[Minor] unify rule scores and weights and improve descriptionstags/1.9.2
@@ -37,7 +37,7 @@ spamtrap { | |||
# Fuzzy flag | |||
#fuzzy_flag = 1; | |||
# Fuzzy weight | |||
#fuzzy_weight = 10; | |||
#fuzzy_weight = 10.0; | |||
# Redis key prefix | |||
#key_prefix = 'sptr_'; | |||
# Skip spamtrap checks for authorized users |
@@ -17,7 +17,7 @@ | |||
symbols = { | |||
"FORGED_SENDER" { | |||
weight = 0.30; | |||
weight = 0.3; | |||
description = "Sender is forged (different From: header and smtp MAIL FROM: addresses)"; | |||
} | |||
"R_MIXED_CHARSET" { | |||
@@ -62,4 +62,4 @@ symbols = { | |||
weight = -0.2; | |||
description = "Message seems to be from maillist"; | |||
} | |||
} | |||
} |
@@ -17,11 +17,11 @@ | |||
symbols = { | |||
"HFILTER_HELO_BAREIP" { | |||
weight = 3.00; | |||
weight = 3.0; | |||
description = "Helo host is bare ip"; | |||
} | |||
"HFILTER_HELO_BADIP" { | |||
weight = 4.50; | |||
weight = 4.5; | |||
description = "Helo host is very bad ip"; | |||
} | |||
"HFILTER_HELO_1" { | |||
@@ -29,19 +29,19 @@ symbols = { | |||
description = "Helo host checks (very low)"; | |||
} | |||
"HFILTER_HELO_2" { | |||
weight = 1.00; | |||
weight = 1.0; | |||
description = "Helo host checks (low)"; | |||
} | |||
"HFILTER_HELO_3" { | |||
weight = 2.00; | |||
weight = 2.0; | |||
description = "Helo host checks (medium)"; | |||
} | |||
"HFILTER_HELO_4" { | |||
weight = 2.50; | |||
weight = 2.5; | |||
description = "Helo host checks (hard)"; | |||
} | |||
"HFILTER_HELO_5" { | |||
weight = 3.00; | |||
weight = 3.0; | |||
description = "Helo host checks (very hard)"; | |||
} | |||
"HFILTER_HOSTNAME_1" { | |||
@@ -49,23 +49,23 @@ symbols = { | |||
description = "Hostname checks (very low)"; | |||
} | |||
"HFILTER_HOSTNAME_2" { | |||
weight = 1.00; | |||
weight = 1.0; | |||
description = "Hostname checks (low)"; | |||
} | |||
"HFILTER_HOSTNAME_3" { | |||
weight = 2.00; | |||
weight = 2.0; | |||
description = "Hostname checks (medium)"; | |||
} | |||
"HFILTER_HOSTNAME_4" { | |||
weight = 2.50; | |||
weight = 2.5; | |||
description = "Hostname checks (hard)"; | |||
} | |||
"HFILTER_HOSTNAME_5" { | |||
weight = 3.00; | |||
weight = 3.0; | |||
description = "Hostname checks (very hard)"; | |||
} | |||
"HFILTER_HELO_NORESOLVE_MX" { | |||
weight = 0.20; | |||
weight = 0.2; | |||
description = "MX found in Helo and no resolve"; | |||
} | |||
"HFILTER_HELO_NORES_A_OR_MX" { | |||
@@ -73,11 +73,11 @@ symbols = { | |||
description = "Helo no resolve to A or MX"; | |||
} | |||
"HFILTER_HELO_IP_A" { | |||
weight = 1.00; | |||
weight = 1.0; | |||
description = "Helo A IP != hostname IP"; | |||
} | |||
"HFILTER_HELO_NOT_FQDN" { | |||
weight = 2.00; | |||
weight = 2.0; | |||
description = "Helo not FQDN"; | |||
} | |||
"HFILTER_FROMHOST_NORESOLVE_MX" { | |||
@@ -85,47 +85,47 @@ symbols = { | |||
description = "MX found in FROM host and no resolve"; | |||
} | |||
"HFILTER_FROMHOST_NORES_A_OR_MX" { | |||
weight = 1.50; | |||
weight = 1.5; | |||
description = "FROM host no resolve to A or MX"; | |||
} | |||
"HFILTER_FROMHOST_NOT_FQDN" { | |||
weight = 3.00; | |||
weight = 3.0; | |||
description = "FROM host not FQDN"; | |||
} | |||
"HFILTER_FROM_BOUNCE" { | |||
weight = 0.00; | |||
weight = 0.0; | |||
description = "Bounce message"; | |||
} | |||
/* | |||
# Disabled by default | |||
"HFILTER_MID_NORESOLVE_MX" { | |||
weight = 0.50; | |||
weight = 0.5; | |||
description = "MX found in Message-id host and no resolve"; | |||
} | |||
"HFILTER_MID_NORES_A_OR_MX" { | |||
weight = 0.50; | |||
weight = 0.5; | |||
name = ; | |||
description = "Message-id host no resolve to A or MX"; | |||
} | |||
"HFILTER_MID_NOT_FQDN" { | |||
weight = 0.50; | |||
weight = 0.5; | |||
description = "Message-id host not FQDN"; | |||
