commit c17ffcd: [Rules] Blank spam detection
Andrew Lewis
nerf at judo.za.org
Fri Oct 13 19:00:04 UTC 2023
Author: Andrew Lewis
Date: 2023-10-13 17:01:50 +0200
URL: https://github.com/rspamd/rspamd/commit/c17ffcd4e5853f13a7cb5babd5950b95a546d689 (refs/pull/4644/head)
[Rules] Blank spam detection
---
conf/composites.conf | 6 ++++++
rules/headers_checks.lua | 20 ++++++++++++++++----
rules/misc.lua | 9 +++++++++
rules/parts.lua | 11 +++++++++++
rules/rspamd.lua | 1 +
5 files changed, 43 insertions(+), 4 deletions(-)
diff --git a/conf/composites.conf b/conf/composites.conf
index e598f73ef..fe89808fb 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -16,6 +16,12 @@
composites {
+ SHORT_PART_BAD_HEADERS {
+ expression = "MISSING_ESSENTIAL_HEADERS & SINGLE_SHORT_PART";
+ group = "blankspam";
+ policy = "leave";
+ score = 7.0;
+ }
FORGED_RECIPIENTS_MAILLIST {
expression = "FORGED_RECIPIENTS & -MAILLIST";
}
diff --git a/rules/headers_checks.lua b/rules/headers_checks.lua
index f28b0bc7a..92ebb0ca3 100644
--- a/rules/headers_checks.lua
+++ b/rules/headers_checks.lua
@@ -547,14 +547,17 @@ local headers_unique = {
['Subject'] = 0.7
}
-rspamd_config.MULTIPLE_UNIQUE_HEADERS = {
+local multiple_unique_headers_id = rspamd_config:register_symbol {
+ name = 'MULTIPLE_UNIQUE_HEADERS',
callback = function(task)
local res = 0
local max_mult = 0.0
local res_tbl = {}
+ local found = 0
for hdr, mult in pairs(headers_unique) do
local hc = task:get_header_count(hdr)
+ found = found + hc
if hc > 1 then
res = res + 1
@@ -566,10 +569,10 @@ rspamd_config.MULTIPLE_UNIQUE_HEADERS = {
end
if res > 0 then
- return true, max_mult, table.concat(res_tbl, ',')
+ task:insert_result('MULTIPLE_UNIQUE_HEADERS', max_mult, table.concat(res_tbl, ','))
+ elseif found == 0 then
+ task:insert_result('MISSING_ESSENTIAL_HEADERS', 1.0)
end
-
- return false
end,
score = 7.0,
@@ -578,6 +581,15 @@ rspamd_config.MULTIPLE_UNIQUE_HEADERS = {
description = 'Repeated unique headers'
}
+rspamd_config:register_symbol {
+ name = 'MISSING_ESSENTIAL_HEADERS',
+ score = 7.0,
+ group = 'blankspam',
+ parent = multiple_unique_headers_id,
+ type = 'virtual',
+ description = 'Common headers were entirely absent',
+}
+
rspamd_config.MISSING_FROM = {
callback = function(task)
local from = task:get_header('From')
diff --git a/rules/misc.lua b/rules/misc.lua
index 17e3b8ac7..faf4a8fb8 100644
--- a/rules/misc.lua
+++ b/rules/misc.lua
@@ -853,3 +853,12 @@ rspamd_config:register_symbol {
score = -2.0,
one_shot = true
}
+
+rspamd_config.COMPLETELY_EMPTY = {
+ callback = function(task)
+ return (task:get_size() == 0)
+ end,
+ flags = 'empty',
+ group = 'blankspam',
+ score = 15
+}
diff --git a/rules/parts.lua b/rules/parts.lua
new file mode 100644
index 000000000..2be9ff85a
--- /dev/null
+++ b/rules/parts.lua
@@ -0,0 +1,11 @@
+rspamd_config.SINGLE_SHORT_PART = {
+ callback = function(task)
+ local parts = task:get_parts()
+ if #parts ~= 1 then return end
+ local text = parts[1]:get_text()
+ if not text then return end
+ if text:get_length() >= 64 then return end
+ return true
+ end,
+ score = 0.0,
+}
diff --git a/rules/rspamd.lua b/rules/rspamd.lua
index 39017f169..6b2c1a51c 100644
--- a/rules/rspamd.lua
+++ b/rules/rspamd.lua
@@ -35,6 +35,7 @@ dofile(local_rules .. '/subject_checks.lua')
dofile(local_rules .. '/misc.lua')
dofile(local_rules .. '/forwarding.lua')
dofile(local_rules .. '/mid.lua')
+dofile(local_rules .. '/parts.lua')
dofile(local_rules .. '/bitcoin.lua')
dofile(local_rules .. '/bounce.lua')
dofile(local_rules .. '/content.lua')
More information about the Commits
mailing list