-?in|box|address)\b/i
-uri	 __MAIL_LINK	/\?.{0,200}\w\@[\w-]{1,20}.\w\w\w?\b/i
-tflags	 __MAIL_LINK	nice
-meta           __MANY_HDRS_LCASE     __HDRS_LCASE > 1
-meta           __MANY_SPAN_IN_TEXT   (__SPAN_BEG_TEXT > 4) && (__SPAN_END_TEXT > 4)
-header __MID_START_001C   Message-ID =~ /^<000001c/
-body     __MILLIONS       /\bmillions\sof\s(?:dollar|euro|pound)/i
-header __MIMEOLE_1106   X-MimeOLE =~ /^Produced By Microsoft MimeOLE V6.00.2800.1106$/
-header     __MIME_BDRY_0D0D        Content-Type =~ /boundary="-{12}(?:0[1-9]){12}/
-if !((version >= 3.004000))
-	meta        __MIME_CTYPE_IN_BODY    0
-endif
-if (version >= 3.004000)
-	body        __MIME_CTYPE_IN_BODY    /^Content-Type:\s/
-endif
-if !((version >= 3.004000))
-	meta        __MIME_MALF      0
-endif
-if (version >= 3.004000)
-	meta        __MIME_MALF      __CTYPE_MULTIPART_ANY && __MIME_CTYPE_IN_BODY
-endif
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta        __MIME_NO_TEXT    0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  meta        __MIME_NO_TEXT    (__CTYPE_MULTIPART_ANY && !__ANY_TEXT_ATTACH)
-endif
-header   __MISSING_REF		References =~ /^UNSET$/ [if-unset: UNSET]
-header   __MISSING_REPLY	In-Reply-To =~ /^UNSET$/ [if-unset: UNSET]
-header __MOLE_2962  X-MimeOLE =~ /^Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2962$/
-meta     __MONEY_ATM_CARD LOTS_OF_MONEY && __ATM_CARD
-meta     __MONEY_FORM        LOTS_OF_MONEY && __FILL_THIS_FORM
-meta     __MONEY_FORM_SHORT  LOTS_OF_MONEY && __FILL_THIS_FORM_SHORT
-meta     __MONEY_FRAUD_3  LOTS_OF_MONEY && (__FRAUD_VQE + __FRAUD_KJV + __FRAUD_IRJ + __FRAUD_NEB + __FRAUD_XJR + __FRAUD_DPR + __FRAUD_BEP + __FRAUD_TDP + __FRAUD_GAN + __FRAUD_IRT + __FRAUD_AON + __FRAUD_WNY + __FRAUD_IPK + __FRAUD_QXX + __FRAUD_IOV + __FRAUD_MLY + __FRAUD_ULK + __FRAUD_BGP + __FRAUD_YWW + __FRAUD_JYG + __FRAUD_XWW + __FRAUD_UUY + __FRAUD_SNT + __FRAUD_JNB + __FRAUD_QFY + __FRAUD_WDR + __FRAUD_WFC + __FRAUD_AUM + __FRAUD_MCQ + __FRAUD_PVN + __FRAUD_FVU + __FRAUD_CKF + __FRAUD_MQO + __FRAUD_TCC + __FRAUD_GBW + __FRAUD_AXF + __FRAUD_THJ + __FRAUD_YQV + __FRAUD_YJA + __FRAUD_YPO + __FRAUD_UOQ + __AFRICAN_STATE + __AGREED_RATIO + __AM_DYING + __ATM_CARD + __BACK_SCRATCH +  __BARRISTER + __BENEFICIARY + __COMPENSATION + __CONTACT_ATTY + __CONTACT_YOU + __COURIER + __DEAD_PARENT + __DEAL + DEAR_BENEFICIARY + DEAR_WINNER + __DECEASED + __DESTROY_ME + __DIED_IN + __DIPLOMATIC + __DORMANT_ACCT + __EARLY_DEMISE + T_EMRCP + __EX_CUSTOMER + __FEES + __FIFTY_FIFTY + __FOUND_YOU + __FRAUD + __FRAUD_PTX + __HUSH_HUSH + __I_INHERIT + __INHERIT_PMT + __INTL_BANK + __INVEST_COUNTRY + __INVEST_MONEY + __IS_LEGAL + __I_WILL_YOU + __KAM_LOTTO2 + __LOTTO_ADMITS + LOTTO_AGENT + __LOTTO_DEPT + __LOTTO_RELATED + __LOTTO_VERIFY + T_LOTTO_URI + __LOTTO_WIN_01 + __LOTTO_WINNINGS +  __LUCKY_WINNER + __LUCRATIVE + __MILLIONS + __MY_FORTUNE + __NEXT_OF_KIN + __NOT_DEAD_YET + __NOT_SCAM + __OUR_BEHALF + __SCAM + __SHARE_IT + __SUM_OF_FUND + __SURVIVORS + __THEY_INHERIT + __TRTMT_DEFILED + __TRUNK_BOX +  __UN + UNCLAIMED_MONEY + __WIDOW + __WILL_LEGAL + __XFER_MONEY + __YOU_ASSIST + __YOU_INHERIT + __YOUR_BANK + __YOUR_FUND + __YOUR_PERM + __YOUR_PROFIT + __YOU_WON + T_LOTTO_AGENT_FM + T_LOTTO_AGENT_RPLY + __PCT_FOR_YOU + __PCT_OF_PMTS + __RANDOM_PICK + __CHARITY > 3)
-meta     __MONEY_FRAUD_5  LOTS_OF_MONEY && (__FRAUD_VQE + __FRAUD_KJV + __FRAUD_IRJ + __FRAUD_NEB + __FRAUD_XJR + __FRAUD_DPR + __FRAUD_BEP + __FRAUD_TDP + __FRAUD_GAN + __FRAUD_IRT + __FRAUD_AON + __FRAUD_WNY + __FRAUD_IPK + __FRAUD_QXX + __FRAUD_IOV + __FRAUD_MLY + __FRAUD_ULK + __FRAUD_BGP + __FRAUD_YWW + __FRAUD_JYG + __FRAUD_XWW + __FRAUD_UUY + __FRAUD_SNT + __FRAUD_JNB + __FRAUD_QFY + __FRAUD_WDR + __FRAUD_WFC + __FRAUD_AUM + __FRAUD_MCQ + __FRAUD_PVN + __FRAUD_FVU + __FRAUD_CKF + __FRAUD_MQO + __FRAUD_TCC + __FRAUD_GBW + __FRAUD_AXF + __FRAUD_THJ + __FRAUD_YQV + __FRAUD_YJA + __FRAUD_YPO + __FRAUD_UOQ + __AFRICAN_STATE + __AGREED_RATIO + __AM_DYING + __ATM_CARD + __BACK_SCRATCH +  __BARRISTER + __BENEFICIARY + __COMPENSATION + __CONTACT_ATTY + __CONTACT_YOU + __COURIER + __DEAD_PARENT + __DEAL + DEAR_BENEFICIARY + DEAR_WINNER + __DECEASED + __DESTROY_ME + __DIED_IN + __DIPLOMATIC + __DORMANT_ACCT + __EARLY_DEMISE + T_EMRCP + __EX_CUSTOMER + __FEES + __FIFTY_FIFTY + __FOUND_YOU + __FRAUD + __FRAUD_PTX + __HUSH_HUSH + __I_INHERIT + __INHERIT_PMT + __INTL_BANK + __INVEST_COUNTRY + __INVEST_MONEY + __IS_LEGAL + __I_WILL_YOU + __KAM_LOTTO2 + __LOTTO_ADMITS + LOTTO_AGENT + __LOTTO_DEPT + __LOTTO_RELATED + __LOTTO_VERIFY + T_LOTTO_URI + __LOTTO_WIN_01 + __LOTTO_WINNINGS +  __LUCKY_WINNER + __LUCRATIVE + __MILLIONS + __MY_FORTUNE + __NEXT_OF_KIN + __NOT_DEAD_YET + __NOT_SCAM + __OUR_BEHALF + __SCAM + __SHARE_IT + __SUM_OF_FUND + __SURVIVORS + __THEY_INHERIT + __TRTMT_DEFILED + __TRUNK_BOX +  __UN + UNCLAIMED_MONEY + __WIDOW + __WILL_LEGAL + __XFER_MONEY + __YOU_ASSIST + __YOU_INHERIT + __YOUR_BANK + __YOUR_FUND + __YOUR_PERM + __YOUR_PROFIT + __YOU_WON + T_LOTTO_AGENT_FM + T_LOTTO_AGENT_RPLY + __PCT_FOR_YOU + __PCT_OF_PMTS + __RANDOM_PICK + __CHARITY > 5)
