#
# Combine some blacklists and RBL's. Very effective
#
meta	__SPAMHAUS_ALLRBL	(URIBL_SBL + RCVD_IN_XBL + RCVD_IN_SBL >= 1)
meta	__SPAMHAUS_RBL		(RCVD_IN_XBL + RCVD_IN_SBL >= 1)
meta	__SURBL_RBL		(URIBL_AB_SURBL + URIBL_OB_SURBL + URIBL_WS_SURBL >= 1)
meta	__URI_RBL_MULTI		(URIBL_SBL + URIBL_AB_SURBL + URIBL_OB_SURBL + URIBL_WS_SURBL + URIBL_SC_SWINOG >= 2)
meta	__ONE_DIGEST_TRUE	(DCC_CHECK + RAZOR2_CHECK + PYZOR_CHECK == 1)
meta	__DIGEST_TRUE		(DCC_CHECK + RAZOR2_CHECK + PYZOR_CHECK >= 1)
meta	__RBL_COMBO_MATCH	((RBL_COMBO_A_3 || RBL_COMBO_A_4 || RBL_COMBO_A_5 || RBL_COMBO_B_2 || RBL_COMBO_B_3 || RBL_COMBO_C_1 || RBL_COMBO_C_2 || RBL_COMBO_C_3) == 1)

#
# Combine at least two positive network tests.
#
meta	RBL_COMBO_A_2	(__SPAMHAUS_ALLRBL + __SURBL_RBL + DIGEST_MULTIPLE + URIBL_SC_SWINOG + SPF_FAIL == 2)
meta	RBL_COMBO_A_3	(__SPAMHAUS_ALLRBL + __SURBL_RBL + DIGEST_MULTIPLE + URIBL_SC_SWINOG + SPF_FAIL == 3)
meta	RBL_COMBO_A_4	(__SPAMHAUS_ALLRBL + __SURBL_RBL + DIGEST_MULTIPLE + URIBL_SC_SWINOG + SPF_FAIL == 4)
meta	RBL_COMBO_A_5	(__SPAMHAUS_ALLRBL + __SURBL_RBL + DIGEST_MULTIPLE + URIBL_SC_SWINOG + SPF_FAIL == 5)
describe	RBL_COMBO_A_2	Blacklist Combo A (2)
describe	RBL_COMBO_A_3	Blacklist Combo A (3)
describe	RBL_COMBO_A_4	Blacklist Combo A (4)
describe	RBL_COMBO_A_5	Blacklist Combo A (5)
score		RBL_COMBO_A_2	 2.000
score		RBL_COMBO_A_3	 6.000
score		RBL_COMBO_A_4	 8.000
score		RBL_COMBO_A_5	10.000

#
# Honour multi-tests (and spamhaus entries)
#
meta		RBL_COMBO_B_2	(__URI_RBL_MULTI + __DIGEST_TRUE + __SPAMHAUS_RBL == 2)
meta		RBL_COMBO_B_3	(__URI_RBL_MULTI + __DIGEST_TRUE + __SPAMHAUS_RBL == 3)
describe	RBL_COMBO_B_2	Blacklist Combo B (2)
describe	RBL_COMBO_B_3	Blacklist Combo B (3)
score		RBL_COMBO_B_2	 6.000
score		RBL_COMBO_B_3	10.000

#
# Cause we use a lower positive bayes, we honour it if we have a DIGEST or RBL match.
# To avoid false positives, the score for RBL_COMBO_C_1 is low.
#
meta		RBL_COMBO_C_1	((BAYES_99 || BAYES_95 || BAYES_90) + __ONE_DIGEST_TRUE == 2)
meta		RBL_COMBO_C_2	((BAYES_99 || BAYES_95 || BAYES_90) + (__SPAMHAUS_ALLRBL || __SURBL_RBL || URIBL_SC_SWINOG) == 2)
meta		RBL_COMBO_C_3	((BAYES_99 || BAYES_95 || BAYES_90) + DIGEST_MULTIPLE + (__SPAMHAUS_ALLRBL || __SURBL_RBL || URIBL_SC_SWINOG) == 3)
describe	RBL_COMBO_C_1	Blacklist Combo C (1)
describe	RBL_COMBO_C_2	Blacklist Combo C (2)
describe	RBL_COMBO_C_3	Blacklist Combo C (3)
score		RBL_COMBO_C_1	 2.000
score		RBL_COMBO_C_2	 2.000
score		RBL_COMBO_C_3	 6.000

score		DIGEST_MULTIPLE	 2.000

#
# Combine the combo texts with spammer signs
#
meta		RBL_COMBO_SEX ((PORN_URL_SEX || PORN_URL_MISC) + __RBL_COMBO_MATCH == 2)
describe	RBL_COMBO_SEX	Blacklist Combo + Sexmail (3+)
score		RBL_COMBO_SEX	3.000

meta		RBL_COMBO_OBFU ((OBFU_1 + OBFU_2 + OBFU_3 + OBFU_4 + OBFU_5 + OBFU_6 + DRUGS_ERECTILE_OBFU) +  __RBL_COMBO_MATCH == 2)
describe	RBL_COMBO_OBFU Blacklist Combo + obfuscated
score		RBL_COMBO_OBFU	3.000