commit 38084c8: [Conf] Add vendor groups for symbols
Vsevolod Stakhov
vsevolod at highsecure.ru
Mon Mar 18 17:42:03 UTC 2019
Author: Vsevolod Stakhov
Date: 2019-03-18 17:40:29 +0000
URL: https://github.com/rspamd/rspamd/commit/38084c8092801072bbe9d56228f9e42acadf90fc (HEAD -> master)
[Conf] Add vendor groups for symbols
Issue: #2803
---
conf/scores.d/rbl_group.conf | 37 +++++++++++++++++++++++++++++++++++++
conf/scores.d/surbl_group.conf | 35 +++++++++++++++++++++++++++++++++++
2 files changed, 72 insertions(+)
diff --git a/conf/scores.d/rbl_group.conf b/conf/scores.d/rbl_group.conf
index 3d19f1698..5912e8275 100644
--- a/conf/scores.d/rbl_group.conf
+++ b/conf/scores.d/rbl_group.conf
@@ -20,104 +20,128 @@ symbols = {
"DNSWL_BLOCKED" {
weight = 0.0;
description = "Resolver blocked due to excessive queries";
+ groups = ["dnswl", "blocked"];
}
"RCVD_IN_DNSWL" {
weight = 0.0;
description = "Unrecognised result from https://www.dnswl.org";
+ groups = ["dnswl"];
}
"RCVD_IN_DNSWL_NONE" {
weight = 0.0;
description = "Sender listed at https://www.dnswl.org, no trust";
+ groups = ["dnswl"];
}
"RCVD_IN_DNSWL_LOW" {
weight = -0.1;
description = "Sender listed at https://www.dnswl.org, low trust";
+ groups = ["dnswl"];
}
"RCVD_IN_DNSWL_MED" {
weight = -0.2;
description = "Sender listed at https://www.dnswl.org, medium trust";
+ groups = ["dnswl"];
}
"RCVD_IN_DNSWL_HI" {
weight = -0.5;
description = "Sender listed at https://www.dnswl.org, high trust";
+ groups = ["dnswl"];
}
"DWL_DNSWL_BLOCKED" {
weight = 0.0;
description = "Resolver blocked due to excessive queries (dwl)";
+ groups = ["dnswl", "blocked"];
}
"DWL_DNSWL" {
weight = 0.0;
description = "Unrecognised result from https://www.dnswl.org (dwl)";
+ groups = ["dnswl"];
}
"DWL_DNSWL_NONE" {
weight = 0.0;
description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, no trust";
+ groups = ["dnswl"];
}
"DWL_DNSWL_LOW" {
weight = -1;
description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, low trust";
+ groups = ["dnswl"];
}
"DWL_DNSWL_MED" {
weight = -2;
description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, medium trust";
+ groups = ["dnswl"];
}
"DWL_DNSWL_HI" {
weight = -3.5;
description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, high trust";
+ groups = ["dnswl"];
}
"RBL_SPAMHAUS" {
weight = 0.0;
description = "Unrecognised result from Spamhaus ZEN";
+ groups = ["spamhaus"];
}
"RBL_SPAMHAUS_SBL" {
weight = 2.0;
description = "From address is listed in ZEN SBL";
+ groups = ["spamhaus"];
}
"RBL_SPAMHAUS_CSS" {
weight = 2.0;
description = "From address is listed in ZEN CSS";
+ groups = ["spamhaus"];
}
"RBL_SPAMHAUS_XBL" {
weight = 4.0;
description = "From address is listed in ZEN XBL";
+ groups = ["spamhaus"];
}
"RBL_SPAMHAUS_XBL_ANY" {
weight = 4.0;
description = "From or received address is listed in ZEN XBL (any list)";
+ groups = ["spamhaus"];
}
"RBL_SPAMHAUS_PBL" {
weight = 2.0;
description = "From address is listed in ZEN PBL (ISP list)";
+ groups = ["spamhaus"];
}
"RBL_SPAMHAUS_DROP" {
weight = 7.0;
description = "From address is listed in ZEN DROP BL";
+ groups = ["spamhaus"];
}
"RECEIVED_SPAMHAUS_SBL" {
weight = 1.0;
description = "Received address is listed in ZEN SBL";
+ groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_CSS" {
weight = 1.0;
