From: twesterhever <40121680+twesterhever@users.noreply.github.com>
Date: Tue, 9 Apr 2024 11:14:16 +0000 (+0000)
Subject: [Minor] Improve FREEMAIL_AFF detection
X-Git-Tag: 3.9.0~51^2~2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=da1401b3f5ee438ff4b94d8e7fecb686309e1577;p=rspamd.git

[Minor] Improve FREEMAIL_AFF detection
---

diff --git a/conf/composites.conf b/conf/composites.conf
index e38d64e6b..a36d0449f 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -163,7 +163,7 @@ composites {
     group = "scams";
   }
   FREEMAIL_AFF {
-    expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & (TO_DN_RECIPIENTS | R_UNDISC_RCPT) & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM | SUBJECT_HAS_CURRENCY)";
+    expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO | FREEMAIL_MDN) & (TO_DN_RECIPIENTS | R_UNDISC_RCPT) & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM | SUBJECT_HAS_CURRENCY)";
     score = 4.0;
     policy = "leave";
     description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";