[Rspamd-Users] Convert spamassassin rules
Marc Risse
risse at citkomm.de
Mon Nov 5 11:28:22 UTC 2018
Hi list,
I have a lot of SA rules and want to convert them to rspamd rules/maps.
But it looks very complicated or I didn't get the idea behind multimaps.
Two examples of my rules:
header __WP_X_PHP_ORIG_SCRIPT X-PHP-Originating-Script =~
/(post|gallery|user)\.php/i
header __WP_X_PHP_SCRIPT X-PHP-Script =~ /(post|gallery|user)\.php/i
header __WP_X_SOURCE X-Source =~ /php-cgi/i
header __WP_X_SOURCE_ARGS X-Source-Args =~ /(post|gallery|user)\.php/i
header __WP_PATH_X_SOURCE_ARGS X-Source-Args =~
/\/wp\-(content|includes)\//i
header __JO_COMP_X_SOURCE_ARGS X-Source-Args =~ /components\/com_/i
header __JO_X_SOURCE_ARGS X-Source-Args =~ /\/joomla\//i
meta SIT_CMS_MAIL ( __WP_X_PHP_ORIG_SCRIPT || __WP_X_PHP_SCRIPT ||
__WP_X_SOURCE || __WP_X_SOURCE_ARGS || __WP_PATH_X_SOURCE_ARGS ||
__JO_COMP_X_SOURCE_ARGS || __JO_X_SOURCE_ARGS )
score SIT_CMS_MAIL 1.25
describe SIT_CMS_MAIL Mail sent from a probably hacked CMS (like
Wordpress or Joomla)
header SIT_OUTDATED_PHP X-Mailer =~ /PHP v?5\.[1234].*/i
score SIT_OUTDATED_PHP 0.2
describe SIT_OUTDATED_PHP Mail send from an outdated PHP version
Should I generate entries in multimap.conf like this?
|SIT_PHP_MAIL { type = "header"; filter = "||||headers||";|
||multi = true; | map = "file:///etc/rspamd/maps.local/php.map";|
||symbols = ["||||SIT_OUTDATED_PHP", "||||SIT_CMS_MAIL"]; regexp = true;| }|
but how should /etc/rspamd/maps.local/php.map look like to match the
different Headers?
I need some ideas or examples, maybe someone has a script to convert SA
rules to maps?
||
I'm lost
|
| Regards,
Marc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3433 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.rspamd.com/pipermail/users/attachments/20181105/ab228920/attachment.bin>
More information about the Users
mailing list