description = "Received address is listed in ZEN CSS";
+ groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_XBL" {
weight = 3.0;
description = "Received address is listed in ZEN XBL";
+ groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_PBL" {
weight = 0.0;
description = "Received address is listed in ZEN PBL (ISP list)";
+ groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_DROP" {
weight = 6.0;
description = "Received address is listed in ZEN DROP BL";
+ groups = ["spamhaus"];
one_shot = true;
}
@@ -128,48 +152,59 @@ symbols = {
"MAILSPIKE" {
weight = 0.0;
description = "Unrecognised result from Mailspike";
+ groups = ["mailspike"];
}
"RWL_MAILSPIKE_NEUTRAL" {
weight = 0.0;
description = "Neutral result from Mailspike";
+ groups = ["mailspike"];
}
"RBL_MAILSPIKE_WORST" {
weight = 2.0;
description = "From address is listed in RBL - worst possible reputation";
+ groups = ["mailspike"];
}
"RBL_MAILSPIKE_VERYBAD" {
weight = 1.5;
description = "From address is listed in RBL - very bad reputation";
+ groups = ["mailspike"];
}
"RBL_MAILSPIKE_BAD" {
weight = 1.0;
description = "From address is listed in RBL - bad reputation";
+ groups = ["mailspike"];
}
"RWL_MAILSPIKE_POSSIBLE" {
weight = 0.0;
description = "From address is listed in RWL - possibly legit";
+ groups = ["mailspike"];
}
"RWL_MAILSPIKE_GOOD" {
weight = 0.0;
description = "From address is listed in RWL - good reputation";
+ groups = ["mailspike"];
}
"RWL_MAILSPIKE_VERYGOOD" {
weight = 0.0;
description = "From address is listed in RWL - very good reputation";
+ groups = ["mailspike"];
}
"RWL_MAILSPIKE_EXCELLENT" {
weight = 0.0;
description = "From address is listed in RWL - excellent reputation";
+ groups = ["mailspike"];
}
"RBL_SEM" {
weight = 1.0;
description = "From address is listed in Spameatingmonkey RBL";
+ groups = ["sem"];
}
"RBL_SEM_IPV6" {
weight = 1.0;
description = "From address is listed in Spameatingmonkey RBL (IPv6)";
+ groups = ["sem"];
}
"RBL_VIRUSFREE_BOTNET" {
@@ -185,11 +220,13 @@ symbols = {
"RBL_BLOCKLISTDE" {
weight = 4.0;
description = "From address is listed in Blocklist (https://www.blocklist.de/)";
+ groups = ["blocklistde"];
}
"RECEIVED_BLOCKLISTDE" {
weight = 3.0;
description = "Received address is listed in Blocklist (https://www.blocklist.de/)";
+ groups = ["blocklistde"];
one_shot = true;
}
}
diff --git a/conf/scores.d/surbl_group.conf b/conf/scores.d/surbl_group.conf
index 176608fa5..22b8dba71 100644
--- a/conf/scores.d/surbl_group.conf
+++ b/conf/scores.d/surbl_group.conf
@@ -22,157 +22,192 @@ symbols = {
"SURBL_BLOCKED" {
weight = 0.0;
description = "SURBL: blocked by policy/overusage";
+ groups = ["surblorg", "blocked"];
}
"PH_SURBL_MULTI" {
weight = 5.5;
description = "SURBL: Phishing sites";
+ groups = ["surblorg", "phishing"];
}
"MW_SURBL_MULTI" {
weight = 5.5;
description = "SURBL: Malware sites";
+ groups = ["surblorg"];
}
"ABUSE_SURBL" {
weight = 5.5;
description = "SURBL: ABUSE";
+ groups = ["surblorg"];
}
"CRACKED_SURBL" {
weight = 4.0;
description = "SURBL: cracked site";
+ groups = ["surblorg"];
}
"RSPAMD_URIBL" {
weight = 4.5;
description = "Rspamd uribl, bl.rspamd.com";
one_shot = true;
+ groups = ["rspamdbl"];
}
"RSPAMD_EMAILBL" {
weight = 9.5;
description = "Rspamd emailbl, bl.rspamd.com";
one_shot = true;