-meta     __MONEY_FRAUD_8  LOTS_OF_MONEY && (__FRAUD_VQE + __FRAUD_KJV + __FRAUD_IRJ + __FRAUD_NEB + __FRAUD_XJR + __FRAUD_DPR + __FRAUD_BEP + __FRAUD_TDP + __FRAUD_GAN + __FRAUD_IRT + __FRAUD_AON + __FRAUD_WNY + __FRAUD_IPK + __FRAUD_QXX + __FRAUD_IOV + __FRAUD_MLY + __FRAUD_ULK + __FRAUD_BGP + __FRAUD_YWW + __FRAUD_JYG + __FRAUD_XWW + __FRAUD_UUY + __FRAUD_SNT + __FRAUD_JNB + __FRAUD_QFY + __FRAUD_WDR + __FRAUD_WFC + __FRAUD_AUM + __FRAUD_MCQ + __FRAUD_PVN + __FRAUD_FVU + __FRAUD_CKF + __FRAUD_MQO + __FRAUD_TCC + __FRAUD_GBW + __FRAUD_AXF + __FRAUD_THJ + __FRAUD_YQV + __FRAUD_YJA + __FRAUD_YPO + __FRAUD_UOQ + __AFRICAN_STATE + __AGREED_RATIO + __AM_DYING + __ATM_CARD + __BACK_SCRATCH +  __BARRISTER + __BENEFICIARY + __COMPENSATION + __CONTACT_ATTY + __CONTACT_YOU + __COURIER + __DEAD_PARENT + __DEAL + DEAR_BENEFICIARY + DEAR_WINNER + __DECEASED + __DESTROY_ME + __DIED_IN + __DIPLOMATIC + __DORMANT_ACCT + __EARLY_DEMISE + T_EMRCP + __EX_CUSTOMER + __FEES + __FIFTY_FIFTY + __FOUND_YOU + __FRAUD + __FRAUD_PTX + __HUSH_HUSH + __I_INHERIT + __INHERIT_PMT + __INTL_BANK + __INVEST_COUNTRY + __INVEST_MONEY + __IS_LEGAL + __I_WILL_YOU + __KAM_LOTTO2 + __LOTTO_ADMITS + LOTTO_AGENT + __LOTTO_DEPT + __LOTTO_RELATED + __LOTTO_VERIFY + T_LOTTO_URI + __LOTTO_WIN_01 + __LOTTO_WINNINGS +  __LUCKY_WINNER + __LUCRATIVE + __MILLIONS + __MY_FORTUNE + __NEXT_OF_KIN + __NOT_DEAD_YET + __NOT_SCAM + __OUR_BEHALF + __SCAM + __SHARE_IT + __SUM_OF_FUND + __SURVIVORS + __THEY_INHERIT + __TRTMT_DEFILED + __TRUNK_BOX +  __UN + UNCLAIMED_MONEY + __WIDOW + __WILL_LEGAL + __XFER_MONEY + __YOU_ASSIST + __YOU_INHERIT + __YOUR_BANK + __YOUR_FUND + __YOUR_PERM + __YOUR_PROFIT + __YOU_WON + T_LOTTO_AGENT_FM + T_LOTTO_AGENT_RPLY + __PCT_FOR_YOU + __PCT_OF_PMTS + __RANDOM_PICK + __CHARITY > 8)
-meta            __MONEY_FROM_41           __NSL_RCVD_FROM_41 && LOTS_OF_MONEY
-meta     __MONEY_LOTTERY  LOTS_OF_MONEY && (__LOTTO_WINNINGS + __LOTTO_WIN_01 + __YOU_WON + __LOTTO_AGENT_01 + __LOTTO_AGENT_02 + __LOTTO_DEPT + T_LOTTO_AGENT_FM + T_LOTTO_AGENT_RPLY + __LOTTO_ADMITS + __LOTTO_RELATED + DEAR_WINNER + __LOTTO_VERIFY + __GET_TICKET > 1)
-body     __MOVE_MONEY     /\b(?:(?:receive|re-?profile|transfer(?:ring|ir|t)?|release|repatriat(?:e|ion)|rapatrier|secure|r(?:e|=E9|[\xe9]|[\xc3][\xa9])clamation|possession|virer|dona(?:te|r)|depositante|dep[\xc3][\xb3]sito)\s(?:th(?:e(?:se)?|is)|d[ae]s|sur ce|de ce[st]|cet|est[eao]s?|del?)|re-?profiling|receive|re-?locat(?:e|ing)(?:\s\w{1,15})?)\s(?:of\s|your\s|the\s){0,2}(?:sums?\sof\s|inheritance\s)?(?:proceeds|funds?|money|balance|account|g[eo]ld|compte|fond[so]{1,2}|dinero|argent)\b/i
-header         __MSGID_HEXISH        Message-ID =~ /^<?OF[0-9A-F]{8}\.[0-9A-F]{8}-ON[0-9A-F]{8}\.[0-9A-F]{8}(?:-[0-9A-F]{8}\.[0-9A-F]{8})?\@/
-header         __MSGID_HEX_UID       Message-ID =~ /^<?[0-9A-F]{8}\.[0-9A-F]{2,5}%[a-zA-Z]/
-header __MSGID_JAVAMAIL	Message-ID =~ /\.JavaMail\./
-tflags __MSGID_JAVAMAIL	nice
-header	 __MSGID_LIST	Message-ID =~ /-\w+\#[\w.]+\.\w{2,4}\@/
-tflags	 __MSGID_LIST	nice
-header   __MSGID_NOFQDN1  Message-ID =~ /<[^\@]*>/m
-header   __MSGID_NOFQDN2  Message-ID =~ /<.*\@[A-Za-z0-9]+>/m
-header __MSOE_MID_WRONG_CASE   ALL =~ /\nMessage-Id: /
-header         __MTLANDROID_MUA    X-Mailer =~ /\bMotorola android mail \d+\.\d/
-header         __MUA_EQ_ORG_1        ALL =~ /\nX-Mailer: ([^\n]+)\n.*Organization: \1\n/ism
-header         __MUA_EQ_ORG_2        ALL =~ /\nOrganization: ([^\n]+)\n.*X-Mailer: \1\n/ism
-header     __MUA_TBIRD             User-Agent =~ /Thunderbird/
-body     __MY_FORTUNE     /\b(?:my|his|her)\s(?:fortune|heritage)\b/i
-header __NAKED_TO   To =~ /^[^\s<>]+\@[^\s<>]+$/
-meta           __NAME_EMAIL_DIFF   __NAME_IS_EMAIL && ! __NAME_EQ_EMAIL
-header __NAME_EQ_EMAIL	From:raw =~ /([\w+.-]+\@[\w.-]+\.\w\w+)["'`\s]*<\s*\1>/
-header __NAME_IS_EMAIL	From:raw =~ /\w\@[\w.-]+\.\w\w+["'`]*\s*<\w+\@\w/
-body     __NEXT_OF_KIN    /\bnext[-\s]of[-\s]kin\b/i
-body     __NIGERIA        /\bnigeria\b/i
-meta	 __NOT_A_PERSON	__VACATION || ANY_BOUNCE_MESSAGE || __CHALLENGE_RESPONSE || __VIA_ML || __DOS_HAS_LIST_UNSUB || __SENDER_BOT || __UNSUB_LINK || __UNSUB_EMAIL || __MSGID_LIST || __SUBSCRIPTION_INFO
-tflags	 __NOT_A_PERSON	nice
-body     __NOT_DEAD_YET   /\b(?:will\sinherit|que\sherede)\b/i
-body     __NOT_SCAM       /\b(?:not\sa\sscam|(?:not|never)\sscam\syou)\b/i
-tflags	   __NOT_SPOOFED	nice
-if ! plugin (Mail::SpamAssassin::Plugin::DKIM)
-if !plugin(Mail::SpamAssassin::Plugin::SPF)
-   meta __NOT_SPOOFED  __DKIM_EXISTS || !__LAST_EXTERNAL_RELAY_NO_AUTH || ALL_TRUSTED	# no DKIM, no SPF.
