mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
Browse Source

[Conf] Add vendor groups for symbols 

Issue: #2803
tags/1.9.1
Vsevolod Stakhov 5 years ago
parent
066b39426d
commit
38084c8092
2 changed files with 72 additions and 0 deletions
Split View Show Diff Stats
  1. 37
    0
      conf/scores.d/rbl_group.conf
  2. 35
    0
      conf/scores.d/surbl_group.conf

+ 37
- 0
conf/scores.d/rbl_group.conf View File

@@ -20,104 +20,128 @@ symbols = {
"DNSWL_BLOCKED" {
weight = 0.0;
description = "Resolver blocked due to excessive queries";
groups = ["dnswl", "blocked"];
}
"RCVD_IN_DNSWL" {
weight = 0.0;
description = "Unrecognised result from https://www.dnswl.org";
groups = ["dnswl"];
}
"RCVD_IN_DNSWL_NONE" {
weight = 0.0;
description = "Sender listed at https://www.dnswl.org, no trust";
groups = ["dnswl"];
}
"RCVD_IN_DNSWL_LOW" {
weight = -0.1;
description = "Sender listed at https://www.dnswl.org, low trust";
groups = ["dnswl"];
}
"RCVD_IN_DNSWL_MED" {
weight = -0.2;
description = "Sender listed at https://www.dnswl.org, medium trust";
groups = ["dnswl"];
}
"RCVD_IN_DNSWL_HI" {
weight = -0.5;
description = "Sender listed at https://www.dnswl.org, high trust";
groups = ["dnswl"];
}

"DWL_DNSWL_BLOCKED" {
weight = 0.0;
description = "Resolver blocked due to excessive queries (dwl)";
groups = ["dnswl", "blocked"];
}
"DWL_DNSWL" {
weight = 0.0;
description = "Unrecognised result from https://www.dnswl.org (dwl)";
groups = ["dnswl"];
}
"DWL_DNSWL_NONE" {
weight = 0.0;
description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, no trust";
groups = ["dnswl"];
}
"DWL_DNSWL_LOW" {
weight = -1;
description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, low trust";
groups = ["dnswl"];
}
"DWL_DNSWL_MED" {
weight = -2;
description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, medium trust";
groups = ["dnswl"];
}
"DWL_DNSWL_HI" {
weight = -3.5;
description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, high trust";
groups = ["dnswl"];
}

"RBL_SPAMHAUS" {
weight = 0.0;
description = "Unrecognised result from Spamhaus ZEN";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_SBL" {
weight = 2.0;
description = "From address is listed in ZEN SBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_CSS" {
weight = 2.0;
description = "From address is listed in ZEN CSS";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_XBL" {
weight = 4.0;
description = "From address is listed in ZEN XBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_XBL_ANY" {
weight = 4.0;
description = "From or received address is listed in ZEN XBL (any list)";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_PBL" {
weight = 2.0;
description = "From address is listed in ZEN PBL (ISP list)";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_DROP" {
weight = 7.0;
description = "From address is listed in ZEN DROP BL";
groups = ["spamhaus"];
}
"RECEIVED_SPAMHAUS_SBL" {
weight = 1.0;
description = "Received address is listed in ZEN SBL";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_CSS" {
weight = 1.0;
description = "Received address is listed in ZEN CSS";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_XBL" {
weight = 3.0;
description = "Received address is listed in ZEN XBL";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_PBL" {
weight = 0.0;
description = "Received address is listed in ZEN PBL (ISP list)";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_DROP" {
weight = 6.0;
description = "Received address is listed in ZEN DROP BL";
groups = ["spamhaus"];
one_shot = true;
}

@@ -128,48 +152,59 @@ symbols = {
"MAILSPIKE" {
weight = 0.0;
description = "Unrecognised result from Mailspike";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_NEUTRAL" {
weight = 0.0;
description = "Neutral result from Mailspike";
groups = ["mailspike"];
}
"RBL_MAILSPIKE_WORST" {
weight = 2.0;
description = "From address is listed in RBL - worst possible reputation";
groups = ["mailspike"];
}
"RBL_MAILSPIKE_VERYBAD" {
weight = 1.5;
description = "From address is listed in RBL - very bad reputation";
groups = ["mailspike"];
}
"RBL_MAILSPIKE_BAD" {
weight = 1.0;
description = "From address is listed in RBL - bad reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_POSSIBLE" {
weight = 0.0;
description = "From address is listed in RWL - possibly legit";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_GOOD" {
weight = 0.0;
description = "From address is listed in RWL - good reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_VERYGOOD" {
weight = 0.0;
description = "From address is listed in RWL - very good reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_EXCELLENT" {
weight = 0.0;
description = "From address is listed in RWL - excellent reputation";
groups = ["mailspike"];
}

"RBL_SEM" {
weight = 1.0;
description = "From address is listed in Spameatingmonkey RBL";
groups = ["sem"];
}

"RBL_SEM_IPV6" {
weight = 1.0;
description = "From address is listed in Spameatingmonkey RBL (IPv6)";
groups = ["sem"];
}

"RBL_VIRUSFREE_BOTNET" {
@@ -185,11 +220,13 @@ symbols = {
"RBL_BLOCKLISTDE" {
weight = 4.0;
description = "From address is listed in Blocklist (https://www.blocklist.de/)";
groups = ["blocklistde"];
}

"RECEIVED_BLOCKLISTDE" {
weight = 3.0;
description = "Received address is listed in Blocklist (https://www.blocklist.de/)";
groups = ["blocklistde"];
one_shot = true;
}
}

