HEX
Server: LiteSpeed
System: Linux atali.colombiahosting.com.co 5.14.0-570.12.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Tue May 13 06:11:55 EDT 2025 x86_64
User: coopserp (1713)
PHP: 8.2.29
Disabled: dl,exec,passthru,proc_open,proc_close,shell_exec,memory_limit,system,popen,curl_multi_exec,show_source,symlink,link,leak,listen,diskfreespace,tmpfile,ignore_user_abord,highlight_file,source,show_source,fpaththru,virtual,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix,posix_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setid,posix_times,posix_ttyname,posix_uname,proc_get_status,proc_nice,proc_terminate
$ pwd: /proc/thread-self/root/etc/mail/spamassassin/
Upload Files
File: //proc/thread-self/root/etc/mail/spamassassin/zcolhostrecepcion.cf
loadplugin CH_FromSpoof plugins/CH_FromSpoof.pm

loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro
  ifplugin Mail::SpamAssassin::Plugin::OLEVBMacro
    body     OLEMACRO eval:check_olemacro()
    describe OLEMACRO Attachment has an Office Macro

    body     OLEMACRO_MALICE eval:check_olemacro_malice()
    describe OLEMACRO_MALICE Potentially malicious Office Macro

    body     OLEMACRO_ENCRYPTED eval:check_olemacro_encrypted()
    describe OLEMACRO_ENCRYPTED Has an Office doc that is encrypted

    body     OLEMACRO_RENAME eval:check_olemacro_renamed()
    describe OLEMACRO_RENAME Has an Office doc that has been renamed

    body     OLEMACRO_ZIP_PW eval:check_olemacro_zip_password()
    describe OLEMACRO_ZIP_PW Has an Office doc that is password protected in a zip

    body     OLEMACRO_CSV eval:check_olemacro_csv()
    describe OLEMACRO_CSV Malicious csv file that tries to exec cmd.exe detected

    body     OLEMACRO_DOWNLOAD_EXE eval:check_olemacro_download_exe()
    describe OLEMACRO_DOWNLOAD_EXE Malicious code inside the Office doc that tries to download a .exe file detected
  endif



meta     CH__MACCLIENT (__CH__MACCLIENT_AGENT)
score    CH__MACCLIENT -10.0
describe CH__MACCLIENT Add good points to outlook mac clients

body   __CH_BITCOINMAST1 /\bbitcoin\b/
body   __CH_BITCOINMAST2 /\bsatisfaces\b/
meta     CH_BITCOINMAST (__CH_BITCOINMAST1 && __CH_BITCOINMAST2)
score    CH_BITCOINMAST 9.0
describe CH_BITCOINMAST Block Mails with bitcoin and mast

body   __CH_BITCOINMASTE1 /\bbitcoin\b/
body   __CH_BITCOINMASTE2 /\bmasturbation\b/
meta     CH_BITCOINMASTE (__CH_BITCOINMASTE1 && __CH_BITCOINMASTE2)
score    CH_BITCOINMASTE 9.0
describe CH_BITCOINMASTE Block Mails with bitcoin and mast english


body   __CH_PRUEBASPAM4 /\bspam4\b/
meta     CH_PRUEBASPAM4 (__CH_PRUEBASPAM4)
score    CH_PRUEBASPAM4 4.0
describe CH_PRUEBASPAM4 Regla para spam con 4 puntos

body   __CH_PRUEBASPAM5 /\bspam5\b/
meta     CH_PRUEBASPAM5 (__CH_PRUEBASPAM5)
score    CH_PRUEBASPAM5 5.0
describe CH_PRUEBASPAM5 Regla para spam con 5 puntos

body   __CH_PRUEBASPAM55 /\bspamz\b/
meta     CH_PRUEBASPAM55 (__CH_PRUEBASPAM5)
score    CH_PRUEBASPAM55 5.5
describe CH_PRUEBASPAM55 Regla para spam con 5.5 puntos

body   __CH_PRUEBASPAM7 /\bspam7\b/
meta     CH_PRUEBASPAM7 (__CH_PRUEBASPAM7)
score    CH_PRUEBASPAM7 7.0
describe CH_PRUEBASPAM7 Regla para spam con 7 puntos

body   __CH_PRUEBASPAM12 /\bspam12\b/
meta     CH_PRUEBASPAM12 (__CH_PRUEBASPAM12)
score    CH_PRUEBASPAM12 12.0
describe CH_PRUEBASPAM12 Regla para spam con 12 puntos

