|
|
@@ -0,0 +1,593 @@ |
|
|
|
# Metrics settings |
|
|
|
|
|
|
|
metric { |
|
|
|
name = "default"; |
|
|
|
action = "reject:10"; |
|
|
|
action = "greylist:4"; |
|
|
|
action = "add_header:6"; |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = "Subject is missing inside message"; |
|
|
|
name = "MISSING_SUBJECT"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.100000; |
|
|
|
description = "Message pretends to be send from Outlook but has 'strange' tags "; |
|
|
|
name = "FORGED_OUTLOOK_TAGS"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.0; |
|
|
|
description = "Sender is forged (different From: header and smtp MAIL FROM: addresses)"; |
|
|
|
name = "FORGED_SENDER"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.500000; |
|
|
|
description = "Recipients seems to be autogenerated (works if recipients count is more than 5)"; |
|
|
|
name = "SUSPICIOUS_RECIPS"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 6.0; |
|
|
|
description = "Fake reply (has RE in subject, but has not References header)"; |
|
|
|
name = "FAKE_REPLY_C"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "Messages that have only HTML part"; |
|
|
|
name = "MIME_HTML_ONLY"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = "Forged yahoo msgid"; |
|
|
|
name = "FORGED_MSGID_YAHOO"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = "Forged The Bat! MUA headers"; |
|
|
|
name = "FORGED_MUA_THEBAT_BOUN"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.0; |
|
|
|
description = "Charset is missing in a message"; |
|
|
|
name = "R_MISSING_CHARSET"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = "Two received headers with ip addresses"; |
|
|
|
name = "RCVD_DOUBLE_IP_SPAM"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.0; |
|
|
|
description = "Forged outlook HTML signature"; |
|
|
|
name = "FORGED_OUTLOOK_HTML"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.0; |
|
|
|
description = "Recipients are absent or undisclosed"; |
|
|
|
name = "R_UNDISC_RCPT"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 9.0; |
|
|
|
description = "White color on white background in HTML messages"; |
|
|
|
name = "R_WHITE_ON_WHITE"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "Short html part with a link to an image"; |
|
|
|
name = "HTML_SHORT_LINK_IMG_2"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "Forged outlook MUA"; |
|
|
|
name = "FORGED_MUA_OUTLOOK"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 0.0; |
|
|
|
description = "Forged outlook MUA, but from maillist"; |
|
|
|
name = "FORGED_MUA_OUTLOOK_MAILLIST"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.0; |
|
|
|
description = "Suspicious boundary in header Content-Type"; |
|
|
|
name = "SUSPICIOUS_BOUNDARY"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 4.0; |
|
|
|
description = "Suspicious boundary in header Content-Type"; |
|
|
|
name = "SUSPICIOUS_BOUNDARY2"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "Suspicious boundary in header Content-Type"; |
|
|
|
name = "SUSPICIOUS_BOUNDARY3"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 4.0; |
|
|
|
description = "Suspicious boundary in header Content-Type"; |
|
|
|
name = "SUSPICIOUS_BOUNDARY4"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 4.0; |
|
|
|
description = "Message pretends to be send from The Bat! but has forged Message-ID"; |
|
|
|
name = "FORGED_MUA_THEBAT_MSGID"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "Message pretends to be send from The Bat! but has forged Message-ID"; |
|
|
|
name = "FORGED_MUA_THEBAT_MSGID_UNKNOWN"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "Message pretends to be send from KMail but has forged Message-ID"; |
|
|
|
name = "FORGED_MUA_KMAIL_MSGID"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.500000; |
|
|
|
description = "Message pretends to be send from KMail but has forged Message-ID"; |
|
|
|
name = "FORGED_MUA_KMAIL_MSGID_UNKNOWN"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 4.0; |
|
|
|
description = "Message pretends to be send from Opera Mail but has forged Message-ID"; |
|
|
|
name = "FORGED_MUA_OPERA_MSGID"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 4.0; |
|
|
|
description = "Message pretends to be send from suspicious Opera Mail/10.x (Windows) but has forged Message-ID, apparently from KMail"; |
|
|
|
