From: twesterhever <40121680+twesterhever@users.noreply.github.com>
Date: Sun, 9 Oct 2022 08:29:21 +0000 (+0000)
Subject: [Enhancement] Add composite rule against AFF involving freemailers
X-Git-Tag: 3.4~57^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Fpull%2F4304%2Fhead;p=rspamd.git

[Enhancement] Add composite rule against AFF involving freemailers
---

diff --git a/conf/composites.conf b/conf/composites.conf
index cd03d5fdd..fc5b7922d 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -154,6 +154,13 @@ composites {
     score = 7.0;
     group = "scams";
   }
+  
+  FREEMAIL_AFF {
+	  expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & R_UNDISC_RCPT & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)";
+	  score = 4.0;
+	  policy = "leave";
+	  description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";
+  }
 
   .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
   .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"