# raise or lower as needed
-required_score 5.0
+required_score 3.0
# do not mess with the original message body, only notify in headers
clear_report_template
# dns_available no
# skip_rbl_checks 1
# skip_uribl_checks 1
+
+# manual rules (some stolen from debian)
+# these require "allow_user_rules 1" in the system-wide config
+
+rawbody LOCAL_VIEWINBROWSER /View this message in a browser/
+describe LOCAL_VIEWINBROWSER "HTML mail not welcome"
+score LOCAL_VIEWINBROWSER 2.8
+
+body MEETUPSECURELY /meetupsecurely\.com/i
+describe MEETUPSECURELY "site used by spammers"
+score MEETUPSECURELY 2.8
+
+body HELLOMYDEAR /hello my dear/i
+describe HELLOMYDEAR "spam phrase"
+score HELLOMYDEAR 2.8
+
+body JUSTAMAILBOX /I'm just a mailbox used for sending notifications/
+describe JUSTAMAILBOX "autoreply phrase"
+score JUSTAMAILBOX 5.0
+
+# no delivery
+header PI_DNOT subject =~ /delivery\s+(?:status\s+)?notification/i
+describe PI_DNOT "delivery notification"
+score PI_DNOT 3
+
+# notice to appear
+header PI_DNOTICE subject =~ /notice to appear/i
+describe PI_DNOTICE "notice to appear"
+score PI_DNOTICE 3
+
+full ZIPFILE /\b(?:file)?name\=.*\.zip\b/i
+describe ZIPFILE zipfile attachment
+score ZIPFILE 0.5
+
+score BAYES_999 3
+score BAYES_05 -1.5
+score BAYES_00 -15
+
+# trust paid whitelist services? never
+score RCVD_IN_RP_SAFE 0.0
+score RCVD_IN_RP_CERTIFIED 0.0