name = "SUSPICIOUS_OPERA_10W_MSGID"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 4.0; |
|
|
|
description = "Message pretends to be send from Mozilla Mail but has forged Message-ID"; |
|
|
|
name = "FORGED_MUA_MOZILLA_MAIL_MSGID"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.500000; |
|
|
|
description = "Message pretends to be send from Mozilla Mail but has forged Message-ID"; |
|
|
|
name = "FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 4.0; |
|
|
|
description = "Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID"; |
|
|
|
name = "FORGED_MUA_THUNDERBIRD_MSGID"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.500000; |
|
|
|
description = "Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID"; |
|
|
|
name = "FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 4.0; |
|
|
|
description = "Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID"; |
|
|
|
name = "FORGED_MUA_SEAMONKEY_MSGID"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.500000; |
|
|
|
description = "Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID"; |
|
|
|
name = "FORGED_MUA_SEAMONKEY_MSGID_UNKNOWN"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = "Fake helo for verizon provider"; |
|
|
|
name = "FM_FAKE_HELO_VERIZON"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = "Quoted reply-to from yahoo (seems to be forged)"; |
|
|
|
name = "REPTO_QUOTE_YAHOO"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.0; |
|
|
|
description = "Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange)"; |
|
|
|
name = "MISSING_MIMEOLE"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = "To header is missing"; |
|
|
|
name = "MISSING_TO"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.500000; |
|
|
|
description = "From that contains encoded characters while base 64 is not needed as all symbols are 7bit"; |
|
|
|
name = "FROM_EXCESS_BASE64"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.200000; |
|
|
|
description = "From that contains encoded characters while quoted-printable is not needed as all symbols are 7bit"; |
|
|
|
name = "FROM_EXCESS_QP"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.500000; |
|
|
|
description = "To that contains encoded characters while base 64 is not needed as all symbols are 7bit"; |
|
|
|
name = "TO_EXCESS_BASE64"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.200000; |
|
|
|
description = "To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit"; |
|
|
|
name = "TO_EXCESS_QP"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.500000; |
|
|
|
description = "Reply-To that contains encoded characters while base 64 is not needed as all symbols are 7bit"; |
|
|
|
name = "REPLYTO_EXCESS_BASE64"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.200000; |
|
|
|
description = "Reply-To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit"; |
|
|
|
name = "REPLYTO_EXCESS_QP"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.500000; |
|
|
|
description = "Cc that contains encoded characters while base 64 is not needed as all symbols are 7bit"; |
|
|
|
name = "CC_EXCESS_BASE64"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.200000; |
|
|
|
description = "Cc that contains encoded characters while quoted-printable is not needed as all symbols are 7bit"; |
|
|
|
name = "CC_EXCESS_QP"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.0; |
|
|
|
description = "Mixed characters in a message"; |
|
|
|
name = "R_MIXED_CHARSET"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.500000; |
|
|
|
description = "Recipients list seems to be sorted"; |
|
|
|
name = "SORTED_RECIPS"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "Spambots signatures in received headers"; |
|
|
|
name = "R_RCVD_SPAMBOTS"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = "To header seems to be autogenerated"; |
|
|
|
name = "R_TO_SEEMS_AUTO"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "Subject needs encoding"; |
|
|
|
name = "SUBJECT_NEEDS_ENCODING"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.840000; |
|
|
|
description = "Spam string at the end of message to make statistics faults 0"; |
|
|
|
name = "TRACKER_ID"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "No space in from header"; |
|
|
|
name = "R_NO_SPACE_IN_FROM"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 8.0; |
|
|
|
description = "Subject seems to be spam"; |
|
|
|