+ groups = ["rspamdbl"];
}
"MSBL_EBL" {
weight = 7.5;
description = "MSBL emailbl";
one_shot = true;
+ groups = ["ebl"];
}
"MSBL_EBL_GREY" {
weight = 0.5; # TODO: test it
description = "MSBL emailbl grey list";
one_shot = true;
+ groups = ["ebl"];
}
"SEM_URIBL_UNKNOWN" {
weight = 0.0;
description = "Spameatingmonkey uribl: unknown result";
+ groups = ["sem"];
}
"SEM_URIBL" {
weight = 3.5;
description = "Spameatingmonkey uribl";
+ groups = ["sem"];
}
"SEM_URIBL_FRESH15_UNKNOWN" {
weight = 0.0;
description = "Spameatingmonkey Fresh15 uribl: unknown result";
+ groups = ["sem"];
}
"SEM_URIBL_FRESH15" {
weight = 3.0;
description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)";
+ groups = ["sem"];
}
"DBL" {
weight = 0.0;
description = "DBL unknown result";
+ groups = ["spamhaus"];
}
"DBL_SPAM" {
weight = 6.5;
description = "DBL uribl spam";
+ groups = ["spamhaus"];
}
"DBL_PHISH" {
weight = 6.5;
description = "DBL uribl phishing";
+ groups = ["spamhaus"];
}
"DBL_MALWARE" {
weight = 6.5;
description = "DBL uribl malware";
+ groups = ["spamhaus"];
}
"DBL_BOTNET" {
weight = 5.5;
description = "DBL uribl botnet C&C domain";
+ groups = ["spamhaus"];
}
"DBL_ABUSE" {
weight = 6.5;
description = "DBL uribl abused legit spam";
+ groups = ["spamhaus"];
}
"DBL_ABUSE_REDIR" {
weight = 1.5;
description = "DBL uribl abused spammed redirector domain";
+ groups = ["spamhaus"];
}
"DBL_ABUSE_PHISH" {
weight = 7.5;
description = "DBL uribl abused legit phish";
+ groups = ["spamhaus"];
}
"DBL_ABUSE_MALWARE" {
weight = 7.5;
description = "DBL uribl abused legit malware";
+ groups = ["spamhaus"];
}
"DBL_ABUSE_BOTNET" {
weight = 5.5;
description = "DBL uribl abused legit botnet C&C";
+ groups = ["spamhaus"];
}
"DBL_PROHIBIT" {
weight = 0.00000;
description = "DBL uribl IP queries prohibited!";
+ groups = ["spamhaus"];
}
"URIBL_MULTI" {
weight = 0.0;
description = "uribl.com: unrecognised result";
+ groups = ["uribl"];
}
"URIBL_BLOCKED" {
weight = 0.0;
description = "uribl.com: query refused";
+ groups = ["uribl", "blocked"];
}
"URIBL_BLACK" {
weight = 7.5;
description = "uribl.com black url";
+ groups = ["uribl"];
}
"URIBL_RED" {
weight = 3.5;
description = "uribl.com red url";
+ groups = ["uribl"];
}
"URIBL_GREY" {
weight = 1.5;
description = "uribl.com grey url";
one_shot = true;
+ groups = ["uribl"];
}
"SPAMHAUS_ZEN_URIBL" {
weight = 0.0;
description = "Spamhaus ZEN URIBL: Filtered result";
+ groups = ["spamhaus"];
}
"URIBL_SBL" {
weight = 6.5;
description = "A domain in the message body resolves to an IP listed in Spamhaus SBL";
one_shot = true;
+ groups = ["v"];
}
"URIBL_SBL_CSS" {
weight = 6.5;
description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS";
one_shot = true;
+ groups = ["spamhaus"];
}
"URIBL_XBL" {
weight = 1.5;
description = "A domain in the message body resolves to an IP listed in Spamhaus XBL";
one_shot = true;
+ groups = ["spamhaus"];
}
"URIBL_PBL" {
weight = 0.01;
description = "A domain in the message body resolves to an IP listed in Spamhaus PBL";
+ groups = ["spamhaus"];
}
"URIBL_DROP" {
weight = 5.0;
description = "A domain in the message body resolves to an IP listed in Spamhaus DROP";
one_shot = true;
+ groups = ["spamhaus"];
}
"RBL_SARBL_BAD" {
weight = 2.5;
More information about the Commits
mailing list