## LeoSaavedra: Gran cantidad de SPAM viene de dominios .ICU .XYZ .LIFE .CAM
header LOCAL_FROM_TLD From =~ /@[a-z0-9-.]+.(xyz|icu|life|cam|bar)/i
describe LOCAL_FROM_TLD extension de dominio del FROM en lista negra
score LOCAL_FROM_TLD 4.5

score __DKIM_DEPENDABLE 0
score __DKIM_EXISTS 0
score __HAS_DKIM_SIGHD 0
score __RESIGNER1 0
score __RESIGNER2 0
score AC_SPAMMY_URI_PATTERNS1 4.5
score AC_SPAMMY_URI_PATTERNS10 4.5
score AC_SPAMMY_URI_PATTERNS11 4.5
score AC_SPAMMY_URI_PATTERNS12 4.5
score AC_SPAMMY_URI_PATTERNS2 4.5
score AC_SPAMMY_URI_PATTERNS3 4.5
score AC_SPAMMY_URI_PATTERNS4 4.5
score AC_SPAMMY_URI_PATTERNS8 4.5
score AC_SPAMMY_URI_PATTERNS9 4.5
score APP_DEVELOPMENT_NORDNS 4.5
score BODY_URI_ONLY 4.5
score BUG6152_INVALID_DATE_TZ_ABSURD 4.5
score CURR_PRICE 4.5
score DATE_IN_FUTURE_03_06 4.5
score DATE_IN_FUTURE_06_12 4.5
score DATE_IN_FUTURE_12_24 4.5
score DATE_IN_FUTURE_24_48 4.5
score DATE_IN_FUTURE_48_96 4.5
score DATE_IN_FUTURE_96_Q 4.5
score DATE_IN_FUTURE_96_XX 4.5
score DATE_SPAMWARE_Y2K 4.5
score DC_GIF_UNO_LARGO 0.4
score DC_IMAGE_SPAM_HTML 4.5
score DC_IMAGE_SPAM_TEXT 4.5
score DCC_CHECK 0.7
score DKIM_ADSP_ALL 0
score DKIM_ADSP_CUSTOM_HIGH 0
score DKIM_ADSP_CUSTOM_LOW 0
score DKIM_ADSP_CUSTOM_MED 0
score DKIM_ADSP_DISCARD 0
score DKIM_ADSP_NXDOMAIN 5
score DKIM_SIGNED 0
score DKIM_VALID -0.5
score DKIM_VALID_AU -0.5
score DKIMWL_BL 4.5
score DOS_ANAL_SPAM_MAILER 4.5
score DOS_FIX_MY_URI 4.5
score DOS_URI_ASTERISK 4.5
score DOS_YOUR_PLACE 4.5
score DRUG_DOSAGE 4.5
score DRUG_ED_CAPS 4.5
score DRUG_ED_GENERIC 4.5
score DRUG_ED_ONLINE 4.5
score DRUG_ED_SILD 4.5
score DRUGS_ANXIETY 4.5
score DRUGS_ANXIETY_EREC 4.5
score DRUGS_ANXIETY_OBFU 4.5
score DRUGS_DIET 4.5
score DRUGS_DIET_OBFU 4.5
score DRUGS_ERECTILE 4.5
score DRUGS_ERECTILE_OBFU 4.5
score DRUGS_HDIA 4.5
score DRUGS_MANYKINDS 4.5
score DRUGS_MUSCLE 4.5
score DRUGS_SLEEP_EREC 4.5
score DRUGS_SMEAR1 4.5
score DRUGS_STOCK_MIMEOLE 4.5
score DYN_RDNS_AND_INLINE_IMAGE 4.5
score DYN_RDNS_SHORT_HELO_HTML 4.5
score DYN_RDNS_SHORT_HELO_IMAGE 4.5
