parent = rcvd_cb_id,
type = 'virtual',
description = 'No received',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'RCVD_COUNT_ONE',
parent = rcvd_cb_id,
type = 'virtual',
description = 'One received',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'RCVD_COUNT_TWO',
parent = rcvd_cb_id,
type = 'virtual',
description = '3-5 received',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'RCVD_COUNT_FIVE',
parent = rcvd_cb_id,
type = 'virtual',
description = '5-7 received',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'RCVD_COUNT_SEVEN',
parent = rcvd_cb_id,
type = 'virtual',
description = '7-11 received',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'RCVD_COUNT_TWELVE',
parent = rcvd_cb_id,
type = 'virtual',
description = '12+ received',
- group = 'header',
+ group = 'headers',
}
local prio_cb_id = rspamd_config:register_symbol {
parent = prio_cb_id,
type = 'virtual',
description = 'Priority 0',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'HAS_X_PRIO_ONE',
parent = prio_cb_id,
type = 'virtual',
description = 'Priority 1',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'HAS_X_PRIO_TWO',
parent = prio_cb_id,
type = 'virtual',
description = 'Priority 2',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'HAS_X_PRIO_THREE',
parent = prio_cb_id,
type = 'virtual',
description = 'Priority 3-4',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'HAS_X_PRIO_FIVE',
parent = prio_cb_id,
type = 'virtual',
description = 'Priority 5+',
- group = 'header',
+ group = 'headers',
}
local function get_raw_header(task, name)
parent = check_replyto_id,
type = 'virtual',
description = 'Reply-To header could not be parsed',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'HAS_REPLYTO',
parent = check_replyto_id,
type = 'virtual',
description = 'Has Reply-To header',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'REPLYTO_EQ_FROM',
parent = check_replyto_id,
type = 'virtual',
description = 'Reply-To header is identical to From header',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'REPLYTO_ADDR_EQ_FROM',
parent = check_replyto_id,
type = 'virtual',
description = 'Reply-To header is identical to SMTP From',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'REPLYTO_DOM_EQ_FROM_DOM',
parent = check_replyto_id,
type = 'virtual',
description = 'Reply-To domain matches the From domain',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'REPLYTO_DOM_NEQ_FROM_DOM',
parent = check_replyto_id,
type = 'virtual',
description = 'Reply-To domain does not match the From domain',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'REPLYTO_DN_EQ_FROM_DN',
parent = check_replyto_id,
type = 'virtual',
description = 'Reply-To display name matches From',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'REPLYTO_EMAIL_HAS_TITLE',
parent = check_replyto_id,
type = 'virtual',
description = 'Reply-To header has title',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_dependency(check_replyto_id, 'FROM_NAME_HAS_TITLE')
parent = check_mime_id,
type = 'virtual',
description = 'MIME-Version header is missing',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'MIME_MA_MISSING_TEXT',
parent = check_mime_id,
type = 'virtual',
description = 'MIME multipart/alternative missing text/plain part',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'MIME_MA_MISSING_HTML',
parent = check_mime_id,
type = 'virtual',
description = 'MIME multipart/alternative missing text/html part',
- group = 'header',
+ group = 'headers',
}
-- Used to be called IS_LIST
return task:has_flag('broken_headers')
end,
score = 10.0,
- group = 'header',
+ group = 'headers',
description = 'Headers structure is likely broken'
}
task:get_parts())
end,
score = 1.5,
- group = 'header',
+ group = 'headers',
description = 'Message has part with broken content type'
}
end,
score = 2.0,
- group = 'header',
+ group = 'headers',
description = 'Read confirmation address is different to from address'
}
end,
score = 2.0,
- group = 'header',
+ group = 'headers',
description = 'Read confirmation address is different to return path'
}
end,
score = 5.0,
- group = 'header',
+ group = 'headers',
+ one_shot = true,
description = 'Repeated unique headers'
}
return false
end,
score = 2.0,
- group = 'header',
+ group = 'headers',
description = 'Missing From: header'
}
rspamd_config.MV_CASE = {
if (mv) then return true end
end,
description = 'Mime-Version .vs. MIME-Version',
- score = 0.5
+ score = 0.5,
+ group = 'headers',