} | |||
*/ | |||
"HFILTER_HOSTNAME_UNKNOWN" { | |||
weight = 2.50; | |||
weight = 2.5; | |||
description = "Unknown client hostname (PTR or FCrDNS verification failed)"; | |||
} | |||
"HFILTER_RCPT_BOUNCEMOREONE" { | |||
weight = 1.50; | |||
weight = 1.5; | |||
description = "Message from bounce and over 1 recipient"; | |||
} | |||
"HFILTER_URL_ONLY" { | |||
weight = 2.20; | |||
weight = 2.2; | |||
description = "URL only in body"; | |||
} | |||
"HFILTER_URL_ONELINE" { | |||
weight = 2.50; | |||
weight = 2.5; | |||
description = "One line URL and text in body"; | |||
} | |||
} |
@@ -64,12 +64,12 @@ symbols = { | |||
groups = ["dnswl"]; | |||
} | |||
"DWL_DNSWL_LOW" { | |||
weight = -1; | |||
weight = -1.0; | |||
description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, low trust"; | |||
groups = ["dnswl"]; | |||
} | |||
"DWL_DNSWL_MED" { | |||
weight = -2; | |||
weight = -2.0; | |||
description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, medium trust"; | |||
groups = ["dnswl"]; | |||
} |
@@ -145,7 +145,7 @@ symbols = { | |||
groups = ["spamhaus"]; | |||
} | |||
"DBL_PROHIBIT" { | |||
weight = 0.00000; | |||
weight = 0.0; | |||
description = "DBL uribl IP queries prohibited!"; | |||
groups = ["spamhaus"]; | |||
} |
@@ -103,7 +103,7 @@ rspamd_config.FWD_SRS = { | |||
return false | |||
end, | |||
score = 0.0, | |||
description = "Message was forwarded using SRS", | |||
description = "Message was forwarded using Sender Rewriting Scheme (SRS)", | |||
group = "forwarding" | |||
} | |||
@@ -60,7 +60,7 @@ rspamd_config:register_symbol{ | |||
score = 0.0, | |||
parent = rcvd_cb_id, | |||
type = 'virtual', | |||
description = 'No received', | |||
description = 'Message has no Received headers', | |||
group = 'headers', | |||
} | |||
rspamd_config:register_symbol{ | |||
@@ -68,7 +68,7 @@ rspamd_config:register_symbol{ | |||
score = 0.0, | |||
parent = rcvd_cb_id, | |||
type = 'virtual', | |||
description = 'One received', | |||
description = 'Message has one Received header', | |||
group = 'headers', | |||
} | |||
rspamd_config:register_symbol{ | |||
@@ -76,7 +76,7 @@ rspamd_config:register_symbol{ | |||
score = 0.0, | |||
parent = rcvd_cb_id, | |||
type = 'virtual', | |||
description = 'Two received', | |||
description = 'Message has two Received headers', | |||
group = 'headers', | |||
} | |||
rspamd_config:register_symbol{ | |||
@@ -84,7 +84,7 @@ rspamd_config:register_symbol{ | |||
score = 0.0, | |||
parent = rcvd_cb_id, | |||
type = 'virtual', | |||
description = '3-5 received', | |||
description = 'Message has 3-5 Received headers', | |||
group = 'headers', | |||
} | |||
rspamd_config:register_symbol{ | |||
@@ -92,7 +92,7 @@ rspamd_config:register_symbol{ | |||
score = 0.0, | |||
parent = rcvd_cb_id, | |||
type = 'virtual', | |||
description = '5-7 received', | |||
description = 'Message has 5-7 Received headers', | |||
group = 'headers', | |||
} | |||
rspamd_config:register_symbol{ | |||
@@ -100,7 +100,7 @@ rspamd_config:register_symbol{ | |||
score = 0.0, | |||
parent = rcvd_cb_id, | |||
type = 'virtual', | |||
description = '7-11 received', | |||
description = 'Message has 7-11 Received headers', | |||
group = 'headers', | |||
} | |||
rspamd_config:register_symbol{ | |||
@@ -108,7 +108,7 @@ rspamd_config:register_symbol{ | |||
score = 0.0, | |||
parent = rcvd_cb_id, | |||
type = 'virtual', | |||
description = '12+ received', | |||
description = 'Message has 12 or more Received headers', | |||
group = 'headers', | |||
} | |||
@@ -144,7 +144,7 @@ rspamd_config:register_symbol{ | |||
score = 0.0, | |||
parent = prio_cb_id, | |||
type = 'virtual', | |||
description = 'Priority 0', | |||
description = 'Message has X-Priority header set to 0', | |||
