commit f268919: Merge pull request #4683 from twesterhever/temp-improve-freemail-aff
GitHub
noreply at github.com
Fri Nov 3 15:35:05 UTC 2023
Author: Vsevolod Stakhov
Date: 2023-11-03 15:28:50 +0000
URL: https://github.com/rspamd/rspamd/commit/f268919adfe3f43814413062078bea000bc0ff02 (HEAD -> master)
Merge pull request #4683 from twesterhever/temp-improve-freemail-aff
[Minor] Improve FREEMAIL_AFF capture rates
conf/composites.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --combined conf/composites.conf
index df5543be6,f039deb73..e38d64e6b
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@@ -163,7 -163,7 +163,7 @@@ composites
group = "scams";
}
FREEMAIL_AFF {
- expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & (TO_DN_RECIPIENTS | R_UNDISC_RCPT) & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)";
+ expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & (TO_DN_RECIPIENTS | R_UNDISC_RCPT) & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM | SUBJECT_HAS_CURRENCY)";
score = 4.0;
policy = "leave";
description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";
@@@ -181,12 -181,6 +181,12 @@@
description = "Fake reply exhibiting characteristics of being injected into a compromised mail server, possibly e-mail thread hijacking";
group = "compromised_hosts";
}
+ SUSPICIOUS_URL_IN_SUSPICIOUS_MESSAGE {
+ expression = "(REDIRECTOR_URL | HAS_ANON_DOMAIN | HAS_IPFS_GATEWAY_URL) & (-g+:fuzzy | -g+:statistics | -g+:surbl | -g+:rbl)";
+ score = 1.0;
+ policy = "leave";
+ description = "Message contains redirector, anonymous or IPFS gateway URL and is marked by fuzzy/bayes/SURBL/RBL";
+ }
.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
More information about the Commits
mailing list