#!/usr/bin/perl ########################################################################################## # # qmail-localfilter.pl # # A modest spam-blocking/mail-filtering tool, largely derived from SpamAssassin. # # This program is mainly intended for individuals/small groups who run their own # domains and manage their own mail servers. It was written to work with qmail, # and is unashamedly biased in favor of English speaking mail operators. # # Version: 1.56d # # Copyright/License/Disclaimer: # ----------------------------- # Copyright (c) 2004 by John Fitzgibbon (fitz@jfitz.com). # # Permission to use, copy, modify, and distribute this software for any purpose # with or without fee is hereby granted, provided that the above copyright notice, # this permission notice and the following disclaimer appear in all copies. # # THIS SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD # TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR # CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR # PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, # ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # # Inane Rambling: # --------------- # The main reason this program exists is because I found it hard to modify SpamAssassin # to meet my needs, and maintenance was difficult because of the number of files involved. # Here, all the settings, lists, rules and code are in two files - if you want to know # where to change/add something, (and I encourage you to do so), the answer is either # "here" or in the settings file, (qmail-localfilter-settings.pl). In addition, there are # three optional files, qmail-localfilter-custom-body.pl, qmail-localfilter-custom-hdr.pl # and qmail-localfilter-custom-raw.pl. These files, (described below), can be used to add # custom rules. # # This tool is not designed to "tag" mail. It is designed to reject it, (based on the # exit code). The reasons why the mail was rejected are logged to the mail log. When # dealing with large volumes of spam, I find this approach better than just dumping spam # into a folder - where I'm very likely to "silently" delete the occasional "false # positive". By rejecting the mail, a legitimate sender will know immediately that they # didn't get through, and can contact me by some other means if the message is important. # # Also, because this program simply rejects mail instead of tagging it, it can stream # the mail as it is read - it doesn't need to store the mail to tag the header. Also, it # can terminate prematurely if it detects that the mail is spam, because it knows that # the mail is not going to be delivered. This "one-pass" filter approach is useful for # "real-time" rejection of spam where memory and CPU cycles are important. # # Usage summary: # -------------- # Note: You'll need the following perl modules: # use IO::Socket; # use Expect; # use Net::DNS; # use Sys::Syslog qw(:DEFAULT setlogsock); # use Getopt::Std; # use MIME::QuotedPrint; # use MIME::Base64; # use IO::File; # use File::Temp qw/ tempfile tempdir /; # use HTML::Entities; # # (Some of these modules have other dependencies, so please ensure that you install # the full package, MIME, HTML, etc. and not just the specific modules listed.) # # To see what this program does, you can try this: # # qmail-localfilter.pl -d < some_mail_file.eml # # The -d puts the program in debug mode so output goes to the screen, not maillog. # You can add -r, (show raw text), -t, (show test text) and -m (show mail headers) # to get a good idea of what's actually being tested in the rules sections below. # # Once you've got the hang of things, and made any settings/rule modifications you # need (in qmail-localfilter-settings.pl), plug these scripts into the filtering # portion of your mail delivery system, (without any command line parameters). # # When up and running, I find using the script from the command line with the -dtf # options is handy for coming up with new spam phrases when bad mail gets through. # # Installation: # ------------- # First step should be to customize qmail-localfilter-settings.pl and get things # working to your satisfaction using the debug command line settings. Then: # # I use this program with qmail, using the QMAILQUEUE patch, (http://www.qmail.org/) # and qmail-qfilter, (http://untroubled.org/qmail-qfilter/). I set up /var/qmail/rc # to call a script by adding the following near the top of the rc script: # # QMAILQUEUE=/var/qmail/bin/qmail-localfilter.sh # export QMAILQUEUE # # I then created a 2-line script /var/qmail/bin/qmail-localfilter.sh: # # #!/bin/sh # exec /var/qmail/bin/qmail-qfilter /var/qmail/bin/qmail-localfilter.pl # # The only other thing was to copy qmail-localfilter.pl and qmail-localfilter-settings.pl # into /var/qmail/bin and make sure all the scripts are executable, (chmod +x *.sh *.pl). # # I imagine it should be pretty straightforward to modify this code for use with other # mail filtering systems, but I'm not the right person to ask how. I'm also pretty # useless with perl, so the answer to "why did you do such-and-such?" is probably that # I didn't know any better, (though I did find some surprising performance improvements # by NOT using some of the perl's "performance-improving" features, (like (?:...)). # # One more thing: no, very sorry, but I won't help you set up qmail. # # Adding Customized Rules: # ------------------------ # qmail-localfilter.pl supports four optional files that can contain custom settings # and rules. The files are: # # qmail-localfilter-custom-settings.pl # qmail-localfilter-custom-body.pl # qmail-localfilter-custom-hdr.pl # qmail-localfilter-custom-raw.pl # # If you create any of these files to implement custom settings or rules, you should # definitely check that the code executes correctly by running qmail-localfilter.pl # from the command line before putting the new files in /var/qmail/bin. # # Individual users can also create custom settings and rule files, (with the same names # as above), and place them in a directory called ".qmail-localfilter" off their home # directory. The administrator can enable/disable user-specific settings/rules by # modifying the $allow_user_configuration, $users_home_path and $mail_alias_list # settings in the system-wide settings file. # # NOTE THAT THESE SETTINGS/RULES FILES ACTUALLY EXECUTE PERL CODE WITH THE PRIVILEGES # OF THE MAIL FILTER USER, SO YOU SHOULD ONLY ALLOW TRUSTED USERS TO MODIFY SETTINGS. # # For user-specific settings to work, the "MAIL TO" portion of the mail envelope must # match the name of a user on your system, or the name that appears in the MAIL TO must # be mapped to a user on your system with an entry in $mail_alias_list. The alias list # can only be set by the administrator in the system-wide settings file. # # What follows is a brief description of each of the settings/rules files: # # # qmail-localfilter-custom-settings.pl # ------------------------------------ # "qmail-localfilter-custom-settings.pl" is called immediately after the default # settings file is loaded. There are 2 useful approaches to using custom settings: # 1) You can add all non-default settings to qmail-localfilter-custom-settings.pl. # This means you will never need to alter qmail-localfilter-settings.pl # 2) You can just add the various whitelists, blacklists, etc. to the custom file # and set the other variables in qmail-localfilter-settings.pl # # The advantage of 1) is that you keep the default installation "clean". The # advantage of 2) is that you can "diff" new releases of the settings file against # your local copy to see if the settings you are using still make sense. # # In both cases, you should always check any new releases to see if there are any # new settings that need to be set by you. # # Note that you must include the following (uncommented) line somewhere in # qmail-localfilter-custom-settings.pl: # # $settings_custom_found = 1; # # You can copy any other setting from qmail-localfilter-settings.pl and modify # the values as you wish. The most common settings you will probably want to modify # are the lists, (whitelist, darklist, blacklist, etc.). If you want to extend a # system-wide list, (rather than replace it), you can simply add the existing list # at the start of the new one. For example: # # $whitelist = " # $whitelist # myfriend\@somedomain.com # *\@friendlydomain.com # "; # # # qmail-localfilter-custom-body.pl # -------------------------------- # "qmail-localfilter-custom-body.pl" is called from the subroutine "body_tests". # This subroutine performs tests on the email text after it has been reduced to a # single-spaced, lower case stream of words with no special characters. A sample # "qmail-localfilter-custom-body.pl" file might look something like this: # # $body_custom_found=1; # if (/some annoying spammy text/) { spam("c00001",2.0, $&); } # if (/more annoying spammy text/) { spam("c00002",1.2, $&); } # # Note that you must set "$body_custom_found=1;" somewhere in your custom file. The # code above would assign a score of 2.0 if the text "some annoying spammy text" was # found, or a score of 1.2 if the text "more annoying spammy text" was found. The # "$&" parameter means that the matching text is passed to the spam scoring subroutine. # This means the message in the maillog would look like: # # c00001: some annoying spammy text (2.0) # # ... for the first rule above. It's a good idea to use spam IDs with an initial # character other than "s", (like "c00001", for "Custom rule #1"), so as not to # confuse your custom spam IDs with predefined IDs. # # # qmail-localfilter-custom-hdr.pl # ------------------------------- # "qmail-localfilter-custom-hdr.pl" is called from the subroutine "hdr_main_tests", # (when checking the main header section of the email). You can include checks here # that use the various header variables defined in this program. Please see the # subroutine "hdr_main_tests" for examples of rules that check the email header. # # A sample file might look something like this: # # $hdr_custom_found=1; # if ($hdr_main =~ /\nsubject: annoying subject/) { spam("c00003",2.2, "Annoying Subject"); } # # Note that you must set "$hdr_custom_found=1;" somewhere in your custom file. # # # qmail-localfilter-custom-raw.pl # ------------------------------- # "qmail-localfilter-custom-raw.pl" is called from the subroutine "body_raw_tests". # This subroutine performs tests on the email text before it has been processed to # remove special characters and make the text single spaced. (Note, however, that the # text is converted to lower-case.) # # A sample file might look something like this: # # $raw_custom_found=1; # if (/<\!-- spam -->/) { spam("c00004",3.2, "Spammy HTML comment: " . $& ); } # # Note that you must set "$raw_custom_found=1;" somewhere in your custom file. # ########################################################################################## $version = "1.56d"; $time_start = time(); $settings_path = "/var/qmail/bin/"; $settings_file = "qmail-localfilter-settings.pl"; $settings_custom_file = "qmail-localfilter-custom-settings.pl"; $hdr_custom_file = "qmail-localfilter-custom-hdr.pl"; $body_custom_file = "qmail-localfilter-custom-body.pl"; $body_stripped_custom_file = "qmail-localfilter-custom-body-stripped.pl"; $raw_custom_file = "qmail-localfilter-custom-raw.pl"; # # The following variables can all be overridden in qmail-localfilter-settings.pl, # (and many should). See that file for a description of each setting. # $users_home_path = "/home"; $save_spam_users_home_path = ""; %score_override = (); %mail_alias_list = (); $mail_domain = ""; $smtp_server = ""; $smtp_server_ip = "255\.255\.255\.255"; $smtp_server_internal = ""; $stop_on_spam = 1; $body_max_len = 40960 + int(rand(10240)); $attach_max_len = 10240 + int(rand(1024)); $time_max_allowed = 15; $delay_spammers_time = $time_max_allowed; $delay_spammers = 1; $attach_lines_to_check = 20; $spam_threshold = 5.0; $spam_exit_code = 31; $spam_score_headers_too_long = 5.0; $spam_score_whitelist = -100.0; $spam_score_beigelist = -10.0; $spam_score_blacklist = 10.0; $spam_score_darklist = 2.0; $spam_score_graylist = 0.8; $spam_score_internal = -100.0; $spam_score_internal_abuse_report = -100.0; $spam_whitelist_bypass = 1; $neuter_bad_tags = 1; $neuter_img_tags = 1; $html_safe_logging = 1; $http_link_checking = 1; $http_link_exclude = "yahoo|msn|hotmail|lycos|excite|aol|netscape|mail|w3|ebay|paypal|amazon|kodakgallery"; $log_passed_score = 0; $spam_score_recv_from_whitelist = -10.0; $recv_from_whitelist = "\.ofoto\.com|\.amazon\.com"; $whitelist = ""; $beigelist = ""; $blacklist = ""; $darklist = ""; $graylist = ""; $localmailuserlist = ""; $settings_found = 0; $settings_custom_found = 0; $not_to_us = 0; $exe_file_types = "pif|scr|cmd|exe|bat|lnk|com|hta|vbs|cpl"; $save_spam = 0; $save_spam_path = "/var/qmail/log/spam/"; $save_spam_prefix = "spam_"; $save_spam_ext = ".eml"; $save_spam_to_user_home = 0; $save_spam_user_path = "/.qmail-localfilter/log/"; $save_spam_global_file_permission_mask = 0600; $save_spam_user_file_permission_mask = 0660; $single_word_count = 0; # # Some commonly used lists # $fuzzy_numbers = "(zero|only|a {0,1}few|up {0,1}to|(no {0,1}|)(less|fewer|more) than|about|almost|over|several|one|two|twen|three|thir|fou{0,1}r|five|fif|six|seven|eight|nine{0,1}|ten|eleven|twelve|[0-9]{1,}|hundred|thousand|([gb]a|)([mbz]|tr)illion)t{0,1}(een|y|)s{0,1}(.