body SJIS_C /(([\x81-\x9f\xe0-\xfc][\x40-\x7e\x80-\xfc])(?!([\xc0-\xdf][\x80-\xbf]|[\xe0-\xef][\x80-\xbf][\x80-\xbf]|[\xa1-\xfe][\xa1-\xfe]))){7,}/
describe SJIS_C SHIFT_JIS message body
score SJIS_C 2.0

header ___XAPPARENTLYFROM X-Apparently-From =~ /^<.+\@yahoo\.co\.jp>$/
header ___YAHOOJPRCVD1 X-Spam-Relays-Untrusted =~ / by=\w+\.mail.*\.yahoo\.co\.jp /
header ___YAHOOJPRCVD3 Received =~ /from .+ by web.+\.mail\..*yahoo\.co\.jp via HTTP/
header ___YAHOOJPFROM From =~ /.+\@yahoo\.co\.jp/

meta VALIDYAHOOJP ((___XAPPARENTLYFROM && ___YAHOOJPRCVD1) || ___YAHOOJPRCVD3) && ___YAHOOJPFROM
describe VALIDYAHOOJP This mail is valid yahoo.co.jp mail.
score VALIDYAHOOJP -0.1

meta INVALIDYAHOOJP ___YAHOOJPFROM && ! ((___XAPPARENTLYFROM && ___YAHOOJPRCVD1 ) || ___YAHOOJPRCVD3)
describe INVALIDYAHOOJP From: is ...@yahoo.co.jp but this mail didn't come from yahoo.co.jp
score INVALIDYAHOOJP 1.0

body FUJITAYUZAN /F\#EDM\:\;3/
describe FUJITAYUZAN FUJITAYUZAN
score FUJITAYUZAN 0.5

body HIROSHIMAKENCHIJI /9\-Eg8\)CN\;v/
describe HIROSHIMAKENCHIJI HIROSHIMAKENCHIJI
score HIROSHIMAKENCHIJI 0.5

body NOMOTODENO /\$N85\$G\$N/
describe NOMOTODENO NOMOTODENO
score NOMOTODENO 0.1

body OSOROSHIIHANASHI /62\$m\$7\$\$OC/
describe OSOROSHIIHANASHI OSOROSHIIHANASHI
score OSOROSHIIHANASHI 0.1

body GYOUSEISOSHO /9T\@\/AJ\>Y/
describe GYOUSEISOSHO GYOUSEISOSHO
score GYOUSEISOSHO 0.1

body SOKURYOSHI /B\,NL\;N/
describe SOKURYOSHI SOKURYOSHI
score SOKURYOSHI 0.1

meta FUJITACHIJI FUJITAYUZAN && HIROSHIMAKENCHIJI
describe FUJITACHIJI FUJITAYUZAN && HIROSHIMAKENCHIJI
score FUJITACHIJI 1.0
meta CHIJINOMOTO HIROSHIMAKENCHIJI && NOMOTODENO
describe CHIJINOMOTO HIROSHIMAKENCHIJI && NOMOTODENO
score CHIJINOMOTO 1.0
meta MOTODEOSORO NOMOTODENO && OSOROSHIIHANASHI
describe MOTODEOSORO NOMOTODENO && OSOROSHIIHANASHI
score MOTODEOSORO 1.0
meta OSOROGYOUSEI OSOROSHIIHANASHI && GYOUSEISOSHO
describe OSOROGYOUSEI OSOROSHIIHANASHI && GYOUSEISOSHO
score OSOROGYOUSEI 1.0

meta FUJITASPAM1 FUJITACHIJI && CHIJINOMOTO && MOTODEOSORO
describe FUJITASPAM1 FUJITACHIJI && CHIJINOMOTO && MOTODEOSORO
score FUJITASPAM1 3.0
meta FUJITASPAM2 FUJITACHIJI && MOTODEOSORO && OSOROGYOUSEI
describe FUJITASPAM2 FUJITACHIJI && MOTODEOSORO && OSOROGYOUSEI
score FUJITASPAM2 3.0