-endif
-endif
-if ! plugin (Mail::SpamAssassin::Plugin::DKIM)
- ifplugin Mail::SpamAssassin::Plugin::SPF
-   meta __NOT_SPOOFED  SPF_PASS || __DKIM_EXISTS || !__LAST_EXTERNAL_RELAY_NO_AUTH || ALL_TRUSTED	# no DKIM, yes SPF
-endif
-endif
-if !(! plugin (Mail::SpamAssassin::Plugin::DKIM))
-if !plugin(Mail::SpamAssassin::Plugin::SPF)
-  meta __NOT_SPOOFED  DKIM_VALID || !__LAST_EXTERNAL_RELAY_NO_AUTH || ALL_TRUSTED	# yes DKIM, no SPF
-endif
-endif
-if !(! plugin (Mail::SpamAssassin::Plugin::DKIM))
- ifplugin Mail::SpamAssassin::Plugin::SPF
-  meta __NOT_SPOOFED  SPF_PASS || DKIM_VALID || !__LAST_EXTERNAL_RELAY_NO_AUTH || ALL_TRUSTED	# yes DKIM, yes SPF
-endif
-endif
-meta     __NO_INR_YES_REF	(__XM_GNUS || __XM_MSOE5 || __XM_MSOE6 || __XM_MOZ4 || __XM_SKYRI || __XM_WWWMAIL || __UA_GNUS || __UA_KNODE || __UA_MUTT || __UA_PAN || __UA_XNEWS)
-header          __NSL_ORIG_FROM_41        X-Originating-IP =~ /^(?:.+\[)?41\./
-describe        __NSL_ORIG_FROM_41        Originates from 41.0.0.0/8
-header          __NSL_RCVD_FROM_41        X-Spam-Relays-External =~ / ip=41\./
-describe        __NSL_RCVD_FROM_41        Received from 41.0.0.0/8
-header      __NUMBERS_IN_SUBJ  Subject =~ /\d{3}/
-if !plugin(Mail::SpamAssassin::Plugin::ImageInfo)
-  meta       __ONE_IMG               0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ImageInfo
-  body       __ONE_IMG               eval:image_count('all',1,1)
-endif
-header   __OPERA_MID_NON_OP    Message-ID =~ /^<[^o][^p]\./
-body     __OUR_BEHALF     /\b(?:on\s(?:my|our)\sbehalf|of\sbehalf\sof)\b/i
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader __PART_CID_STOCK_LESS    Content-ID =~ /^<00[a-f0-9]{10}\$[a-f0-9]{8}\$[a-f0-9]{8}\@[A-Za-z]+>$/
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader __PART_STOCK_CD_F Content-Disposition =~ /filename/
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader __PART_STOCK_CID Content-ID =~ /^<[a-f0-9]{12}\$[a-f0-9]{8}\$[a-f0-9]{8}\@[^\s\.]+>$/
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader __PART_STOCK_CL Content-Location =~ /./
-endif
-body     __PAY_YOU        /\bpay\syou\b/
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __PCT_FOR_YOU    0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  meta     __PCT_FOR_YOU    __PCT_FOR_YOU_1 || __PCT_FOR_YOU_2 || __PCT_FOR_YOU_3 || SHARE_50_50
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __PCT_FOR_YOU_1  0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __PCT_FOR_YOU_1  /<PERCENT>[\s)]{0,3}(?:(?:of\s[\w\s]{0,35}?)?(?:for|to|as)\syour?|(?:[^\s.]{1,15}\s)?an uns beide)/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __PCT_FOR_YOU_2  0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __PCT_FOR_YOU_2  /\b(?:(?:give|offer)\syou|vous\s(?:aurez\sdroit\s(?:=E0|[\xe0])|donnerai|all(?:e|=E9|[\xe9]|[\xc3][\xa9])\srecevoir\sautour\sde)|ihnen)\s<PERCENT>/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __PCT_FOR_YOU_3  0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __PCT_FOR_YOU_3  /\byour?\s(?!can)(?:(?!you)\w{1,15}\s){0,10}(?:(?:share|entiti?le(?:d|ment)?|percentage|fee|assist(?:ance)?|comp[ea]nsat(?:ed?|tion)|reward(?:ed)?|renumerat(?:e|tion)|com+is+ion|paid|deduct|account|tage|(?:will|shall|would|(?:are|stand|going)\sto)\s(?:be\s)?(?:tak(?:e|ing)|earn|get(?:ting)?|remit|subtract|with+old)|(?:deduct|taken?|subtract(?:ed)?)\syour|keep(?:ing)?|receiv(?:e|ing)|retain(?:ing)?|have|half|giv(?:en|ing)|paid|(?:give|pay|offer)\s(?:me|you|him)|bank\saccount|to\s(?:take|use)|(?:time|country)\sand|ratio\sof)(?:\s(?!you)\w{1,15}){0,10})\s(?<!by\s)(?<!up\sto\s)<PERCENT>/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
-  meta     __PCT_OF_PMTS    0
-endif
-ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
-  body     __PCT_OF_PMTS    /<PERCENT>[\s)]+(?:of\s[\w\s]{0,35}?)?(?:of|du|de)\s(?:(?:the|la)\s)?(?:total\s)?(?:payments?|rem+it+ances?|capital|chec(?:k|que)s?|mon(?:ey|ies)|suma?)/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __PDF_ATTACH        0
-  meta         __PDF_ATTACH       0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __PDF_ATTACH        Content-Type =~ m,\bapplication/pdf\b,i
-  meta         __PDF_ATTACH       (__PDF_ATTACH_MT || __PDF_ATTACH_FN1 || __PDF_ATTACH_FN2)
-endif
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __PDF_ATTACH_FN1   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __PDF_ATTACH_FN1   Content-Type =~ /="[^"]+\.pdf"/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __PDF_ATTACH_FN2   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __PDF_ATTACH_FN2   Content-Disposition =~ /="[^"]+\.pdf"/i
-endif
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __PDF_ATTACH_MT    0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __PDF_ATTACH_MT    Content-Type =~ m,\bapplication/pdf\b,i
-endif
-if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-  header     __PDS_FROM_2_EMAILS      From =~ /^\W+([\w+.-]+\@[\w.-]+\.\w\w++)(?:[^\n\w<]{0,80})?<(?!\1)[^\n\s]*\@/i
-endif
-if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-  header     __PDS_TO_EQ_FROM_NAME_1  ALL =~ /\nTo:\s+(?:[^\n<]{0,80}<)?([^\n\s>]+)>?\n(?:[^\n]{1,100}\n)*From:\W+(\1)([^\n\w<]++<)?((?!\1)[^\n">]++)>?\n/ism
-endif
-if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-  header     __PDS_TO_EQ_FROM_NAME_2  ALL =~ /\nFrom:\W+"([\w+.-]+\@[\w.-]+\.\w\w+)(?:[^\n\w<]{0,80}<)?((?!\1)[^\n">]++)>?\n(?:[^\n]{1,100}\n)*To:\s+(?:[^\n<]{0,80}<)?(\1)>?/ism
-endif