{0,1}of|)"; $fuzzy_timeframe = "(second|minute|hour|da[iy]|week|month|year)(s|ly|)"; $done_body_presubstitution_tests = 0; $done_body_site_tests = 0; $done_body_raw_tests = 0; $done_body_tests = 0; $done_hdr_main_tests = 0; $done_hdr_part_tests = 0; $done_attach_tests = 0; $done_final_tests = 0; ########################################################################################## # # Spam tests section. # # You are highly encouraged to add/change specific tests and scores to meet your needs. # Spammers will always find ways around widely published spam tests. Your best protection # is to "mix things up" by adding your own private rules, or changing the scores for # existing rules. Please see the introduction for info on adding custom rule files. # # The test subroutines are: # # sub body_raw_tests - tests that require the original puncuation and tags # sub body_presubstitution_tests - tests before a word like vi@gr@ is changed to viagra. # sub body_tests - tests on unpuncuated, lower-case, single-spaced text. # sub body_line_tests - line-by-line tests on the text, (try to use sparingly) # sub hdr_main_tests - tests on the main (first) header section of the mail # sub hdr_part_tests - tests on the headers of MIME encoded parts of the mail # sub attach_tests - tests performed on portions of binary attachments # sub final_tests - final tests after processing the mail # # body_tests is a good place to look if you just want ideas on how to add new # words/phrases to your custom filtering. You may also want to look at hdr_main_tests # for ideas if you want to add extra header tests to catch trickier spam. # ########################################################################################## sub trim_ends { local $_ = shift(@_); s/^\s*//; s/\s*$//; return $_; } # # Adds a score and description to the global spam score/description # sub spam { my $id = shift(@_); my $score = shift(@_); my $description = shift(@_); $description =~ s/,//g; if (exists $score_override{$id}) { $score = $score_override{$id}; } if ($save_spam_exclude_list && ($save_spam_exclude_list =~ /$id/)) { $save_spam_exclude_list =~ s/\+$id//g; $save_spam_exclude_list =~ s/$id\+//g; if ($save_spam_exclude_list =~ /$id/) { $opt_d && print "\n----------------------------\n" . "This spam will not be saved." . "\n----------------------------\n"; if ($save_spam_fh) { unlink($save_spam_fh, $save_spam_file); $save_spam_fh = 0; } } } $spam_score += $score; # # Round the overall score to three decimal places. # This is a workaround for weird perl rounding errors. # $spam_score = int (int($spam_score * 10000 + 5) / 10.0) / 1000; $spam_desc .= $id .": " . $description . " (" . $score . "), "; return 1; } # # You can call this once or twice in the body_tests if you feel you've added any # tests that might take a while to execute on large pieces of text: # # if (time_limit_up()) { return; } # sub time_limit_up { if ($time_max_allowed && (time() - $time_start > ($time_max_allowed * 2))) { return 1; } else { return 0; } } $html_body_bgcolor = ""; $html_font_test_color = ""; # use Lingua::Ispell qw(spellcheck); # $Lingua::Ispell::path = '/usr/bin/ispell'; # # Spelling tests on a lower-case, stripped concatenation of the text portions of the message. # # sub body_spell_tests # { # for my $r ( spellcheck($body_test_text) ) # { # if ( $r->{'type'} eq 'miss' ) # { # print $r->{'term'} ." was not found in the dictionary;\n"; # print "Near misses: " . @{$r->{'misses'}} . "\n"; # } # elsif ( $r->{'type'} eq 'none' ) # { # print "No match for term " . $r->{'term'} . "\n"; # } # } # } # # Tests for bad sites in a lower-case, non-stripped, (includes tags, spacing and special # characters), version of a concatenation of all the text portions of the message. # sub body_site_tests { $done_body_site_tests = 1; if ($body_raw_text =~ /l[\-\. ]e[\-\. ]g[\-\. ]a[\-\. ]l[\-\. ]{0,1}/) { $body_raw_text =~ s/l[\-\. ]e[\-\. ]g[\-\. ]a[\-\. ]l[\-\. ]{0,1}/legal/g; } if ($body_raw_text =~ /(free|adult(s|only){0,})\.(com|net|biz|org|info)/is) { spam("s02692",0.8,"Somewhat suspicious site: ..." . $&); } if ($body_raw_text =~ /(hetmodel|halosout|disnui|dieznutz|dibres|dfendme|disonne|diasoul|disnniy|digglog|dicnay|simpleitislove|heartsattach|herbalonez|xtra.{0,1}size.{0,1}plus|fromcupidwithlove|f(i|ou)nd(some|the|){0,}love|(steamy|adult|freaky|sexy){1,}.{0,1}((play|movie|video|single|dat(e|ing))s{0,1}){1,}|(pink|dream).{0,1}dat(es{0,1}|ing)|love-buddy|download-wizard|smart.{0,1}capsules{0,1}|justremedy|couldsenitmorethen|canyougetitforwhatit|promoteitthatand|(sos|please|someone){1,}help|(the|)searchdoctors{0,1}|my.{0,1}new.{0,1}profile|(get|find|a){1,}.{0,1}new.{0,1}love|(look|search|seek|wait|)ing.{0,1}(for|4)(love|luv)|marketingsystems{0,1}|((super|great|hard|core|hot|sexy|steamy)[\-\.\_]{0,1}){1,}action|((med|drug|p[il]{1,})[szx]|rx|matchmaker)([0-9]{1,}|z{0,1}one|store|bargain[szx]{0,}|online|store|(to|2|4|every|for){1,}(day|health)){0,}|bad.{0,1}love|freemoney(link|)|(online|bargain|generic|wholesale|warehouse|med[szx]|rx|(to|2|4|every|for){1,}(day|health)){1,}(med[szx]|rx)(zone|store|bargains|online|store|(to|2|4|every){0,}(day|health)){0,}|(quote|your|rate){3}|(valuable|great|hot|top|wonderful|successful|problem)(consumer|)(deal|buy|loan)[sz]{0,1}|(simple|)successtools|[a-z]{1,}[42](day|you)|speedzie|r[e3].{0,1}f[il1]nanc[e3](now|[0-9]|to|day){0,}|refi(now|[0-9]|to|day){0,}|lolitas{0,1}|bitch[esz]{0,}|come.{0,1}on.{0,1}down|(new|)(medi|rx.{0,1}|)(bargain|(drug|rx|med[sz]{0,1}).{0,1}(s{0,1}ource|s{0,1}tore|s{0,1}solutio{0,1}n|direct|info){1,}))\.(com|net|biz|org|info)/is) { spam("s01717",3.0,"Suspicious site: " . $&); } if ($body_raw_text =~ /[^\.^\/^ ]*(med|pre.{0,1}scription|deal)[sz][0-9]{0,}\.biz/is) { spam("s01858",3.5,"Very suspicious site: " . $&); } if ($body_raw_text =~ /((bgcolor)\.info|http\:\/\/finance\.yahoo\.com\/q\?s\=EXMT\.PK)/is) { spam("s01721",5.0,"Bad site: " . $&); } if ($body_raw_text =~ /((web|)cam.{0,1}singles|boobcam|(horne{0,1}y|depraved|sexy|h[o0]t)(house|).{0,1}(wi[fv]e|ladie|gal|teen)[sz]{0,1}|izzlepizzle|legalteens{0,1}|(online|)replicastore|ezsweeps|private.{0,1}health.{0,1}(store|source)|placement.{0,1}review|timeforu|herballylarge|cantwaittodate|(hot|mega|ez){1,}deal[sz]{0,1}|(super|value)(drug|pill)[sz]{0,1}(online|)|(pill|drug)source|cashbuilder|broadcast[^m]{0,2}mail(ing|)(today|)|gamesofvegas|\.gopic|canad(a|ian)(rx|drugs{0,1})|\.5-pm|massmed|intercheap|pharm1|cottonboss|adultrag|injustitie\.nervure|easy.x10|followmytrades|themortgage|yellowsun01|casinobuilder|seek99|web.{0,1}deal[zs]|orangetechinc|toplenders|web-vit|ladieslookingforlove|marketingmarketing|pacificmedicines|emailremovalregistry|findagrant|spyvalues|\.cmax|helpu(-w(eb|orld)){0,1}|porno|gigamort|expressscb|specialz|mcableppvnow|dealz|majorgoals|reserveadot|onlinefullservice|mnjmtech|bookcdrom|gainsleeploseweight|freeoffers|shopnow|hifice|directnetoffers.{0,3}|loanhunters|winningopportunities|quickhost|bioseeker(group){0,1}|orgycorner|emailoffer|get.{0,1}deals|overcomedepression|rxmedsovernight|real.{0,1}sales|great.{0,1}deals|financerate|hitznow|jimmyzzz|webmail2u|viosofthome|quickleadz|localhostsbox|bigbadted|investracs|votetoimpeach|zapdiscount|universalcablefilter|nomoredebt|netdeals|siccash|123winners|insaneprizes|savebigwithus|naked.{0,1}amateurs|greatsavingsrus|powerwebgate|kittypages|myhotsites|angels-mail|evaluemail|ultrastats|pickyourflick|uklifeonline|designwebpronews|(great|hot|super)(est|).{0,1}adult.{0,1}stuff|multiplayerpoker|prankcall.{0,1}|ientry(mail){0,1}|cibres|hornyhousewives|RenewMyDomains|opinionsurveys|fastnetspain|(site-|xxx)personals|top10sites|easygoingcompanion|eligiblebrides|allpointe|endallspam|opt.{0,1}(in|out))[0-9]{0,}\.[a-z]{0,3}|www.{0,3}rxshop.{0,5}net/is) { spam("s00002",4.0,"Bad site: " . $&); } if ($body_raw_text =~ /(http:\/\/manster\.info|www\.howmcuhleftfor|(top(win|biz)(soft|mentoring)|(download|health).{0,1}st[o0]re|(big|top)dealalerts{0,1}|(instant|online|lowprice).{0,1}pharm(acy|))\.(com|net)|(doctor|teen)[sz]{0,1}\.(biz|info)|medkit\.info|(watch|rolex|)[^r]{0,1}replicas{0,1}\.com|private[^d]{0,1}desires{0,1}\.com|antispywarecash\.com|pharmacybymail|healthsolutins\.info|indx\.ca|pillsavings|h[1l]gher\.net|advizemark|digital(cable|descram)|netbargain|exposedteen|shackdelamor|www\.{0,20}?discountdomain|www .{0,1} rxshop.{0,2} .{0,1} net)/is) { spam("s00003",4.0,"Bad site: " . $&); } if ($body_raw_text =~ /(http\:\/\/[a-z]{1,}\.com\/gal\/gsm\/)/is) { spam("s03325",4.0,"Bad link: " . $&); } if ($body_raw_text =~ /http[^ ]{1,}geocities\.com[^\r^\n^\.^ ^\"^\>]{0,}/is) { spam("s03033",1.0,"Suspicious link: " . $&); } } # # Tests on a lower-case, non-stripped, (includes tags, spacing and special characters), # version of a concatenation of all the text portions of the message. # Unless you specifically want to check tags/special characters, it's better to add # rules to body_tests instead of here. # sub body_raw_tests { # # Note: The initial section of body_raw_tests is executed even if the user # is whitelisted and $spam_whitelist_bypass is enabled. This allows us to # catch spam that forges well known company email addresses that may appear # in our whitelist. # # Note that custom raw tests are included, so be careful not to be too # aggressive in these tests or you may end up throwing out whitelisted mail. # # ========================================================================== # >>> WHITELIST TESTS BEGIN HERE <<< # ========================================================================== # local $_ = lc($body_raw_text); local $raw_custom_found = 0; $done_body_raw_tests = 1; if (!$body_stripped_test) { if (length($_) && (length($_) < 20)) { $temp = $_; $temp =~ s/[a-z]//g; if (!length($temp)) { $single_word_count = $single_word_count + 1; $opt_d and $opt_r and !$opt_q and print "\nSingleword!\n"; } else { $opt_d and $opt_r and !$opt_q and print "\nNot a Singleword!\n"; } } } # # Execute the code in "raw_custom_file". # Include site-specific customizations in this file. # do $raw_custom_file; if (!$raw_custom_found) { do $settings_path . $raw_custom_file; } if (length($custom_path)) { do $custom_path . $raw_custom_file; } if (!$hdr_in_hdr_test && !$body_stripped_test) { if (/]{0,}>(<[^>]{1,}>){0,}.{0,5}(https{0,1}:\/\/[^ ^\/]{0,}(wellsfargo|bankofamerica|boa|bankofthewest|citibank)[^.]{0,}\.com[^ ^;^\?^\"^\/]{0,}).{0,}?<\/a>/is) { $tmp1 = $1; $tmp2 = $3; $opt_d && $opt_m and print "\n------------------------------\n" . "Phishing check HREF: " . $tmp1 . "\nPhishing check Link: " . $tmp2 . "\n------------------------------\n"; # # Note: Phishing may come from an account we have whitelisted, # so give it a whopping score. # if (!($tmp1 eq $tmp2)) { spam("s02792",-$spam_score_whitelist,"Looks like a phishing link: " . $tmp2 . " actually links to " . $tmp1); } } elsif (/]{0,}?)>(.{0,}?)<\/a>/is) { $tmp = $1 . $2 . $3 . $4; spam("s02793",4.0,"Looks like a phishing link: " . $tmp); } elsif (/https{0,1}:\/\/[^\/^:^\?]{0,}($http_link_exclude)(\.(com|org|net|co\.[a-z]{0,2}))\.[^\/^:^\?]{0,}[\/:\?]/is) { spam("s02848",4.0,"Looks like a phishing link: " . $&); } if (/[bcdfghjklmnpqrvwxz]{5,}/i) { if (!(uc($&) eq "FFFFFF")) { spam("s01614",0.1 * length($&),substr($&,0,20)); } } } # # ========================================================================== # >>> WHITELIST TESTS END HERE <<< # ========================================================================== # # Include any tests that should be done even if the user is whitelisted # above this section. The tests below are all skipped for whitelisted # users, (unless $spam_whitelist_bypass is turned off). # if ($spam_whitelist_bypass && $whitelist_bypass) { if ($spam_score < 0.0) { return; } else { $whitelist_bypass = 0; } } if (!$hdr_in_hdr_test && !$body_stripped_test) { if (length($mail_domain) && (/a message sent from.{0,80}\sto\s.{0,30}\@$mail_domain/si)) { spam("s03169",1.6,$&); } if (/http:\/\/(www|)([^ ^\/]{0,}[0-9bcdfghjklmnpqrvwxz]{4,}[^ ^\/]{0,}\.){1,}(com|org|net|biz|info|)/i) { spam("s02345",1.6,$&); } elsif (/www[0-9]{0,1}\.([^ ^\/]{0,}[0-9bcdfghjklmnpqrvwxz]{4,}[^ ^\/]{0,}\.){1,}(com|org|net|biz|info|)/i) { spam("s02345",1.6,$&); } elsif (/^http:\/\/([a-z]{1,}\.)(com|org|net|biz|info)$/i) { spam("s02345",4.6,$&); } if ($http_link_checking && !length($body_http_host) && (/http:\/{1,}([a-zA-Z0-9\_\-\.]{2,}[a-zA-Z0-9\_\-])/s || /(www\.[a-zA-Z0-9\_\-\.]{2,}[a-zA-Z0-9\_\-])/s)) { $http_test_text = $1; if (!length($mail_domain) || ($http_test_text !~ /$mail_domain$/i)) { $body_http_host = $http_test_text; if ($body_http_host =~ /(\.|^)($http_link_exclude)\.(co(m|\...)|org|net)$/s) { $http_test_text = $_; $http_test_text =~ s/http:\/{1,}(.*)/$1/s; $opt_d && $opt_m and print "\n--------------------------------------------------\n" . "Host: " . $body_http_host . " is in exclude list\n" . "Excl: " . $http_link_exclude . "\n--------------------------------------------------\n"; while (($body_http_host =~ /(\.|^)($http_link_exclude)\.(co(m|\...)|org|net)$/s) && ($http_test_text =~ /http:\/{1,}([a-zA-Z0-9\_\-\.]{2,}[a-zA-Z0-9\_\-])/s)) { $body_http_host = $1; $http_test_text =~ s/http:\/{1,}(.*)/$1/s; } if ($body_http_host =~ /(\.|^)($http_link_exclude)\.(co(m|\...)|org|net)$/s) { $opt_d && $opt_m and print "\n--------------------------------------------------\n" . "Host: " . $body_http_host . " is in exclude list\n" . "Excl: " . $http_link_exclude . "\n--------------------------------------------------\n"; $body_http_host = ""; } $opt_d && $opt_m and print "\n------------------------------\n" . "Host: " . $body_http_host . "\n------------------------------\n"; } } } if (length($mail_domain) && /from:\s{1,}(\<{0,1}[a-z0-9\_\.]{1,}\@$mail_domain\>{0,1})/s) { spam("s00001",1.0,"Fake from: " . $1); } if (/\<((ht|x)ml|\/{0,1}(p|br|div|font)\>)/si) { $body_has_html_tags = 1; } if (/]*bgcolor[^>]*?(black|white|[0-9a-f]{6})[^>]*>/s) { $html_body_bgcolor = $1; $opt_d && $opt_m and print "\n------------------------------\n" . "Body tag: " . $& . "\nBody bgcolor: " . $1 . "\n------------------------------\n"; $html_font_test_color = $html_body_bgcolor; $html_font_test_color =~ s/(black|000000)/black\|000000/; $html_font_test_color =~ s/(white|ffffff)/white\|ffffff/; } if (length($html_body_bgcolor)) { if (/<[^>]*?(font|style)[^>]*?color[^>]*($html_font_test_color)[^>]*>/s) { $html_font_tag = $&; $html_font_color = $2; if ($html_font_tag !~ /<[^>]*?body[^>]*?style[^>]*?bgcolor[^>]*($html_font_test_color)[^>]*>/s) { $opt_d && $opt_m and print "\n------------------------------\n" . "Font/Style tag: " . $& . "\nFont/Style color: " . $2 . "\n------------------------------\n"; spam("s01472",2.4,"HTML hidden text: font matches background: " . $html_body_bgcolor); if(!($html_font_color eq $html_body_bgcolor)) { spam("s01473",2.2,"HTML hidden text: mismatching colors: " . $html_font_color . " and " . $html_body_bgcolor); } } } } if (/<(html|body)[^>]*>(.+)<\/(html|body)>/s) { $temp_html = $2; # print "\n----------\nhtml:\n----------\n" . $temp_html . "\n----------\n"; while ($temp_html =~ /^<[^>]*>(.*)/s) { $temp_html = $1; } while ($temp_html =~ /(.*)<[^>]*>(.