From c3b48ef388a4c551bfcaf637d2112aca12adebe8 Mon Sep 17 00:00:00 2001
From: twesterhever <40121680+twesterhever@users.noreply.github.com>
Date: Wed, 2 Aug 2023 13:11:03 +0000
Subject: [PATCH] [Minor] Align scores of Spamhaus DBL, SURBL, URIBL DNSBL
 symbols

Given that they have about the same false positive rate, it makes sense
to treat them equal in terms of scoring:
- Particular threats (phishing, malware) are scored a bit higher than
  mere spam domain listings
- "Abused legitimate" listings are scored lower for some DNSBLs already,
  this has now been aligned.
- For SURBL, cracked and abused sites are treated with the same score.
---
 conf/scores.d/surbl_group.conf | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/conf/scores.d/surbl_group.conf b/conf/scores.d/surbl_group.conf
index b7cf7d1e6..25e8ed7e2 100644
--- a/conf/scores.d/surbl_group.conf
+++ b/conf/scores.d/surbl_group.conf
@@ -27,25 +27,25 @@ symbols = {
         groups = ["surblorg", "blocked"];
     }
     "PH_SURBL_MULTI" {
-        weight = 5.5;
+        weight = 7.5;
         description = "A domain in the message is listed in SURBL as phishing";
         one_shot = true;
         groups = ["surblorg", "phishing"];
     }
     "MW_SURBL_MULTI" {
-        weight = 5.5;
+        weight = 7.5;
         description = "A domain in the message is listed in SURBL as malware";
         one_shot = true;
         groups = ["surblorg"];
     }
     "ABUSE_SURBL" {
-        weight = 5.5;
+        weight = 5.0;
         description = "A domain in the message is listed in SURBL as abused";
         one_shot = true;
         groups = ["surblorg"];
     }
     "CRACKED_SURBL" {
-        weight = 4.0;
+        weight = 5.0;
         description = "A domain in the message is listed in SURBL as cracked";
         one_shot = true;
         groups = ["surblorg"];
@@ -117,49 +117,49 @@ symbols = {
         groups = ["spamhaus"];
     }
     "DBL_PHISH" {
-        weight = 6.5;
+        weight = 7.5;
         description = "A domain in the message is listed in Spamhaus DBL as phishing";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "DBL_MALWARE" {
-        weight = 6.5;
+        weight = 7.5;
         description = "A domain in the message is listed in Spamhaus DBL as malware";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "DBL_BOTNET" {
-        weight = 5.5;
+        weight = 7.5;
         description = "A domain in the message is listed in Spamhaus DBL as botnet C&C";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "DBL_ABUSE" {
-        weight = 6.5;
+        weight = 5.0;
         description = "A domain in the message is listed in Spamhaus DBL as abused legit spam";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "DBL_ABUSE_REDIR" {
-        weight = 1.5;
+        weight = 5.0;
         description = "A domain in the message is listed in Spamhaus DBL as spammed redirector domain";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "DBL_ABUSE_PHISH" {
-        weight = 7.5;
+        weight = 6.5;
         description = "A domain in the message is listed in Spamhaus DBL as abused legit phish";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "DBL_ABUSE_MALWARE" {
-        weight = 7.5;
+        weight = 6.5;
         description = "A domain in the message is listed in Spamhaus DBL as abused legit malware";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "DBL_ABUSE_BOTNET" {
-        weight = 5.5;
+        weight = 6.5;
         description = "A domain in the message is listed in Spamhaus DBL as abused legit botnet C&C";
         one_shot = true;
         groups = ["spamhaus"];
-- 
2.39.5