commit 36e5821: [Rules] Add thread hijacking composite rule
twesterhever
40121680+twesterhever at users.noreply.github.com
Sat Jun 3 20:07:06 UTC 2023
Author: twesterhever
Date: 2023-06-02 10:19:30 +0000
URL: https://github.com/rspamd/rspamd/commit/36e5821213fe56de6e8a196b40bf8fb46f0264f7
[Rules] Add thread hijacking composite rule
---
conf/composites.conf | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/conf/composites.conf b/conf/composites.conf
index 19a2187e6..7fe417668 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -160,6 +160,13 @@ composites {
policy = "leave";
description = "Message only contains a redirector URL";
}
+ THREAD_HIJACKING_FROM_INJECTOR {
+ expression = "FAKE_REPLY & RCVD_VIA_SMTP_AUTH & (!RECEIVED_SPAMHAUS_PBL | RECEIVED_SPAMHAUS_XBL | RECEIVED_SPAMHAUS_SBL)";
+ score = 2.0;
+ policy = "leave";
+ description = "Fake reply exhibiting characteristics of being injected into a compromised mail server, possibly e-mail thread hijacking";
+ group = "compromised_hosts";
+ }
.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
More information about the Commits
mailing list