-meta        __PD_CNT_1        (__PUMPDUMP_01+__PUMPDUMP_02+__PUMPDUMP_03+__PUMPDUMP_04+__PUMPDUMP_05+__PUMPDUMP_06+__PUMPDUMP_07+__PUMPDUMP_08+__PUMPDUMP_09+__PUMPDUMP_10) > 0
-meta    __PHP_MUA             __PHP_MUA_1 || __PHP_MUA_2
-header  __PHP_MUA_1           X-Mailer =~ /^PHP\s?v?\/?\d\./
-header  __PHP_MUA_2           X-Mailer =~ /^PHP\d$/
-header  __PHP_NOVER_MUA       X-Mailer =~ /^PHP$/
-if !(can(Mail::SpamAssassin::Conf::feature_bug6558_free))
-  meta        __PILL_PRICE_01        0
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  body        __PILL_PRICE_01        m;(?=[\d .f])(?:free|[\d .]{3}(?:/|per|each)) ?(?=[ptc])(?:pill|tablet|cap(?:sule|let))s?\b;i
-  tflags      __PILL_PRICE_01        multiple maxhits=3
-endif
-if !(can(Mail::SpamAssassin::Conf::feature_bug6558_free))
-  meta        __PILL_PRICE_02        0
-endif
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  body        __PILL_PRICE_02        /(?=[ptc])(?:pill|tablet|cap(?:sule|let))s[-= :]{1,5}\$?[\d .]{3}/i
-  tflags      __PILL_PRICE_02        multiple maxhits=3
-endif
-body           __PLS_REVIEW       /\b(?:please|kindly)\s(?:(?:re)?view|see)(?:\s\w+)?\sattach(?:ed|ment)\b/i
-uri         __PS_TEST_LOC_WP   m;/(?:wp-content/plugins|wp-content/themes|wp-includes|modules/mod_wdbanners|includes/|google_recommends|mt-static|data/module)/.{1,64}(?!\.gif|\.jpg|\.png|\.bmp|\.ico|\.pdf).{4}$;i
-body        __PUMPDUMP_01     /\b(?:times|multiply|tripl(?:e|ing)|quadrupl(?:e|ing)|quintupl(?:e|ing)) (?:your|an) (?:princip(?:al|le)|investment)\b/i
-body        __PUMPDUMP_02     /\b(?:sto[ck]{2}|share price) (?:will |may |is (?:(?:about|poised|positioned|ready) to |gonna ))?(?:triple|quadruple|quintuple|soar|go(?:es?) (?:nuts|crazy|sky high|way up))\b/i
-body        __PUMPDUMP_03     /\bbuy (?:[^.!]{1,30} )?(?:(?:(?:mon|tues|wednes|thurs|fri)day|tomorrow) (?:first thing|open|morning)|(?:first thing|opens|before) (?:(?:mon|tues|wednes|thurs|fri)day|tomorrow))/i
-body        __PUMPDUMP_04     /\bmake you (?:big bucks|hundreds|thousands)\b/i
-body        __PUMPDUMP_05     /\b(?:tripled|quadrupled|quintupled|(?:shares|value|company) (?:go up|increase|has (?:increased|gained)) (?:by|more than) [a-z\s]{0,20}\d+(?: times| percent| ?%)) (?:and that )?in (?:(?:\d|a (?:span of|few)) days|a very short period)\b/i
-body        __PUMPDUMP_06     /\brecommend(?:ed|s)? (?:a|this) (?:company|stock)\b/i
-body        __PUMPDUMP_07     /\b(?:buy|grab it) for (?:around |about |less than )?\d+ cents\b/i
-body        __PUMPDUMP_08     /\b?(:sto[ck]{2}|sotk) of the year/i
-body        __PUMPDUMP_09     /\b(?:buy|get|snap up|grab) as many shares (?:of it )?as (?:you|I) can\b/i
-body        __PUMPDUMP_10     /\btrading at (?:such )?a (?:bargain|cheap|low)\b/i
-body     __RANDOM_PICK    /\b(?:random(?:ly)?\s(?:\w+\s)?(?:select(?:ion|ed)|pick(?:ed)?|computer)|(?:select|pick)ed\s(?:at\s)?random(?:ly)?|(?:esco(?:g|lh)idos|seleccion) (?:aleatoria(?:mente)?|al azar))\b/i
-header    __RAND_HEADER                ALL =~ /^(?!Accept-Language|Authentication-Results|Content-|DomainKey-Signature|DKIM-|List-|MIME-|Received-SPF|Return-Path|Thread-|User-Agent)(?:[a-z]{4,}-[a-z]{3,}|[a-z]{3,}-[a-z]{4,}):\s+\d(?=\S{6,}\s*$)[\da-f]*(?:[-.]\w+)*\s*$/ism
-tflags    __RAND_HEADER                multiple, maxhits=4
-header __RATWARE_BOUND_A  ALL =~ /^Message-Id: <....([0-9a-f]{8})\$[0-9a-f]{8}\$.{10,400}boundary="----=_NextPart_000_...._\1\./msi # "
-header __RATWARE_BOUND_B  ALL =~ /boundary="----=_NextPart_000_...._([0-9a-f]{8})\..{10,400}^Message-Id: <....\1\$[0-9a-f]{8}\$/msi # "
-header __RCD_RDNS_MAIL X-Spam-Relays-External =~ /^[^\]]+ rdns=\S*\bmail[^a-z]/i
-tflags __RCD_RDNS_MAIL nice
-header __RCD_RDNS_MAIL_MESSY X-Spam-Relays-External =~ /^[^\]]+ rdns=\S*mail/i
-tflags __RCD_RDNS_MAIL_MESSY nice
-header __RCD_RDNS_MTA_MESSY X-Spam-Relays-External =~ /^[^\]]+ rdns=\S*mta/i
-tflags __RCD_RDNS_MTA_MESSY nice
-header __RCD_RDNS_MX X-Spam-Relays-External =~ /^[^\]]+ rdns=\S*\bmx[^a-z]/i
-tflags __RCD_RDNS_MX nice
-header __RCD_RDNS_MX_MESSY X-Spam-Relays-External =~ /^[^\]]+ rdns=\S*mx/
-tflags __RCD_RDNS_MX_MESSY nice
-header __RCD_RDNS_SMTP X-Spam-Relays-External =~ /^[^\]]+ rdns=\S*\bsmtps?[^a-z]/i
-tflags __RCD_RDNS_SMTP nice
-header __RCD_RDNS_SMTP_MESSY X-Spam-Relays-External =~ /^[^\]]+ rdns=\S*smtp/
-tflags __RCD_RDNS_SMTP_MESSY nice
-ifplugin Mail::SpamAssassin::Plugin::DNSEval
-header	__RCVD_IN_DNSWL		eval:check_rbl('dnswl-firsttrusted', 'list.dnswl.org.')
-tflags	__RCVD_IN_DNSWL		nice net
-endif
-header         __RCVD_ZIXMAIL        X-Spam-Relays-Untrusted =~ / helo=smtpout\.zixmail\.net /
-header __RDNS_NO_SUBDOM	X-Spam-Relays-External =~ /^[^\]]+ rdns=[^. ]*\.\w+ /
-header __RDNS_SHORT	X-Spam-Relays-External =~ /^[^\]]+ rdns=\S{4,14} /
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader # {
-  meta	__REMOTE_IMAGE	(__HTML_IMG_ONLY || __HTML_LINK_IMAGE) && !(__SUBSCRIPTION_INFO || __VIA_ML || __SENDER_BOT || __ANY_IMAGE_ATTACH)
-endif
-header __REPLYTO_EXISTS             exists:Reply-To
-if !(version >= 3.003000)
-  meta        __RP_MATCHES_RCVD      0
-endif
-if version >= 3.003000
-if !plugin(Mail::SpamAssassin::Plugin::WLBLEval)
-  meta        __RP_MATCHES_RCVD      0
-endif
-endif
-if version >= 3.003000
-ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-  header      __RP_MATCHES_RCVD      eval:check_mailfrom_matches_rcvd()
-endif
-endif
-body     __SCAM           /\bscam(?:m?e[dr])?s?\b/i
-body        __SECURITY_DEPT      /\bsecurity dep(?:artmen)?t\b/i
