HEX
Server: Apache
System: Linux sg241.singhost.net 2.6.32-896.16.1.lve1.4.51.el6.x86_64 #1 SMP Wed Jan 17 13:19:23 EST 2018 x86_64
User: honghock (909)
PHP: 8.0.30
Disabled: passthru,system,shell_exec,show_source,exec,popen,proc_open
$ pwd: /proc/self/root/etc/mail/spamassassin/
Upload Files
File: //proc/self/root/etc/mail/spamassassin/vodien.cf
score RCVD_IN_MSPIKE_WL 0.00
score SPF_FAIL 12.00
score URIBL_CR_SURBL (12)
score URIBL_BLACK (12)
score RCVD_IN_RP_RNBL 12.00
score URIBL_ABUSE_SURBL 12.00
score URIBL_DBL_ABUSE_REDIR 5.00
score URIBL_DBL_SPAM 5.00

loadplugin Mail::SpamAssassin::Plugin::FromNameSpoof

  # skip message signed by these DKIM senders
  fns_ignore_dkim linkedin.com *.snv.ariba.com ansmtp.ariba.com googlegroups.com yahoogroups.com yahoogroups.de

  # skip messages with one or more of these headers
  fns_ignore_headers List-Id List-Post Mailing-List X-Forwarded-For

  # group similar domains to one name
  fns_add_addrlist   (GMAIL)  *@gmail.com *@googlemail.com
  fns_add_addrlist   (ARIBA)  *@*.snv.ariba.com *@ansmtp.ariba.com

  # Does the From:name look like an email address
  header   __PLUGIN_FROMNAME_EMAIL eval:check_fromname_contains_email()

  # Is the From:name differen to the from header
  header   __PLUGIN_FROMNAME_DIFFERENT eval:check_fromname_different()

  # From:name owners differ
  header   __PLUGIN_FROMNAME_OWNERS_DIFFER eval:check_fromname_owners_differ()

  # From:name domain differs to from header
  header   __PLUGIN_FROMNAME_DOMAIN_DIFFER eval:check_fromname_domain_differ()

  # From:name and From:address don't match and owners differ
  header   __PLUGIN_FROMNAME_SPOOF eval:check_fromname_spoof()

  # From:name address matches To:address
  header   __PLUGIN_FROMNAME_EQUALS_TO eval:check_fromname_equals_to()

  meta     FROMNAME_SPOOF  (__PLUGIN_FROMNAME_SPOOF)
  describe FROMNAME_SPOOF From:name doesn't match From:address
  score    FROMNAME_SPOOF 8.0

  meta     FROMNAME_SPOOF_EQUALS_TO  (FROMNAME_SPOOF && __PLUGIN_FROMNAME_EQUALS_TO)
  describe FROMNAME_SPOOF_EQUALS_TO From:name is spoof to look like To: address
  score    FROMNAME_SPOOF_EQUALS_TO 1.0

  meta     FROMNAME_EQUALS_TO (!FROMNAME_SPOOF && __PLUGIN_FROMNAME_EQUALS_TO)
  describe FROMNAME_EQUALS_TO From:name matches To: address
  score    FROMNAME_EQUALS_TO 0.01

  meta     FROMNAME_SPOOF_FREEMAIL (FREEMAIL_FROM && FROMNAME_SPOOF)
  describe FROMNAME_SPOOF_FREEMAIL From:name spoof and Freemail From:address
  score    FROMNAME_SPOOF_FREEMAIL 10.0

  #askdns __FNS_HIGHPROFILE _FNSFNAMEDOMAIN_.some.reputation.service A 127.0.0.1
  #meta FROMNAME_SPOOF_HIGHPROFILE (__FNS_HIGHPROFILE && FROMNAME_SPOOF)

fns_check 0

header LOCAL_BLOCK_BAD_SPOOF_SPAM1_RULE Subject=~ /Security Alert\. Your account was compromissed\. Password must be changed\./i
score LOCAL_BLOCK_BAD_SPOOF_SPAM1_RULE 15.0
describe LOCAL_BLOCK_BAD_SPOOF_SPAM1_RULE Block bitcoin spoof spam
@ Telegram