commit ea719aa: Merge pull request #4308 from frederikbosch/patch-1
GitHub
noreply at github.com
Wed Oct 19 20:28:07 UTC 2022
Author: Vsevolod Stakhov
Date: 2022-10-19 21:26:27 +0100
URL: https://github.com/rspamd/rspamd/commit/ea719aa841a33a7473e50677fca1049ac9c8a055 (HEAD -> master)
Merge pull request #4308 from frederikbosch/patch-1
[Rules] Penalize bounce spam
conf/composites.conf | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --combined conf/composites.conf
index fc5b7922d,00d765ce1..e2096b291
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@@ -53,7 -53,17 +53,17 @@@ composites
expression = "R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA";
score = 1.0;
policy = "remove_weight";
- description = "Authenticating message via SPF/DKIM/DMARC/ARC not possible";
+ description = "Authenticating message via SPF/DKIM/DMARC/ARC not available";
+ }
+ AUTH_NA_OR_FAIL {
+ expression = "!(R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA) & (R_DKIM_NA | R_DKIM_TEMPFAIL | R_DKIM_PERMFAIL) & (R_SPF_NA | R_SPF_DNSFAIL) & DMARC_NA & (ARC_NA | ARC_DNSFAIL)";
+ score = 1.0;
+ policy = "remove_weight";
+ description = "No authenticating method SPF/DKIM/DMARC/ARC was successful";
+ }
+ BOUNCE_NO_AUTH {
+ expression = "(AUTH_NA | AUTH_NA_OR_FAIL) & (BOUNCE | SUBJ_BOUNCE_WORDS)";
+ score = 1.0;
}
DKIM_MIXED {
expression = "-R_DKIM_ALLOW & (R_DKIM_TEMPFAIL | R_DKIM_PERMFAIL | R_DKIM_REJECT)"
@@@ -154,13 -164,6 +164,13 @@@
score = 7.0;
group = "scams";
}
+
+ FREEMAIL_AFF {
+ expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & R_UNDISC_RCPT & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)";
+ score = 4.0;
+ policy = "leave";
+ description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";
+ }
.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
More information about the Commits
mailing list