-header	 __SENDER_BOT	ALL =~ /(?:not?\W?repl[yi]|bounce|contact|daemon|subscri|report|respon[ds]e?r?s?\b|\b(?:root|news|nobody|agent|(?:post|web)?master|manag|send(?:er|ing)?|out|(?:bot|web|www)\b))[^\@ >]{0,5}s?\@\w/i
-tflags	 __SENDER_BOT	nice
-body     __SHARE_IT       /\b(?:(?:share|allocate|teilen|parteger(?:ez|ons)?|partage)\s(?:th(?:e|is)|das|les?|des)\s(?:proceeds|funds?|money|balance|account|geld|compte|fonds)|partager(?:ez|ons)? (?:avec (?:vous|moi)|ratio|suivant un pourcentage))\b/i
-header      __SMIME_MESSAGE    Content-Type =~ /application\/pkcs7-mime;/i
-rawbody        __SPAN_BEG_TEXT     /[a-z]{2}<(?i:span)\s/
-tflags         __SPAN_BEG_TEXT     multiple maxhits=5
-rawbody        __SPAN_END_TEXT     /[^;>]<\/(?i:span)>[a-z]{3}/
-tflags         __SPAN_END_TEXT     multiple maxhits=5
-if !plugin(Mail::SpamAssassin::Plugin::SPF)
-  meta            __SPF_FULL_PASS         0
-endif
-ifplugin Mail::SpamAssassin::Plugin::SPF
-  meta            __SPF_FULL_PASS         (SPF_PASS && SPF_HELO_PASS)
-  tflags          __SPF_FULL_PASS         net
-endif
-if !plugin(Mail::SpamAssassin::Plugin::SPF)
-  meta            __SPF_RANDOM_SENDER     0
-endif
-ifplugin Mail::SpamAssassin::Plugin::SPF
-  meta            __SPF_RANDOM_SENDER     (SPF_HELO_PASS && !SPF_PASS)
-  tflags          __SPF_RANDOM_SENDER     net
-endif
-rawbody  __SPOOFED_URL	m/<a\s[^>]{0,2048}\bhref=(?:3D)?.?(https?:[^>"'\# ]{8,29}[^>"'\# :\/?&=])[^>]{0,2048}>(?:[^<]{0,1024}<(?!\/a)[^>]{1,1024}>){0,99}\s{0,10}(?!\1)https?[^\w<]{1,3}[^<]{5}/i
-body        __STOCK_TIP       /\bsto[ck]{2}\s?tip\b/i
-meta           __STYLE_GIBBERISH        (__STYLE_GIBBERISH_1 || __STYLE_GIBBERISH_2 || __STYLE_GIBBERISH_3)
-if !(can(Mail::SpamAssassin::Conf::perl_min_version_5010000))
-  rawbody        __STYLE_GIBBERISH_1      /<style(?:\s[^>]{0,40})?>(?:\s{0,100}(?!<\/style>|\/\*)[^\s:;,]){150}/im
-endif
-if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-  rawbody        __STYLE_GIBBERISH_1      /<style(?:\s[^>]{0,40})?>(?:\s{0,100}(?!<\/style>)(?:(?:\/\*(?:\s|[^*<]|\*(?!\/)|<(?!\/style>)){0,200}\*\/)|\#[^{<]{1,50}\{[^}<]{4,100}\})){0,4}+(?:\s{0,100}(?!<\/style>|\/\*)[^\s:;,]){150}/im
-endif
-rawbody        __STYLE_GIBBERISH_2      /\.style\w{0,20}\s{1,10}\{[^:;]{200}/im
-rawbody        __STYLE_GIBBERISH_3      /<style(?:\s[^>]{0,40})?>\s{0,80}(?:[\w:]{1,30}\s{0,10}\{[^}]{1,50}\}\s{0,80}){1,5}(?:[\w,.']{1,30}\s{1,10}){40}/im
-body           __STYLE_TAG_IN_BODY      /<style(?:[^>]{0,30})?>/i
-meta        __SUBJ_BRKN_WORDNUMS   __SUBJ_BROKEN_WORD && __TVD_SUBJ_NUM_OBFU
-header      __SUBJ_BROKEN_WORD     Subject =~ /\s(?!i[PTM][aoh][bcdou]|e[MP]a[is])[a-z]{1,3}[A-Z][a-z]{2}/
-tflags      __SUBJ_BROKEN_WORD     multiple maxhits=2
-header         __SUBJ_HAS_FROM_1    ALL =~ /\nFrom:\s+(?:[^\n<]{0,80}<)?([^\n\s>]+)>?\n(?:[^\n]{1,100}\n)*Subject:\s+[^\n]{0,100}\1[>,\s\n]/ism
-header         __SUBJ_HAS_TO_1      ALL =~ /\nTo:\s+(?:[^\n<]{0,80}<)?([^\n\s>,]+)>?\n(?:[^\n]{1,200}\n)*Subject:\s+[^\n]{0,100}\1[>,\s\n]/ism
-header         __SUBJ_HAS_TO_2      ALL =~ /\nReceived:[^\n]{0,200} for <?([^\n\s>;]+)>?;(?:[^\n]+\n)*Subject:\s+[^\n]{0,100}\1[>,\s\n]/ism
-header   __SUBJ_RE		Subject =~ /^R[eE]:/
-body	 __SUBSCRIPTION_INFO	/\b(?:e?newsletters?|(?:un)?(?:subscrib|register)|you(?:r| are) subscri(?:b|ption)|opt(?:.|ing)?out\b|further info|you do ?n[o']t w(?:ish|ant)|remov\w{1,3}.{1,9}\blists?\b|to your white.?list)/i
-tflags	 __SUBSCRIPTION_INFO	nice
-body     __SUM_OF_FUND    /\b(?:sum|release|freigabe)\s(?:of|der)\s(?:amount|fund|investment|mittel)\b/i
-body        __SURVEY           /\bsurvey\b/i
-body     __SURVIVORS      /\b(?:widow|son|daughter|husband|wife|brother|sister|attorney|vi(?:=FA|[\xfa]|[\xc3][\xba])va|esposa|veuve)\s(?:of|to|do|de)\s(?:the\s)?(?:late|falecido|finales|feu|d(?:e|=E9|[\xe9]|[\xc3][\xa9])funt|mr\.?)\s\w+\b/i
-body        __SYSADMIN           /\b(?:help?[- ]?desk|(?:(?:web ?)?mail ?|sys(?:tem )?)admin(?:istrator)|local[- ]host|(?:support|upgrade|management) (?:team|center)|message from administrator|university mail server copyright|suporte t(?:=E9|[\xe9]|[\xc3][\xa9])cnico|administrador do sistema)\b/i
-header		__TAB_IN_FROM		From:raw =~ /^\t/s
-describe	__TAB_IN_FROM		From starts with a tab
-header         __TB_MIME_BDRY_NO_Z   Content-Type =~ /boundary="-{8,}(?:[1-9]){16}/
-rawbody        __TENWORD_GIBBERISH    /^\s*(?:[a-z]+\s+){10}\.$/m
-tflags         __TENWORD_GIBBERISH    multiple maxhits=21
-body     __THEY_INHERIT   /\b(?:inherit\sth(?:e|is)\smoney|herede\sest[ea]\sdinero)\b/i
-body        __THIS_AD         /(?:\b|_)this[- _]+(?:ad(?:vert[i1l]sement)?|promo(?:tion)?)s?(?:\b|_)/i
-meta    __THREADED     (!__MISSING_REPLY && !__NO_INR_YES_REF) || (__MISSING_REPLY && !__MISSING_REF)
-tflags  __THREADED     nice
-header __THREAD_INDEX_GOOD  Thread-Index =~ m,^A[a-z0-9][A-Za-z0-9+/]{27}(?:[A-Za-z0-9+/]{20})?(?:[AQgw]==|[A-Za-z0-9+/]{7}|[A-Za-z0-9+/]{13}[AEIMQUYcgkosw048]=)$,
-header         __TO_ALL_NUMS        To:addr =~ /^\d+@/
-if !plugin(Mail::SpamAssassin::Plugin::SPF)
-  meta           __TO_EQ_FM_DOM_SPF_FAIL  0
-endif
-ifplugin Mail::SpamAssassin::Plugin::SPF
-  meta           __TO_EQ_FM_DOM_SPF_FAIL  __TO_EQ_FROM_DOM && SPF_FAIL
-  tflags         __TO_EQ_FM_DOM_SPF_FAIL  net
-endif
-if !plugin(Mail::SpamAssassin::Plugin::SPF)
-  meta           __TO_EQ_FM_SPF_FAIL  0
-endif
-ifplugin Mail::SpamAssassin::Plugin::SPF
-  meta           __TO_EQ_FM_SPF_FAIL  __TO_EQ_FROM && SPF_FAIL
-  tflags         __TO_EQ_FM_SPF_FAIL  net
-endif
