From: Vsevolod Stakhov Date: Mon, 18 Mar 2019 17:40:29 +0000 (+0000) Subject: [Conf] Add vendor groups for symbols X-Git-Tag: 1.9.1~92 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=38084c8092801072bbe9d56228f9e42acadf90fc;p=rspamd.git [Conf] Add vendor groups for symbols Issue: #2803 --- diff --git a/conf/scores.d/rbl_group.conf b/conf/scores.d/rbl_group.conf index 3d19f1698..5912e8275 100644 --- a/conf/scores.d/rbl_group.conf +++ b/conf/scores.d/rbl_group.conf @@ -20,104 +20,128 @@ symbols = { "DNSWL_BLOCKED" { weight = 0.0; description = "Resolver blocked due to excessive queries"; + groups = ["dnswl", "blocked"]; } "RCVD_IN_DNSWL" { weight = 0.0; description = "Unrecognised result from https://www.dnswl.org"; + groups = ["dnswl"]; } "RCVD_IN_DNSWL_NONE" { weight = 0.0; description = "Sender listed at https://www.dnswl.org, no trust"; + groups = ["dnswl"]; } "RCVD_IN_DNSWL_LOW" { weight = -0.1; description = "Sender listed at https://www.dnswl.org, low trust"; + groups = ["dnswl"]; } "RCVD_IN_DNSWL_MED" { weight = -0.2; description = "Sender listed at https://www.dnswl.org, medium trust"; + groups = ["dnswl"]; } "RCVD_IN_DNSWL_HI" { weight = -0.5; description = "Sender listed at https://www.dnswl.org, high trust"; + groups = ["dnswl"]; } "DWL_DNSWL_BLOCKED" { weight = 0.0; description = "Resolver blocked due to excessive queries (dwl)"; + groups = ["dnswl", "blocked"]; } "DWL_DNSWL" { weight = 0.0; description = "Unrecognised result from https://www.dnswl.org (dwl)"; + groups = ["dnswl"]; } "DWL_DNSWL_NONE" { weight = 0.0; description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, no trust"; + groups = ["dnswl"]; } "DWL_DNSWL_LOW" { weight = -1; description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, low trust"; + groups = ["dnswl"]; } "DWL_DNSWL_MED" { weight = -2; description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, medium trust"; + groups = ["dnswl"]; } "DWL_DNSWL_HI" { weight = -3.5; description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, high trust"; + groups = ["dnswl"]; } "RBL_SPAMHAUS" { weight = 0.0; description = "Unrecognised result from Spamhaus ZEN"; + groups = ["spamhaus"]; } "RBL_SPAMHAUS_SBL" { weight = 2.0; description = "From address is listed in ZEN SBL"; + groups = ["spamhaus"]; } "RBL_SPAMHAUS_CSS" { weight = 2.0; description = "From address is listed in ZEN CSS"; + groups = ["spamhaus"]; } "RBL_SPAMHAUS_XBL" { weight = 4.0; description = "From address is listed in ZEN XBL"; + groups = ["spamhaus"]; } "RBL_SPAMHAUS_XBL_ANY" { weight = 4.0; description = "From or received address is listed in ZEN XBL (any list)"; + groups = ["spamhaus"]; } "RBL_SPAMHAUS_PBL" { weight = 2.0; description = "From address is listed in ZEN PBL (ISP list)"; + groups = ["spamhaus"]; } "RBL_SPAMHAUS_DROP" { weight = 7.0; description = "From address is listed in ZEN DROP BL"; + groups = ["spamhaus"]; } "RECEIVED_SPAMHAUS_SBL" { weight = 1.0; description = "Received address is listed in ZEN SBL"; + groups = ["spamhaus"]; one_shot = true; } "RECEIVED_SPAMHAUS_CSS" { weight = 1.0; description = "Received address is listed in ZEN CSS"; + groups = ["spamhaus"]; one_shot = true; } "RECEIVED_SPAMHAUS_XBL" { weight = 3.0; description = "Received address is listed in ZEN XBL"; + groups = ["spamhaus"]; one_shot = true; } "RECEIVED_SPAMHAUS_PBL" { weight = 0.0; description = "Received address is listed in ZEN PBL (ISP list)"; + groups = ["spamhaus"]; one_shot = true; } "RECEIVED_SPAMHAUS_DROP" { weight = 6.0; description = "Received address is listed in ZEN DROP BL"; + groups = ["spamhaus"]; one_shot = true; } @@ -128,48 +152,59 @@ symbols = { "MAILSPIKE" { weight = 0.0; description = "Unrecognised result from Mailspike"; + groups = ["mailspike"]; } "RWL_MAILSPIKE_NEUTRAL" { weight = 0.0; description = "Neutral result from Mailspike"; + groups = ["mailspike"]; } "RBL_MAILSPIKE_WORST" { weight = 2.0; description = "From address is listed in RBL - worst possible reputation"; + groups = ["mailspike"]; } "RBL_MAILSPIKE_VERYBAD" { weight = 1.5; description = "From address is listed in RBL - very bad reputation"; + groups = ["mailspike"]; } "RBL_MAILSPIKE_BAD" { weight = 1.0; description = "From address is listed in RBL - bad reputation"; + groups = ["mailspike"]; } "RWL_MAILSPIKE_POSSIBLE" { weight = 0.0; description = "From address is listed in RWL - possibly legit"; + groups = ["mailspike"]; } "RWL_MAILSPIKE_GOOD" { weight = 0.0; description = "From address is listed in RWL - good reputation"; + groups = ["mailspike"]; } "RWL_MAILSPIKE_VERYGOOD" { weight = 0.0; description = "From address is listed in RWL - very good reputation"; + groups = ["mailspike"]; } "RWL_MAILSPIKE_EXCELLENT" { weight = 0.0; description = "From address is listed in RWL - excellent reputation"; + groups = ["mailspike"]; } "RBL_SEM" { weight = 1.0; description = "From address is listed in Spameatingmonkey RBL"; + groups = ["sem"]; } "RBL_SEM_IPV6" { weight = 1.0; description = "From address is listed in Spameatingmonkey RBL (IPv6)"; + groups = ["sem"]; } "RBL_VIRUSFREE_BOTNET" { @@ -185,11 +220,13 @@ symbols = { "RBL_BLOCKLISTDE" { weight = 4.0; description = "From address is listed in Blocklist (https://www.blocklist.de/)"; + groups = ["blocklistde"]; } "RECEIVED_BLOCKLISTDE" { weight = 3.0; description = "Received address is listed in Blocklist (https://www.blocklist.de/)"; + groups = ["blocklistde"]; one_shot = true; } } diff --git a/conf/scores.d/surbl_group.conf b/conf/scores.d/surbl_group.conf index 176608fa5..22b8dba71 100644 --- a/conf/scores.d/surbl_group.conf +++ b/conf/scores.d/surbl_group.conf @@ -22,157 +22,192 @@ symbols = { "SURBL_BLOCKED" { weight = 0.0; description = "SURBL: blocked by policy/overusage"; + groups = ["surblorg", "blocked"]; } "PH_SURBL_MULTI" { weight = 5.5; description = "SURBL: Phishing sites"; + groups = ["surblorg", "phishing"]; } "MW_SURBL_MULTI" { weight = 5.5; description = "SURBL: Malware sites"; + groups = ["surblorg"]; } "ABUSE_SURBL" { weight = 5.5; description = "SURBL: ABUSE"; + groups = ["surblorg"]; } "CRACKED_SURBL" { weight = 4.0; description = "SURBL: cracked site"; + groups = ["surblorg"]; } "RSPAMD_URIBL" { weight = 4.5; description = "Rspamd uribl, bl.rspamd.com"; one_shot = true; + groups = ["rspamdbl"]; } "RSPAMD_EMAILBL" { weight = 9.5; description = "Rspamd emailbl, bl.rspamd.com"; one_shot = true; + groups = ["rspamdbl"]; } "MSBL_EBL" { weight = 7.5; description = "MSBL emailbl"; one_shot = true; + groups = ["ebl"]; } "MSBL_EBL_GREY" { weight = 0.5; # TODO: test it description = "MSBL emailbl grey list"; one_shot = true; + groups = ["ebl"]; } "SEM_URIBL_UNKNOWN" { weight = 0.0; description = "Spameatingmonkey uribl: unknown result"; + groups = ["sem"]; } "SEM_URIBL" { weight = 3.5; description = "Spameatingmonkey uribl"; + groups = ["sem"]; } "SEM_URIBL_FRESH15_UNKNOWN" { weight = 0.0; description = "Spameatingmonkey Fresh15 uribl: unknown result"; + groups = ["sem"]; } "SEM_URIBL_FRESH15" { weight = 3.0; description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)"; + groups = ["sem"]; } "DBL" { weight = 0.0; description = "DBL unknown result"; + groups = ["spamhaus"]; } "DBL_SPAM" { weight = 6.5; description = "DBL uribl spam"; + groups = ["spamhaus"]; } "DBL_PHISH" { weight = 6.5; description = "DBL uribl phishing"; + groups = ["spamhaus"]; } "DBL_MALWARE" { weight = 6.5; description = "DBL uribl malware"; + groups = ["spamhaus"]; } "DBL_BOTNET" { weight = 5.5; description = "DBL uribl botnet C&C domain"; + groups = ["spamhaus"]; } "DBL_ABUSE" { weight = 6.5; description = "DBL uribl abused legit spam"; + groups = ["spamhaus"]; } "DBL_ABUSE_REDIR" { weight = 1.5; description = "DBL uribl abused spammed redirector domain"; + groups = ["spamhaus"]; } "DBL_ABUSE_PHISH" { weight = 7.5; description = "DBL uribl abused legit phish"; + groups = ["spamhaus"]; } "DBL_ABUSE_MALWARE" { weight = 7.5; description = "DBL uribl abused legit malware"; + groups = ["spamhaus"]; } "DBL_ABUSE_BOTNET" { weight = 5.5; description = "DBL uribl abused legit botnet C&C"; + groups = ["spamhaus"]; } "DBL_PROHIBIT" { weight = 0.00000; description = "DBL uribl IP queries prohibited!"; + groups = ["spamhaus"]; } "URIBL_MULTI" { weight = 0.0; description = "uribl.com: unrecognised result"; + groups = ["uribl"]; } "URIBL_BLOCKED" { weight = 0.0; description = "uribl.com: query refused"; + groups = ["uribl", "blocked"]; } "URIBL_BLACK" { weight = 7.5; description = "uribl.com black url"; + groups = ["uribl"]; } "URIBL_RED" { weight = 3.5; description = "uribl.com red url"; + groups = ["uribl"]; } "URIBL_GREY" { weight = 1.5; description = "uribl.com grey url"; one_shot = true; + groups = ["uribl"]; } "SPAMHAUS_ZEN_URIBL" { weight = 0.0; description = "Spamhaus ZEN URIBL: Filtered result"; + groups = ["spamhaus"]; } "URIBL_SBL" { weight = 6.5; description = "A domain in the message body resolves to an IP listed in Spamhaus SBL"; one_shot = true; + groups = ["v"]; } "URIBL_SBL_CSS" { weight = 6.5; description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS"; one_shot = true; + groups = ["spamhaus"]; } "URIBL_XBL" { weight = 1.5; description = "A domain in the message body resolves to an IP listed in Spamhaus XBL"; one_shot = true; + groups = ["spamhaus"]; } "URIBL_PBL" { weight = 0.01; description = "A domain in the message body resolves to an IP listed in Spamhaus PBL"; + groups = ["spamhaus"]; } "URIBL_DROP" { weight = 5.0; description = "A domain in the message body resolves to an IP listed in Spamhaus DROP"; one_shot = true; + groups = ["spamhaus"]; } "RBL_SARBL_BAD" { weight = 2.5;