}
rspamd_config.FAKE_REPLY = {
return false
end,
description = 'Fake reply',
- score = 1.0
+ score = 1.0,
+ group = 'headers'
}
local check_from_id = rspamd_config:register_symbol{
rspamd_config:register_symbol{
name = 'FROM_NO_DN',
score = 0,
- group = 'header',
+ group = 'headers',
parent = check_from_id,
type = 'virtual',
description = 'From header does not have a display name',
rspamd_config:register_symbol{
name = 'FROM_DN_EQ_ADDR',
score = 1.0,
- group = 'header',
+ group = 'headers',
parent = check_from_id,
type = 'virtual',
description = 'From header display name is the same as the address',
rspamd_config:register_symbol{
name = 'FROM_HAS_DN',
score = 0.0,
- group = 'header',
+ group = 'headers',
parent = check_from_id,
type = 'virtual',
description = 'From header has a display name',
rspamd_config:register_symbol{
name = 'FROM_NAME_EXCESS_SPACE',
score = 1.0,
- group = 'header',
+ group = 'headers',
parent = check_from_id,
type = 'virtual',
description = 'From header display name contains excess whitespace',
rspamd_config:register_symbol{
name = 'FROM_NAME_HAS_TITLE',
score = 1.0,
- group = 'header',
+ group = 'headers',
parent = check_from_id,
type = 'virtual',
description = 'From header display name has a title (Mr/Mrs/Dr)',
rspamd_config:register_symbol{
name = 'FROM_EQ_ENVFROM',
score = 0.0,
- group = 'header',
+ group = 'headers',
parent = check_from_id,
type = 'virtual',
description = 'From address is the same as the envelope',
rspamd_config:register_symbol{
name = 'FROM_NEQ_ENVFROM',
score = 0.0,
- group = 'header',
+ group = 'headers',
parent = check_from_id,
type = 'virtual',
description = 'From address is different to the envelope',
rspamd_config:register_symbol{
name = 'TO_EQ_FROM',
score = 0.0,
- group = 'header',
+ group = 'headers',
parent = check_from_id,
type = 'virtual',
description = 'To address matches the From address',
rspamd_config:register_symbol{
name = 'TO_DOM_EQ_FROM_DOM',
score = 0.0,
- group = 'header',
+ group = 'headers',
parent = check_from_id,
type = 'virtual',
description = 'To domain is the same as the From domain',
parent = check_to_cc_id,
type = 'virtual',
description = 'No recipients',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'RCPT_COUNT_ONE',
parent = check_to_cc_id,
type = 'virtual',
description = 'One recipient',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'RCPT_COUNT_TWO',
parent = check_to_cc_id,
type = 'virtual',
description = 'Two recipients',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'RCPT_COUNT_THREE',
parent = check_to_cc_id,
type = 'virtual',
description = '3-5 recipients',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'RCPT_COUNT_FIVE',
parent = check_to_cc_id,
type = 'virtual',
description = '5-7 recipients',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'RCPT_COUNT_SEVEN',
parent = check_to_cc_id,
type = 'virtual',
description = '7-11 recipients',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'RCPT_COUNT_TWELVE',
parent = check_to_cc_id,
type = 'virtual',
description = '12-50 recipients',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'RCPT_COUNT_GT_50',
parent = check_to_cc_id,
type = 'virtual',
description = '50+ recipients',
- group = 'header',
+ group = 'headers',
}
rspamd_config:register_symbol{
name = 'TO_DN_RECIPIENTS',
score = 2.0,
- group = 'header',
+ group = 'headers',
parent = check_to_cc_id,
type = 'virtual',
description = 'To header display name is "Recipients"',
rspamd_config:register_symbol{
name = 'TO_DN_NONE',
score = 0.0,
- group = 'header',
+ group = 'headers',
parent = check_to_cc_id,
type = 'virtual',
description = 'None of the recipients have display names',
rspamd_config:register_symbol{
name = 'TO_DN_ALL',
score = 0.0,
- group = 'header',
+ group = 'headers',
parent = check_to_cc_id,
type = 'virtual',
description = 'All the recipients have display names',
rspamd_config:register_symbol{
name = 'TO_DN_SOME',
score = 0.0,
- group = 'header',
+ group = 'headers',
parent = check_to_cc_id,
type = 'virtual',
description = 'Some of the recipients have display names',
rspamd_config:register_symbol{
name = 'TO_DN_EQ_ADDR_ALL',
score = 0.0,
- group = 'header',
+ group = 'headers',
parent = check_to_cc_id,
type = 'virtual',
description = 'All of the recipients have display names that are the same as their address',
rspamd_config:register_symbol{
name = 'TO_DN_EQ_ADDR_SOME',
score = 0.0,
- group = 'header',
+ group = 'headers',
parent = check_to_cc_id,
