Add rule to detect spammers attempts to cheat mime parsing

author Vsevolod Stakhov <vsevolod@highsecure.ru>

Sun, 24 Jan 2016 14:10:33 +0000 (14:10 +0000)

committer Vsevolod Stakhov <vsevolod@highsecure.ru>

Sun, 24 Jan 2016 14:10:33 +0000 (14:10 +0000)
author Vsevolod Stakhov <vsevolod@highsecure.ru>
Sun, 24 Jan 2016 14:10:33 +0000 (14:10 +0000)
committer Vsevolod Stakhov <vsevolod@highsecure.ru>
Sun, 24 Jan 2016 14:10:33 +0000 (14:10 +0000)
diff --git a/rules/misc.lua b/rules/misc.lua

index 90767d70c371db444a8d0de048341b2939c81dba..e49603278593cae39df41f344435645edd6e777a 100644 (file)
--- a/rules/misc.lua
+++ b/rules/misc.lua
@@ -185,3 +185,36 @@ rspamd_config.HEADER_FORGED_MDN = {
    group = 'headers',
    description = 'Read confirmation address is different to return path'
  }
+
+local headers_unique = {
+  'Content-Type',
+  'Content-Transfer-Encoding',
+  'Date',
+  'Message-ID'
+}
+
+rspamd_config.MULTIPLE_UNIQUE_HEADERS = {
+  callback = function (task)
+    local res = 0
+    local res_tbl = {}
+    
+    for i,hdr in ipairs(headers_unique) do
+      local h = task:get_header_full(hdr)
+      
+      if h and #h > 1 then
+        res = res + 1
+        table.insert(res_tbl, hdr)
+      end
+    end
+    
+    if res > 0 then
+      return true,res,table.concat(res_tbl, ',')
+    end
+    
+    return false
+  end,
+
+  score = 5.0,
+  group = 'headers',
+  description = 'Repeated unique headers'
+}
author	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Sun, 24 Jan 2016 14:10:33 +0000 (14:10 +0000)
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Sun, 24 Jan 2016 14:10:33 +0000 (14:10 +0000)