body THANKS_GOD_BLESS  /^THANKS.+GOD.+BLESS/i
describe THANKS_GOD_BLESS  Thanks, GOD BLESS YOU
score THANKS_GOD_BLESS  2.0

meta RISK_THANKS RISK_FREE && THANKS_GOD_BLESS
score RISK_THANKS 3.5

body CONGRATULATIONS /(!+ )*CONGRATULATIONS{0,1}(!| !+)/i
describe CONGRATULATIONS !!!!! CONGRATULATIONS !!!!!
score CONGRATULATIONS 3.0

body LOTTERY /LOTTERY/i
describe LOTTERY talking about LOTTERY
score LOTTERY 0.1

meta CONGLAT_LOTTERY CONGRATULATIONS && LOTTERY
describe CONGLAT_LOTTERY CONGRATULATIONS && LOTTERY
score CONGLAT_LOTTERY 3.5

header ___JPSCAMPORNQSV1 X-Spam-Relays-Untrusted =~ /( rdns=(mail\.[\w-]+\.(com|net)) helo=\2 | ip=(\d+\.\d+\.\d+\.\d+) rdns=\4 helo=mail\.[\w-]+\.(com|net) | rdns= helo=mail\.[\w-]+\.(com|net) )/
header ___JPSCAMPORNQSV2 Return-Path =~ /info\@(mail\.){0,1}[\w-]+\.(com|net)/
header ___JPSCAMPORNQSV3 MESSAGEID =~ /^<2\d+\.\d+\.qmail\@mail\.[\w-]+\.(com|net)/

meta JPSCAMPORNQSV ___JPSCAMPORNQSV1 && ___JPSCAMPORNQSV2 && ___JPSCAMPORNQSV3
describe JPSCAMPORNQSV From info@mail.tekitou.com
score JPSCAMPORNQSV 2.5

header DIRECTYOURNET X-Spam-Relays-Untrusted =~ /(ip=((43\.244|220\.(150|215))(\.\d{1,3}){2}|(61\.203\.1(6\d|7[0-5])|61\.44\.(\d|[1-9]\d|1[01]\d|12[0-7])|61\.12\.(12[89]|1[3-9]\d|2[0-4]\d|25[0-5])|210\.143\.1(4[4-9]|5\d)|219\.112\.(\d|[1-9]\d|1[01]\d|12[0-7])|221\.113\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7]))\.\d{1,3})|rdns=.+(fbb\.ReSET\.JP|ap\.yournet\.ne\.jp)) .+ by=(mail\.flcl\.org|[a-z0-9]+\.nifty\.((ne|co|ad)\.jp|com)|(alt|dns|mta|ybbmta)[0-9][0-9]\.mail\.((bbt|mci|tnz)\.){0,1}yahoo\.co\.jp|fm[1-6]\.freemail\.ne\.jp) ident= envfrom= intl=0 .+auth= /

replace_start <
replace_end   >
replace_tag   MYMTA (mail\.flcl\.org|[a-z0-9]+\.nifty\.((ne|co|ad)\.jp|com)|(alt|dns|mta|ybbmta)\d\d\.mail\.((bbt|mci|tnz)\.){0,1}yahoo\.co\.jp|fm[1-6]\.freemail\.ne\.jp)
header DIRECTYOURNET X-Spam-Relays-Untrusted =~ /(ip=((43\.244|220\.(150|215))(\.\d{1,3}){2}|(61\.203\.1(6\d|7[0-5])|61\.44\.(\d|[1-9]\d|1[01]\d|12[0-7])|61\.12\.(12[89]|1[3-9]\d|2[0-4]\d|25[0-5])|210\.143\.1(4[4-9]|5\d)|219\.112\.(\d|[1-9]\d|1[01]\d|12[0-7])|221\.113\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7]))\.\d{1,3})|rdns=.+(fbb\.ReSET\.JP|ap\.yournet\.ne\.jp)) .+ by=<MYMTA> ident= envfrom= intl=0 .+auth= /
replace_rules DIRECTYOURNET DIRECTINTERSPIN DIRECTDION DIRECTODN DIRECTINFOSPHERE DIRECTSONETDYN DIRECTOCNDYN DIRECTVECTANTDYN DIRECTHI_HO DIRECTUSENBROAD DIRECTBBTEC DIRECTINFOWEB DIRECTDTI DIRECTBIGLOBE DIRECTALPHANET DIRECTUNETSURF DIRECTEDITNET DIRECTDSNETWORKS DIRECTGERAGERA DIRECTVOICETOWN DIRECTSAKURAWEB DIRECTHYPERBOX DIRECTGMOACCESS DIRECTIIJ4U DIRECTASAHINET DIRECTVIPLT DIRECTSST_BB DIRECTTCOMADSL DIRECTXEXONNET DIRECTBBEXCITE DIRECTITSCOM DIRECTSAINET_NET DIRECTDORPHIN DIRECTWILLCOM DIRECTINTERLINK DIRECTLINKCLUB DIRECTPLALA DIRECTUNKNOWN 