type = 'virtual',
description = 'Some of the recipients have display names that are the same as their address',
rspamd_config:register_symbol{
name = 'TO_MATCH_ENVRCPT_ALL',
score = 0.0,
- group = 'header',
+ group = 'headers',
parent = check_to_cc_id,
type = 'virtual',
description = 'All of the recipients match the envelope',
rspamd_config:register_symbol{
name = 'TO_MATCH_ENVRCPT_SOME',
score = 0.0,
- group = 'header',
+ group = 'headers',
parent = check_to_cc_id,
type = 'virtual',
description = 'Some of the recipients match the envelope',
end,
description = 'Binary content-type not specified as an attachment',
score = 4.0,
- group = 'header'
+ group = 'headers'
}
rspamd_config.CTYPE_MIXED_BOGUS = {
end,
score = 1.0,
description = 'Message date is missing',
- group = 'date'
+ group = 'headers'
}
rspamd_config.DATE_IN_FUTURE = {
end,
score = 4.0,
description = 'Message date is in future',
- group = 'date'
+ group = 'headers'
}
rspamd_config.DATE_IN_PAST = {
end,
score = 1.0,
description = 'Message date is in past',
- group = 'date'
+ group = 'headers'
}
rspamd_config.R_SUSPICIOUS_URL = {
end,
score = 0.0,
description = "Envelope From is a PRVS address that matches the From address",
- group = 'prvs'
+ group = 'headers'
}
rspamd_config.ENVFROM_VERP = {
end,
score = 0.0,
description = "Envelope From is a VERP address",
- group = "mailing_list"
+ group = "headers"
}
local check_rcvd = rspamd_config:register_symbol{
name = 'RCVD_TLS_ALL',
description = 'All hops used encrypted transports',
score = 0.0,
- group = 'encryption'
+ group = 'headers'
}
rspamd_config:register_symbol{
name = 'RCVD_TLS_LAST',
description = 'Last hop used encrypted transports',
score = 0.0,
- group = 'encryption'
+ group = 'headers'
}
rspamd_config:register_symbol{
name = 'RCVD_NO_TLS_LAST',
description = 'Last hop did not use encrypted transports',
score = 0.0,
- group = 'encryption'
+ group = 'headers'
}
rspamd_config:register_symbol{
-- NB This does not mean sender was authenticated; see task:get_user()
description = 'Authenticated hand-off was seen in Received headers',
score = 0.0,
- group = 'authentication'
+ group = 'headers'
}
rspamd_config.RCVD_HELO_USER = {
end
end,
description = 'HELO User spam pattern',
+ group = 'headers',
score = 3.0
}
end
end,
description = 'Odd number of URIs in multipart/alternative message',
- score = 1.0
+ score = 1.0,
+ group = 'url',
}
rspamd_config.HAS_ATTACHMENT = {
end
end
end,
- description = 'Message contains attachments'
+ description = 'Message contains attachments',
+ group = 'body',
}
-- Requires freemail maps loaded in multimap
name = 'FREEMAIL_REPLYTO_NEQ_FROM_DOM',
callback = freemail_reply_neq_from,
description = 'Freemail From and Reply-To, but to different Freemail services',
- score = 3.0
+ score = 3.0,
+ group = 'headers',
})
rspamd_config:register_dependency(freemail_reply_neq_from_id, 'FREEMAIL_REPLYTO')
rspamd_config:register_dependency(freemail_reply_neq_from_id, 'FREEMAIL_FROM')
return false
end,
score = 5.0,
+ group = 'url',
description = 'Url contains both latin and non-latin characters'
}
return false
end,
score = 4.0,
+ group = 'subject',
description = 'Url found in Subject'
+
}
local aliases_id = rspamd_config:register_symbol{
end,
priority = 150,
description = 'Removes plus aliases from the email',
+ group = 'headers',
}
rspamd_config:register_symbol{
parent = aliases_id,
name = 'TAGGED_RCPT',
description = 'SMTP recipients have plus tags',
+ group = 'headers',
score = 0,
}
rspamd_config:register_symbol{
parent = aliases_id,
name = 'TAGGED_FROM',
description = 'SMTP from has plus tags',
+ group = 'headers',
score = 0,
}
parent = check_from_display_name,
name = 'SPOOF_DISPLAY_NAME',
description = 'Display name is being used to spoof and trick the recipient',
+ group = 'headers',
score = 8,
}
type = 'virtual',
parent = check_from_display_name,
name = 'FROM_NEQ_DISPLAY_NAME',
+ group = 'headers',
description = 'Display name contains an email address different to the From address',
score = 4,
}
end
return false
end,
+ group = 'headers',
description = 'Reply-To is being used to spoof and trick the recipient to send an off-domain reply',
score = 6.0
}
return false
end,
description = 'info@ From/To address with List-Unsubscribe headers',
+ group = 'headers',
score = 2.0
}
end,
score = 3.5,
description = 'Detects bad content-transfer-encoding for text parts',
- group = 'header'
+ group = 'headers'
}
projects / rspamd.git / commitdiff