name = "R_SAJDING"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "Detects bad content-transfer-encoding for text parts"; |
|
|
|
name = "R_BAD_CTE_7BIT"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 10.0; |
|
|
|
description = "Flash redirect on imageshack.us"; |
|
|
|
name = "R_FLASH_REDIR_IMGSHACK"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.0; |
|
|
|
description = "Message id is incorrect"; |
|
|
|
name = "INVALID_MSGID"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "Message id is missing "; |
|
|
|
name = "MISSING_MID"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "Recipients are not the same as RCPT TO: mail command"; |
|
|
|
name = "FORGED_RECIPIENTS"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 0.0; |
|
|
|
description = "Recipients are not the same as RCPT TO: mail command, but from maillist"; |
|
|
|
name = "FORGED_RECIPIENTS_MAILLIST"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = "Forged Exchange messages "; |
|
|
|
name = "RATWARE_MS_HASH"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "Reply-type in content-type"; |
|
|
|
name = "STOX_REPLY_TYPE"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "IP in received headers is in PBL"; |
|
|
|
name = "R_IP_PBL"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "One received header in a message "; |
|
|
|
name = "ONCE_RECEIVED"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 4.0; |
|
|
|
description = "One received header with 'bad' patterns inside"; |
|
|
|
name = "ONCE_RECEIVED_STRICT"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "Received headers contains addresses from RBL"; |
|
|
|
name = "RECEIVED_RBL"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "Text and HTML parts differ"; |
|
|
|
name = "R_PARTS_DIFFER"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = "Only Content-Type header without other MIME headers"; |
|
|
|
name = "MIME_HEADER_CTYPE_ONLY"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = "Message contains empty parts and image "; |
|
|
|
name = "R_EMPTY_IMAGE"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = "Drugs patterns inside message"; |
|
|
|
name = "DRUGS_MANYKINDS"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = ""; |
|
|
|
name = "DRUGS_ANXIETY"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = ""; |
|
|
|
name = "DRUGS_MUSCLE"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = ""; |
|
|
|
name = "DRUGS_ANXIETY_EREC"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = ""; |
|
|
|
name = "DRUGS_DIET"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.0; |
|
|
|
description = ""; |
|
|
|
name = "DRUGS_ERECTILE"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.300000; |
|
|
|
description = "2 'advance fee' patterns in a message"; |
|
|
|
name = "ADVANCE_FEE_2"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 2.120000; |
|
|
|
description = "3 'advance fee' patterns in a message"; |
|
|
|
name = "ADVANCE_FEE_3"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 8.0; |
|
|
|
description = "Lotto signatures"; |
|
|
|
name = "R_LOTTO"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "Message probably spam, probability: "; |
|
|
|
name = "BAYES_SPAM"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = -3.0; |
|
|
|
description = "Message probably ham, probability: "; |
|
|
|
name = "BAYES_HAM"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = ""; |
|
|
|
name = "R_FUZZY"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = ""; |
|
|
|
name = "R_FUZZY1"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = ""; |
|
|
|
name = "R_FUZZY2"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = ""; |
|
|
|
name = "R_FUZZY3"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "SPF verification failed"; |
|
|
|
name = "R_SPF_FAIL"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "SPF verification soft-failed"; |
|
|
|
name = "R_SPF_SOFTFAIL"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = -3.0; |
|
|
|
description = "SPF verification alowed"; |
|
|
|
name = "R_SPF_ALLOW"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = -2.0; |
|
|
|
description = "Whitelisted client's IP"; |
|
|
|
name = "WHITELIST_IP"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = -2.0; |
|
|
|
description = "Message seems to be from maillist"; |
|
|
|
name = "MAILLIST"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.500000; |