*)/s) { $temp_html = $1 . $2; } $temp_html =~ s/\&[^\s^\;]{1,6}\;//sg; $temp_html =~ s/\#[0-9a-f]{1,6}\;//sg; $temp_html =~ s/[0-9]//sg; $temp_html =~ s/[\r\n \t\_\-\s\,\:\;\.\"\'\`\(\)\*\&\^\#\~\+\=\<\>\[\]\\\!\{\}\§]//sg; # print "\n----------\nstripped html:\n----------\n" . $temp_html . "\n----------\n"; if (!length($temp_html)) { spam("s01470",1.8,"HTML portion has no text "); } elsif (length($temp_html) < 20) { spam("s01471",1.0,"HTML portion has almost no text: " . $temp_html); } } if (/\.((doc|txt|rtf)[ \s\r\n_]{0,}?\.)($exe_file_types_no_com|zip|rar|t{0,1}gz|bhx|hqx|uue{0,1})/is) { spam("s01707",0.4,"Mentions a \"" . $& . "\" file"); } elsif (/[ \'\"](te[sx]t|document|error|message)\.((doc|txt|rtf)[ \s\r\n_]{0,}?\.|)($exe_file_types_no_com|zip|rar|t{0,1}gz|bhx|hqx|uue{0,1})/is) { spam("s01707",0.4,"Mentions: " . substr($&,1)); } if (/was identified as spam since it was listed in list\.dsbl\.org\;dnsbl\.sorbs\.net/) { $tmp = $&; if (/with the following information\: ip address \: ([\[\:\.\]0-9]{1,})/) { $tmp_ip = $1; $tmp .= " " . $&; if (length($smtp_server_ip) && !($tmp_ip eq $smtp_server_ip)) { spam("s02805",4.5,$tmp); } else { spam("s02805",1.0,$tmp); } } } } body_site_tests(); if (/http\:\/\/www.google.com\/[^\?]{0,20}\?q\=https{0,1}\:\/\/[^\/]{0,}/) { $http_test_text = $&; spam("s03309",3.5,"Google query, possibly to hide link: " . $http_test_text); if ($http_link_checking && (!length($body_http_host) || ($body_http_host =~ /google.com/i))) { $http_test_text =~ s/(.*)\?q\=https{0,1}\:\/\///; if (!length($mail_domain) || ($http_test_text !~ /$mail_domain$/i)) { $body_http_host = $http_test_text; if ($body_http_host =~ /(\.|^)($http_link_exclude)\.(co(m|\...)|org|net)$/s) { $http_test_text = $_; $http_test_text =~ s/http:\/{1,}(.*)/$1/s; $opt_d && $opt_m and print "\n--------------------------------------------------\n" . "Host: " . $body_http_host . " is in exclude list\n" . "Excl: " . $http_link_exclude . "\n--------------------------------------------------\n"; while (($body_http_host =~ /(\.|^)($http_link_exclude)\.(co(m|\...)|org|net)$/s) && ($http_test_text =~ /http:\/{1,}([a-zA-Z0-9\_\-\.]{2,}[a-zA-Z0-9\_\-])/s)) { $body_http_host = $1; $http_test_text =~ s/http:\/{1,}(.*)/$1/s; } if ($body_http_host =~ /(\.|^)($http_link_exclude)\.(co(m|\...)|org|net)$/s) { $opt_d && $opt_m and print "\n--------------------------------------------------\n" . "Host: " . $body_http_host . " is in exclude list\n" . "Excl: " . $http_link_exclude . "\n--------------------------------------------------\n"; $body_http_host = ""; } $opt_d && $opt_m and print "\n------------------------------\n" . "Host: " . $body_http_host . "\n------------------------------\n"; } } } } if (/u( |re{0,1} | (we|a)re |)still |since.{0,2}we(.{0,4}ve|).{0,2}chatted|((mention|relat|verbaliz|nar{1,}at)ed|told).{0,2}(to |)me.{0,2}that.{0,2}you.{0,2}(ha|)(ve |)(seemingly|probably).{0,2}(have |)(heard|picked|become)|^i have been so busy on this /s) { $tmp_msg = $&; if ($tmp_msg =~ /(chat{1,}|verbaliz|nar{1,}at)ed/s) { $tmp_score = 2.0; } else { $tmp_score = 1.0; } if (/(https{0,1}\:\/\/|www\.)[^\s]{1,}/s) { $tmp_msg = $tmp_msg . " ... " . $&; $tmp_score = $tmp_score * 0.4 ; if (/ ((y(ea|)r|mo(nth|))s|long( time|)|time) (it has been |)since/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/get(ting|).{0,2}((fit|lean|back.{0,2}(to|in)|shape|(yo|)u) {0,1}){1,}/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/(like|how|the way) (i|you|he|she) (was|did|were) in college/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/weight/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/therapy/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/calories/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/los(e|ing).{0,2}(my|the|that|your).{0,2}gut/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/on.{0,2}(this|a|the).{0,2}diet/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/exact.{0,2}same.{0,2}thing/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/been.{0,2}hearing.{0,2}about/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/stumbled.{0,2}(up|)on/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/(take|give|them).{0,2}[0-9]{1,}.{0,1}secs{0,1}.{0,1}(to|and).{0,1}(start|that)/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.4 ; } if (/these.{0,2}guys/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 1.5 ; } if (/(all |that ){1,}the (top.|)((celeb|s{0,1}tar|film|rock|reties|s{0,1}port|player|olympian|fashion|model|people|world)s{0,1} {0,1}(in {0,1}(the {0,1}|)|)){1,}((are|have|been|using).){0,}/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = int (($tmp_score * 2.0 * (length($&)/12)) * 100) / 100; } spam("s03394",$tmp_score,$tmp_msg); } } if (/l[a\@][s\$].{0,1}\\\/eg[a\@][s\$]/) { spam("s03384",3.4,$&); } if (/http\:\/\/search.msn.com\/[^\?]{0,20}\?\&url\=https{0,1}\:\/\/[^\/]{0,}/) { spam("s03309",3.5,"MSN query, possibly to hide link: " . $&); } if (/getme{0,1}off/) { spam("s02825",1.4,$&); } if (/affiliate.{0,1}id/) { spam("s02339",0.4,$&); } if (/campaign.{0,1}id/) { spam("s02340",0.4,$&); } if (/x-rocket-spam/s) { spam("s02214",0.5,$&); } if (/x-rocket-track:.{0,30}sflag\=openrelay/s) { spam("s02215",4.5,"x-rocket-track openrelay"); } if (length($mail_domain) && /auto.{0,1}mailer\@$mail_domain/s) { spam("s02216",0.5,$&); } if (/font-size\s{0,}\:\s{0,}0{0,}1{0,1}(\.[0-9]{0,}){0,1}\s{0,}p[tx]/is) { spam("s01974",2.2,"Tiny font: " . $&); } if (/<\/html>[\r\n]{0,2}<.*?>/s) { spam("s00004",1.0,"Tags after closing HTML tag: " . $&); } if (/^.{0,10}?.{0,30}?

.{0,10}?.{0,10}?.{0,10}?<\/a>.{0,10}?<\/p>.{0,10}?.{0,100}?<\/a>.{0,100}?<\/body><\/html>.{0,100}?$/s) { spam("s00005",4.0,"Spam-like HTML"); } if (/solutions\/testyourself\.html/si) { spam("s00006",3.0,$&); } if (/(random\_(word|text))/s) { spam("s00007",4.6,$&); } if (/rotates\.cgi/s) { spam("s00008",2.2,$&); } if (/[a-zA-Z].{0,100}/s) { spam("s00015",4.0,"Excessive HTML comments"); } if (/\.ffwd.{0,4}\.(com|net)/is) { spam("s00016",2.0,$&); } if (/(product|default|search|index|jump)\.(php|asp|html{0,1}|cfm)\?.{0,20}(id|ref|url)\=/is) { spam("s00017",2.2,$&); } if (/.{0,12}[^<]{0,100}/s) { spam("s00018",4.0,"Very excessive HTML comments"); } if (/dynsrc\s{0,10}=/ois) { spam("s00019",5.5,$&); } if (/iframe/oi && /src\s{0,10}=\s*(3dc|\"c|\'c|c)id/oi && /height\s*=\s*(3d0|\"0|\'0|0)/oi && /width\s*=\s*(3d0|\"0|\'0|0)/ois) { spam("s00020",5.0,"iframe"); } if (/src\s*=\s*(3dc|\"c|\'c|c)id:/ois) { spam("s00021",4.0,"src=cid"); } if (/http:\/\/.*25freemegs\.com/s) { spam("s00022",2.666,$&); } if (/href[3d=\s\"\']*\S+opt(-in|-out|in|out)/s) { spam("s00023",2.608,"href to opt in/out"); } if (/href[3d=\s\"\']*\S+remove/s) { spam("s00024",3.462,"href to remove"); } if (/href[3d=\s\"\']*\S+unsubscribe/s) { spam("s00025",4.112,"href to unsubscribe"); } if (/content-id: /s) { spam("s00026",10.0,$&); } if (/http:\/\/.*clicksformoney\.net/s) { spam("s00027",2.482,$&); } if (/jamie4u/s) { spam("s00028",2.4,$&); } if (/href.{0,50}mailto:.{0,50}click.{0,50}remove/s) { spam("s00029",3.385,"href mailto/click/remove"); } if (/\bclick to.{0,30}remove.{0,50}mailto:/s) { spam("s00030",1.0,"click to/remove/mailto"); } if (/^\*\*\* \S+ \S\S\S \S\S\S .\d \d\d:\d\d:\d\d \d+$/s) { spam("s00031",-5.0,$&); } if (/email harvest/s) { spam("s00032",1.0,$&); } if (/e-*mail (market|adverti[sz])ing/s) { spam("s00033",1.951,$&); } if (/directive 200.32.ce/s) { spam("s00034",1.0,$&); } if (/eu (e-{0,1}mail opt.{0,1}out|e.{0,1}commerce) directive/s) { spam("s00035",1.8,$&); } if (/evite.citysearch.com/s) { spam("s00036",-5.0,$&); } if (/http:\/\/.*e-webhostcentral\.com/s) { spam("s00037",4.558,$&); } if (/action=[3d=\s"']*mailto:/s) { spam("s00038",2.000,$&); } if (/https{0,1}:\/\/.*freewebco\.net/s) { spam("s00039",1.150,$&); } if (/https{0,1}:\/\/.*freewebhostingcentral/s) { spam("s00040",1.561,$&); } if (/https{0,1}:\/\/.*?\.biz/s) { $tmp = $&; if ($tmp =~ /http(.*)(https{0,1}:\/\/.*?\.biz)/s) { $tmp = $2; } spam("s01552",0.8,"Link to .biz: " . $tmp); } elsif (/www[0-9]{0,1}\..*?\.biz([^a-z]|$)/s) { spam("s02026",1.0,"Mentions a .biz: " . $&); } elsif (/\.biz([^a-z]|$)/s) { spam("s02027",0.4,"Mentions a .biz"); } if (/https{0,1}:\/\/.*?\.info/s) { $tmp = $&; if ($tmp =~ /http(.*)(https{0,1}:\/\/.*?\.info)/s) { $tmp = $2; } spam("s02282",0.8,"Link to .info: " . $tmp); } elsif (/www[0-9]{0,1}\..*?\.info([^a-z]|$)/s) { spam("s02715",1.0,"Mentions a .info: " . $&); } elsif (/\.info([^a-z]|$)/s) { spam("s02716",0.4,"Mentions a .info"); } if (/h\.\s*r\.\s*3113/s) { spam("s00041",1.904,$&); } if (/]+\bsrc=[3d=\s"']*http:\/\//s) { spam("s00074",2.545,$&); } if (/execcommand/s) { spam("s00075",2.4,"Dangerous scripting: " . $&); } if (/execcommand.{0,10}selectall/s) { spam("s00076",2.4,"Dangerous scripting: " . $&); } if (/execcommand.{0,10}copy/s) { spam("s00077",2.4,"Dangerous scripting: " . $&); } if (/\"remove\"/s) { spam("s00078",2.145,$&); } if (/https\/\/[^\/]+\/remove/s) { spam("s00079",4.109,$&); } if (/https\/\/.*cgi.*\/remove\./s) { spam("s00080",2.027,$&); } if (/\>{0,1}\s{0,}(remove me|take me off|unsubscribe|stop e{0,1}[^m]{0,1}mailing me)[\s\:]{0,}(go[\s\:]{0,}|click[\s\:]{0,}|here[\s\:]{0,}){0,}(\<|http)/s) { spam("s00081",2.0,$&); } if (/content-disposition: attachment;\s+filename=.[^\n]+.\S\S\S\.($exe_file_types)./s) { spam("s00082",10.0,$&); } if (/on(blur|error|keydown|keyup|load|mouseover|resize|unload)/s) { spam("s00083",1.259,$&); } if (//s) { spam("s00084",1.0,$&); } if (/^\@\@ [-+0-9]+,[0-9]+ [-+0-9]+,[0-9]+ \@\@$/s) { spam("s00085",-5.0,$&); } if (/font=3e/s) { spam("s00086",1.0,$&); } if (/https\/\/[^\/]+\/unsubscribe/s) { spam("s00087",3.247,"http:unsubscribe"); } if (/https\/\/.*cgi.*\/unsubscribe\./s) { spam("s00088",3.168,"http:cgi unsubscribe"); } if (/<\s*img\s[^>]*src[^>]+\?/s) { spam("s00089",1.4,"image tag with parameters"); } if (/\sstyle\S+\:url\S+\?/s) { spam("s02001",2.4,"style tag has URL with parameters"); } if (/<\s*img\s[^>]*src[^>]+\.(asp|php|htm)/s) { spam("s00090",1.4,"image tag with non-image source type (." . $1 . ")"); } if (/<\s*img\s[^>]*src[^>]+\/rd\.yahoo\.com/s) { spam("s01458",2.4,"image tag with yahoo redirect"); } if (/http:\/{1,}rds{0,1}\.yahoo\.com/s) { $has_yahoo_redirect = 1; } if (/http:\/\/.*(autoremove|clik4you|directforcemarketing|removeyou)\.com/s) { spam("s00091",2.0,$&); } if (/http:\/\/.*(netsitesforfree|trafficwow)\.net/s) { spam("s00092",2.0,$&); } if (/\s\.biz/s) { spam("s00093",2.0,$&); } if (/\s\.info/s) { spam("s00094",1.5,$&); } if (/\s\.name/s) { spam("s00095",1.5,$&); } if (/\s\.shop/s) { spam("s00095",1.0,$&); } if (/\s\.law/s) { spam("s00096",1.5,$&); } if (/\s\.travel/s) { spam("s00097",1.5,$&); } if (/\s\.inc[\s,]/s) { spam("s00098",1.5,$&); } if (/\s\.xxx[\s,]/s) { spam("s00099",1.5,$&); } if (/(\#[0-9a-z ]{0,4}){4}/s) { spam("s00100",1.5,$&); } if (/\.name domain/s) { spam("s00101",2.0,$&); } if (/\.name identity/s) { spam("s00102",2.0,$&); } if (/p.{0,1}r.{0,1}[o0].{0,1}p.{0,1}e.{0,1}c.{0,1}[li1j].{0,1}([a\@]|l\\|\/l)/s) { my $msg = $&; if (length($msg) > 8) { if ($msg =~ /[01j\@]/) { spam("s00103",3.00,$msg); } else { spam("s00103",1.50,$msg); } } } if (/v.{0,1}[li1j].{0,1}([a\@]|l\\|\/l).{0,1}g.{0,1}r.{0,1}([a\@]|l\\|\/l)/s) { my $msg = $&; if (length($msg) > 6) { spam("s00103",3.00,$msg); } } if (/v.{0,1}[li1j].{0,1}c.{0,1}[o0].{0,1}d.{0,1}[li1j].{0,1}n/s) { my $msg = $&; if (length($msg) > 7) { spam("s01856",3.00,$msg); } } if (/c.{0,1}[li1j].{0,1}([a\@]|l\\|\/l).{0,1}[li1j].{0,1}[li1j].{0,1}s/s) { my $msg = $&; if ((length($msg) > 6) && ($msg !~ /cial in{0,1}s/)) { spam("s00104",3.00,$msg); } } if (/l.{0,1}e.{0,1}v.{0,1}[li1j].{0,1}t.{0,1}r.{0,1}([a\@]|l\\|\/l)/s) { my $msg = $&; if (length($msg) > 7) { spam("s00105",3.00,$msg); } } if (/v([a\@]|l\\|\/l)[li1j]{2,}um/s) { my $msg = $&; if ($msg ne "vallium") { spam("s03067",3.00,$msg); } } if (/(\&\#[0-9]{1,6}|\;\s{0,}){4,}/is) { spam("s01819",(int ((0.6 * length($&) / 5) * 100)) / 100,"Lots of HTML encoded characters"); } if (/s(hipping|)\s{0,}(\&|and|\+)\s{0,}h(andling|)/si) { spam("s01863",0.4,$&); } if (/((archive|attach|password|protected|security).{0,50}?){2}\/si) { spam("s01881",1.8,$&); } elsif (/(archive|attach|password|protected|security).{0,50}?\.{0,50}?(archive|attach|password|protected|security)/si) { spam("s01881",1.8,$&); } elsif (/password.{0,10}?\/si) { spam("s01881",1.8,$&); } elsif (/\/si) { spam("s01882",0.2,$&); } if (/ m e d s/si) { spam("s03130",1.0,$&); } if (/\\\/egas/) { spam("s03448",3.0,$&); } if (/\{spur\_[0-9]{1,}\}/) { spam("s03474",3.0,$&); } # # Case-sensitive tests # if ($body_raw_text =~ /\%CUSTOM_/s) { $temp_custom_count = 0; $temp_text = $body_raw_text; while ($temp_text =~ /\%CUSTOM_(.*)/s) { $temp_text = $1; $temp_custom_count = $temp_custom_count + 1; } spam("s03530",1.0 * $temp_custom_count,"Contains \%CUSTOM_ tags"); } if ($body_raw_text =~ / HXPN/s) { spam("s03538",4.6,$&); } if ($body_raw_text =~ / ERMX/s) { spam("s03535",4.6,$&); } if ($body_raw_text =~ /F(REE|ree)/s) { spam("s00106",0.4,$&); } if ($body_raw_text =~ /f[^a-z]{0,}u{0,}[^a-z]{0,}c{0,}k/si) { if (length($&) > 2) { my $msg = $&; $body_raw_text =~ s/f[^a-z]{0,}u{0,}[^a-z]{0,}c{0,}k/fuck/gi; spam("s02283",2.0,$msg); } } if ($body_raw_text =~ /[a-z]I/s) { $body_raw_text =~ s/([a-z])I/${1}l/g; } } # # Tests on a lower-case, stripped, (no tags or special characters, and single spaced), # version of a concatenation of all the text portions of the message. At this stage, # commonly substituted characters haven't yet been replaced. So "pen1s" will not yet # have been changed to "penis". It's useful to check for some of these substitutions, # since they only occur in spam, (or maybe if the sender is a complete moron). # sub body_presubstitution_tests { local $_ = $body_test_text; $done_body_presubstitution_tests = 1; if (/p[eëéèê]n[\!1\|ÏÌÍÎìíîï]s/) { spam("s00107",4.0,$&); } elsif (/p[ëéèê]n[\!1\|ÏÌÍÎìíîïi]s/) { spam("s00107",4.0,$&); } if (/fet[\!1\|ÏÌÍÎìíîï]sh/) { my $msg = $&; if ($msg =~ /[\!1\|ÏÍÎìíîï]/) { spam("s01976",4.0,$msg); } } if (/ (n[\@\&ÂÁÀÄÅÃáàãåâä]me|t[\@\&ÂÁÀÄÅÃáàãåâä]ke|ch[\@\&ÂÁÀÄÅÃáàãåâä]rge)/) { spam("s00108",0.8,$&); } if (/ (s[\@\&ÂÁÀÄÅÃáàãåâä]ve|m[\@\&ÂÁÀÄÅÃáàãåâä]ke|e[\@\&ÂÁÀÄÅÃáàãåâä]rn)/) { spam("s00109",1.8,$&); } if (/(p[\!il1\|ÏÌÍÎìíîï]{3})/) { my $msg = $1; if ($msg =~ /[\!1\|ÏÍÎìíîï]/) { spam("s01526",1.0,$msg); } } if (/(s(ch|k)0{1,}l[^g]{0,1}(girl|))/) { spam("s01982",2.0,$&); } if (/(v {0,}[il\\\/\!1\|ÏÌÍÎìíîï] {0,}[a\@\&ÂÁÀÄÅÃáàãåâä] {0,}g{1,} {0,}r{1,} {0,}[a\@\&ÂÁÀÄÅÃáàãåâä])/) { my $msg = $1; if ($msg =~ /[\\\/\!l1\|ÏÌÍÎìíîï\@\&ÂÁÀÄÅÃáàãåâä]/) { spam("s00110",4.0,$msg); } } if (/(l {0,}e {0,}v {0,}[i\\\/\!1\|ÏÌÍÎìíîï] {0,}t {0,}r {0,}[a\@\&ÂÁÀÄÅÃáàãåâä])/) { my $msg = $1; if ($msg =~ /[\\\/\!1\|ÏÌÍÎìíîï\@\&ÂÁÀÄÅÃáàãåâä]/) { spam("s00111",4.0,$msg); } } if (/(c {0,}[i\\\/\!1\|ÏÌÍÎìíîï] {0,}[a\@] {0,}[\|l1] {0,}[i\\\/\!1\|ÏÌÍÎìíîï] {0,}s)/) { my $msg = $1; if ($msg =~ /[\\\/\!1\|\@ÏÌÍÎìíîï]/) { spam("s00112",4.0,$msg); } } if (/(ph[a\@\&ÂÁÀÄÅÃáàãåâä]rm[a\@\&ÂÁÀÄÅÃáàãåâä])(cy|[i\\\/\!1\|ÏÌÍÎìíîï]es|)/) { my $msg = $1 . $2; if ($msg =~ /[\\\/\!1\|\@\&ÏÌÍÎìíîïÂÁÀÄÅÃáàãåâä]/) { spam("s00113",4.0,$msg); } } if (/pr[0ÓÕÒÖòóöôõøo]f[\\\/\!