score FAKE_OUTBLAZE_RCVD 4.5
score FROM_BLANK_NAME 4.5
score FROM_SUSPICIOUS_NTLD 1
score FROM_SUSPICIOUS_NTLD_FP 2.5
score FROMNAME_SPOOF_EQUALS_TO 6
score FROMSPACE 1.5
score FSL_BULK_SIG 0
score FUZZY_AFFORDABLE 4.5
score FUZZY_AMBIEN 0.3
score FUZZY_CPILL 4.5
score FUZZY_CREDIT 0.3
score FUZZY_OBLIGATION 4.5
score FUZZY_VPILL 4.5
score FUZZY_XPILL 4.5
score HDR_ORDER_FTSDMCXX_NORDNS 4.5
score HEADER_HOST_IN_BLACKLIST 4.5
score HEADER_SPAM 4.5
score HIGH_CODEPAGE_URI 4.5
score HK_NAME_DRUGS 4.5
score HTML_COMMENT_SAVED_URL 4.5
score HTML_IMAGE_ONLY_08 0
score HTML_IMAGE_ONLY_24 0
score INVALID_DATE_TZ_ABSURD 4.5
score INVALID_MSGID 10
score KAM_GENERICHEALTH 3
score L_SPAM_TOOL_13 4.5
score LONG_HEX_URI 1
score LONG_IMG_URI 1
score LOTS_OF_MONEY 0.5
score MICROSOFT_EXECUTABLE 4.5
score MIME_BASE64_BLANKS 4.5
score MISSING_HEADERS 1
score MISSING_MIMEOLE 0.3
score MPART_ALT_DIFF 0
score MPART_ALT_DIFF_COUNT 0.5
score MSGID_SPAM_CAPS 4.5
score MSGID_SPAM_LETTERS 4.5
score NO_DNS_FOR_FROM 4.5
score NO_RDNS_DOTCOM_HELO 4.5
score OBSCURED_EMAIL 4.5
score OLEMACRO 2
score OLEMACRO_ENCRYPTED 3
score OLEMACRO_MALICE 5
score OLEMACRO_RENAME 4
score OLEMACRO_ZIP_PW 4
score PRICES_ARE_AFFORDABLE 4.5
score PYZOR_CHECK 0.7
score RATWARE_NO_RDNS 4.5
score RAZOR2_CF_RANGE_51_100 0.9
score RAZOR2_CHECK 0.5
score RCVD_DOUBLE_IP_LOOSE 4.5
score RCVD_DOUBLE_IP_SPAM 4.5
score RCVD_IN_BL_SPAMCOP_NET 4.5
score RCVD_IN_DNSWL_BLOCKED 0
score RCVD_IN_DNSWL_HI 4.5
score RCVD_IN_DNSWL_LOW 4.5
score RCVD_IN_DNSWL_MED 4.5
score RCVD_IN_DNSWL_NONE 1
score RCVD_IN_IADB_RDNS 4.5
score RCVD_IN_MAPS_RBL 4.5
score RCVD_IN_MSPIKE_BL 4.5
score RCVD_IN_PBL 4.5
score RCVD_IN_PSBL 4.5
score RCVD_IN_RP_RNBL 4.5
score RCVD_IN_SBL 4.5
score RCVD_IN_SBL_CSS 4.5
score RCVD_IN_SORBS_BLOCK 4.5
score RCVD_IN_XBL 4.5
score RDNS_DYNAMIC 4.5
score RDNS_LOCALHOST 4.5
score RDNS_NONE 4.5
score RDNS_NUM_TLD_ATCHNX 4.5
score RDNS_NUM_TLD_XM 4.5
score REFINANCE_YOUR_HOME 4.5
score SB_GIF_AND_NO_URIS 0.5
score SERGIO_SUBJECT_VIAGRA01 4.5