|
|
|
description = "Phishing and malware sites"; |
|
|
|
name = "PH_SURBL_MULTI"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.500000; |
|
|
|
description = "Outblaze URI Blacklist"; |
|
|
|
name = "OB_SURBL_MULTI"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.500000; |
|
|
|
description = "AbuseButler web sites"; |
|
|
|
name = "AB_SURBL_MULTI"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.500000; |
|
|
|
description = "SpamCop web sites"; |
|
|
|
name = "SC_SURBL_MULTI"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.500000; |
|
|
|
description = "jwSpamSpy + Prolocation sites"; |
|
|
|
name = "JP_SURBL_MULTI"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.500000; |
|
|
|
description = "sa-blacklist web sites "; |
|
|
|
name = "WS_SURBL_MULTI"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 9.500000; |
|
|
|
description = "rambler.ru uribl"; |
|
|
|
name = "RAMBLER_URIBL"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 9.500000; |
|
|
|
description = "rambler.ru emailbl"; |
|
|
|
name = "RAMBLER_EMAILBL"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.0; |
|
|
|
description = "Phished mail"; |
|
|
|
name = "PHISHING"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "Header From begins with tab"; |
|
|
|
name = "HEADER_FROM_DELIMITER_TAB"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "Header To begins with tab"; |
|
|
|
name = "HEADER_TO_DELIMITER_TAB"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "Header Cc begins with tab"; |
|
|
|
name = "HEADER_CC_DELIMITER_TAB"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "Header Reply-To begins with tab"; |
|
|
|
name = "HEADER_REPLYTO_DELIMITER_TAB"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "Header Date begins with tab"; |
|
|
|
name = "HEADER_DATE_DELIMITER_TAB"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "Header From has no delimiter between header name and header value"; |
|
|
|
name = "HEADER_FROM_EMPTY_DELIMITER"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "Header To has no delimiter between header name and header value"; |
|
|
|
name = "HEADER_TO_EMPTY_DELIMITER"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "Header Cc has no delimiter between header name and header value"; |
|
|
|
name = "HEADER_CC_EMPTY_DELIMITER"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "Header Reply-To has no delimiter between header name and header value"; |
|
|
|
name = "HEADER_REPLYTO_EMPTY_DELIMITER"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 1.0; |
|
|
|
description = "Header Date has no delimiter between header name and header value"; |
|
|
|
name = "HEADER_DATE_EMPTY_DELIMITER"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 4.0; |
|
|
|
description = "Header Received has raw illegal character"; |
|
|
|
name = "RCVD_ILLEGAL_CHARS"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 4.0; |
|
|
|
description = "Fake helo mail.ru in header Received from non mail.ru sender address"; |
|
|
|
name = "FAKE_RECEIVED_mail_ru"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 4.0; |
|
|
|
description = "Fake smtp.yandex.ru Received"; |
|
|
|
name = "FAKE_RECEIVED_smtp_yandex_ru"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.600000; |
|
|
|
description = "Forged generic Received"; |
|
|
|
name = "FORGED_GENERIC_RECEIVED"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.600000; |
|
|
|
description = "Forged generic Received"; |
|
|
|
name = "FORGED_GENERIC_RECEIVED2"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.600000; |
|
|
|
description = "Forged generic Received"; |
|
|
|
name = "FORGED_GENERIC_RECEIVED3"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.600000; |
|
|
|
description = "Forged generic Received"; |
|
|
|
name = "FORGED_GENERIC_RECEIVED4"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 4.600000; |
|
|
|
description = "Forged generic Received"; |
|
|
|
name = "FORGED_GENERIC_RECEIVED5"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "Invalid Postfix Received"; |
|
|
|
name = "INVALID_POSTFIX_RECEIVED"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 5.0; |
|
|
|
description = "Invalid Exim Received"; |
|
|
|
name = "INVALID_EXIM_RECEIVED"; |
|
|
|
} |
|
|
|
symbol { |
|
|
|
weight = 3.0; |
|
|
|
description = "Invalid Exim Received"; |
|
|
|
name = "INVALID_EXIM_RECEIVED2"; |
|
|
|
} |
|
|
|
} |