\|ÏÌÍÎìíîïi1l]t[s\$]{0,1}/si) { my $msg = $&; if ($msg =~ /[0ÓÕÒÖòóöôõø\!\|\\\/ÏÌÍÎìíîï1l\$]/) { spam("s03089",3.0,$msg); } } if (/l[0OÓÕÒÖòóöôõøo][a\@\&ÂÁÀÄÅÃáàãåâä]n/si) { my $msg = $&; if ($msg =~ /[0ÓÕÒÖòóöôõø\@\&ÂÁÀÄÅÃáàãåâä]/) { spam("s03158",3.0,$msg); s/l[0OÓÕÒÖòóöôõøo][a\@\&ÂÁÀÄÅÃáàãåâä]n/loan/g; } } if (/([\177-\377].){16}/) { spam("s00114",3.6,"Lots of encoded text"); } if (/1[\s]8(00|88|77|66|55|44|33|22)[\s][0-9]{3}[\s]{0,1}[0-9]{4}/) { spam("s00115",0.6,$&); } if (!$hdr_in_hdr_test && length($stripped_mail_domain)) { if (/((h[i1]|he[l1][l1][o0]|greet[i1]ngs|de[a\@]r|cur[i1][o0]us) ([a-z0-9 ]{0,15})|^)([a-z0-9]{0,15})\@$stripped_mail_domain/s) { my $msg = $&; $msg =~ s/$stripped_mail_domain/$mail_domain/; spam("s00116",4.0, $msg); } if (/$stripped_mail_domain( technical| support| team){2,}/s) { my $msg = $&; $msg =~ s/$stripped_mail_domain/$mail_domain/; spam("s02349",1.0, $msg); } } if (/(b1[1il]{2})(\s|\!|$)/) { spam("s01830",4.0,$1); } if (/(b[il]1[1il])(\s|\!|$)/) { spam("s01830",4.0,$1); } if (/(b[il]{2}1)(\s|\!|$)/) { spam("s01830",4.0,$1); } if (/app1y/) { spam("s01831",4.0,$&); } if (/r[0ÓÕÒÖòóöôõøo][\!\|ÏÌÍÎìíîïi1l][ÈÊëéèê]x/) { spam("s02148",4.0,$&); } elsif (/r[0ÓÕÒÖòóöôõøo][\!\|ÏÌÍÎìíîïi1][ÈÊëéèêe]x/) { spam("s02148",4.0,$&); } elsif (/r[0ÓÕÒÖòóöôõø][\!\|ÏÌÍÎìíîïi1l][ÈÊëéèêe]x/) { spam("s02148",4.0,$&); } elsif (/p[ëéèê]n[\!\|1\|ÏÌÍÎìíîïi]s/) { spam("s00107",4.0,$&); } } # # Tests on a lower-case, stripped, (no tags or special characters, and single spaced), # version of a concatenation of all the text portions of the message. # sub body_tests { local $_ = $body_test_text; local $body_custom_found = 0; local $body_stripped_custom_found = 0; $done_body_tests = 1; # body_spell_tests(); # # Execute the code in "$body_custom_file". # Include site-specific customizations in this file. # do $body_custom_file; if (!$body_custom_found) { do $settings_path . $body_custom_file; } if (length($custom_path)) { do $custom_path . $body_custom_file; } if (!length($body_test_text)) { if (!$hdr_in_hdr_test && !$body_stripped_test && !($hdr_type == 2)) { spam("s02448",4.5,"Body of email is empty"); } else { return; } } if ($body_stripped_test) { if (($spam_desc =~ /s01471\: HTML/) && /^html body ppbodyhtml$/) { spam("s03010",4.5,$&); } if (/(div|span|font) style (margin |border |left |right |[0-9o]{1,}px ){0,}(clear|float) (left|right|both)/) { $tmp = $body_test_text; $tmp_count = 0; while ($tmp =~ /(div|span|font) style (margin |border |left |right |[0-9o]{1,}px ){0,}(clear|float) (left|right|both)(.*)/) { $tmp = $5; $tmp_count = $tmp_count + 1; } if ($tmp_count) { spam("s02806",0.8 * $tmp_count,"div/span/font style float/clear left/right/both X $tmp_count"); } } } if (/r{1,}e{1,}p{1,}l{1,}i{1,}c{1,}a{1,}/) { if (length($&) > 7) { spam("s02466",1.2,$&); s/r{1,}e{1,}p{1,}l{1,}i{1,}c{1,}a{1,}/replica/g; } else { spam("s02160",0.2,$&); } } if (/(^|[^a-z])r{1,}o{1,}l{1,}e{1,}x{1,}/) { if (length($&) > 6) { spam("s02467",1.2,$&); } else { spam("s02139",0.8,$&); } } if (/a{1,}f{1,}o{1,}r{1,}d{1,}a{1,}b{1,}[il]{1,}e{1,}/) { if (length($&) > 10) { spam("s02552",2.4,$&); s/a{1,}f{1,}o{1,}r{1,}d{1,}a{1,}b{1,}[il]{1,}e{1,}/affordable/g; } } if (/c{1,}[il]{2,}c{1,}k{1,} /) { if (length($&) > 6) { spam("s02553",2.4,$&); s/c{1,}[il]{2,}c{1,}k{1,} /click /g; } } if (/ p{1,}r{1,}[il]{1,0}c{1,}e{1,}/) { if (length($&) > 6) { spam("s02553",1.2,$&); s/ p{1,}r{1,}[il]{1,0}c{1,}e{1,}/ price/g; } } if (/p{1,}r{1,}[i]{0,}l{1,}i{0,}c{1,}e{1,}/) { spam("s02554",1.2,$&); s/p{1,}r{1,}[i]{0,}l{1,}i{0,}c{1,}e{1,}/price/g; } if (/m.{0,1}o.{0,1}r.{0,1}t{0,1}.{0,1}g.{0,1}a.{0,1}g.{0,1}e/s) { my $msg = $&; if (length($msg) > 8) { spam("s01862", 3.5,$msg); s/m.{0,1}o.{0,1}r.{0,1}t{0,1}.{0,1}g.{0,1}a.{0,1}g.{0,1}e/mortgage/g; } } if (/r.{0,1}e.{0,1}f.{0,1}i.{0,1}n.{0,1}a.{0,1}n.{0,1}c.{0,1}e/s) { my $msg = $&; if (length($msg) > 9) { spam("s01862", 3.5,$msg); s/r.{0,1}e.{0,1}f.{0,1}i.{0,1}n.{0,1}a.{0,1}n.{0,1}c.{0,1}e/refinance/g; } } if (/ m{1,}e{1,}d{1,}i{1,}c{1,}i{1,}n{1,}e{1,}/) { if (length($&) > 9) { spam("s02750",1.2,$&); s/ m{1,}e{1,}d{1,}i{1,}c{1,}i{1,}n{1,}e{1,}/ medicine/g; } } if (/ m{1,}e{1,}d{1,}i{1,}c{1,}a{1,}t{1,}i{1,}o{1,}n{1,}/) { if (length($&) > 11) { spam("s02750",1.2,$&); s/ m{1,}e{1,}d{1,}i{1,}c{1,}a{1,}t{1,}i{1,}o{1,}n{1,}/ medication/g; } } if (/ m{1,}e{1,}d{1,}i{1,}c{1,}a{1,}l/) { if (length($&) > 7) { spam("s02751",1.2,$&); s/ m{1,}e{1,}d{1,}i{1,}c{1,}a{1,}l/ medical/g; } } if (/ p{1,}h{1,}y{1,}s{1,}i{1,}c{1,}i{1,}a{1,}n{1,}/) { if (length($&) > 10) { spam("s02752",1.2,$&); s/ p{1,}h{1,}y{1,}s{1,}i{1,}c{1,}i{1,}a{1,}n{1,}/ physician/g; } } if (/ h{1,}e{1,}a{1,}l{1,}t{1,}h{1,}/) { if (length($&) > 7) { spam("s02753",1.2,$&); s/ h{1,}e{1,}a{1,}l{1,}t{1,}h{1,}/ health/g; } } if (/ g{1,}e{1,}n{1,}e{1,}r{1,}i{1,}c{1,}/) { if (length($&) > 8) { spam("s02754",1.2,$&); s/ g{1,}e{1,}n{1,}e{1,}r{1,}i{1,}c{1,}/ generic/g; } } if (/ p{1,}i{1,}l{1,}s{1,}/) { if (length($&) > 6) { spam("s02755",1.2,$&); s/ p{1,}i{1,}l{1,}s{1,}/ pills/g; } } if (/ d{1,}e{1,}l{1,}i{1,}v{1,}e{1,}r{1,}i{1,}e{1,}/) { if (length($&) > 10) { spam("s02756",1.2,$&); s/ d{1,}e{1,}l{1,}i{1,}v{1,}e{1,}r{1,}i{1,}e{1,}/ deliverie/g; } } if (/ l{1,}i{1,}c{1,}e{1,}n{1,}s{1,}e{1,}d{1,}/) { if (length($&) > 9) { spam("s02757",1.2,$&); s/ l{1,}i{1,}c{1,}e{1,}n{1,}s{1,}e{1,}d{1,}/ licensed/g; } } if (/ r{1,}e{1,}m{1,}e{1,}d{1,}i{1,}e{1,}s{1,}/) { if (length($&) > 9) { spam("s02758",1.2,$&); s/ r{1,}e{1,}m{1,}e{1,}d{1,}i{1,}e{1,}s{1,}/ remedies/g; } } if (/ r{1,}e{1,}m{1,}e{1,}d{1,}y{1,}/) { if (length($&) > 7) { spam("s02759",1.2,$&); s/ r{1,}e{1,}m{1,}e{1,}d{1,}y{1,}/ remedy/g; } } if (/ d{1,}i{1,}r{1,}e{1,}c{1,}t{1,}/) { if (length($&) > 7) { spam("s02762",1.2,$&); s/ d{1,}i{1,}r{1,}e{1,}c{1,}t{1,}/ direct/g; } } if (/ x.{0,1}a.{0,1}n.{0,1}a.{0,1}x/) { if (length($&) > 6) { spam("s02866",3,$&); s/ x.{0,1}a.{0,1}n.{0,1}a.{0,1}x/ xanax/g; } } if (/ p.{0,1}r.{0,1}o.{0,1}p.{0,1}e.{0,1}c.{0,1}i.{0,1}a/) { if (length($&) > 9) { spam("s02867",3,$&); s/ p.{0,1}r.{0,1}o.{0,1}p.{0,1}e.{0,1}c.{0,1}i.{0,1}a/ propecia/g; } } if (/ p.{0,1}r.{0,1}o.{0,1}z.{0,1}a.{0,1}c/) { if (length($&) > 7) { spam("s02868",3,$&); s/ p.{0,1}r.{0,1}o.{0,1}z.{0,1}a.{0,1}c/ prozac/g; } } if (/ v.{0,1}a.{0,1}l.{0,1}i.{0,1}u.{0,1}m/) { if (length($&) > 7) { spam("s02869",1.2,$&); s/ v.{0,1}a.{0,1}l.{0,1}i.{0,1}u.{0,1}m/ valium/g; } } if (/ c.{0,1}e.{0,1}l.{0,1}e.{0,1}b.{0,1}r.{0,1}e.{0,1}x/) { if (length($&) > 9) { spam("s02870",3,$&); s/ c.{0,1}e.{0,1}l.{0,1}e.{0,1}b.{0,1}r.{0,1}e.{0,1}x/ celebrex/g; } } if (/ d.{0,1}i.{0,1}s.{0,1}c.{0,1}o.{0,1}u.{0,1}n.{0,1}t/) { if (length($&) > 9) { spam("s03054",2.5,$&); s/ d.{0,1}i.{0,1}s.{0,1}c.{0,1}o.{0,1}u.{0,1}n.{0,1}t/ discount/g; } } s/ ph[arm]{4}/ pharma/g; if (/ e[rec]{1,}t[io]{1,}n/) { if (length($&) != 9) { spam("s03053",0.8,$&); } s/ e[rec]{1,}t[io]{1,}n/ erection/g; } if (!$hdr_in_hdr_test) { if (/(\! {0,}){4,}/) { $tmp = trim_ends($&); spam("s03332",(int ((length($tmp) / 5) * 100)) / 100,"Lots of exclamations" . $tmp); } elsif (/(\! {0,}){3,}/) { $tmp = trim_ends($&); spam("s03332",(int ((length($tmp) / 5) * 100)) / 100,"Lots of exclamations" . $tmp); } elsif (/(\! {0,}){2,}/) { $tmp = trim_ends($&); spam("s03332",(int ((length($tmp) / 5) * 100)) /100,"Lots of exclamations" . $tmp); } if (/[ÁÀÄÂáàäâÃãÅåªÉÈËÊéèëêÍÌÏÎíìïîÓÒÖÔóòöôÕõØøÚÙÜÛúùüûµÑñÇ碥ÝÿþÞÐðæ]{4}[\s\!\$0123456789ÁÀÄÂáàäâÃãÅåªÉÈËÊéèëêÍÌÏÎíìïîÓÒÖÔóòöôÕõØøÚÙÜÛúùüûµÑñÇ碥ÝÿþÞÐðæ\,\.]{0,}/) { spam("s01489",0.1 * length($&),$&); } elsif (/[ÁÀÄÂáàäâÃãÅåªÉÈËÊéèëêÍÌÏÎíìïîÓÒÖÔóòöôÕõØøÚÙÜÛúùüûµÑñÇ碥ÝÿþÞÐðæ]{2}[\s\!\$0123456789ÁÀÄÂáàäâÃãÅåªÉÈËÊéèëêÍÌÏÎíìïîÓÒÖÔóòöôÕõØøÚÙÜÛúùüûµÑñÇ碥ÝÿþÞÐðæ\,\.]{0,}/) { spam("s01489",0.1 * length($&),$&); } if (/[äÄ]/) { spam("s00641",0.4,$&); } if (/[ëË]/) { spam("s02902",0.4,$&); } if (/[ïÏ]/) { spam("s02903",0.4,$&); } if (/[öÖ]/) { spam("s00644",0.4,$&); } if (/[üÜ]/) { spam("s00643",0.4,$&); } if (/[ð]/) { spam("s02989",0.4,$&); } if (/[Åå]/) { spam("s02990",0.4,$&); } if (/[Ññ]/) { spam("s02992",0.4,$&); } if (/ß/) { spam("s00642",0.4,$&); } s/[ÁÀÄÂáàäâÃãÅåª]/a/g; s/[ÉÈËÊéèëê]/e/g; s/[ÍÌÏÎíìïî]/i/g; s/[ÓÒÖÔóòöôÕõØø]/o/g; s/[ÚÙÜÛúùüûµ]/u/g; s/[Ññ]/n/g; s/[Çç¢]/c/g; s/[¥Ýÿ]/y/g; s/[þÞ]/p/g; s/Ð/d/g; s/º/0/g; s/¹/1/g; s/²/2/g; s/³/3/g; tr/\x80\xA1\xA2\xA5\xA7\xAA\xB2\xB3\xB5\xB9\xBA\xC0\xC1\xC2\xC3\xC4\xC5\xC6\xC7\xC8\xC9\xCA\xCB\xCC\xCD\xCE\xCF\xD0\xD1\xD2\xD3\xD4\xD5\xD6\xD7\xD8\xD9\xDA\xDB\xDC\xDD\xDE\xDF\xE0\xE1\xE2\xE3\xE4\xE5\xE6\xE7\xE8\xE9\xEA\xEB\xEC\xED\xEE\xEF\xF0\xF1\xF2\xF3\xF4\xF5\xF6\xF8\xF9\xFA\xFB\xFC\xFD\xFE\xFF/eicysa23uioaaaaaaaceeeeiiiidnoooooxouuuuypbaaaaaaaceeeeiiiionoooooouuuuypy/; if (/x mailscanner found to be clean/) { spam("s00117",2.0,$&); } if (/(([jkxz][jkqvwxzbcdfglmnprh]|[jkvwxzbcdfglmnprh][jkqxz]|hh|ii|uu|vv|yy|q[a-t]|q[v-z]|vg)[^\/]{0,12}?){4}/) { spam("s00118",1.0,substr($&,0,20)); } # if (/[bcdfghjklmnpqrsvwxz]{5}/) { spam("s00119",0.4,$&); } # if (/[bcdfgjklmpqsvwxz]{5}/) { spam("s00120",0.8,$&); } if (length($stripped_mail_domain)) { if (/$stripped_mail_domain s accounting/s) { my $msg = $&; $msg =~ s/$stripped_mail_domain/$mail_domain/; spam("s01647",2.0, $msg); } } if (/ f(ack|[au]kk|uk|kuc)/) { spam("s01859",0.4,$&); s/ f(ack|[au]kk)/ fuck/g; s/ fukc/ fuck/g; s/ fkuc/ fuck/g; s/ fuk/ fuck/g; } if (/vv/) { if (/vveight/) { spam("s02661",3.4,$&); s/vveight/weight/g; } if (/vvatch/) { spam("s02694",3.4,$&); s/vvatch/watch/g; } if (/vvonder/) { spam("s02695",1.2,$&); s/vvonder/wonder/g; } if (/vievv/) { spam("s02696",1.2,$&); s/vievv/view/g; } if (/brovvse/) { spam("s02699",1.2,$&); s/brovvse/browse/g; } s/vv/v/g; } s/aa/a/g; s/hh/h/g; s/medicai/medical/g; if (/farmacy/) { spam("s03347",3.6,$&); s/farmacy/pharmacy/g; } if (/phrmacy/) { spam("s03357",3.6,$&); s/phrmacy/pharmacy/g; } if (/erecxction/) { spam("s03349",4.6,$&); s/erecxction/erection/g; } if (/ giri/) { spam("s01860",0.4,$&); s/ giri/ girl/g; } if ($hdr_from =~ /abuse\@(hotmail|msn)\.(com|net|org)/ && /we cannot take action on the mail you sent us because it does not reference a hotmail account/) { spam("s01979",5.0,"Bounce probably to a forged address from hotmail abuse: message does not reference a hotmail account"); } if (/ vallum /) { spam("s02397",1.4,$&); s/ vallum / valium /g; } if (/ c[i1l]a[i1l]{1,}s/) { if (!($& eq " cialis")) { spam("s02611",2.4,$&); s/ c[i1l]a[i1l]{1,}s/ cialis/g; } } if (/ lev[il1]tra/) { if (!($& eq " levitra")) { spam("s02612",2.4,$&); s/ lev[il1]tra/ levitra/g; } } if (/ a\$\$/) { spam("s02742",0.8,$&); s/ a\$\$/ass/g; } if (/ kok( |$|\!)/) { spam("s02743",1.8,$&); s/ kok( |$|\!)/ cock /g; } if (/ s{1,}t{1,}o{1,}k{1,}c{1,}[\!\? ]/) { spam("s03222",1.8,$&); s/ s{1,}t{1,}o{1,}k{1,}c{1,}[\!\? ]/ stock /g; } if (/ s{1,}o{1,}t{1,}c{1,}k{1,}[\!\? ]/) { spam("s03222",1.8,$&); s/ s{1,}o{1,}t{1,}c{1,}k{1,}[\!\? ]/ stock /g; } if (/ sttock[\!\? ]/) { spam("s03223",1.8,$&); s/ sttock[\!\? ]/ stock /g; } if (/ stoock[\!\? ]/) { spam("s03224",1.8,$&); s/ stoock[\!\? ]/ stock /g; } if (/ stocck[\!\? ]/) { spam("s03225",1.8,$&); s/ stocck[\!\? ]/ stock /g; } if (/ stockk[\!\? ]/) { spam("s03226",1.8,$&); s/ stockk[\!\? ]/ stock /g; } if (/ flxed /) { spam("s03229",1.8,$&); s/ flxed / fixed /g; } if (/ var[li]abie /) { spam("s03230",1.8,$&); s/ var[li]abie / variable /g; } if (/(^| )refi[nace]{3,}([ \?\!]|$)/s) { my $msg = $&; if (!($msg =~ /(^| )refinance([ \?\!]|$)/)) { spam("s03431", 2.6,$msg); s/(^| )refi[nace]{3,}([ \?\!]|$)/ refinance /g; } } s/(^| )\/egas/vegas/g; s/b{2,}/b/g; s/c{2,}/c/g; s/d{2,}/d/g; s/f{2,}/f/g; s/n{2,}/n/g; s/r{2,}/r/g; } if (/did you know/) { spam("s00547",0.6,$&); } if (/did u know/) { spam("s01401",1.0,$&); } if (!$hdr_in_hdr_test) { s/ u / you /g; } if (length($hdr_to_user)) { if (/$hdr_to_user you decide/) { spam("s00121",1.5,$&); } if (/$hdr_to_user you (can|will)/) { spam("s00122",1.0,$&); } if (/$hdr_to_user you /) { spam("s00123",0.4,$&); } } if (/(copy|paste|type) th(e|is) (above |following |web.{0,1}){0,}ad{1,}ress (in|to){1,} (your|a) (web.{0,1}|)browser/) { spam("s01871",1.0, $&); if ($http_link_checking && !length($body_http_host)) { spam("s01872",2.5, "Copy request with no HTTP link: " . $&); } } if (/ pani[sz] /) { if (/ pani[sz] size/) { spam("s02807",1.4,$&); } if (/ pani[sz] enlarg/) { spam("s02807",1.4,$&); } if (/ pani[sz] length/) { spam("s02807",1.4,$&); } if (/your pani[sz] /) { spam("s02807",1.4,$&); } } if (/ p[ei]na[sz] /) { if (/ p[ei]na[sz] size/) { spam("s02808",1.4,$&); } if (/ p[ei]na[sz] enlarg/) { spam("s02808",1.4,$&); } if (/ p[ei]na[sz] length/) { spam("s02808",1.4,$&); } if (/your p[ei]na[sz] /) { spam("s02808",1.4,$&); } } if (/food critic/) { spam("s02969",0.4,$&); if (/become a (secret |)food critic/) { spam("s02970",2.4,$&); } } if (/going to be huge/) { spam("s03499",0.8,$&); } if (/(((expec|wai)t|go)(ing|s) (for |it |to ){1,}|gon{1,}a )(double|triple|quadruple|explode|jump|soar)( (with|)in| the| next| few| coming| days{0,1}| weeks{0,1}| months{0,1}| a[nd]{0,}(other|)| matter| of| (up|)coming| the| or| two| so| get| it){0,}/) { spam("s03473",(int ((length($&) / 18) * 100)) / 100,$&); } if (/(short|long|stock).{0,1}(buy|sel{1,}|job{1,})(er|s){0,}/) { spam("s03468",1.0,$&); } if (/(buy|sell|trad|brok|job{1,})ers (drop|raise) the(ir|) (price|estimate)/) { spam("s03469",2.0,$&); } if (/its time to get in/) { spam("s03470",0.8,$&); } if (/^pick a lock to your girlfriends heart with your ultimate key/) { spam("s03464",5.0,$&); } if (/^hi [a-z]{1,} (i |hope ){1,2}(this |is |hit |have |got ){1,}(your |the )(cor{1,}ect |right |).