ifplugin Mail::SpamAssassin::Plugin::WLBLEval
if (version >= 3.004000)
enlist_uri_host (BHSD) wixsite.com
enlist_uri_host (BHSD) crazydomains.com
header	__BARUWA_WTC_SPOOF1	From =~ /((WTC\s+?(Support|Webmail|POP-IMAP)?)|No_Reply \!)/i
header	__BARUWA_WTC_SPOOF2	Subject =~ /(Hold.On.E-Mails|Secure.Your.WTC.Email|ACCOUNT.UPDATE|Mailbox.Notice|Email.Update.Request|Updating..Mailbox|SYSTEM.RESTRICTED|Action.Alert|CLOSURE.WARNING)/i
uri	__BARUWA_WTC_SPOOF3	/https?:\/\/\w+\.wixsite\.com\//i
header	__BARUWA_WTC_SPOOF4 eval:check_uri_host_listed('BHSD')
header	__BARUWA_WTC_SPOOF5	X-Mailer =~ /YMailNorrin/i
uri	__BARUWA_WTC_SPOOF6	/https?:\/\/\w+\.sitebeat\.crazydomains\.com\//i
meta	__BARUWA_WTC_SPOOF7 ((FREEMAIL_FROM || __GB_FROM_ADDR_FREEMAIL) && __GB_TO_ADDR_FREEMAIL)
body    __BARUWA_WTC_SPOOF8 /Recover.Rejected.Messages/i

meta		BARUWA_WTC_SPOOF	((__BARUWA_WTC_SPOOF1 || __BARUWA_WTC_SPOOF2 || __BARUWA_WTC_SPOOF3 || __BARUWA_WTC_SPOOF4 || __BARUWA_WTC_SPOOF5 || __BARUWA_WTC_SPOOF6 || __BARUWA_WTC_SPOOF8 || FREEMAIL_FROM || FREEMAIL_REPLY) && (__KAM_MAILBOX1 || __KAM_MAILBOX2 || __VERIFY_ACCOUNT || __KAM_MAILBOX3 || __KAM_ACCOUNTPHISH4 || __KAM_PHISH4_2 || __BARUWA_WTC_SPOOF7 || __GOOG_REDIR || __KAM_PAPERLESS3 || __KAM_VM4))
describe	BARUWA_WTC_SPOOF	Suspected WTC Phishing / Spoofing
score		BARUWA_WTC_SPOOF	10

meta		BARUWA_WTC_BANNED	(__BARUWA_WTC_SPOOF3 || __BARUWA_WTC_SPOOF4 || __BARUWA_WTC_SPOOF5)
describe	BARUWA_WTC_BANNED	Contains a WTC banned url
score		BARUWA_WTC_BANNED	10
endif
endif