commit 1e27c46: Merge branch 'master' into temp-propose-alternative-solution-to-xbl-any-hack
GitHub
noreply at github.com
Sun Feb 19 23:28:04 UTC 2023
Author: Vsevolod Stakhov
Date: 2023-02-19 23:20:56 +0000
URL: https://github.com/rspamd/rspamd/commit/1e27c46e5d929f660810e60505db059c2c81b79d (refs/pull/4398/head)
Merge branch 'master' into temp-propose-alternative-solution-to-xbl-any-hack
cmake/Toolset.cmake | 25 ++-
conf/actions.conf | 2 +-
conf/composites.conf | 15 +-
conf/maps.d/maillist.inc | 340 ++++++++++++++++--------------------
conf/maps.d/redirectors.inc | 2 +-
conf/maps.d/surbl-whitelist.inc | 24 +--
conf/modules.d/bimi.conf | 2 +-
conf/modules.d/clickhouse.conf | 1 -
conf/modules.d/multimap.conf | 1 -
conf/modules.d/rbl.conf | 15 +-
conf/modules.d/redis.conf | 2 +-
conf/modules.d/spamassassin.conf | 2 +-
conf/scores.d/content_group.conf | 7 +-
conf/scores.d/headers_group.conf | 1 +
conf/scores.d/mime_types_group.conf | 5 +-
conf/scores.d/policies_group.conf | 4 -
conf/scores.d/rbl_group.conf | 49 +++---
conf/scores.d/subject_group.conf | 4 +-
conf/scores.d/surbl_group.conf | 69 ++++----
debian/compat | 2 +-
debian/control | 23 ++-
debian/rules | 70 ++++++--
rules/content.lua | 2 +-
rules/forwarding.lua | 1 -
rules/mid.lua | 1 -
rules/regexp/compromised_hosts.lua | 1 -
rules/regexp/headers.lua | 15 +-
rules/regexp/misc.lua | 2 +-
rules/subject_checks.lua | 2 +-
29 files changed, 357 insertions(+), 332 deletions(-)
diff --combined conf/composites.conf
index de09f0c90,82373b093..db2cba1fe
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@@ -45,6 -45,10 +45,6 @@@ composites
FORGED_MUA_MAILLIST {
expression = "g:mua & -MAILLIST";
}
- RBL_SPAMHAUS_XBL_ANY {
- expression = "RBL_SPAMHAUS_XBL & RECEIVED_SPAMHAUS_XBL";
- description = "From and Received address are listed in Spamhaus XBL";
- }
AUTH_NA {
expression = "R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA";
score = 1.0;
@@@ -94,7 -98,7 +94,7 @@@
}
RCVD_UNAUTH_PBL {
expression = "RECEIVED_PBL & !RCVD_VIA_SMTP_AUTH";
- description = "Relayed through ZEN PBL IP without sufficient authentication (possible indicating an open relay)";
+ description = "Relayed through Spamhaus PBL IP without sufficient authentication (possible indicating an open relay)";
score = 2.0;
policy = "leave";
}
@@@ -129,18 -133,16 +129,16 @@@
policy = "leave";
}
BAD_REP_POLICIES {
- description = "Contains valid policies but are also marked by fuzzy/bayes/surbl/rbl";
+ description = "Contains valid policies but are also marked by fuzzy/bayes/SURBL/RBL";
expression = "(~g-:policies) & (-g+:fuzzy | -g+:statistics | -g+:surbl | -g+:rbl)";
score = 0.1;
}
-
VIOLATED_DIRECT_SPF {
description = "Has no Received (or no trusted received relays) and SPF policy fails or soft fails";
expression = "(R_SPF_FAIL | R_SPF_SOFTFAIL) & (RCVD_COUNT_ZERO | RCVD_NO_TLS_LAST)";
policy = "leave";
score = 3.5;
}
-
IP_SCORE_FREEMAIL {
description = "Negate IP_SCORE when message comes from FreeMail";
expression = "FREEMAIL_FROM & SENDER_REP_SPAM";
@@@ -160,12 -162,11 +158,11 @@@
score = 7.0;
group = "scams";
}
-
FREEMAIL_AFF {
- expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & R_UNDISC_RCPT & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)";
- score = 4.0;
- policy = "leave";
- description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";
+ expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & R_UNDISC_RCPT & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)";
+ score = 4.0;
+ policy = "leave";
+ description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";
}
.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
diff --combined conf/scores.d/rbl_group.conf
index 7fd13b06f,40b68c947..e24d7d14c
--- a/conf/scores.d/rbl_group.conf
+++ b/conf/scores.d/rbl_group.conf
@@@ -21,7 -21,7 +21,7 @@@ symbols =
"DNSWL_BLOCKED" {
weight = 0.0;
- description = "Resolver blocked due to excessive queries";
+ description = "https://www.dnswl.org: Resolver blocked due to excessive queries";
groups = ["dnswl", "blocked"];
}
"RCVD_IN_DNSWL" {
@@@ -52,12 -52,12 +52,12 @@@
"DWL_DNSWL_BLOCKED" {
weight = 0.0;
- description = "Resolver blocked due to excessive queries (dwl)";
+ description = "https://www.dnswl.org: Resolver blocked due to excessive queries (DWL)";
groups = ["dnswl", "blocked"];
}
"DWL_DNSWL" {
weight = 0.0;
- description = "Unrecognised result from https://www.dnswl.org (dwl)";
+ description = "Unrecognised result from https://www.dnswl.org (DWL)";
groups = ["dnswl"];
}
"DWL_DNSWL_NONE" {
@@@ -88,84 -88,90 +88,85 @@@
}
"RBL_SPAMHAUS_SBL" {
weight = 4.0;
- description = "From address is listed in ZEN SBL";