score SHORTENED_URL_SRC 0
score SPAMMY_XMAILER 4.5
score SPF_FAIL 8
score SPF_HELO_FAIL 0
score SPF_HELO_NEUTRAL 0
score SPF_HELO_NONE 0
score SPF_HELO_PASS 0
score SPF_HELO_SOFTFAIL 0
score SPF_NEUTRAL 3
score SPF_NONE 3
score SPF_PASS 0
score SPF_SOFTFAIL 4
score SUBJ_ALL_CAPS 0
score SUBJ_YOUR_FAMILY 4.5
score SUBJECT_DRUG_GAP_C 4.5
score SUBJECT_DRUG_GAP_L 4.5
score SUBJECT_DRUG_GAP_S 4.5
score SUBJECT_DRUG_GAP_VA 4.5
score SUBJECT_DRUG_GAP_X 4.5
score SUBJECT_FUZZY_VPILL 4.5
score SUBJECT_IN_BLACKLIST 4.5
score SURBL_BLOCKED 4.5
score T_DKIM_INVALID 2
score TO_NAME_SUBJ_NO_RDNS 4.5
score TO_NO_BRKTS_HTML_IMG 0
score TO_NO_BRKTS_NORDNS_HTML 0
score TT_OBSCURED_VALIUM 4.5
score TT_OBSCURED_VIAGRA 4.5
score TVD_SILLY_URI_OBFU 4.5
score UNPARSEABLE_RELAY 0
score URG_BIZ 4.5
score URI_DATA 0
score URI_DQ_UNSUB 4.5
score URI_GOOGLE_PROXY 4.5
score URI_HEX 1
score URI_HOST_IN_BLACKLIST 4.5
score URI_HOST_IN_WHITELIST 4.5
score URI_NO_WWW_BIZ_CGI 4.5
score URI_NO_WWW_INFO_CGI 4.5
score URI_NOVOWEL 4.5
score URI_ONLY_MSGID_MALF 4.5
score URI_OPTOUT_3LD 4.5
score URI_PHISH 4.5
score URI_TRUNCATED 4.5
score URI_TRY_3LD 4.5
score URI_UNSUBSCRIBE 4.5
score URI_WP_DIRINDEX 4.5
score URI_WP_HACKED 4.5
score URI_WP_HACKED_2 4.5
score URI_WPADMIN 4.5
score URIBL_ABUSE_SURBL 4.5
score URIBL_BLACK 0
score URIBL_BLOCKED 0
score URIBL_CR_SURBL 4.5
score URIBL_DBL_ABUSE_BOTCC 4.5
score URIBL_DBL_ABUSE_MALW 4.5
score URIBL_DBL_ABUSE_PHISH 4.5
score URIBL_DBL_ABUSE_REDIR 4.5
score URIBL_DBL_ABUSE_SPAM 4.5
score URIBL_DBL_BOTNETCC 4.5
score URIBL_DBL_ERROR 4.5
score URIBL_DBL_MALWARE 4.5
score URIBL_DBL_PHISH 4.5
score URIBL_DBL_SPAM 4.5
score URIBL_GREY 0
score URIBL_MW_SURBL 4.5
score URIBL_PH_SURBL 4.5
score URIBL_RED 4.5
score URIBL_RHS_DOB 4.5
score URIBL_SBL 4.5
score URIBL_SBL_A 4.5
score URIBL_WS_SURBL 4.5
score US_DOLLARS_3 0
score USER_IN_ALL_SPAM_TO 4.5
score USER_IN_DEF_DKIM_WL 0
score USER_IN_DEF_SPF_WL 0
score USER_IN_DKIM_WHITELIST 0
score USER_IN_MORE_SPAM_TO 4.5
score USER_IN_SPF_WHITELIST 0
@ Telegram