From: heraklit256 <37872459+heraklit256@users.noreply.github.com#>
Date: Sat, 8 Sep 2018 10:30:05 +0000 (+0200)
Subject: add rule for spammy mails with detailled sender but generic recipients
X-Git-Tag: 1.8.0~159^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Fpull%2F2470%2Fhead;p=rspamd.git

add rule for spammy mails with detailled sender but generic recipients
---

diff --git a/conf/composites.conf b/conf/composites.conf
index 83ae88e47..9c4bb7e12 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -67,6 +67,7 @@ composites {
     }
     HACKED_WP_PHISHING {
         expression = "HAS_X_POS & HAS_WP_URI & PHISHING";
+        description = "Phish message sent by hacked Wordpress instance";
         policy = "leave";
     }
     COMPROMISED_ACCT_BULK {
@@ -106,6 +107,11 @@ composites {
         description = "Phish message with subject trying to address users emotion";
         score = 2.0;
     }
+    UNPRECISE_RCPT_DETAIL_FROM_SPAMMY {
+        expression = "TO_DN_NONE & FROM_HAS_DN & (REPLYTO_EQ_FROM | FREEMAIL_FROM | HAS_LIST_UNSUB)";
+        description = "Spammy message with detailled sender but generic recipient";
+        score = 0.5;
+    }
 
     .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
     .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"