{0,2}(mail(box|)|address)/) { spam("s03465",4.0,$&); } if (/^hi i want to share my photo with you/) { spam("s03467",4.0,$&); } if (/^(.{0,20} ago |on ).{0,30}found.{0,30}(page|site) (for|with) the.{0,30} mp3 /) { spam("s03435",2.8,$&); } if (/the most wanted/) { spam("s03435",0.8,$&); } if (/^aqui esta el cupon de descuentos que te prometi/) { spam("s03430",5.0,$&); } if (/^alert for all investors\! important news/) { spam("s03429",5.0,$&); } if (/free.{0,1}sexy{0,1}dat(e|ing)/) { spam("s03425",3.2,$&); } elsif (/sexy{0,1}dat(e|ing)/) { spam("s03425",2.0,$&); } if (/(get|find) (yourself |some ){0,}sex/) { spam("s03411",0.6,$&); } if (/(lies |a{0,1}wait(ing|s|) |to |be |found |the(se|) |world(s|.{0,1}wide) |large(st|) |unt(apped|ouched) |glob(al|es) |best |big(gest|) ){0,}oil reserv(e|oir)s{0,1}( $fuzzy_numbers| bar{1,}els{0,1}){0,}/) { spam("s03408",(int ((length($&) / 28) * 100)) / 100,$&); } if (/test dril{1,}ing|dril{1,}ing (achie{0,1}vemen|resul)ts/) { spam("s03409",1.6,$&); } if (/get (in(side|) |on |th(is|e) |track ){1,}deal/) { spam("s03410",0.4,$&); } if (/mensagem/) { spam("s03396",0.4,$&); } if (/encaminhada/) { spam("s03397",0.4,$&); } if (/enviadas/) { spam("s03398",0.4,$&); } if (/servidor/) { spam("s03399",0.4,$&); } if (/precisarao/) { spam("s03400",0.4,$&); } if (/confirmadas/) { spam("s03401",0.4,$&); } if (/pornografia/) { spam("s03402",0.4,$&); } if (/proaganda/) { spam("s03403",0.4,$&); } if (/cor{1,}entes/) { spam("s03404",0.4,$&); } if (/(we |guarantee |you |will |not |find |a |any |wont |that ){1,}better ((prices{0,1}|selections{0,1})(\/| (or|and) |)){1,}( any(where|)| else| in| on| the| planet| world| internet| online| than| ours{0,1}| these| this| your{0,1}| meds{0,1}| pills{0,1}){0,}/) { spam("s03391",(int ((length($&) / 28) * 100)) / 100,$&); } if (/download movies/) { spam("s03390",0.4,$&); } if (/(there|places|availability) (is|are) (no |never |a ){0,}limit(ed|)/) { spam("s03389",0.4,$&); } if (/(get |not |why |dont |not |you | can ){0,}start(ed|) (right (now|away)|today)\!{0,}/) { spam("s03388",(int ((length($&) / 25) * 100)) / 100,$&); } if (/(^| )ebook/) { spam("s03377",0.4,$&); } if (/we are giving away/) { spam("s03376",0.6,$&); } if (/(^| )vages[ \!\?]/) { spam("s03364",0.6,$&); s/(^| )vages[ \!\?]/ vegas /g; } if (/(^| )(las |)vegas[ \!\?]/) { spam("s03489",0.4,$&); } if (/ vegas is (go|com|wait)ing (to|for) you/) { spam("s03392",2.6,$&); if (/ vegas is going to you/) { spam("s03393",1.0,$&); } } if (/dont go to vages /) { spam("s03363",4.6,$&); } if (/your meds directly from the manufacturer/) { spam("s03356",4.6,$&); } if (/you(re{0,1} | are | |)crav(e|ing)/) { spam("s03354",0.8,$&); } if (/more intense/) { spam("s03355",0.4,$&); } if (/you (crave|gape|wish) (to|for) shoot(ing|) like (you |have |had |seen |in ){0,}(a|those|the) ((film|rock|star|stud)s{0,1} {0,}){1,}/) { spam("s03353",4.6,$&); } elsif (/shoot(ing|) like (you |have |had |seen |in ){0,}(a|those|the) ((film|rock|star|stud)s{0,1} {0,}){1,}/) { spam("s03353",2.0,$&); } if (/(greetings{0,1} |hi |)if you(re{0,1}| are| feel(ing|)){1,}( {0,}(sad|lonely)( {0,}(and|or|go|then|to|my|a|page|this|web|site)){0,}){1,}/) { spam("s03352",(int ((length($&) / 25) * 100)) / 100,$&); } if (/cor{1,}espond with (me|you)/) { spam("s03345",0.8,$&); } if (/now it.{0,1}(s|is) pos{1,}ible/) { spam("s03341",0.4,$&); } if (/med[sz].{0,1}rx|rx.{0,1}med[sz]/) { spam("s03327",1.0,$&); } if (/fatblaster/) { spam("s03326",1.4,$&); } if (/ extratime /) { spam("s03323",1.4,$&); } if (/(find|get|we have) (what|ever|ything){1,} (that |)you (need|want|are looking for)/) { spam("s03322",0.4,$&); } if (/studies (have |)shown{0,1}/) { spam("s03316",0.4,$&); } if (/common disorder/) { spam("s03317",0.6,$&); } if (/af{1,}ect(s|ing) (thousands|millions) of (men |and |women |peoples{0,1} |lives ){1,}/) { spam("s03318",0.8,$&); } if (/your partner/) { spam("s03319",0.2,$&); } if (/bonusbucks/) { spam("s03315",1.2,$&); } if (/(da[iy]|week|month)ly (special|of{1,}er)|special (da[iy]|week|month)ly/) { spam("s03286",0.6,$&); } if (/we only (sell|of{1,}er)( the(se|)|)( premium| finest| best| exclusive| top| quality| highest| most){1,}/) { spam("s03287",0.6,$&); } if (/((superb |luxury |replica |premium |finest |best |exclusive |top |first.{0,1}rate |quality |high(est|) |popular |brand(.{0,1}name|) |most |elegant |ladies |gents )(and |or |of ){0,}){1,}watche{0,1}s{0,1}/) { spam("s03288",(int ((length($&) / 24) * 100)) / 100,$&); } if (/its me sor{1,}y for this junk/) { spam("s03279",4.2,$&); } if (/i(m| am) an{0,1} ($fuzzy_numbers |pretty |nice |single |year |old |mature |hot |sexy |college |co.{0,1}ed |teenage |russian |lonely ){0,}(girl|chick|woman|co.{0,1}ed|(house|)wife)/) { spam("s03276",1.0,$&); } if (/(^| )jamais( |\!|$)/) { spam("s03365",0.4,$&); } if (/(^| )computador( |\!|$)/) { spam("s03366",0.4,$&); } if (/(^| )prescricao/) { spam("s03264",1.4,$&); } if (/(^| )medica( |$)/) { spam("s03265",0.4,$&); } if (/(^| )confiante( |$)/) { spam("s03266",0.4,$&); } if (/(^| )aprovado( |$)/) { spam("s03267",0.4,$&); } if (/(^| )ef{1,}icaz( |$)/) { spam("s03268",0.4,$&); } if (/(^| )corpo( |$)/) { spam("s03269",0.4,$&); } if (/^how r things at work/) { spam("s03263",3.0,$&); } if (/hot(test|).{0,1}(selling {0,1}|)((new|title|med(ication)|drug)s{0,1} {0,1}){1,}/) { spam("s03231",(int ((length($&) / 24) * 100)) / 100,$&); } if (/(need |like |want |to |get |looking |interested |in |are |would |you |be |finding |out |getting |how |know |do |an{0,1} |want ){0,}(improv(e[sd]{0,1}|ing)|better|higher|increas(e[sd]{0,1}|ing)) (the |your |web(.{0,1}sites{0,1}|) ){0,}(ranking|placement|traf{1,}ic)( for| your{0,1}| to| with| all| the(se|)| major| web(.{0,1}sites{0,1}|)| internet| search| let| me| us| know| best| way| how| contact| details{0,1}|\?){0,}/) { spam("s03221",(int ((length($&) / 20) * 100)) / 100,$&); } if (/oil (partner(ship|)|merchant)/) { spam("s03216",1.0,$&); } if (/(oil|gas) (company|business|market)/) { spam("s03217",0.4,$&); } if (/saudi arabia/) { spam("s03218",0.4,$&); } if (/exceed(s|ed|ing) expectations/) { spam("s03495",0.4,$&); } if (/qatar/) { spam("s03219",0.4,$&); } if (/(di|kill)ed in a car ac{1,}ident/) { spam("s03220",0.8,$&); } if (/revolucinario/) { spam("s03207",0.6,$&); } if (/ produto /) { spam("s03208",0.6,$&); } if (/revolucinario produto/) { spam("s03209",1.4,$&); } if (/rigorosament/) { spam("s03210",0.6,$&); } if (/ risiko/) { spam("s03333",0.6,$&); if (/tiada risiko/) { spam("s03334",1.4,$&); } } if (/ selecion/) { spam("s03211",0.4,$&); } if (/rigorosamente selecionadas/) { spam("s03212",1.4,$&); } if (/ melhores /) { spam("s03213",0.4,$&); } if (/ mundo /) { spam("s03214",0.4,$&); } if (/melhores do mundo/) { spam("s03215",1.0,$&); } if (/ ur /) { spam("s03206",0.4,$&); } if (/re(garding|) your message/) { spam("s03205",0.4,$&); } if (/ yang /) { spam("s03196",0.2,$&); } if (/ kita /) { spam("s03197",0.4,$&); } if (/ koronari /) { spam("s03198",0.8,$&); } if (/ kolestrol /) { spam("s03199",0.8,$&); } if (/ bakteria /) { spam("s03200",0.8,$&); } if (/ mengambil(nya|) /) { spam("s03201",0.8,$&); } if (/ menguba[a-z]{0,} /) { spam("s03202",0.6,$&); } if (/ meng[a-z]{0,8}kan /) { spam("s03203",0.8,$&); } if (/ yang kita | kita yang /) { spam("s03204",0.8,$&); } if (/una respuesta autom.{0,2}tica/) { spam("s03193",1.4,$&); } if (/generado autom.{0,2}tica/) { spam("s03194",1.4,$&); } if (/no es operativo/) { spam("s03195",1.0,$&); } if (/(send |you |see ){2}my pi[cx](ture|)/) { spam("s03191",0.6,$&); } if (/hope (this is|i have) the right ad{1,}ress/) { spam("s03192",0.4,$&); } if (/(job|hate) your{0,1} (hob|hate)/) { spam("s03172",0.4,$&); } if (/wish you had( your| an{0,1}| even| better| bigger){0,}( degree| masters| job| house){1,}/) { spam("s03173",0.4,$&); } if (/valum/ && /vagra/ && /calis/) { spam("s03166",1.2,"valum/vagra/calis"); } if (/valum/ && /somx/ && /amben/) { spam("s03167",1.2,"valum/somx/amben"); } if (/[kc]um.{0,1}shot/) { spam("s03163",1.2,$&); } if (/mother.{0,1}f.{0,2}k/) { spam("s03164",0.4,$&); } if (/final.{0,1}attempt/) { spam("s03159",0.4,$&); } if (/je suis/) { spam("s03160",0.4,$&); } if (/actuellement/) { spam("s03161",0.4,$&); } if (/en vacances/) { spam("s03162",0.4,$&); } if (/what(s| is) your (old |used ){0,}car (really |is ){0,}worth/) { spam("s03155",0.8,$&); } if (/trade(.{0,1}in|) your (old|used)/) { spam("s03156",0.4,$&); } if (/(buy|sell|purchas)([es]{0,}|ing) a (new|old|used)/) { spam("s03157",0.4,$&); } if (/web.{0,1}(sit|ad{1,}ress)e{0,1}s{0,1} you want to promote/) { spam("s03154",1.2,$&); } if (/(an{0,1} |blondes{0,1} |brunettes{0,} |girls{0,1} |chicks{0,1} |wom[ea]n |hot |amateurs{0,1} ){1,}(doing it |playing |with |each other|themsel(f|ves) ){1,}/) { spam("s03137",(int ((length($&) / 26) * 100)) / 100,$&); } if (/(play(ing|s|) |with |an{0,1} |blondes{0,1} |brunettes{0,} |girls{0,1} |wom[ea]n |chicks{0,1} |hot |amateurs{0,1} ){0,}(anal |sex ){1,}toy/) { spam("s03136",(int ((length($&) / 12) * 100)) / 100,$&); } if (/(i|we) need (you(r | to )help|help from you)/) { spam("s03134",0.4,$&); } if (/gold min(e|ing)/) { spam("s03133",0.4,$&); } if (/your meds/) { spam("s03131",0.8,$&); } if (/(^| )hoodia( |$)/) { spam("s03128",1.8,$&); } if (/((awesome|powerful|natural|food|hebal|working)(ly|) ){1,}supplement/) { spam("s03127",(int ((length($&) / 24) * 100)) / 100,$&); } if (/you emailed your business details to me a few months ago sor{1,}y i didnt join then but i am ready again now would you please send me an email with details how to join your business/) { spam("s03122",4.5, $&); } if (/you want to promote|to promote (your{0,1}|this)( product|)/) { spam("s03121",0.4, $&); } if (/to (in|as|en|make |be )sure we have/) { spam("s03120",0.4, $&); } if (/simply.{0,1}(send|update|go.{0,1}to|visit|fill|check|select|reply|answer)/) { spam("s03119",0.8, $&); } if (/passionate lover{0,1}/) { spam("s03115",0.4, $&); } if (/bulk.{0,1}up your (boner|manhood)/) { spam("s03116",3.4, $&); } if (/ne(w|xt) levels{0,1} of pleasure/) { spam("s03117",1.4, $&); } if (/(hard|hot) and (hot|hard)/) { spam("s03118",0.4, $&); } if (/(develop(ed|ing|s|) |a |the(ir|se|) |this |new |amazing |technology |that |will |promis(es{0,1}|ing) |with |to |is ){1,}revolution(i[zs](e|ing)|ary) (develop(ed|ing|s|) |a |the(ir|se|) |this |new |amazing |technology |that |will |promis(es{0,1}|ing) |to |is |online |media |broadcasting |market |internet |business |world |with ){1,}/) { spam("s03114",(int ((length($&) / 34) * 100)) / 100,$&); } if (/((stock|inc) symbol|trading (as|under|symbol))/) { spam("s03113",0.4, $&); } if (/join(ing|) your business/) { spam("s03110",0.8, $&); } if (/your business details/) { spam("s03111",0.6, $&); } if (/domain or host not allowed by this mail server/) { spam("s03109",0.8, $&); } if (/((keep|y{0,1}our{0,1}|girl|woman|wife|lady|chick|gal|i[sfnt]{1,}|happy|(un|)satisf[ysied]{1,}|with|wil{1,} be|(breath|spe{1,}ch)les{1,})[ \!\?]{1,}){4,}/) { spam("s03107",(int ((length($&) / 30) * 100)) / 100,$&); } if (/mailinfo$/) { spam("s03106",3.6, $&); } if (/set.{0,1}to.{0,1}explode/) { spam("s03103",0.8, $&); } if (/^.{0,40}i found your (picture|.{0,2}mail) .{0,50}(can we|decided to) (talk|write).{0,80}(coming to|visting) your (place|town|city|area)/) { spam("s03100",3.0, $&); } elsif (/^.{0,40}i found your (picture|.{0,2}mail) .{0,50}(can we|decided to) (talk|write)/) { spam("s03100",0.8, $&); } elsif (/^.{0,40}i found your (picture|.{0,2}mail) .{0,120}(coming to|visting) your (place|town|city|area)/) { spam("s03100",0.8, $&); } if (/^(please |)do not ignore/) { spam("s03277",0.4, $&); } if (/coming .{0,10} your place/) { spam("s03102",0.4, $&); } if (/(proven|guaranteed) results{0,1}/) { spam("s03096",0.6, $&); } if (/deadend job/) { spam("s03090",0.6, $&); } if (/(generat|earn)(e|ing|s){0,1} (double|triple|twice)/) { spam("s03091",0.6, $&); } if (/after (a |)review(ing|) (of |all ){0,}(your |the )data/) { spam("s03084",0.6, $&); } if (/we are pleased to (notify|inform) you of your approval/) { spam("s03085",0.6, $&); } if (/please submit your details/) { spam("s03086",0.4, $&); } if (/field of your cho(ice|osing)/) { spam("s03082",0.8, $&); } if (/^ {0,}original message/) { spam("s03079",0.8, $&); } if (/increase seks time/) { spam("s03077",3.4, $&); } if (/(^| )seks([\!\\\-\/ \$]|$)/) { spam("s03078",0.8, $&); s/(^| )seks([\!\\\-\/ \$]|$)/ sex /g; } if (/quality product/) { spam("s03070",0.4, $&); } if (/champion in bed/) { spam("s03071",2.0, $&); } if (/enjoy saving/) { spam("s03072",0.4, $&); } if (/(popular|improved|increased) (high |quality ){0,}(brand|good|product)s{0,1}/) { spam("s03073",0.4, $&); } if (/(( fast| reliable| inexpensive| cheap)(er| and){0,}){2,}/) { spam("s03074",0.4, $&); } if (/contained a password protected file/) { spam("s03066",0.8, $&); } if (/(an{0,1} |achieve ){0,}((great |better |amazing |superb |fantastic |excellent |high |unparalled |unprecedented |outstanding |urgent |incredible ){1,}(career |job |pay(ing|) |op{1,}ortunit[yies]{1,} |breakthrough |results{0,1} |revelations{0,1} ){1,}(with |[and]{1,} |or ){0,}){1,}/) { spam("s03065",(int ((length($&) / 30) * 100)) / 100,$&); } elsif (/((great|bet{1,}er|superb|fantastic|excel{1,}ent|high|unparal{1,}ed|unprecedented|outstanding|incredible|urgent|career|job|pay(ing|)|op{1,}ortunit(y|ie)s{0,1}) {0,1}){2,}/) { spam("s03065",(int ((length($&) / 30) * 100)) / 100,$&); } if (/(look|ask|begg)ing for sex/) { spam("s03064",0.8, $&); } if (/take the t today/) { spam("s03063",2.0, $&); } if (/ thy /) { spam("s03057",0.2, $&); } if (/cleavage/) { spam("s03058",0.2, $&); } if (/apothegm/) { spam("s03059",0.4, $&); } if (/carborundum/) { spam("s03060",0.4, $&); } if (/ balfour /) { spam("s03061",0.4, $&); } if (/original message/) { spam("s03056",0.5, $&); } if (/looking for fun/) { spam("s03051",0.4, $&); } if (/(see |check |out |all |of |the(se|) |our ){0,}(((available|member) features |features available |(instant|private|live) (messenging|mailbox|webcam|e.{0,1}mail)s{0,1} |chat(.{0,1}rooms{0,1}|) |web.