From: Vsevolod Stakhov Date: Wed, 6 May 2015 09:05:27 +0000 (+0100) Subject: Be more clever about forged MUA rules and maillist. X-Git-Tag: 0.9.0~86 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=cfd7e090d7ea199b524e4ab7c25525081875147b;p=rspamd.git Be more clever about forged MUA rules and maillist. --- diff --git a/conf/composites.conf b/conf/composites.conf index 3166c57b5..0c8e0d4e8 100644 --- a/conf/composites.conf +++ b/conf/composites.conf @@ -9,12 +9,8 @@ composite { expression = "FORGED_SENDER & -MAILLIST"; } composite { - name = "FORGED_MUA_OUTLOOK_MAILLIST"; - expression = "FORGED_MUA_OUTLOOK and -MAILLIST"; -} -composite { - name = "FORGED_MUA_THUNDERBIRD_MSGID_MAILLIST"; - expression = "(FORGED_MUA_THUNDERBIRD_MSGID or FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN) and -MAILLIST"; + name = "FORGED_MUA_MAILLIST"; + expression = "g:mua and -MAILLIST"; } composite { name = "RBL_SPAMHAUS_XBL"; diff --git a/conf/metrics.conf b/conf/metrics.conf index de59b04ef..49f179e9f 100644 --- a/conf/metrics.conf +++ b/conf/metrics.conf @@ -13,7 +13,7 @@ metric { }; group { - name = "Header checks"; + name = "header"; symbol { weight = 2.0; description = "Subject is missing inside message"; @@ -347,7 +347,7 @@ metric { } group { - name = "Forged MUA"; + name = "mua"; symbol { weight = 4.0; description = "Message pretends to be send from The Bat! but has forged Message-ID"; @@ -393,11 +393,6 @@ metric { description = "Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID"; name = "FORGED_MUA_THUNDERBIRD_MSGID"; } - symbol { - weight = 0.0; - description = "Avoid false positives for FORGED_MUA_THUNDERBIRD_MSGID in maillist"; - name = "FORGED_MUA_THUNDERBIRD_MSGID_MAILLIST"; - } symbol { weight = 2.500000; description = "Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID"; @@ -418,15 +413,15 @@ metric { description = "Forged outlook MUA"; name = "FORGED_MUA_OUTLOOK"; } - symbol { - weight = 0.0; - description = "Forged outlook MUA, but from maillist"; - name = "FORGED_MUA_OUTLOOK_MAILLIST"; - } } + symbol { + weight = 0.0; + description = "Avoid false positives for FORGED_MUA_* in maillist"; + name = "FORGED_MUA_MAILLIST"; + } group { - name = "Body checks"; + name = "body"; symbol { weight = 9.0; description = "White color on white background in HTML messages"; @@ -516,7 +511,7 @@ metric { } group { - name = "RBL"; + name = "rbl"; symbol { name = "DNSWL_BLOCKED"; weight = 0.0; description = "Resolver blocked due to excessive queries"; } symbol { name = "RCVD_IN_DNSWL"; weight = 0.0; description = "Sender listed at http://www.dnswl.org"; } symbol { name = "RCVD_IN_DNSWL_NONE"; weight = -0.05; description = "Sender listed at http://www.dnswl.org, low none"; } @@ -627,7 +622,7 @@ metric { } group { - name = "Bayes"; + name = "bayes"; symbol { weight = 3.0; @@ -642,7 +637,7 @@ metric { } group { - name = "Fuzzy"; + name = "fuzzy"; symbol { weight = 5.0; description = "Generic fuzzy hash match"; @@ -666,7 +661,7 @@ metric { } group { - name = "SPF"; + name = "spf"; symbol { weight = 1.0; description = "SPF verification failed"; @@ -690,7 +685,7 @@ metric { } group { - name = "DKIM"; + name = "dkim"; symbol { weight = 1.0; description = "DKIM verification failed"; @@ -709,7 +704,7 @@ metric { } group { - name = "URL blacklists"; + name = "surbl"; symbol { weight = 5.500000; description = "SURBL: Phishing sites"; @@ -830,7 +825,7 @@ metric { } group { - name = "Phishing"; + name = "phishing"; symbol { weight = 5.0; @@ -840,7 +835,7 @@ metric { } group { - name = "Date checks"; + name = "date"; symbol { weight = 4.0; @@ -860,7 +855,7 @@ metric { } group { - name = "Hfilter rules"; + name = "hfilter"; symbol { weight = 4.00; name = "HFILTER_HELO_BAREIP"; description = "Helo host is bare ip"; } symbol { weight = 4.50; name = "HFILTER_HELO_BADIP"; description = "Helo host is very bad ip"; }