From 54be29d6f3e3b56e70424ac895656671e655a4cd Mon Sep 17 00:00:00 2001 From: Alexander Moisseev Date: Sun, 3 Jul 2016 13:30:07 +0300 Subject: [PATCH] [Feature] Supprort FQDNs in phishing module maps --- doc/markdown/modules/phishing.md | 3 +++ src/plugins/lua/phishing.lua | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/markdown/modules/phishing.md b/doc/markdown/modules/phishing.md index 5218cc908..cad513e8c 100644 --- a/doc/markdown/modules/phishing.md +++ b/doc/markdown/modules/phishing.md @@ -58,6 +58,9 @@ payments system phishing. Finally, the default symbol is yielded- if `domains` is specified then only if the phished domain is found in the related map. +Maps for this module can consist of effective second level domain parts (eTLD) +or whole domain parts of the URLs (FQDN) as well. + ## Openphish support Since version 1.3, there is [openphish](https://openphish.com) support in rspamd. diff --git a/src/plugins/lua/phishing.lua b/src/plugins/lua/phishing.lua index b3b3da12e..2e2b92244 100644 --- a/src/plugins/lua/phishing.lua +++ b/src/plugins/lua/phishing.lua @@ -90,7 +90,7 @@ local function phishing_cb(task) if #redirector_domains > 0 then for _,rule in ipairs(redirector_domains) do - if rule['map']:get_key(url:get_tld()) then + if rule['map']:get_key(tld) or rule['map']:get_key(url:get_host()) then task:insert_result(rule['symbol'], weight, ptld .. '->' .. tld) found = true end @@ -98,7 +98,7 @@ local function phishing_cb(task) end if not found and #strict_domains > 0 then for _,rule in ipairs(strict_domains) do - if rule['map']:get_key(ptld) then + if rule['map']:get_key(ptld) or rule['map']:get_key(purl:get_host()) then task:insert_result(rule['symbol'], 1.0, ptld .. '->' .. tld) found = true end -- 2.39.5