add rule for rogue "strongmail" MTA

author heraklit256 <37872459+heraklit256@users.noreply.github.com#>

Thu, 31 May 2018 12:54:40 +0000 (14:54 +0200)

committer heraklit256 <37872459+heraklit256@users.noreply.github.com#>

Thu, 31 May 2018 12:54:40 +0000 (14:54 +0200)
author heraklit256 <37872459+heraklit256@users.noreply.github.com#>
Thu, 31 May 2018 12:54:40 +0000 (14:54 +0200)
committer heraklit256 <37872459+heraklit256@users.noreply.github.com#>
Thu, 31 May 2018 12:54:40 +0000 (14:54 +0200)
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua

index 5658608fb4711421e8d042dcae6452084cf994ce..a7300e2b8796ac28d7d8ff9a98dfd61799cdf439 100644 (file)
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -589,11 +589,19 @@ reconf['YANDEX_RU_MAILER'] = {
  -- Detect 1C v8.2 and v8.3 mailers
  reconf['MAILER_1C_8'] = {
      re = 'X-Mailer=/^1C:Enterprise 8\\.[23]$/H',
-    score = 0,
+    score = 0.0,
      description = 'Sent with 1C:Enterprise 8',
      group = 'header'
  }
  
+-- Detect rogue 'strongmail' MTA with IPv4 and '(-)' in Received line
+reconf['STRONGMAIL'] = {
+    re = [[Received=/^from\s+strongmail\s+\(\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\) by \S+ \(-\); /mH]],
+    score = 6.0,
+    description = 'Sent via rogue "strongmail" MTA',
+    group = 'header'
+}
+
  -- Two received headers with ip addresses
  local double_ip_spam_1 = 'Received=/from \\[\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\] by \\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3} with/H'
  local double_ip_spam_2 = 'Received=/from\\s+\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\s+by\\s+\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3};/H'
author	heraklit256 <37872459+heraklit256@users.noreply.github.com#>
	Thu, 31 May 2018 12:54:40 +0000 (14:54 +0200)
committer	heraklit256 <37872459+heraklit256@users.noreply.github.com#>
	Thu, 31 May 2018 12:54:40 +0000 (14:54 +0200)