From 22f9f56f87aead342dd13788042894b9848f592f Mon Sep 17 00:00:00 2001 From: Alexander Moisseev Date: Wed, 23 Aug 2017 10:34:18 +0300 Subject: [PATCH] [Minor] Suppress base64 symbols for mails sent with 1C v8 --- conf/composites.conf | 3 +++ rules/regexp/headers.lua | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/conf/composites.conf b/conf/composites.conf index ee764a9ff..26496e3ff 100644 --- a/conf/composites.conf +++ b/conf/composites.conf @@ -60,6 +60,9 @@ composites { YANDEX_RU_MAILER_CTYPE_MIXED_BOGUS { expression = "YANDEX_RU_MAILER & -HAS_ATTACHMENT & CTYPE_MIXED_BOGUS"; } + MAILER_1C_8_BASE64 { + expression = "MAILER_1C_8 & (FROM_EXCESS_BASE64 | MIME_BASE64_TEXT | SUBJ_EXCESS_BASE64 | TO_EXCESS_BASE64)"; + } HACKED_WP_PHISHING { expression = "HAS_X_POS & HAS_WP_URI & PHISHING"; policy = "leave"; diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index 4d9d2c77d..b375f6598 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -572,6 +572,14 @@ reconf['YANDEX_RU_MAILER'] = { group = 'header' } +-- Detect 1C v8.2 and v8.3 mailers +reconf['MAILER_1C_8'] = { + re = 'X-Mailer=/^1C:Enterprise 8\\.[23]$/H', + score = 0, + description = 'Sent with 1C:Enterprise 8', + group = 'header' +} + -- Two received headers with ip addresses local double_ip_spam_1 = 'Received=/from \\[\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\] by \\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3} with/H' local double_ip_spam_2 = 'Received=/from\\s+\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\s+by\\s+\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3};/H' -- 2.39.5