{0,1}cams{0,1} )(shows |and |your |very |own |like |includ(e|ing) |more |all |this ){0,}){2,}/) { spam("s03050",(int ((length($&) / 24) * 100)) / 100,$&); } if (/^hello you must fill out the application completely/) { spam("s03049",3.0, $&); } if (/funds (were |being |have |been |will |be |soon ){0,}deposited/) { spam("s03047",0.4, $&); } if (/diplomatic corp/) { spam("s03043",0.4, $&); } if (/(special|valuable) consignments/) { spam("s03044",0.4, $&); } if (/reputable( clients{0,1}| business| partners{0,1}| compan(y|ies)){1,}|(our |)clients{0,1} (is |who |are ){0,}reputable/) { spam("s03045",0.4, $&); } if (/((reputable |honest |trustworthy )(and |)){2,}/) { spam("s03046",0.4, $&); } if (/(max(imum|) |full |prescription ){1,}strength/) { spam("s03042",0.3, $&); } if (/^registration options/) { spam("s03038",1.6, "Begins with: " . $&); } if (/(hello |we |have |checked |looked |discovered |found |your{0,1} |details |ac{1,}ount |information |file |at |out |on |in |and |that |could |be |are ){1,}(over|)paying( by| more| than| up| \${0,1}[0-9]{1,}\%{0,}| which| works| out| at| about| too{0,1}| much| learn| find| visit| us| click| below| we| have| can| help(ed|)| millions{0,1}| and| your{0,1}| too|\!){0,}/) { spam("s03037",(int ((length($&) / 30) * 100)) / 100, $&); } if (/can(no|)t (see|read) th(e|is) (attach(ment|ed) |)e{0,1}.{0,1}mail/) { spam("s03035",0.6, $&); } if (/fill out th(is|e) (attached |)form/) { spam("s03034",0.6, $&); } if (/daily!/) { spam("s03017",0.4, $&); } if (/payments{0,1}!/) { spam("s03018",0.6, $&); } if (/based on your (present |cur{1,}ent )knowledge and (past |previous ){0,}life experiences{0,1}/) { spam("s03009",2.5,$&); } if (/(complete |community |experience |ultimate |online |gaming ){2,}/) { spam("s03000",(int ((length($&) / 24) * 100)) / 100,$&); } if (/designed to satisfy/) { spam("s03001",0.6,$&); } if (/(find|look|search|have{0,1}|gett{0,1})(ing|)( for| some| to| find| get| have){0,1} (fun|action) toni(gh|)te{0,1}/) { spam("s03002",0.8,$&); } if (/(find|make) (a |)(friend|lover)s{0,1}( or| more| (friend|lover)s{0,1}| a){0,}/) { spam("s03003",(int ((length($&) / 20) * 100)) / 100,$&); } if (/its (all |)up to you/) { spam("s03004",0.4,$&); } if (/we are contacting you because/) { spam("s03005",0.4,$&); } if (/new software( site| directory)/) { spam("s03006",(int ((length($&) / 60) * 100)) / 100,$&); } if (/meet me toni(gh|)te{0,1}/) { spam("s02999",0.4,$&); } if (/free (for |you ){0,}to join/) { spam("s02998",0.4,$&); } if (/^.{0,200}?original message from [a-z]{1,} mailto/) { spam("s02994",1.7,$&); } if (/estudia/) { spam("s02983",0.4,$&); } if (/extranjero/) { spam("s02984",0.4,$&); } if (/nuestra/) { spam("s02985",0.4,$&); } if (/cursales/) { spam("s02986",0.4,$&); } if (/recibir/) { spam("s02987",0.4,$&); } if (/loss{0,1} expertos/) { spam("s02988",0.4,$&); } if (/(personal(ly|)|doc(tor|)|pharmac(y|ist)|physican)s{0,1} (recom{1,}ene{0,1}d(ation|ed|)|direction)/) { spam("s02980",0.6,$&); } if (/career of your choice/) { spam("s02981",0.8,$&); } if (/legal loophole/) { spam("s02982",0.4,$&); } if (/thanks to a private nomination/) { spam("s02979",2.4,$&); } if (/ necesita /) { spam("s02957",0.4,$&); } if (/ encuesta/) { spam("s02958",0.4,$&); } if (/ distrito /) { spam("s02959",0.4,$&); } if (/ ciudad/) { spam("s02960",0.4,$&); } if (/ seguridad/) { spam("s02961",0.4,$&); } if (/ especificar/) { spam("s02962",0.4,$&); } if (/ escribe /) { spam("s02963",0.4,$&); } if (/(s{0,}he|who|you) (did {0,1}no {0,1}t |is |are |the |last ){1,}surviv(ed{0,1}|ing)/) { spam("s02954",0.6,$&); } if (/this letter/) { spam("s02953",0.6,$&); } if (/^your .{0,50}?( is ready ).{0,50}?( (shipment|pickup)$)/) { spam("s02952",0.4,$&); } if (/((process(ing|) |regard(ing|) |enter |go |here |click ){1,}(your |to |this ){1,}claim( your){0,}( |$|)[^\s]{0,10}([0-9 \!]{0,}|$){0,}){1,}(.{0,30}gift.{0,1}card|)/) { spam("s02945",(int ((length($&) / 28) * 100)) / 100,$&); } if (/oportunidad/) { spam("s02943",0.4,$&); } if (/su mercado/) { spam("s02944",0.4,$&); } if (/votre (cour{1,}ier|cor{1,}espond)/) { spam("s02933",0.4,$&); } if (/moderateur/) { spam("s02934",0.4,$&); } if (/approbation/) { spam("s02935",0.4,$&); } if (/la raison/) { spam("s02936",0.4,$&); } if (/nonabon{1,}e/) { spam("s02937",0.4,$&); } if (/sur (la|une) liste/) { spam("s02938",0.4,$&); } if (/(find(ing|) |meet(ing|) |view |date |look(ing|) |for |are |you |seek(ing|) |interested |in |like |live |to |would |all |kinds |of |a |town |city |area ){0,}(fun |single |lonely |hot |latino |black |horny |naughty |beautiful |ful{1,} of ){1,}(m[ea]n|wom[ea]n|guy|gal|girl|singles|latinos|chick)s{0,1}( are| new| in| your| area| region| to(wn|o|nite|night|)| city| look(ing|)| search(ing|)| need(ing|)| love(ly|)| for| dates{0,1}| a| hook up| satisf(y|ing|ie|s|d|action){1,}| fun| the[my]| like| see| what| single| lonely| hot| latino| black| horny| naughty| beautiful | (m[ea]n|wom[ea]n|guy|gal|girl|singles|latinos|chick)s{0,1}){0,}/) { spam("s02932",(int ((length($&) / 18) * 100)) / 100,$&); } elsif (/(find(ing|) |meet(ing|) |view(ing|) |dat(ing|e) |looking for |seek(ing|) |interested in )(fun |single |lonely |hot |latino |black |horny |naughty ){0,}(m[ea]n|wom[ea]n|guy|gal|girl|singles|latinos|chick)s{0,1}( in| your| area| region| town| city| looking| for| dates{0,1}| a){0,}/) { spam("s03375",(int ((length($&) / 12) * 100)) / 100,$&); } if (/^(hello|hi)\!{1,}.{0,} my name is [a-z]{0,}/) { spam("s02930",2.0,$&); } elsif (/^.{0,15}(hello|hi|dear|greetings|sincere).{0,} my name is [a-z]{0,}/) { spam("s02931",0.8,$&); } if (/our (record|file)s indicate/) { spam("s02928",0.8,$&); } if (/pricelist/) { spam("s02929",0.4,$&); } if (/tr(ying|ied) to (contact |call |reach |get (in touch with |through to ))you/) { spam("s02927",0.4,$&); } if (/job (of{1,}er|application|manage)/) { spam("s02918",0.4,$&); } if (/your.{0,30}dreams.{0,30}come true/) { spam("s02917",0.4,$&); } if (/private message from/) { spam("s02893",0.8,$&); } if (/get(ting|)itgood/) { spam("s02892",1.8,$&); } if (/^private message.*get(ting|)itgood/) { spam("s02894",2.8,$&); } if (/((increas|improv)(e[ds]{0,1}|ing) |your |the ){0,}(chances{0,1}|likelihood) (to|of|on|in) win(ning|)( big|)/) { spam("s02891",(int ((length($&) / 25) * 100)) / 100,$&); } if (/(increas|improv)(e[ds]{0,1}|ing) your (chances{0,1}|likelihood)/) { spam("s03188",0.6,$&); } if (/we bring .{0,100} to you/) { spam("s03189",0.6,$&); } if (/(best|great|bigg{0,1}|massive|huge|enormous)(er|est|) bonus/) { spam("s03190",0.4,$&); } if (/(try |play )(it |)(out |)for free/) { spam("s02890",0.6,$&); } if (/next best thing/) { spam("s02889",0.2,$&); } if (/(^| )win(ning|)s{0,1}( money| online){1,}/) { spam("s02888",(int ((length($&) / 16) * 100)) / 100,$&); } if (/revolutionary( and| patented| technology| data| wireless| compression| video| streaming){0,}/) { spam("s02887",(int ((length($&) / 33) * 100)) / 100,$&); } if (/surprise her with a (big|huge) one/) { spam("s02884",2.4,$&); $s02838 = $s02838 + 1; } if (/allixon.{0,30}rfid mid{1,}leware/) { spam("s02882",3.4,$&); } if (/(ac{1,}ess to .{0,20} ac{1,}ount|ac{1,}ount ac{1,}ess) .{0,20}(will|has) be(en|) (limit|restrict|deni)ed/) { spam("s02881",0.4,$&); } if (/((all {0,1}|)(natur|herb|speci)al(ly|) (made |)|formulas{0,1} ){2,}/) { spam("s02873",(int ((length($&) / 20) * 100)) / 100,$&); } if (/super attractor/) { spam("s02874",0.8,$&); $s02838 = $s02838 + 1; } if (/(ladie|girl|chick)s( wi|)ll be jumping/) { spam("s02875",1.6,$&); $s02838 = $s02838 + 1; } if (/(hav|find)ing (a |it )([rt]ough|hard) (time |)(with|(gett|find)ing) (your(self|) |)(a |the )(good |)(girl|chick|lad|wom[ea]n)(y|ie|s){0,}/) { spam("s02876",0.8,$&); $s02838 = $s02838 + 1; } if (/(get |)the info (is |here |){0,}https{0,1}\//) { spam("s02864",0.6,$&); } if (/go here https{0,1}\//) { spam("s02865",0.6,$&); } if (/((trustees{0,1} |executors{0,1} |(last |)(will |testament )|late |deceased |client |customer |(i|we) wish to (inform|notify) |beneficiar(y|ies) |total (amount|sum) |bequeath(ed|) |codicils{0,1} |deceased |death |shareholders{0,1} )(and |of |our |your{0,1} |have |been |were |was |listed |as |in |is |of |at |to |the |this |that |these |they |them |until |a ){0,}){4,}/) { spam("s02858",(int ((length($&) / 35) * 100)) / 100,$&); } if (/(my|our) (client|customer)s{0,1} (is|are) (seek|search|look|try)ing/) { spam("s02851",0.8,$&); } if (/go deeper/) { spam("s02834",0.4,$&); $s02838 = $s02838 + 1; } if (/size (does(nt| not|) |)matters{0,1}/) { spam("s02835",0.6,$&); $s02838 = $s02838 + 1; } if (/she (just |)is(nt| not|) feeling (ful|)filled/) { spam("s02836",0.6,$&); $s02838 = $s02838 + 1; } if (/grow to new lengths/) { spam("s02837",1.6,$&); $s02838 = $s02838 + 1; } if (/every woman wants/) { spam("s02839",0.6,$&); $s02838 = $s02838 + 1; } if (/(satisfy|give|neither will|please) your (lovely |)(woman|partner)/) { spam("s02862",0.6,$&); $s02838 = $s02838 + 1; } elsif (/(satisfy|please) your (lovely |)wife/) { spam("s02862",0.6,$&); $s02838 = $s02838 + 1; } if (/(do |would |)you (need|lack|want|like|wish) (to |have |some |you |had |more |were ){0,}confidence/) { spam("s02863",0.6,$&); $s02838 = $s02838 + 1; } if (/beg(ging|) (you |)for (some |)more/) { spam("s02841",0.4,$&); $s02838 = $s02838 + 1; } if (/increase your beast/) { spam("s02842",1.8,$&); $s02838 = $s02838 + 1; } if (/you (can|will) be (as |much |a |a{0,1}lot ){0,}big(ger|)/) { spam("s02863",0.4,$&); $s02838 = $s02838 + 1; } if (/help you (to |)get (a |)bigger/) { spam("s02853",0.6,$&); $s02838 = $s02838 + 1; } if (/(brag(ging|) |talk(ing|) |about ){0,}how big (her|your) man(hood|) (is |has |become ){1,}/) { spam("s02854",(int ((length($&) / 26) * 100)) / 100,$&); $s02838 = $s02838 + 1; } if (/better th[ae]n shes{0,1} (has |)ever had( it| before)/) { spam("s02855",0.8,$&); $s02838 = $s02838 + 1; } if (/mak(ing|e)s{0,1} (all |)(of |)her ((girl|)friends |)jealous/) { spam("s02840",0.6,$&); $s02838 = $s02838 + 1; } if (/tons of tail/) { spam("s02830",1.2,$&); } if (/help you score/) { spam("s02831",0.8,$&); } if (/natural pheromone/) { spam("s02832",1.2,$&); } if (/all the tail you(ll ever|) (could |)(want|need)/) { spam("s02833",1.2,$&); } if (/(visa.{0,10}travel|travel.{0,10}visa)/) { spam("s02815",0.4,$&); } if (/if we could( meet| up |get | together){0,} i (shall|would) be (more |most |than |very ){0,}happy/) { spam("s02816",0.4,$&); } if (/this is (the|your) (chance|op{1,}ortunity)( you( ha|)(ve|)| been| waiting| for| to(o{0,1} late|)| get| in(to|)| while| before| its{0,1}| is| still| low| available){0,}/) { spam("s02814",(int ((length($&) / 35) * 100)) / 100,$&); } if (/deactivated/) { spam("s02785",0.4,$&); } if (/of{1,}icial notification/) { spam("s02786",0.4,$&); } if (/(government|federal(ly|)) certifi(ed|cation)/) { spam("s02787",0.4,$&); } if (/(our |this |is |a |free |for |try |why |not |c{0,1}all |now |to |and ){0,}(unique |proprietary |free ){1,}(system |service |product ){1,}(today |now )/) { spam("s02779",(int ((length($&) / 29) * 100)) / 100,$&); } if (/g[eo]t (all |your ){0,}med[sicatonlz]{0,}/) { spam("s02763",0.8,$&); } if (/(^| )e.{0,1}suppl[yiers]{1,}/) { spam("s02760",0.8,$&); } if (/(lic{1,}ensed|registered) (medical |us ){0,}(physician|doctor|professional)/) { spam("s02749",0.4,$&); } if (/ spamis /) { spam("s02748",0.8,$&); } if (/((prolonged|plentiful|increased|stronger|greater|rock.{0,1}hard|huge) (hardnes|explosion|duration|erection|ejaculation)(s| and| ){0,}){1,}/) { spam("s02747",(int ((length($&) / 25) * 100)) / 100,$&); } if (/(have |)((prolonged|longer|better|bigger|stronger|rock.{0,1}hard|power|more|great(er|est|)|stamina|enjoy(ment|)|suc{1,}ess(ful|)|performance|impress(ion|)|wom[ea]n|lover|girlfriend|improve(ment|)[sd]{0,1})s{0,1} (and |with |your |them{0,2} ){0,}){1,}in (the |)bed/) { spam("s02745",(int ((length($&) / 20) * 100)) / 100,$&); } if (/say good[^b]{0,1}bye to/) { spam("s02744",0.6,$&); } if (/(sock|finger) puppet/) { spam("s02739",0.4,$&); } if (/ hooters/) { spam("s02740",0.4,$&); } if (/ crotch/) { spam("s02741",0.4,$&); } if (/the only product/) { spam("s02735",0.6,$&); } if (/penetration/) { spam("s02736",0.2,$&); } if (/guaranteed{0,1}\!/) { spam("s02734",0.8,$&); } if (/enhance(d |your )male power/) { spam("s02729",1.8,$&); } if (/boost your manhood/) { spam("s02730",1.8,$&); } if (/masculine performance/) { spam("s02731",1.8,$&); } if (/(like|wish|want) to (exchange|place) (a |)links{0,1}/) { spam("s02726",0.8,$&); } if (/^h(ey|i|ello|ola)(baby| |my|man){0,}i(m|ts me) sara(h|)/) { spam("s02725",2.2,$&); if (/webcam|(new|my) pic(x|s|tures)|pic(x|s|tures) of me|ciao/) { spam("s02725",2.8,"Hi Sara plus " . $&); } } if (/provid(ing|e)s{0,1} ((timely |ac{1,}urate |financial |information |proven |results{0,1} |great |returns{0,1} )(with |and ){0,}){1,}/) { spam("s02724",(int (length($&) / 30 * 100)) / 100,$&); } if (/(b|fin|high)est ((of{1,}er|price|deal)s{0,1} |on |for |all |your |the |quality ){0,}med(ic(ation|ine|)|)[sz]{0,1}/) { spam("s02723",(int (length($&) / 14 * 100)) / 100,$&); } if (/need med(ic(ation|ine|)|)[sz]{0,1}( |\?|$)/) { spam("s02722",0.8,$&); } if (/((suc{1,}ess(ful|) |)(of{1,}shor(e|ing) |outsourc(e|ing) ){1,}((strateg(y|ies)|research|reports{0,1}|suc{1,}ess(ful|)|vendors{0,1}|manag(e(ment|)|ing)|initiatives{0,1})( |$)){1,}){1,}/) { spam("s02717",(int (length($&) / 36 * 100)) / 100,$&); } if (/online (profile|source)/) { spam("s02711",0.6,$&); } if (/(my pi[cxs]{1,2}|pi[cxs]{1,2} of me)/) { spam("s02712",0.4,$&); } if (/we can assist/) { spam("s02708",0.4,$&); } if (/sex[ao]holic/) { spam("s02704",0.8,$&); } if (/^hey bud{1,}y i just changed my cell phone and my new one is .{0,}please update it in your records how is everything with you\? i gotta run downstairs just wanted to send you the new number best regards josh/) { spam("s02697",5.0,$&); } if (/this (is an |)advertisement (is |was |com(es|ing) |sent |to you ){0,}(from|by)/) { spam("s02693",1.0,$&); } if (/my personal (web.