-meta           __TO_EQ_FROM         (__TO_EQ_FROM_1 || __TO_EQ_FROM_2)
-describe       __TO_EQ_FROM         To: same as From:
-header         __TO_EQ_FROM_1       ALL =~ /\nFrom:\s+(?:[^\n<]{0,80}<)?([^\n\s>]+)>?\n(?:[^\n]{1,100}\n)*To:\s+(?:[^\n]{0,80}<)?\1[>,\s\n]/ism
-header         __TO_EQ_FROM_2       ALL =~ /\nTo:\s+(?:[^\n<]{0,80}<)?([^\n\s>]+)>?\n(?:[^\n]{1,100}\n)*From:\s+(?:[^\n]{0,80}<)?\1[>,\s\n]/ism
-meta           __TO_EQ_FROM_DOM     (__TO_EQ_FROM_DOM_1 || __TO_EQ_FROM_DOM_2)
-describe       __TO_EQ_FROM_DOM     To: domain same as From: domain
-header         __TO_EQ_FROM_DOM_1   ALL =~ /\nFrom:\s+[^\n@]{0,80}@([^\n\s>]+)>?\n(?:[^\n]{1,100}\n)*To:\s+[^\n]+@\1[>,\s\n]/ism
-header         __TO_EQ_FROM_DOM_2   ALL =~ /\nTo:\s+[^\n@]{0,80}@([^\n\s>]+)>?\n(?:[^\n]{1,100}\n)*From:\s+[^\n]+@\1[>,\s\n]/ism
-meta	 __TO_EQ_FROM_USR	(__TO_EQ_FROM_USR_1 || __TO_EQ_FROM_USR_2) && !(__FROM_DNS || __FROM_INFO || __SENDER_BOT)
-describe __TO_EQ_FROM_USR	To: username same as From: username
-header	 __TO_EQ_FROM_USR_1	ALL =~ /\nFrom:\s+(?:[^\n<]{0,80}<)?([^\n\s\@>]+)\@[^\n\s]+>?\n(?:[^\n]{1,100}\n)*To:\s+(?:[^\n]{0,80}<)?\1[\@>,\s\n]/ism
-header	 __TO_EQ_FROM_USR_2	ALL =~ /\nTo:\s+(?:[^\n<]{0,80}<)?([^\n\s\@>]+)\@[^\n\s]+>?\n(?:[^\n]{1,100}\n)*From:\s+(?:[^\n]{0,80}<)?\1[\@>,\s\n]/ism
-meta	 __TO_EQ_FROM_USR_NN	(__TO_EQ_FROM_USR_NN_1 || __TO_EQ_FROM_USR_NN_2) && !(__FROM_DNS || __FROM_INFO || __SENDER_BOT)
-describe __TO_EQ_FROM_USR_NN	To: username same as From: username sans trailing nums
-header	 __TO_EQ_FROM_USR_NN_1	ALL =~ /\nFrom:\s+(?:[^\n<]{0,80}<)?([^\n\s\@>]{4,80}?)\d*\@[^\n\s]+>?\n(?:[^\n]{1,100}\n)*To:\s+(?:[^\n]{0,80}<)?\1\d*[\@>,\s\n]/ism
-header	 __TO_EQ_FROM_USR_NN_2	ALL =~ /\nTo:\s+(?:[^\n<]{0,80}<)?([^\n\s\@>]{4,80}?)\d*\@[^\n\s]+>?\n(?:[^\n]{1,100}\n)*From:\s+(?:[^\n]{0,80}<)?\1\d*[\@>,\s\n]/ism
-meta	 __TO_EQ_FROM_USR_NN_MINFP	__TO_EQ_FROM_USR_NN && !__TO_EQ_FROM_USR_1 && !__TO_EQ_FROM && !__TO_EQ_FROM_DOM && !__LCL__ENV_AND_HDR_FROM_MATCH && !__DKIM_EXISTS && !__NOT_SPOOFED && !__RCD_RDNS_SMTP && !__RCD_RDNS_MX_MESSY && !__THREADED
-meta           __TO_IN_SUBJ         (__SUBJ_HAS_TO_1 || __SUBJ_HAS_TO_2)
-header     __TO_NO_ARROWS_R        To !~ /(?:>$|>,)/
-if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-  meta       __TO_NO_BRKTS_FREEMAIL  0
-endif
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  meta       __TO_NO_BRKTS_FREEMAIL  __TO_NO_ARROWS_R && (FREEMAIL_FROM || FREEMAIL_REPLYTO)
-endif
-meta       __TO_NO_BRKTS_FROM_RUNON  __TO_NO_ARROWS_R && !__TO_UNDISCLOSED && __FROM_RUNON
-meta       __TO_NO_BRKTS_HTML_IMG  __TO_NO_ARROWS_R && !__TO_UNDISCLOSED && HTML_MESSAGE && __ONE_IMG
-meta       __TO_NO_BRKTS_HTML_ONLY __TO_NO_ARROWS_R && !__TO_UNDISCLOSED && MIME_HTML_ONLY
-meta       __TO_NO_BRKTS_MSFT       __TO_NO_ARROWS_R && !__TO_UNDISCLOSED && (__ANY_OUTLOOK_MUA || __MIMEOLE_MS)
-meta       __TO_NO_BRKTS_NORDNS_HTML    __TO_NO_BRKTS_HTML_ONLY && RDNS_NONE
-meta       __TO_NO_BRKTS_PCNT       __TO_NO_ARROWS_R && __FB_NUM_PERCNT
-header     __TO_UNDISCLOSED        To =~ /\b(?:undisclosed[-\s]recipients|destinataires inconnus)\b/i
-body     __TO_YOUR_ACCT   /\b(?:(?:f[uo]nds|money|f[uo]ndo|dinheiro|bank)\s(?:\w{1,10}\s){0,4}(?:transfer(?:red)?|transferido|sont)|\d+)\s(?:to|para|en)\s(?:your?|sua|votre)\s(?:account|conta|pos+es+ion)/i
-body     __TO_YOUR_ORG       /\b(?:to|for) your organi[sz]ation\b/i
-header      __TO___LOWER       ALL =~ /to:\s\S{5}/
-body        __TRAVEL_AGENT     /\btravel\sagen(?:t|cy)\b/i
-body        __TRAVEL_BUSINESS  /\bbusiness\stravel\b/i
-body     __TRAVEL_ITINERARY  /(?:travel|ticketed|your|current) itinerary/i
-meta        __TRAVEL_MANY      (__TRAVEL_PROFILE + __TRAVEL_RESERV + __TRAVEL_BUSINESS + __TRAVEL_AGENT) > 2
-body        __TRAVEL_PROFILE   /\btravel+er\sprofile\b/i
-body        __TRAVEL_RESERV    /\b(?:reservation\s(?:confirmed|number)|travel\sreservations?)\b/i
-body     __TRTMT_DEFILED  /\bdefiled\sall\s(?:forms\sof\s)?(?:medical\s)?treatments?\b/i
-body     __TRUNK_BOX      /\b(?:(?:trunk|metallic|proof|security|consignment)\sbox(?:es)?|sealed\ssafe|une mallette m(?:e|=E9|[\xe9]|[\xc3][\xa9])tallique)\b/i
-body     __TRUSTED_CHECK  /\b(?:cashier'?s?|certified)\sche(?:ck|que)/i
-header __TT_BROKEN_VALIUM       Subject =~ /V[:^."%()*\[\\]?A[:^."%()*\[\\]?L[:^."%()*\[\\]?I[:^."%()*\[\\]?U[:^."%()*\[\\]?M/i
-header __TT_BROKEN_VIAGRA       Subject =~ /V[:^."%()*\[\\]?I[:^."%()*\[\\]?A[:^."%()*\[\\]?G[:^."%()*\[\\]?R[:^."%()*\[\\]?A/i
-header __TT_OBSCURED_VALIUM     Subject =~ /(v|V|\\\/)(a|A|\(a\)|4|@)(l|L|\|)(i|I|1|\xef|\|)(u|U|\(u\))(m|M)/
-header __TT_OBSCURED_VIAGRA     Subject =~ /(v|V|\\\/)(i|I|1|\xef|\|)(a|A|\(a\)|4|@)(g|G)(r|R)(a|A|\(a\)|4|@)/
-header __TT_VALIUM              Subject =~ /VALIUM/i
-header __TT_VIAGRA              Subject =~ /VIAGRA/i
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader __TVD_FW_GRAPHIC_ID1 Content-Id =~ /<[0-9a-f]{12}(?:\$[0-9a-f]{8}){2}\@/
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader __TVD_MIME_ATT_AOPDF Content-Type =~ /^application\/octet-stream.*\.pdf/i
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader __TVD_MIME_ATT_AP    Content-Type =~ /^application\/pdf/i
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader __TVD_MIME_ATT_TP    Content-Type =~ /^text\/plain/i
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-mimeheader __TVD_OUTLOOK_IMG    Content-Id =~ /<image\d+\.(?:gif|jpe?g|png)\@/
-endif
-body __TVD_PH_BODY_01		/\baccount .{0,20}placed? [io]n restricted status/i
