commit f268919: Merge pull request #4683 from twesterhever/temp-improve-freemail-aff

GitHub noreply at github.com
Fri Nov 3 15:35:05 UTC 2023


Author: Vsevolod Stakhov
Date: 2023-11-03 15:28:50 +0000
URL: https://github.com/rspamd/rspamd/commit/f268919adfe3f43814413062078bea000bc0ff02 (HEAD -> master)

Merge pull request #4683 from twesterhever/temp-improve-freemail-aff
[Minor] Improve FREEMAIL_AFF capture rates

 conf/composites.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --combined conf/composites.conf
index df5543be6,f039deb73..e38d64e6b
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@@ -163,7 -163,7 +163,7 @@@ composites 
      group = "scams";
    }
    FREEMAIL_AFF {
-     expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & (TO_DN_RECIPIENTS | R_UNDISC_RCPT) & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)";
+     expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & (TO_DN_RECIPIENTS | R_UNDISC_RCPT) & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM | SUBJECT_HAS_CURRENCY)";
      score = 4.0;
      policy = "leave";
      description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";
@@@ -181,12 -181,6 +181,12 @@@
      description = "Fake reply exhibiting characteristics of being injected into a compromised mail server, possibly e-mail thread hijacking";
      group = "compromised_hosts";
    }
 +  SUSPICIOUS_URL_IN_SUSPICIOUS_MESSAGE {
 +    expression = "(REDIRECTOR_URL | HAS_ANON_DOMAIN | HAS_IPFS_GATEWAY_URL) & (-g+:fuzzy | -g+:statistics | -g+:surbl | -g+:rbl)";
 +    score = 1.0;
 +    policy = "leave";
 +    description = "Message contains redirector, anonymous or IPFS gateway URL and is marked by fuzzy/bayes/SURBL/RBL";
 +  }
  
    .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"


More information about the Commits mailing list