{0,1}|)site/) { spam("s02686",0.8,$&); } if (/meet new people/) { spam("s02687",0.8,$&); } if (/make new friends/) { spam("s02688",0.8,$&); } if (/i( woul|)d love (it |)if you( woul|)d{0,1} c[oa]me (and|to) see me/) { spam("s02689",1.2,$&); } if (/i( ha|)ve never done (this|it) before/) { spam("s02690",0.6,$&); } if (/(you|we)( ha|)ve never met( me|)/) { spam("s02691",0.6,$&); } if (/(sier{1,}a|ser{1,}ia) leone{0,1}/) { spam("s02676",0.4,$&); } if (/ benin /) { spam("s02677",0.4,$&); } if (/ republic of /) { spam("s03132",0.4,$&); } if (/(receiv|transfer{1,}|claim)(ed{0,1}|ing|s|) (the(se|) |this |)(funds{0,1}|money)/) { spam("s02678",0.4,$&); } if (/widow (of|to) the late/) { spam("s02679",1.2,$&); } if (/seeking refuge/) { spam("s02680",0.4,$&); } if (/seeking asylum/) { spam("s02681",0.4,$&); } if (/external assistance/) { spam("s02682",0.4,$&); } if (/a large deposit/) { spam("s02683",0.4,$&); } if (/my late husband/) { spam("s02684",0.4,$&); } if (/foreign representative/) { spam("s02685",0.4,$&); } if (/natural source/) { spam("s02670",0.4,$&); } if (/healthy living/) { spam("s02671",0.4,$&); } if (/disease free/) { spam("s02672",0.4,$&); } if (/( |^)(our |recent ){1,}stud(ie|y)s/) { spam("s02673",0.4,$&); } if (/actual results/) { spam("s02674",0.4,$&); } if (/healthy life/) { spam("s02675",0.4,$&); } if (/your life (is about to|will) (change|improve)/) { spam("s02669",0.6,$&); } if (/strong desire/) { spam("s02667",0.4,$&); } if (/(any |every |market ){1,}niche/) { spam("s02666",0.8,$&); } if (/(we (tried |)(to |)|trying to )(call|phon|contact).{0,}?kind enough.{0,}?fill.{0,1}(in|out).{0,}?secure[^s]{0,1}site.{0,}?follow[^u]{0,1}up/) { spam("s02665",4.0,$&); } if (/intimate.{0,10}( love| life){1,}/) { spam("s02659",0.8,$&); } if (/((import|export)(ing|s|)( and|)[ \/]{1,}){1,}(business|co(mpan[yi]| ))e{0,1}s{0,1}/) { spam("s02657",(int (length($&) / 20 * 100)) / 100,$&); } if (/(my|our|this|the) (business|compan[yi])e{0,1}s{0,1} (is |in |to ){0,}((import|export|manufactur)(ing|s|e){0,}( and|)[ \/]{1,}){1,}/) { spam("s02657",(int (length($&) / 24 * 100)) / 100,$&); } if (/night of (love|passion)( |love|passion|making|and){0,}/) { spam("s02656",(int (length($&) / 28 * 100)) / 100,$&); } if (/we (have |)(tri|attempt)ed .{0,10}to ((call|phone).{0,}no answer|(get |)(in |)(contact|touch))/) { $tmp = $&; if (/(mortgage|home.{0,1}loan|re.{0,1}finance)/) { spam("s02656",2.0,$tmp . "..." . $&); } else { spam("s02656",0.8,$tmp); } } if (/(your |total |any in|this (one[^t]{0,1}time |)in){1,}convenience/) { spam("s02654",0.4,$&); } if (/ our secure.{0,30}site/) { spam("s02653",0.8,$&); } if (/was kind enough to .{0,20} your [^m]{0,2}mail/) { if (/mortgage/) { spam("s02652",2.0,$&); } else { spam("s02652",0.6,$&); } } if (/re(garding|) (the|your) (mortgage|loan)/) { spam("s02651",1.2,$&); } if (/(all[^i]{0,1}in[^o]{0,1}one |comprehensive |step[^b]{0,1}by[^s]{0,1}step |easy[^t]{0,1}to[^u]{0,1}use ){2,}/) { spam("s02650",(int (length($&) / 20 * 100)) / 100,$&); } if (/edit(ing|) (your |)digital (photo|image)s{0,1}/) { spam("s02649",0.8,$&); } if (/download (a |the |)demo/) { spam("s02647",0.8,$&); } if (/video[^t]{0,1}training/) { spam("s02648",0.8,$&); } if (/brand([^n]{0,1}name|ed)(.{0,30}?(cialis|viagra|levitra)|[^w]{0,1}watch(es|))/) { spam("s02646",2.2,$&); } if (/(mild |moderate |severe |male ){1,}ed(\!| |$)/) { spam("s02645",0.8,$&); } if (/muscle[^r]{0,1}relaxant/) { spam("s02643",0.8,$&); } if (/ma(n|le)s{0,1}[^m]{0,1}member/) { spam("s02644",0.8,$&); } if (/(many |of |the |all |including ){0,}((high(est|) |best |finest |superior ){0,}quality |d(oc|to|r){1,} |(hard|burdensome|difficult).{0,1}to.{0,1}find |prescri(bed|ption) (items |)|remedies |drugs |pills |tablets ){2,}/) { spam("s02642",(int (length($&) / 18 * 100)) / 100,$&); } if (/chronic.{0,1}(health|pain|disease|fatigue)/) { spam("s02641",0.8,$&); } if (/((are |)(you |)trying to find |(are |)(you |)(look(ing|) for |seek(ing|) out |search(ing|) for )|(meet(ing|) |find(ing|) |)(that |)(special |)some(one|body)( special|)\?{0,1}( |$)|(a |)relationship[s\?]{0,}( |$)|(a|)lone(some|ly|)[s\?]{0,}( |$)|(come |)(here |)(and |)(get|find)( a|) (match|date|love)(ed|)( up| here| for| to(day|night)){0,}[s\?]{0,}( |$)){2,}/) { spam("s02640",(int (length($&) / 20 * 100)) / 100,$&); } if (/brutal rape/) { spam("s02639",1.2,$&); } if (/hola([\! ]|$)/) { spam("s02638",0.6,$&); } if (/sensational[^p]{0,1}p(hoto|i[cx])(ture|)s{0,1}/) { spam("s02636",1.2,$&); } if (/sexual[^a]{0,1}ad{1,}ictions{0,1}/) { spam("s02637",1.6,$&); } if (/paid message/) { spam("s02635",0.6,$&); } if (/award.{0,1}win{1,}ing/) { spam("s02630",0.8,$&); } if (/(eliminate|remove|eradicate|get rid of) spy.{0,1}w[ai]re/) { spam("s02633",0.8,$&); } if (/spyw[ai]re/) { if (/(download |this |y{0,1}our |the |by |get |receive |award.{0,1}win{1,}ing |anti[^s^v]{0,1}(virus |)){1,}spyw[ai]re( software| solution| product){1,}/) { spam("s02631",(int (length($&) / 14 * 100)) / 100,$&); } elsif (/(download |this |y{0,1}our |the |by |get |receive |award.{0,1}win{1,}ing |anti[^s^v]{0,1}(virus |)){1,}spyw[ai]re/) { spam("s02631",(int (length($&) / 14 * 100)) / 100,$&); } elsif (/spyw[ai]re( software| solution| product){1,}/) { spam("s02631",(int (length($&) / 14 * 100)) / 100,$&); } else { spam("s02631",(int (length($&) / 14 * 100)) / 100,$&); } } if (/adw[ai]re/) { spam("s03372",0.4,$&); } if (/(award.{0,1}win{1,}ing |hottest ){1,}(software|solution|product)/) { spam("s02632",1.0,$&); } if (/(^| )rated (a |)(strong |)(buy|sell)/) { spam("s02619",1.2,$&); } if (/letter of intent/) { spam("s02620",0.6,$&); } if (/past performance/) { spam("s02621",0.4,$&); } if (/future results/) { spam("s02622",0.4,$&); } if (/(is |highly |likely |on track |to |also ){0,}surpass (first |second |third |fourth |last |previous |the ){0,}quarter/) { spam("s02623",(int (length($&) / 22 * 100)) / 100,$&); } if (/targeted promotion/) { spam("s02624",1.0,$&); } if (/inten[td] to acquire/) { spam("s02625",0.2,$&); } if (/security consultant/) { spam("s02626",0.4,$&); } if (/died intestate/) { spam("s02627",0.8,$&); } if (/international banking conglomerate/) { spam("s02628",0.8,$&); } if (/(shar(e|ing)|ha(ve|ving)|bear(ing|))s{0,1} the same (sur|last |)name (with|as) y{0,1}our{0,1}/) { spam("s02629",0.8,$&); } if (/(i am a |)senior partner( (in|with) (this|the) (firm|company|employ)|)/) { spam("s02623",(int (length($&) / 20 * 100)) / 100,$&); } if (/ benin rep/) { spam("s02616",0.8,$&); } if (/we( can|( wi|)ll) help your company/) { spam("s02617",0.8,$&); } if (/your company/) { spam("s02618",0.1,$&); } if (/[0-9]{1,}\% growth|up [0-9]{1,}\%/) { spam("s02613",0.4,$&); } if (/ trad(ed|ing) at /) { spam("s02614",0.4,$&); } if (/(net|gross) (revenue|turnover|profit|margin)s{0,1}/) { spam("s02615",0.4,$&); } if (/our prices{0,1}/) { spam("s02609",0.4,$&); if (/(compare|check out) our prices{0,1}/) { spam("s02610",1.0,$&); } } if (/((b[vu]lgar[yies]{1,} {0,1}|(har{1,}y[^w]{0,1}|)winstons{0,1} {0,1}|breguets{0,1} {0,1}|chanels{0,1} {0,1}|versaces{0,1} {0,1}|armanis{0,1} {0,1}|jaegers{0,1} {0,1}|(le[^c]{0,1}|)coultres{0,1} {0,1}|brieti{0,1}lings{0,1} {0,1}|tagheuers{0,1} {0,1}|rolex[es]{0,} {0,1}|pradas{0,1} {0,1}|guc{1,}is{0,1} {0,1}|coach[es]{0,} {0,1}|dgs{0,1} {0,1}|fendis{0,1} {0,1}|dknys{0,1} {0,1}|louis {0,1}|vuit{1,}ons{0,1} {0,1}|cartiers{0,1} {0,1}|fran[cks]{0,} {0,1}|mullers{0,1} {0,1})(and {0,1}|)){4,}/) { spam("s02605",(int (length($&) / 25 * 100)) / 100,$&); } elsif (/((b[vu]lgar[yies]{1,} {0,1}|(har{1,}y[^w]{0,1}|)winstons{0,1} {0,1}|breguets{0,1} {0,1}|chanels{0,1} {0,1}|versaces{0,1} {0,1}|armanis{0,1} {0,1}|jaegers{0,1} {0,1}|(le[^c]{0,1}|)coultres{0,1} {0,1}|brieti{0,1}lings{0,1} {0,1}|tagheuers{0,1} {0,1}|rolex[es]{0,} {0,1}|pradas{0,1} {0,1}|guc{1,}is{0,1} {0,1}|coach[es]{0,} {0,1}|dgs{0,1} {0,1}|fendis{0,1} {0,1}|dknys{0,1} {0,1}|louis {0,1}|vuit{1,}ons{0,1} {0,1}|cartiers{0,1} {0,1}|fran[cks]{0,} {0,1}|mullers{0,1} {0,1})(and {0,1}|)){3}/) { spam("s02605",(int (length($&) / 25 * 100)) / 100,$&); } elsif (/((b[vu]lgar[yies]{1,} {0,1}|(har{1,}y[^w]{0,1}|)winstons{0,1} {0,1}|breguets{0,1} {0,1}|chanels{0,1} {0,1}|versaces{0,1} {0,1}|armanis{0,1} {0,1}|jaegers{0,1} {0,1}|(le[^c]{0,1}|)coultres{0,1} {0,1}|brieti{0,1}lings{0,1} {0,1}|tagheuers{0,1} {0,1}|rolex[es]{0,} {0,1}|pradas{0,1} {0,1}|guc{1,}is{0,1} {0,1}|coach[es]{0,} {0,1}|dgs{0,1} {0,1}|fendis{0,1} {0,1}|dknys{0,1} {0,1}|louis {0,1}|vuit{1,}ons{0,1} {0,1}|cartiers{0,1} {0,1}|fran[cks]{0,} {0,1}|mullers{0,1} {0,1})(and {0,1}|)){2}/) { spam("s02605",(int (length($&) / 25 * 100)) / 100,$&); } if (/you(( a|)re|have|) receiv(ing|ed) this( e{0,1}[^m]{0,1}mail| message|newsletter|notice|notification|) (by |in |)(ac{1,}ident|er{1,}o[rn]|mistake)/) { spam("s02604",1.0,$&); } if (/we are an equal (housing |op{1,}ortunity ){1,}lender/) { spam("s02605",2.0,$&); } if (/closing (fee|cost)s{0,1}/) { spam("s02601",0.8,$&); } if (/home war{1,}anty/) { spam("s02602",1.0,$&); } if (/of{1,}er (close|end)s/) { spam("s02603",0.4,$&); } if (/we( a|)re pleased{0,1} to (an{1,}ounce|inform)/) { spam("s02600",1.0,$&); } if (/order(ing|s|) (your |)viagra|viagra order/) { spam("s02594",1.0,$&); } if (/order.{0,30}online/) { spam("s02595",0.4,$&); } if (/legal source/) { spam("s02591",0.4,$&); } if (/male impot[ea]nce/) { spam("s02592",0.8,$&); } if (/treat(ing|ment|)s{0,1} impot[ea]nce|impot[ea]nce treatment/) { spam("s02596",0.8,$&); } if (/impot[ea]nce/) { spam("s02593",0.4,$&); } if (/ ecrans /) { spam("s02590",0.4,$&); } if (/(plasma |tv ){2,}/) { spam("s02588",0.2,$&); } if (/hdtv/) { spam("s02589",0.2,$&); } if (/plus de details/) { spam("s02587",2.0,$&); } if (/(prix|of{1,}re) directe{0,1}/) { spam("s02586",2.0,$&); } if (/(better|worse|embar{1,}[ae]s{1,}ed|(un|)satisfied) ((in|with|when|by|the(ir|)|you(r|)|his|her|performance) ){1,}bed/) { spam("s02580",0.4,$&); } if (/foreplay/) { spam("s02581",0.4,$&); } if (/ stud /) { spam("s02582",0.2,$&); } if (/(start |)put(ting|) your .{0,40}(cash|equity).{0,40} to good use/) { spam("s02577",2.4,$&); } elsif (/(start |)put(ting|) your .{0,40} to good use/) { spam("s02578",0.8,$&); } if (/health plan/) { spam("s02570",0.4,$&); } if (/health insurance/) { spam("s02576",0.2,$&); } if (/(have |)you(ve|) been turned down by others/) { spam("s02571",1.4,$&); } if (/no contract/) { spam("s02572",0.4,$&); } if (/claims form/) { spam("s02573",0.4,$&); } if (/age limit/) { spam("s02574",0.2,$&); } if (/we approve all applican{0,1}t(ion|)s{0,1}/) { spam("s02575",2.0,$&); } if (/high priority message/) { spam("s02570",0.4,$&); } if (/you( wi|)ll (be|receive) (fully{0,1} |)compensat(ed|ion)/) { spam("s02569",1.0,$&); } if (/(rapid|deeper|true|richer|greater) (understanding|growth)/) { spam("s02564",0.4,$&); } if (/financial position/) { spam("s02565",0.4,$&); } if (/management perspective/) { spam("s02566",0.4,$&); } if (/(more |higher |greater )profitability/) { spam("s02567",0.4,$&); } if (/(re(spond|ply)|e{0,1}.{0,1}mail) (back |)(to this (e{0,1}.{0,1}mail |message ){0,}|)to stop further( (e{0,1}.{0,1}mail|message)s{0,1}|)/) { spam("s02563",1.0,$&); } if (/usuario (in|)(existent|valido)/) { spam("s02561",0.8,$&); } if (/usuario/) { spam("s02562",0.4,$&); } if (/(^| )tuerkei/) { spam("s02559",0.6,$&); } if (/tuerkei in die eu/) { spam("s02560",4.5,$&); } if (/we (can |will |only ){1,}of{1,}er (you |more ){1,}/) { spam("s02557",0.4,$&); } if (/(^| |would |do |you |like |wish |to |hav(e|ing) |had |dont |desire |dream(ed|t|s|) |of |ever |always ){1,}( |strengthen|your|improve[ds]{0,1}|better|big(ger|gest|)|strong(er|est|)|rock.{0,1}hard|long(er|est|)|lasting|awesome|fantastic|incredible|unbelieveable|way to){0,}e(rec|jacula)tions{0,1}/) { spam("s02556",(int (length($&) / 20 * 100)) / 100,$&); } if (/(af{1,}ord|reason)able pric(e|ing)/) { spam("s02555",0.4,$&); } if (/hottest (sell|demand)(ing|) meds/) { spam("s02549",3.0,$&); } if (/hottest (sell|demand)(ing|)/) { spam("s02550",0.8,$&); } if (/vergessen/) { spam("s02539",0.4,$&); } if (/fruehen/) { spam("s02540",0.4,$&); } if (/abendstunden/) { spam("s02541",0.4,$&); } if (/stadt/) { spam("s02542",0.4,$&); } if (/dresden/) { spam("s02543",0.4,$&); } if (/schuldigen/) { spam("s02544",0.4,$&); } if (/fliegen/) { spam("s02545",0.4,$&); } if (/noch keine/) { spam("s02546",0.4,$&); } if (/ischen/) { spam("s02547",0.4,$&); } if (/youre invited thanks to a private nomination/) { spam("s02537",3.0,$&); } if (/blutige/) { spam("s02527",0.4,$&); } if (/justiz/) { spam("s02528",0.4,$&); } if (/polizei/) { spam("s02529",0.4,$&); } if (/ethnisch/) { spam("s02530",0.4,$&); } if (/geschot/) { spam("s02531",0.4,$&); } if (/mafiaclans/) { spam("s02532",0.4,$&); } if (/durchdringen/) { spam("s02533",0.4,$&); } if (/gerichte/) { spam("s02534",0.4,$&); } if (/mitschuld/) { spam("s02535",0.4,$&); } if (/weiter/) { spam("s02536",0.4,$&); } if (/lese selbst http/) { spam("s02525",4.0,$&); } if (/weiter auf http/) { spam("s02538",4.0,$&); } if (/lese selbst/) { spam("s02526",0.8,$&); } if (/selbst/) { spam("s02526",0.8,$&); } if (/credit.{0,1}(history|score|rating|report|record)/) { spam("s02524",0.8,$&); } if (/credit.{0,40}not a factor/) { spam("s02525",0.8,$&); } if (/franquicia/) { spam("s02513",0.4,$&); } if (/disponible/) { spam("s02514",0.4,$&); } if (/negocio/) { spam("s02515",0.4,$&); } if (/potencial/) { spam("s02516",0.4,$&); } if (/gerencial/) { spam("s02517",0.4,$&); } if (/precio preferencial/) { spam("s02518",1.4,$&); } if (/millones de personas/) { spam("s02519",1.4,$&); } if (/eficiente/) { spam("s02520",0.4,$&); } if (/rapido/) { spam("s02521",0.4,$&); } if (/millonario/) { spam("s02522",1.2,$&); } if (/millones/) { spam("s02523",0.4,$&); } if (/(search|xxx).{0,1}personals/) { spam("s02510",1.4,$&); } if (/personals (web.{0,1}|)site/) { spam("s02512",1.2,$&); } if (/((view photos|watch videos).{0,20}?){2,}/) { spam("s02511",1.0,$&); } if (/alternative.{0,1}(cure|remed(y|ie)|medic(al|ine|))s{0,1}/) { spam("s02508",0.4,$&); } if (/healing power/) { spam("s02509",0.4,$&); } if (/shanghai/) { spam("s02507",0.4,$&); } if (/(domestic|international) (customer|partner|af{1,}iliate)s{0,1}/) { spam("s02505",0.4,$&); } if (/quality control/) { spam("s02506",0.2,$&); } if (/ oem /) { spam("s02504",0.4,$&); } if (/(this|the|your) (attached |)(file |document |attachment ){1,}is (bad|not{0,1} good)/) { spam("s02503",0.8,$&); } if (/sexy{0,1}.{0,1}body{0,1}/) { spam("s02501",0.8,$&); } if (/sexy body in the pic/) { spam("s02502",2.8,$&); } if (/oem version/) { spam("s02500",0.8,$&); } if (/archivo/) { spam("s02493",0.8,$&); } if (/muerto/) { spam("s02494",0.4,$&); } if (/reflejo/) { spam("s02495",0.6,$&); } if (/suprimirlo/) { spam("s02496",0.8,$&); } if (/nuestro/) { spam("s02497",0.6,$&); } if (/listado/) { spam("s02498",0.6,$&); } if (/(^| )empresa( |$)/) { spam("s02499",0.8,$&); } if (/(^| )trenton( |$)/) { if (/(trenton nj|nj trenton)/) { spam("s02492",0.4,$&); } else { spam("s02492",0.4,"trenton"); } } if (/thank you for (writ|e{0,1}.