commit 8f6fced: [Enhancement] Add composite rule for suspicious URLs in suspicious messages
twesterhever
40121680+twesterhever at users.noreply.github.com
Fri Nov 3 15:28:03 UTC 2023
Author: twesterhever
Date: 2023-11-03 13:48:58 +0000
URL: https://github.com/rspamd/rspamd/commit/8f6fced6f01cf5fb3c5b8b9391f989fc1fdc1098 (refs/pull/4681/head)
[Enhancement] Add composite rule for suspicious URLs in suspicious messages
---
conf/composites.conf | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/conf/composites.conf b/conf/composites.conf
index fe89808fb..df5543be6 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -181,6 +181,12 @@ composites {
description = "Fake reply exhibiting characteristics of being injected into a compromised mail server, possibly e-mail thread hijacking";
group = "compromised_hosts";
}
+ SUSPICIOUS_URL_IN_SUSPICIOUS_MESSAGE {
+ expression = "(REDIRECTOR_URL | HAS_ANON_DOMAIN | HAS_IPFS_GATEWAY_URL) & (-g+:fuzzy | -g+:statistics | -g+:surbl | -g+:rbl)";
+ score = 1.0;
+ policy = "leave";
+ description = "Message contains redirector, anonymous or IPFS gateway URL and is marked by fuzzy/bayes/SURBL/RBL";
+ }
.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
More information about the Commits
mailing list