+ 35
- 0
conf/scores.d/surbl_group.conf View File

@@ -22,157 +22,192 @@ symbols = {
"SURBL_BLOCKED" {
weight = 0.0;
description = "SURBL: blocked by policy/overusage";
groups = ["surblorg", "blocked"];
}
"PH_SURBL_MULTI" {
weight = 5.5;
description = "SURBL: Phishing sites";
groups = ["surblorg", "phishing"];
}
"MW_SURBL_MULTI" {
weight = 5.5;
description = "SURBL: Malware sites";
groups = ["surblorg"];
}
"ABUSE_SURBL" {
weight = 5.5;
description = "SURBL: ABUSE";
groups = ["surblorg"];
}
"CRACKED_SURBL" {
weight = 4.0;
description = "SURBL: cracked site";
groups = ["surblorg"];
}
"RSPAMD_URIBL" {
weight = 4.5;
description = "Rspamd uribl, bl.rspamd.com";
one_shot = true;
groups = ["rspamdbl"];
}

"RSPAMD_EMAILBL" {
weight = 9.5;
description = "Rspamd emailbl, bl.rspamd.com";
one_shot = true;
groups = ["rspamdbl"];
}

"MSBL_EBL" {
weight = 7.5;
description = "MSBL emailbl";
one_shot = true;
groups = ["ebl"];
}

"MSBL_EBL_GREY" {
weight = 0.5; # TODO: test it
description = "MSBL emailbl grey list";
one_shot = true;
groups = ["ebl"];
}

"SEM_URIBL_UNKNOWN" {
weight = 0.0;
description = "Spameatingmonkey uribl: unknown result";
groups = ["sem"];
}
"SEM_URIBL" {
weight = 3.5;
description = "Spameatingmonkey uribl";
groups = ["sem"];
}

"SEM_URIBL_FRESH15_UNKNOWN" {
weight = 0.0;
description = "Spameatingmonkey Fresh15 uribl: unknown result";
groups = ["sem"];
}
"SEM_URIBL_FRESH15" {
weight = 3.0;
description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)";
groups = ["sem"];
}

"DBL" {
weight = 0.0;
description = "DBL unknown result";
groups = ["spamhaus"];
}
"DBL_SPAM" {
weight = 6.5;
description = "DBL uribl spam";
groups = ["spamhaus"];
}
"DBL_PHISH" {
weight = 6.5;
description = "DBL uribl phishing";
groups = ["spamhaus"];
}
"DBL_MALWARE" {
weight = 6.5;
description = "DBL uribl malware";
groups = ["spamhaus"];
}
"DBL_BOTNET" {
weight = 5.5;
description = "DBL uribl botnet C&C domain";
groups = ["spamhaus"];
}
"DBL_ABUSE" {
weight = 6.5;
description = "DBL uribl abused legit spam";
groups = ["spamhaus"];
}
"DBL_ABUSE_REDIR" {
weight = 1.5;
description = "DBL uribl abused spammed redirector domain";
groups = ["spamhaus"];
}
"DBL_ABUSE_PHISH" {
weight = 7.5;
description = "DBL uribl abused legit phish";
groups = ["spamhaus"];
}
"DBL_ABUSE_MALWARE" {
weight = 7.5;
description = "DBL uribl abused legit malware";
groups = ["spamhaus"];
}
"DBL_ABUSE_BOTNET" {
weight = 5.5;
description = "DBL uribl abused legit botnet C&C";
groups = ["spamhaus"];
}
"DBL_PROHIBIT" {
weight = 0.00000;
description = "DBL uribl IP queries prohibited!";
groups = ["spamhaus"];
}
"URIBL_MULTI" {
weight = 0.0;
description = "uribl.com: unrecognised result";
groups = ["uribl"];
}
"URIBL_BLOCKED" {
weight = 0.0;
description = "uribl.com: query refused";
groups = ["uribl", "blocked"];
}
"URIBL_BLACK" {
weight = 7.5;
description = "uribl.com black url";
groups = ["uribl"];
}
"URIBL_RED" {
weight = 3.5;
description = "uribl.com red url";
groups = ["uribl"];
}
"URIBL_GREY" {
weight = 1.5;
description = "uribl.com grey url";
one_shot = true;
groups = ["uribl"];
}
"SPAMHAUS_ZEN_URIBL" {
weight = 0.0;
description = "Spamhaus ZEN URIBL: Filtered result";
groups = ["spamhaus"];
}
"URIBL_SBL" {
weight = 6.5;
description = "A domain in the message body resolves to an IP listed in Spamhaus SBL";
one_shot = true;
groups = ["v"];
}
"URIBL_SBL_CSS" {
weight = 6.5;
description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS";
one_shot = true;
groups = ["spamhaus"];
}
"URIBL_XBL" {
weight = 1.5;
description = "A domain in the message body resolves to an IP listed in Spamhaus XBL";
one_shot = true;
groups = ["spamhaus"];
}
"URIBL_PBL" {
weight = 0.01;
description = "A domain in the message body resolves to an IP listed in Spamhaus PBL";
groups = ["spamhaus"];
}
"URIBL_DROP" {
weight = 5.0;
description = "A domain in the message body resolves to an IP listed in Spamhaus DROP";
one_shot = true;
groups = ["spamhaus"];
}
"RBL_SARBL_BAD" {
weight = 2.5;

Write Preview
Loading…
Cancel
Save