-body __TVD_PH_BODY_02		/\brecords (?:[a-z_,-]+ )+?(?:feature|(?:a|re)ward)/i
-body __TVD_PH_BODY_03		/\byou(?:'ve| have) been (?:[a-z_,-]+ )+?payment/i
-body __TVD_PH_BODY_04		/\bfunds? (?!transfer from)(?!from)(?!in)(?!via)(?:[a-z_,-]+ )+?to your (?:[a-z_,-]+ )*?account/i
-body __TVD_PH_BODY_05		/\bthis is (?:[a-z_,-]+ )+?protect (?:[a-z_,-]+ )+?your/i
-body __TVD_PH_BODY_06		/Dear [a-z]+ bank (?:member|customer)/i
-body __TVD_PH_BODY_07		/\bguarantee the safety of your (?:[a-z_,-]+ )*?account/i
-body __TVD_PH_BODY_08		/\bmultiple password failures/i
-body __TVD_PH_BODY_ACCOUNTS_POST	/\b(?:(?:[dr]e-?)?activat[a-z]*|(?:re-?)?validate|secure|restore|confirm|update|suspend) (?!your)(?:[a-z_,-]+ )+?accounts?\b/i
-body __TVD_PH_BODY_ACCOUNTS_PRE		/\baccounts? (?:[a-z_,-]+ )+?(?:record[a-z]*|suspen[a-z]+|notif(?:y|ication)|updated|verifications?|credited)\b/i
-meta __TVD_PH_BODY_META		__TVD_PH_BODY_01 || __TVD_PH_BODY_02 || __TVD_PH_BODY_03 || __TVD_PH_BODY_04 || __TVD_PH_BODY_05 || __TVD_PH_BODY_06 || __TVD_PH_BODY_07 || __TVD_PH_BODY_08
-header __TVD_PH_SUBJ_00		Subject =~ /\brewards? survey\b/i
-header __TVD_PH_SUBJ_02		Subject =~ /\byour payment has been sent\b/i
-header __TVD_PH_SUBJ_04		Subject =~ /\baccounts? profile\b/i
-header __TVD_PH_SUBJ_15		Subject =~ /\binvestment for (?:[a-z_,-]+ )*?to(?:morrow|day)\b/i
-header __TVD_PH_SUBJ_17		Subject =~ /\bremove limitations?\b/i
-header __TVD_PH_SUBJ_18		Subject =~ /\bsecurity (?:[a-z_,-]+ )*?changes\b/i
-header __TVD_PH_SUBJ_19		Subject =~ /\bmessage (?:[a-z_,-]+ )*?bank\b/i
-header __TVD_PH_SUBJ_29		Subject =~ /^notice(?::|[\s\W]*$)/i
-header __TVD_PH_SUBJ_31		Subject =~ /\bsecurity (?:[a-z_,-]+ )*?verification\b/i
-header __TVD_PH_SUBJ_36		Subject =~ /\bconsumer notice\b/i
-header __TVD_PH_SUBJ_37		Subject =~ /\bvalued member[a-z]*\b/i
-header __TVD_PH_SUBJ_38		Subject =~ /\bonline bank[a-z]*\b/i
-header __TVD_PH_SUBJ_39		Subject =~ /\bonline department\b/i
-header __TVD_PH_SUBJ_41		Subject =~ /\bunusual activity\b/i
-header __TVD_PH_SUBJ_52		Subject =~ /\b(?:account|online) profile\b/i
-header __TVD_PH_SUBJ_54		Subject =~ /\bun-?authorized access(?:es)?\b/i
-header __TVD_PH_SUBJ_56		Subject =~ /\brespond now\b/i
-header __TVD_PH_SUBJ_58		Subject =~ /\bbilling service\b/i
-header __TVD_PH_SUBJ_59		Subject =~ /\bquestion from (?:[a-z_,-]+ )*?member\b/i
-header __TVD_PH_SUBJ_ACCESS_POST	Subject =~ /\b(?:(?:re-?)?activat[a-z]*|secure|verify|restore|flagged|limited|unusual|report|notif(?:y|ication)|suspen(?:d|ded|sion)) (?:[a-z_,-]+ )*?access\b/i
-meta __TVD_PH_SUBJ_META		__TVD_PH_SUBJ_00 || __TVD_PH_SUBJ_02 || __TVD_PH_SUBJ_04 || __TVD_PH_SUBJ_15 || __TVD_PH_SUBJ_17 || __TVD_PH_SUBJ_18 || __TVD_PH_SUBJ_19 || __TVD_PH_SUBJ_29 || __TVD_PH_SUBJ_31 || __TVD_PH_SUBJ_36 || __TVD_PH_SUBJ_37 || __TVD_PH_SUBJ_38 || __TVD_PH_SUBJ_39 || __TVD_PH_SUBJ_41 || __TVD_PH_SUBJ_52 || __TVD_PH_SUBJ_54 || __TVD_PH_SUBJ_56 || __TVD_PH_SUBJ_58 || __TVD_PH_SUBJ_59 || __TVD_PH_SUBJ_ACCESS_POST
-meta        __TVD_SPACE_ENCODED    (__TVD_SPACE_RATIO && __SUBJECT_ENCODED_B64 && !__SUBJECT_UTF8_B_ENCODED)
-if !plugin(Mail::SpamAssassin::Plugin::BodyEval)
-  meta      __TVD_SPACE_RATIO      0
-endif
-header      __TVD_SUBJ_NUM_OBFU    Subject =~ /[a-z]{3,}\d+[a-z]{2,}/i
-header   __UA_GNUS		User-Agent =~ /^Gnus/
-header   __UA_KMAIL		User-Agent =~ /^KMail/
-header   __UA_KNODE		User-Agent =~ /^KNode/
-header   __UA_MOZ5		User-Agent =~ /^Mozilla\/5/
-header   __UA_MSOEMAC		User-Agent =~ /^Microsoft-Outlook-Express-Mac/
-header         __UA_MSOMAC           User-Agent =~ /^Microsoft-MacOutlook\/(?:\d+\.){3}/
-header   __UA_MUTT		User-Agent =~ /^Mutt/
-header   __UA_OPERA7		User-Agent =~ /^Opera7/
-header   __UA_PAN		User-Agent =~ /^Pan/
-header   __UA_XNEWS		User-Agent =~ /^Xnews/
-body        __UC_GIBB_OBFU     /\b[A-Za-z][a-z]{0,20}[,;)]?\s[A-Z]{16,}[a-z]?\s[A-Za-z][a-z]{1,15}\b/
-tflags      __UC_GIBB_OBFU     multiple maxhits=2
-body     __UN             /\bunited\snations?\b/i
-body	 __UNSUB_EMAIL	/\b(?:(?:un)?subscri(?:ber?|ptions?)|abuses?|opt(?:ing)?.?out)\b[-a-z_0-9.+=]{0,60}\@[a-z0-9][-a-z_0-9.]{4,20}(?:[^a-z_0-9.-]|$)/i
-tflags	 __UNSUB_EMAIL	nice
-uri	 __UNSUB_LINK	/\b(?:(?:un)?subscri(?:ber?|ptions?)|abuses?|opt(?:ing)?.?out)\b/i
-tflags	 __UNSUB_LINK	nice
-body        __UPGR_MAILBOX       /\b(?:up(?:g[ra]+d(?:e|ing)|date) (?:[hw]as\s(?:[a-z]+\s){1,5})?(?:o[nf] )?(?:your )?(?:mail\s?box|(?:web ?|e-?)mail)|(?:web ?|e-?)mail Upgrade cuenta|atualiz(?:e|ar) (?:a|sua) caixa de correio|click\S{0,10} (?:here(?:[:\.\s]{0,5}\S{0,10}http\S{10,80})?|below)(?: link)? to (?:(?:complete|finish|increase) )?(?:(?:the|this|your)\s)?(?:up(?:date|grade)|(?:web ?|e-?)?mail(?:\s?box)? (?:size|quota|limit))|utrzymania aktywnego konta|request (?:for )additional storage)\b/i
-uri         __UPPERCASE_URI        /^[^:A-Z]+[A-Z]/
-uri            __URI_12LTRDOM      m,://(?:[^./]+\.)*[a-z]{12}\.[^./]+/,i
-uri         __URI_GOOGLE_DOC     m,^https?://docs\.google\.com/(?:[^/]+/)*view(?:form)?\?(?:id|formkey)=,i
-uri            __URI_GOOGLE_PROXY     m;^https?://[^.]+\.googleusercontent\.com/proxy/;i
-uri         __URI_MAILTO              /^mailto:/i
-tflags      __URI_MAILTO              multiple maxhits=16
-meta        __URI_MAILTO_MANY         __URI_MAILTO > 15
-meta      __URI_ONLY_MSGID_MALF         __BODY_URI_ONLY && __MSGID_NOFQDN2
-meta        __URI_PHISH    __HAS_ANY_URI && !__URI_GOOGLE_DOC && (__EMAIL_PHISH || __ACCT_PHISH)
