From: twesterhever <40121680+twesterhever@users.noreply.github.com>
Date: Sun, 28 Apr 2024 09:44:07 +0000 (+0000)
Subject: [Enhancement] Catch "Mail message body" Content-Description
X-Git-Tag: 3.9.0~50^2~2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=ce23345c5de784d0ebc9bdbbcc497f34ba3af065;p=rspamd.git

[Enhancement] Catch "Mail message body" Content-Description

This header frequently surfaces in spam, mostly advance fee fraud.
---

diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index f7e23501c..7397ed84b 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -910,6 +910,13 @@ reconf['HAS_CD_HEADER'] = {
   group = 'headers'
 }
 
+reconf['CD_MM_BODY'] = {
+  re = 'Content-Description=/Mail message body/Hi',
+  description = 'Content-Description header reads "Mail message body", commonly seen in spam',
+  score = 2.0,
+  group = 'headers'
+}
+
 reconf['X_PHPOS_FAKE'] = {
   re = 'X-PHP-Originating-Script=/^\\d{7}:/Hi',
   description = 'Fake X-PHP-Originating-Script header',