$ f=~/spam/spam/36643;spamassassin -d $f|spamassassin -t -D 2>&1|lv;unset f

trusted_networks 127.0.0.1/8 192.168.0.1/16 10.0.0.1/8 172.16.0.1/12 210.150.184.16/29 202.93.83.109 202.93.83.110/31 202.93.83.112 202.93.85.135 202.93.85.136/31 202.93.85.138 219.100.31.229 202.248.238.70 64.233.162.192/28 61.215.208.41 210.157.158.35 210.157.158.37 210.171.226.47 211.10.155.25

meta ___HTMLIMG HTML_IMAGE_ONLY_04 || HTML_IMAGE_ONLY_08 || HTML_IMAGE_ONLY_12 || HTML_IMAGE_ONLY_16 || HTML_IMAGE_ONLY_20 || HTML_IMAGE_ONLY_24 || HTML_IMAGE_ONLY_28 || HTML_IMAGE_ONLY_32 || HTML_IMAGE_RATIO_02

meta PASTIMG DATE_IN_PAST_06_12 && ___HTMLIMG && BAYES_99
score PASTIMG 5.0

meta HTMLIMG_FRGDHELO (FORGED_RCVD_HELO || RCVD_NUMERIC_HELO || RCVD_NUMERIC_HELO2)&& ___HTMLIMG && BAYES_99
describe HTMLIMG_FRGDHELO FORGED_RCVD_HELO && HTML_IMAGE_ONLY_??
score HTMLIMG_FRGDHELO 5.5

rawbody ___OBFUSCATING_FLOAT0 /<span style=\"border: 0px\; float/
rawbody ___OBFUSCATING_FLOAT1 /^: right\"> \w <\/span>/
meta OBFUSCATING_FLOAT ___OBFUSCATING_FLOAT0 && ___OBFUSCATING_FLOAT1 
describe OBFUSCATING_FLOAT <span style="border: 0px; float: right"> d </span>
score OBFUSCATING_FLOAT 1.5

rawbody FLOATGEOCITIES /^<A href=\"http:\/\/geocities\.com\/\w+\/\">\w+<span style=\"border: 0px\; float/
describe FLOATGEOCITIES <A href="http://geocities.com/GabicRectohoate/">V<span style="border: 0px; float
score FLOATGEOCITIES 2.0

rawbody FLOAT_A_HREF /^<A href=\"http:\/\/(www\.){0,1}\w+\.(com|net)">\w+<span style=\"border: 0px\; float/
describe FLOAT_A_HREF <A href="http://www.h75h.net">Vi<span style="border: 0px; float
score FLOAT_A_HREF 2.0

meta MULTIFLOAT99 MULTIPART_ALTERNATIVE && OBFUSCATING_FLOAT && BAYES_99
score MULTIFLOAT99 3.5

meta OBFUSGEOFLOAT OBFUSCATING_FLOAT && (FLOATGEOCITIES || FLOAT_A_HREF)
score OBFUSGEOFLOAT 3.5