+ description = "From address is listed in Spamhaus SBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_CSS" {
weight = 2.0;
- description = "From address is listed in ZEN CSS";
+ description = "From address is listed in Spamhaus CSS";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_XBL" {
weight = 4.0;
- description = "From address is listed in ZEN XBL";
+ description = "From address is listed in Spamhaus XBL";
groups = ["spamhaus"];
}
- "RBL_SPAMHAUS_XBL_ANY" {
- weight = 4.0;
- description = "From or received address is listed in ZEN XBL (any list)";
- groups = ["spamhaus"];
- }
"RBL_SPAMHAUS_PBL" {
weight = 2.0;
- description = "From address is listed in ZEN PBL (ISP list)";
+ description = "From address is listed in Spamhaus PBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_DROP" {
weight = 7.0;
- description = "From address is listed in ZEN DROP BL";
+ description = "From address is listed in Spamhaus DROP";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_BLOCKED_OPENRESOLVER" {
weight = 0.0;
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
- groups = ["spamhaus"];
+ groups = ["spamhaus", "blocked"];
}
"RBL_SPAMHAUS_BLOCKED" {
weight = 0.0;
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
- groups = ["spamhaus"];
+ groups = ["spamhaus", "blocked"];
}
"RECEIVED_SPAMHAUS_SBL" {
weight = 3.0;
- description = "Received address is listed in ZEN SBL";
+ description = "Received address is listed in Spamhaus SBL";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_CSS" {
weight = 1.0;
- description = "Received address is listed in ZEN CSS";
+ description = "Received address is listed in Spamhaus CSS";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_XBL" {
- weight = 3.0;
- description = "Received address is listed in Spamhaus XBL";
+ weight = 1.0;
+ description = "Received address is listed in ZEN XBL";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_PBL" {
weight = 0.0;
- description = "Received address is listed in ZEN PBL (ISP list)";
+ description = "Received address is listed in Spamhaus PBL";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_DROP" {
weight = 6.0;
- description = "Received address is listed in ZEN DROP BL";
+ description = "Received address is listed in Spamhaus DROP";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER" {
weight = 0.0;
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
- groups = ["spamhaus"];
+ groups = ["spamhaus", "blocked"];
}
"RECEIVED_SPAMHAUS_BLOCKED" {
weight = 0.0;
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
- groups = ["spamhaus"];
+ groups = ["spamhaus", "blocked"];
}
"RBL_SENDERSCORE" {
weight = 2.0;
description = "From address is listed in senderscore.com BL";
}
+
"MAILSPIKE" {
weight = 0.0;
description = "Unrecognised result from Mailspike";
@@@ -178,37 -184,37 +179,37 @@@
}
"RBL_MAILSPIKE_WORST" {
weight = 2.0;
- description = "From address is listed in RBL - worst possible reputation";
+ description = "From address is listed in Mailspike RBL - worst possible reputation";
groups = ["mailspike"];
}
"RBL_MAILSPIKE_VERYBAD" {
weight = 1.5;
- description = "From address is listed in RBL - very bad reputation";
+ description = "From address is listed in Mailspike RBL - very bad reputation";
groups = ["mailspike"];
}
"RBL_MAILSPIKE_BAD" {
weight = 1.0;
- description = "From address is listed in RBL - bad reputation";
+ description = "From address is listed in Mailspike RBL - bad reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_POSSIBLE" {
weight = 0.0;
- description = "From address is listed in RWL - possibly legit";
+ description = "From address is listed in Mailspike RWL - possibly legit";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_GOOD" {
weight = -0.1;
- description = "From address is listed in RWL - good reputation";
+ description = "From address is listed in Mailspike RWL - good reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_VERYGOOD" {
weight = -0.2;
- description = "From address is listed in RWL - very good reputation";
+ description = "From address is listed in Mailspike RWL - very good reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_EXCELLENT" {
weight = -0.4;
- description = "From address is listed in RWL - excellent reputation";
+ description = "From address is listed in Mailspike RWL - excellent reputation";
groups = ["mailspike"];
}
@@@ -231,7 -237,7 +232,7 @@@
"RBL_NIXSPAM" {
weight = 4.0;
- description = "From address is listed in NiX Spam (http://www.dnsbl.manitu.net/)";
+ description = "From address is listed in NiX Spam (https://www.nixspam.net/)";
}
"RBL_BLOCKLISTDE" {
More information about the Commits
mailing list