]> source.dussan.org Git - rspamd.git/commitdiff
[Enhancement] Add composite rule for suspicious URLs in suspicious messages
authortwesterhever <40121680+twesterhever@users.noreply.github.com>
Fri, 3 Nov 2023 13:48:58 +0000 (13:48 +0000)
committerVsevolod Stakhov <vsevolod@rspamd.com>
Mon, 13 Nov 2023 12:40:48 +0000 (12:40 +0000)
conf/composites.conf

index f039deb733c4e449b4d0ccdd61f9b5f65fea830c..e38d64e6bfe3dc74e109d8814b2f525d70d9ecae 100644 (file)
@@ -181,6 +181,12 @@ composites {
     description = "Fake reply exhibiting characteristics of being injected into a compromised mail server, possibly e-mail thread hijacking";
     group = "compromised_hosts";
   }
+  SUSPICIOUS_URL_IN_SUSPICIOUS_MESSAGE {
+    expression = "(REDIRECTOR_URL | HAS_ANON_DOMAIN | HAS_IPFS_GATEWAY_URL) & (-g+:fuzzy | -g+:statistics | -g+:surbl | -g+:rbl)";
+    score = 1.0;
+    policy = "leave";
+    description = "Message contains redirector, anonymous or IPFS gateway URL and is marked by fuzzy/bayes/SURBL/RBL";
+  }
 
   .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
   .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"