{0,1}mail|send)ing/) { spam("s02489",0.2,$&); } if (/(this is|we do|replied to|mailed|(sent |)(an{0,1} |)e{0,1}.{0,1}mail to) (not an{0,1} |an [ui]n)(monitor(ed|)|active|valid) (this |)(e{0,1}.{0,1}mail |)(ad{1,}ress|alias)/) { spam("s02490",3.2,$&); } if (/(this|your) e{0,1}.{0,1}mail [hw]as (been |)altered by mimedefang/) { spam("s02491",2.2,$&); } if (/dear (ebay |)(customer|client)/) { spam("s02486",0.8,$&); } if (/(regular(ly|) |scheduled ){1,}(ac{1,}ount maintenance (proce(s|dure)s{0,1} |)|and |verification (proce(s|dure)s{0,1} )){1,}(we( have|ve|) (detected|discovered)|)/) { spam("s02487",(int (length($&) / 40 * 100)) / 100,$&); } if (/(please |update |and |verify ){1,}your ((ac{1,}ount |billing |)information|ebay( ac{1,}ount| billing| information){1,})/) { spam("s02488",0.6,$&); } if (/er{1,}ors{0,1} [io]n your (billing |ac{1,}ount |information ){1,}/) { spam("s02485",0.8,$&); } if (/your (personal |financial ){1,}needs/) { spam("s02484",0.8,$&); } if (/seminar/) { spam("s02478",0.2,$&); } if (/better communicator/) { spam("s02479",0.4,$&); } if (/(day|week) workshop/) { spam("s02480",0.4,$&); } if (/master the art/) { spam("s02481",0.8,$&); } if (/(enroll|reply) (today|now|right away|immediately|instantly)/) { spam("s02482",0.8,$&); } if (/will change the way you/) { spam("s02483",0.4,$&); } if (/cliquez{0,1}( sur le lien| ici)/) { spam("s02472",1.8,$&); } if (/les derniers modeles/) { spam("s02473",0.8,$&); } if (/ de remise/) { spam("s02474",0.8,$&); } if (/confirm(ation|er).{0,10}commandes{0,1}/) { spam("s02475",0.8,$&); } if (/pour{1,}ont profiter/) { spam("s02476",0.8,$&); } if (/([cl]es{0,1}|aux) prix/) { spam("s02477",0.4,$&); } if (/((lead to|cause|result in) an{0,1} |dramatic(ally|) |increase |improvement |(in(to|) |if |to |)your{0,1} ((want|wish|would like) to |)|potential |online |(in |)(sales|business|traf{1,}ic|(web.{0,1}|)site) |(by |)invest(ed|ing|) |time and money ){3,}/) { spam("s02471",(int (length($&) / 20 * 100)) / 100,$&); } if (/too many girls (to compete with|competing)/) { spam("s02470",0.8,$&); } if (/al.{0,1}qaeda.{0,}cocacola factor(y|ie)s{0,1}|cocacola factor(y|ie)s{0,1}.{0,}al.{0,1}qaeda/) { spam("s02465",4.5,$&); } if (/(we( a|)re |)the only company( in the world|)/) { if (length($&) > 16) { spam("s02463",0.6,$&); } } if (/developed this product/) { spam("s02464",0.4,$&); } if (/i am (still |)a young girl/) { spam("s02457",1.2,$&); } if (/how to please (a |your |the )m[ae]n/) { spam("s02458",1.0,$&); } if (/(take|have) a look at (my|this) (web|).{0,1}site/) { spam("s02459",0.6,$&); } if (/para no recibir/) { spam("s02451",2.0,$&); } if (/mas anuncio/) { spam("s02452",0.8,$&); } if (/escribanos/) { spam("s02453",0.8,$&); } if (/esta cuenta/) { spam("s02454",0.8,$&); } if (/internacional/) { spam("s02455",0.4,$&); } if (/homes{0,1}.{0,1}equity/) { spam("s02450",0.6,$&); } if (/(quick|convenient).{0,1}and.{0,1}(convenient|quick)/) { spam("s02446",0.4,$&); } if (/med(ical|s|).{0,1}suppl(y|ie)s/) { spam("s02447",0.8,$&); } if (/escudo heraldico/) { spam("s02440",3.0,$&); } if (/heraldica/) { spam("s02441",0.4,$&); } if (/genealogia/) { spam("s02442",0.4,$&); } if (/apellido/) { spam("s02443",0.4,$&); } if (/arboles genealogicos/) { spam("s02444",3.0,$&); } if (/especificos/) { spam("s02445",0.4,$&); } if (/ultimate (sex |love |)guide/) { spam("s02437",0.4,$&); } if (/lesbian/) { spam("s02438",0.2,$&); } if (/(mind blowing|blow your mind)/) { spam("s02439",0.3,$&); } if (/(powerful |important |amazing |project |management |communication ){1,}seminar/) { spam("s02432",0.6,$&); } if (/busy executives{0,1}/) { spam("s02433",0.6,$&); } if (/learn how to/) { spam("s02434",0.4,$&); } if (/gain control/) { spam("s02435",0.4,$&); } if (/improve (your |the |)ef{1,}ectiveness/) { spam("s02436",0.6,$&); } if (/(^| )(pill|tablet)[sz]{0,1}([\! ]|$)/) { spam("s02428",0.4,$&); } if (/blood level/) { spam("s02429",0.4,$&); } if (/ my life/) { spam("s02430",0.4,$&); } if (/(regular|normal|usual) dos(e|ing)s{0,1}/) { spam("s02431",0.4,$&); } if (/highly speculative/) { spam("s02426",0.4,$&); } if (/aggressive invest(or|ment)s{0,1}/) { spam("s02427",0.4,$&); } if (/ e.{0,1}shop(ping)s{0,1}/) { spam("s02422",0.6,$&); } if (/ p {0,1}i {0,1}l {0,1}l/) { if (length($&) > 5) { spam("s02414",2.8,$&); s/ p {0,1}i {0,1}l {0,1}l/ pill/g; } } if (/exclusive (evening|night|models)/) { spam("s02411",0.8,$&); } if (/romantic (evening|night)/) { spam("s02413",0.8,$&); } if (/ arts{0,1} of (love|sex|seduc(e|tion|ing))/) { spam("s02412",1.2,$&); } if (/(unique |visual |image ){3,}/) { spam("s02410",0.4,$&); } if (/your future suc{1,}ess/) { spam("s02409",0.8,$&); } if (/online.{0,1}replica.{0,1}store/) { spam("s02408",4.0,$&); } if (/pre.{0,1}selected/) { spam("s02407",0.4,$&); } if (/(explosive |inten[sc]e |incredible |amazing |wild |more |better |best |long(er|est) |most |and |the ){0,}orgasms{0,1}( of| your{0,1}| her| life| she| ever| will| experienced{0,1}){0,}/) { spam("s02406",(int (length($&) / 8 * 100)) / 100,$&); } if (/v[a-df-z]{0,1} ([a-z][a-z]{0,1} ){3,}/) { spam("s02405",0.8,$&); } if (/(finally |)(af{1,}ord |to |take ){1,}(that|your) dreams{0,1}/) { spam("s02401",0.8,$&); } if (/(watch |wait |for |the |all |that ){0,}money (to |comes{0,1} |finally |starts{0,1} ){0,}roll(s|ing|) in/) { spam("s02402",0.8,$&); } if (/process your claim/) { spam("s02400",0.8,$&); } if (/take (yo|)u of{1,} (this |our |the |future ){0,}mailing/) { spam("s02399",1.0,$&); } if (/(((un|)happy|(dis|)satisfied) with the |(increas|enlarg)(es{0,1}|ing) the |)(size|width|girth) of (your|his) (unit|package|johnson)( check| this| out| our){0,}/) { spam("s02396",(int (length($&) / 14 * 100)) / 100,$&); } elsif (/(interested |would |you |like |to |want |looking |for |a |ways{0,1} ){0,}(increas|enlarg|thick)(e[srn]{0,1}|ing).{0,50}johnson( check| this| out| our| us| at| http){0,}/) { spam("s02398",(int (length($&) / 14 * 100)) / 100,$&); } if (/ echemist/) { spam("s02394",1.6,$&); } if (/quality remed(y|ie)s{0,1}/) { spam("s02395",1.0,$&); } if (/acesodyne/) { spam("s02389",1.6,$&); } if (/analgesic/) { spam("s02390",0.8,$&); } if (/aug{0,1}ment(ar|).{0,10}penis/) { spam("s02388",3.6,$&); } if (/operation system/) { spam("s02387",1.2,$&); } if (/quality [li]inks{0,1}/) { spam("s02386",0.8,$&); } if (/enllarge/) { spam("s02385",1.8,$&); } if (/ vlsit /) { spam("s02383",0.8,$&); } if (/ dlsappo/) { spam("s02384",0.8,$&); } if (/(consumer |survey |group |news ){3,}/) { spam("s02382",0.8,$&); } if (/earn cash/) { spam("s02378",0.4,$&); } if (/incredible (sweepstake|prize)s{0,1}/) { spam("s02380",0.6,$&); } if (/(paid (consumer |customer |feedback |survey ){0,}programs{0,1}( and | |)){1,}/) { spam("s02381",(int ((0.8 * length($&) / 16) * 100)) / 100,$&); } if (/solicit(ing|) (for |)your (sympathy|help|aid|assistance|co.{0,1}o{0,1}peration)/) { spam("s02377",0.6,$&); } if (/furnish (me|you|us) with (y{0,1}our|the(se|)) (following |)particulars/) { spam("s02826",1.2,$&); } if (/you will (be entitled |receive )(up |to ){0,1}$fuzzy_numbers\%{0,1} of every (payment |amount )/) { spam("s02827",0.8,$&); } if (/ravag(e|ing)[sd]{0,} (my|our|this) country/) { spam("s02376",1.8,$&); } if (/private bank(ing|) (agency|division)/) { spam("s02849",0.8,$&); } if (/considerable value/) { spam("s02850",0.2,$&); } if (/i( am|m| was).{0,30}(government|bank) of{1,}icial/) { spam("s02375",0.8,$&); } if (/banque [a-z]{1,}a[lise]{1,}/) { spam("s02374",0.8,$&); } if (/(high|strict)ly confidential|confidential (telephone|contact|ad{1,}ress)/) { spam("s02372",0.4,$&); } if (/strict(est|) confid[ea]nce/) { spam("s02373",0.4,$&); } if (/seek(ing|s|) (for |)(your |)permis{1,}ion/) { spam("s02371",0.6,$&); } if (/commercial (.{0,2}mail|ad|message)/) { spam("s02367",0.4,$&); } if (/includ(es|ing) an unsubscribe method/) { spam("s02368",0.4,$&); } if (/as mandated by law/) { spam("s02369",0.4,$&); } if (/includ(es|ing) the senders info/) { spam("s02370",0.4,$&); } if (/get exposure/) { spam("s02365",0.4,$&); } if (/ rub it on/) { spam("s02362",0.4,$&); } if (/($fuzzy_numbers) {0,1}(\%|per.{0,1}cent) of your (house|home)s{0,1} (value|price)/) { spam("s02359",0.8,$&); } if (/bor{1,}ow ($fuzzy_numbers {0,1}){1,}(%|per.{0,1}cent)/) { spam("s02360",0.8,$&); } if (/(i|he|she) (ha(ve|s)) ($fuzzy_numbers ){1,}($fuzzy_timeframe ){1,}to live/) { spam("s02350",1.0,$&); } if (/(this|my) (letter|e{0,1}.{0,1}mail|message) (may|must) come (to you |as a (big |great |enormous|tremendous |)(surprise|shock)){2}/) { spam("s02351",0.8,$&); } if (/merchant/) { spam("s02352",0.2,$&); } if (/dubai/) { spam("s02353",0.2,$&); } if (/the uae/) { spam("s02354",0.4,$&); } if (/my ((propert(ie|y)|asset|mone(y|ie)|wealth|immediate|extended|famil(y|ie))s{0,1} |and |to |my ){3,}/) { spam("s02355",(int ((0.4 * length($&) / 15) * 100)) / 100,$&); } if (/your computer had been compromised/) { spam("s02347",0.8,$&); } if (/hid{1,}en proxy server/) { spam("s02348",0.8,$&); } if (/discount.{0,1}store|store.{0,1}discount/) { spam("s02341",0.8,$&); } if (/discount.{0,1}(web.{0,1}|)site/) { spam("s02342",0.8,$&); } if (/believe it or not/) { spam("s02343",0.2,$&); } if (/commission.{0,1}statement/) { spam("s02335",0.8,$&); } if (/(please.{0,1}|)(your.{0,1}|)s.{0,1}i.{0,1}g.{0,1}n.{0,1}i.{0,1}f.{0,1}i.{0,1}c.{0,1}a.{0,1}n.{0,1}t.{0,1}other/) { spam("s02333",(int ((0.4 * length($&) / 12) * 100)) / 100,$&); } if (/i{0,1}.{0,1}[np].{0,1}[rt].{0,1}i.{0,1}[mv].{0,1}a.{0,1}t.{0,1}e (night|moment|part|thought|desire)s{0,1}/) { spam("s02334",0.4,$&); } if (/pher[oeai]mones{0,1}/) { spam("s02331",0.8,$&); } if (/power of smell/) { spam("s02332",0.6,$&); } if (/((draw|attract)(n|ed|) |(the |)(women|ladies|girls|chicks) |to you( |$)|are |will be |scent ){3,}/) { spam("s02330",1.2,$&); } if (/vidz/) { spam("s02328",0.6,$&); } if (/c.{0,1}u.{0,1}t.{0,1}e.{0,1}vidz/) { spam("s02329",3.4,$&); } if (/((original |trial |(in|)complete |academic |product |copy )(not |a |or ){0,1}){3,}/) { spam("s02326",(int ((0.4 * length($&) / 10) * 100)) / 100,$&); } if (/(best |finest |top |world(.{0,1}clas|)s |highest |quality |computer |pc |(program|component|dis[kc])s{0,1} ){3,}/) { spam("s02325",(int ((0.4 * length($&) / 12) * 100)) / 100,$&); } if (/(^| )[kc]um(m{0,1}ing)s{0,1}( |$|\!)/) { spam("s02325",0.4,$&); } if (/she( wi|)ll love you/) { spam("s02324",0.8,$&); } if (/slide (it |on |put |it ){0,}in/) { spam("s02323",0.8,$&); } if (/(watch|see) her squirm/) { spam("s02322",2.4,$&); } if (/(internal |server ){1,}er{1,}or/) { spam("s02321",0.4,$&); } if (/((big |)sav(e|ing)s{0,1} (on |)|all |your |health ){1,}((med(ication|)|pill|prescription)[sz]{0,1}.{0,1}){1,}/) { spam("s02320",(int ((0.8 * length($&) / 12) * 100)) / 100,$&); } if (/(make |)love (to |her ){0,}all night( long|)/) { spam("s02319",0.6,$&); } if (/(please|give) (your |the |)(wom[ae]n|lad(y|ie)|girl|chick)s{0,1}( what (they(re|) |their |shes{0,1} |is |are ){1,}(looking for|after|want)|)/) { spam("s02317",0.4,$&); } if (/(viagra |cialis |levitra |and ){0,}(soft|love).{0,1}tabs{0,1}/) { spam("s02318",(int ((0.8 * length($&) / 10) * 100)) / 100,$&); } if (/your prescription/) { spam("s02314",0.4,$&); } if (/(fill|locate|buy|get) your (prescription|dose)/) { spam("s02315",0.6,$&); } if (/((prescription|tablet|pill)s{0,1}.{0,30}){2,}/) { spam("s02316",0.4,$&); } if (/you name it (we|they) have (it|them{0,1})/) { spam("s02313",1.0,$&); } if (/you could possibly (need|want)/) { spam("s02312",0.6,$&); } if (/no(one|body|thing|where) (can|will) beat (the(se|)|this|our) prices{0,1}/) { spam("s02311",1.2,$&); } if (/we have the (drug|med(ication|))s you(( a|)re looking for|need|want)/) { spam("s02310",1.8,$&); } if (/l[ou]ve{0,1}.{0,1}potion/) { spam("s02309",0.8,$&); } if (/f.{0,1}d.{0,1}a.{0,1}.{0,1}a.{0,1}p.{0,1}p.{0,1}r.{0,1}o.{0,1}v.{0,1}e.{0,1}d/) { spam("s02307",0.8,"FDA approved"); if (length($&) > 12) { spam("s02308",1.2,$&); } } if (/i (need|want) a (real |)man/) { spam("s02306",0.8,$&); } if (/(lo(w|vv|v)|high)(er|est|).{0,1}(price|cost)s{0,1} (for |of |quality |high |great |super|fantastic ){0,}software/) { spam("s02301",(int ((0.8 * length($&) / 12) * 100)) / 100,$&); } if (/eat(ing|) into your wallet/) { spam("s02302",1.0,$&); } if (/(we (have |of{1,}er )|our )(great[^p]{0,1}|lo(w|vv|v)[^p]{0,1}){1,}prices{0,1}/) { spam("s02303",0.8,$&); } if (/(we(ve|) |have |can |supply |g[oe]t |you |with |our ){0,}(quality |$fuzzy_numbers ){1,}softwares{0,1}( titles{0,1}| at| a| great(est|)| low(est|)| prices{0,1}){0,}/) { spam("s02304",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(remove|eliminate) (wrinkles|fine lines)/) { spam("s02299",0.6,$&); } if (/(reduce|eliminate) stress/) { spam("s02300",0.2,$&); } if (/you((ha|)ve|) (ever |always |)want(s|ed|)/) { $tmp = $&; if ($tmp !~ /you want/) { spam("s02297",0.4,$tmp); } } if (/ c[h]ao /) { spam("s02294",0.4,$&); } if (/ xin /) { spam("s02295",0.4,$&); } if (/ quang /) { spam("s02296",0.6,$&); } if (/(hello|dear) (microsoft |)windows( xp| professional){0,} user/) { spam("s02293",2.6,$&); } if (/follow th(e|is) (url|[li]ink) (by |)click(ing|)/) { spam("s02292",0.6,$&); } if (/(see|look) for yourself/) { spam("s02291",0.4,$&); } if (/para mayor informaci/) { spam("s02289",0.8,$&); } if (/(^| )sin costo/) { spam("s02288",0.8,$&); } if (/mejores/) { spam("s02287",0.4,$&); } if (/(^| )cursos( |$)/) { spam("s02286",0.4,$&); } if (/(seek|look|want|wish)(ing|) to cheat/) { spam("s02285",0.8,$&); } if (/pill[sz]{0,1}.{0,1}on.{0,1}line/) { spam("s02282",1.0,$&); } if (/ofrecidos/) { spam("s02280",0.4,$&); } if (/efectivas/) { spam("s02281",0.4,$&); } if (/confirm your (information|details)/) { spam("s02279",0.6,$&); } if (/(my.{0,30}){0,1}husband.{0,30}(work(ing|)s{0,1} (all |)(ni(gh|)t(e|)|day)s{0,1}|night.{0,1}shift|out of [town]{4,}|cheat(s|ing) on me)/) { spam("s02278",1.2,$&); } if (/(soft|love) tabs/) { spam("s02277",0.8,$&); } if (/(like to |find (a |)|cheap |location |now |near your{0,1} ){3,}/) { spam("s02275",(int ((0.5 * length($&) / 15) * 100)) / 100,$&); } if (/rub of{1,} http\/\/[^ ]{1,}/) { spam("s02276",2.2,$&); } if (/charset=shift jis/) { spam("s02274",0.8,"Japanese charset"); } if (/cordial assistance/) { spam("s02271",3.0,$&); } if (/(re |uniting |my ){0,}scattered family/) { spam("s02272",0.8,$&); }