-uri         __URI_TRY_USME    m,^https?://(?:try|start|get|save|check|act|compare|join|learn|request|visit|my)[^.]*\.[^/]+\.(?:us|me|mobi|club)\b,i
-uri         __URI_WPADMIN      m,/wp-admin/\w+/,i
-uri         __URI_WPCONTENT    m,/wp-content/.*\.(?:php|html?)\b,i
-uri         __URI_WPDIRINDEX   m,/wp-(?:content|includes)/.*/$,i
-uri         __URI_WPINCLUDES   m,/wp-includes/.*\.(?:php|html?)\b,i
-uri	 __URL_SHORTENER	/^http:\/\/(?:bit\.ly|tinyurl\.com|ow\.ly|is\.gd|tumblr\.com|formspring\.me|ff\.im|youtu\.be|tl\.gd|plurk\.com|migre\.me|j\.mp|cli\.gs|goo\.gl|yfrog\.com|lnk\.ms|su\.pr|fb\.me|alturl\.com|wp\.me|ping\.fm|chatter\.com|post\.ly|twurl\.nl|tiny\.cc|4sq\.com|ustre\.am|short\.to|u\.nu|flic\.kr|budurl\.com|digg\.com|twitvid\.com|gowal\.la|om\.ly|justin\.tv|icio\.us|p\.gs|loopt\.us|tcrn\.ch|xrl\.us|wpo\.st|bkite\.com)\/[^\/]{3}\/?/
-header __VACATION Subject =~ /\b(?:vacatio|away|out.of.offic|auto.?re|confirm)/i
-tflags __VACATION nice
-body        __VALIDATE_MAILBOX   /\b(?:(?:re-?)?(?:valida(?:te|r)|confirm|set)(?:\S?(?:increase|raise))? (?:your|(?:a )?sua) (?:mail\s?box|(?:e-?)?mail quota|caixa)|confirmar (?:que )?a sua conta (?:de e-?mail|ainda est(?:=E1|[\xe1]|[\xc3][\xa1]) ativa)|wprowadz dane konta ponizej|utrzymania aktywnego konta e-?mail|weryfikacji konta)\b/i
-body        __VALIDATE_MBOX_SE   /(?:\b=E5|[\xe5]|[\xc3][\xa5])terst(?:=E4|\xe4|[\xc3][\xa4])lla ditt konto\b/i
-body        __VERIFY_ACCOUNT     /(?:confirm|updated?|verify) (?:your|the) (?:account|current|billing|personal|online)? ?(?:records?|information|account|identity|access|data|login)/i
-body        __WEBMAIL_ACCT       /\byour web ?mail account/i
-body     __WIDOW          /\b(?:widow(?:e[rd])'?s?|veuve)\b/i
-body     __WILL_LEGAL     /\b(?:codicil|last\stestament|probate|executor|intestate|bequest|mandamus)\b/i
-body     __WIRE_XFR       /\b(?:wire|telegraph(?:ic)?|bank)\s?transfer/i
-header         __XEROXWORKCTR_MUA  X-Mailer =~ /^WorkCentre \D?\d[\d\.]\d+/
-meta     __XFER_MONEY     (__WIRE_XFR || __TRUSTED_CHECK || __BANK_DRAFT || __MOVE_MONEY || __TO_YOUR_ACCT || __PAY_YOU || __GIVE_MONEY)
-header   __XM_BALSA		X-Mailer =~ /^Balsa \d/
-header   __XM_CALYPSO		X-Mailer =~ /^Calypso/
-header   __XM_FORTE		X-Mailer =~ /^Forte Agent \d/
-header   __XM_GNUS		X-Mailer =~ /^Gnus v/
-header   __XM_MHE		X-Mailer =~ /^mh-e \d/
-header   __XM_MOZ4		X-Mailer =~ /^Mozilla 4/
-header   __XM_MSOE5		X-Mailer =~ /^Microsoft Outlook Express 5/
-header   __XM_MSOE6		X-Mailer =~ /^Microsoft Outlook Express 6/
-header __XM_MS_IN_GENERAL     X-Mailer =~ /\bMSCRM\b|Microsoft (?:CDO|Outlook|Office Outlook)\b/
-header __XM_OL_10_0_4115    X-Mailer =~ /^Microsoft Outlook, Build 10.0.4115$/
-header __XM_OL_28001441    X-Mailer =~ /^Microsoft Outlook Express 6.00.2800.1441$/
-header __XM_OL_28004682    X-Mailer =~ /^Microsoft Outlook Express 6.00.2800.4682$/
-header __XM_OL_48072300    X-Mailer =~ /^Microsoft Outlook Express 5.50.4807.2300$/
-header __XM_OL_4_72_2106_4  X-Mailer =~ /^Microsoft Outlook Express 4.72.2106.4$/
-header __XM_OUTLOOK_EXPRESS    X-Mailer =~ /^Microsoft Outlook Express \d/
-header      __XM_PHPMAILER_FORGED  X-Mailer =~ /PHPMailer\s.*version\D+$/
-header   __XM_SKYRI		X-Mailer =~ /^SKYRiXgreen/
-header   __XM_SQRLMAIL		X-Mailer =~ /^SquirrelMail/
-header   __XM_SYLPHEED		X-Mailer =~ /^Sylpheed/
-header   __XM_THEBAT		X-Mailer =~ /^The Bat!/
-header   __XM_VM		X-Mailer =~ /^VM \d/
-header   __XM_WWWMAIL		X-Mailer =~ /^WWW-Mail \d/
-header   __XM_XIMEVOL		X-Mailer =~ /^Ximian Evolution/
-body     __YOUR_BANK      /\byour?\s(?:full\s)?bank(?:ing)?\sinformations?\b/i
-body     __YOUR_FUND      /\b(?:your|ihr)\s(?:unpaid\s|win+ing\s|ap+roved\s|foreign\s|overdue\s|outstanding\s|contract\s|inheritance\s|nicht\sausbezahlten\s){0,3}(?:fund|payment|geld)\b/i
-body     __YOUR_PERM      /\byour\spermission\b/i
-body     __YOUR_PROFIT    /\byour?\sprofit/i
-body     __YOU_ASSIST     /\b(?:your\sas+istan(?:ce|t)|votre\s(?:as+istance|aide))\b/i
-body     __YOU_INHERIT    /\byour\s[a-z\s]{0,30}inherit+ance\b/i
-meta     __YOU_WON       __YOU_WON_01 || __YOU_WON_02 || __YOU_WON_03 || __YOU_WON_04 || __HAS_WON_01 || (__YOU_WON_05 && (__MOVE_MONEY || __GIVE_MONEY))
-body     __YOU_WON_01    /\byou(?:r|'re|'ve|'ll|\shave|\sdid)?\s(?:e-?mail\s)?(?:\w+\s){0,2}(?:a\s)?w[io]n+(?:er|ing)?(?!'t)\b/i
-body     __YOU_WON_02    /\bw[io]n\s(?:(?:for|by)\s)?your?\b/i
-body     __YOU_WON_03    /\b(?:your?|win+ing|win+ers?|beneficiaries|participants?|individuals?|address(?:es)?|accounts?|emails?)(?:\s[-a-z\s]{4,40})?\s(?:w(?:ere|as)|ha(?:ve|s) be(?:en)?)\s(?:automatically\s)?(?:(?:randomly|raffly)\s(?:selected|cho+sen|cho+sing|picked)|(?:selected|cho+sen|cho+sing|picked)\s(?:[a-z\s]{2,40}?\srandom(?:ly)?|online|lottery|computer\s(?:ballot|wahlgang))|(?:selected|cho+sen|cho+sing|picked)(?:\sas?|\sthe){0,3}\swin+er)/i
-body     __YOU_WON_04    /\bqu[ei]\s?(?:vous (?:[\xc3][\xaa]|=C3=AA|[\xea]|e)tes\s?gagnant|en\scons(?:e|=E9|[\xe9]|[\xc3][\xa9])quence\sgagne)\b/i
-body     __YOU_WON_05    /\bI won\b/i
-if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
-  meta         __ZIP_ATTACH_NOFN   0
-endif
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __ZIP_ATTACH_NOFN   Content-Type =~ m,\bapplication/zip[;\s]*$,i
-endif
-body		__hk_bigmoney		/(?:EURO?|USD?|GBP|CFA|\&\#163;|[\xa3\xa4]|\$|sum of).{0,4}(?:[0-9]{3}[^0-9a-z]?[0-9]{3}|[0-9.,]{1,4}(?: ?M\b| ?(?:de )?Mil))/i
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-header   __smf_freemail_hdr_replyto  eval:check_freemail_header('Reply-To:addr')
-endif
-</file>