group = 'headers', | |||
} | |||
rspamd_config:register_symbol{ | |||
@@ -152,7 +152,7 @@ rspamd_config:register_symbol{ | |||
score = 0.0, | |||
parent = prio_cb_id, | |||
type = 'virtual', | |||
description = 'Priority 1', | |||
description = 'Message has X-Priority header set to 1', | |||
group = 'headers', | |||
} | |||
rspamd_config:register_symbol{ | |||
@@ -160,7 +160,7 @@ rspamd_config:register_symbol{ | |||
score = 0.0, | |||
parent = prio_cb_id, | |||
type = 'virtual', | |||
description = 'Priority 2', | |||
description = 'Message has X-Priority header set to 2', | |||
group = 'headers', | |||
} | |||
rspamd_config:register_symbol{ | |||
@@ -168,7 +168,7 @@ rspamd_config:register_symbol{ | |||
score = 0.0, | |||
parent = prio_cb_id, | |||
type = 'virtual', | |||
description = 'Priority 3-4', | |||
description = 'Message has X-Priority header set to 3 or 4', | |||
group = 'headers', | |||
} | |||
rspamd_config:register_symbol{ | |||
@@ -176,7 +176,7 @@ rspamd_config:register_symbol{ | |||
score = 0.0, | |||
parent = prio_cb_id, | |||
type = 'virtual', | |||
description = 'Priority 5+', | |||
description = 'Message has X-Priority header set to 5 or higher', | |||
group = 'headers', | |||
} | |||
@@ -682,7 +682,7 @@ local check_from_id = rspamd_config:register_symbol{ | |||
rspamd_config:register_symbol{ | |||
name = 'FROM_NO_DN', | |||
score = 0, | |||
score = 0.0, | |||
group = 'headers', | |||
parent = check_from_id, | |||
type = 'virtual', |
@@ -503,7 +503,7 @@ rspamd_config:register_symbol{ | |||
name = 'TAGGED_RCPT', | |||
description = 'SMTP recipients have plus tags', | |||
group = 'headers', | |||
score = 0, | |||
score = 0.0, | |||
} | |||
rspamd_config:register_symbol{ | |||
type = 'virtual', | |||
@@ -511,7 +511,7 @@ rspamd_config:register_symbol{ | |||
name = 'TAGGED_FROM', | |||
description = 'SMTP from has plus tags', | |||
group = 'headers', | |||
score = 0, | |||
score = 0.0, | |||
} | |||
local check_from_display_name = rspamd_config:register_symbol{ | |||
@@ -560,7 +560,7 @@ rspamd_config:register_symbol{ | |||
name = 'SPOOF_DISPLAY_NAME', | |||
description = 'Display name is being used to spoof and trick the recipient', | |||
group = 'headers', | |||
score = 8, | |||
score = 8.0, | |||
} | |||
rspamd_config:register_symbol{ | |||
@@ -569,7 +569,7 @@ rspamd_config:register_symbol{ | |||
name = 'FROM_NEQ_DISPLAY_NAME', | |||
group = 'headers', | |||
description = 'Display name contains an email address different to the From address', | |||
score = 4, | |||
score = 4.0, | |||
} | |||
rspamd_config.SPOOF_REPLYTO = { |
@@ -28,21 +28,21 @@ reconf['PRECEDENCE_BULK'] = { | |||
reconf['MICROSOFT_SPAM'] = { | |||
-- https://technet.microsoft.com/en-us/library/dn205071(v=exchg.150).aspx | |||
re = 'X-Forefront-Antispam-Report=/SFV:SPM/H', | |||
score = 4, | |||
score = 4.0, | |||
description = "Microsoft says the message is spam", | |||
group = 'upstream_spam_filters' | |||
} | |||
reconf['AOL_SPAM'] = { | |||
re = 'X-AOL-Global-Disposition=/^S/H', | |||
score = 5, | |||
score = 5.0, | |||
description = "AOL says this message is spam", | |||
group = 'upstream_spam_filters' | |||
} | |||
reconf['KLMS_SPAM'] = { | |||
re = 'X-KLMS-AntiSpam-Status=/^spam/H', | |||
score = 5, | |||
score = 5.0, | |||
description = "Kaspersky Security for Mail Server says this message is spam", | |||
group = 'upstream_spam_filters' | |||
} | |||
@@ -52,14 +52,14 @@ reconf['SPAM_FLAG'] = { | |||
'X-Spam-Flag=/^(?:yes|true)/Hi', | |||
'X-Spam=/^(?:yes|true)/Hi', | |||
'X-Spam-Status=/^(?:yes|true)/Hi'), | |||
score = 5, | |||
score = 5.0, | |||
description = "Message was already marked as spam", | |||
group = 'upstream_spam_filters' | |||
} | |||
reconf['UNITEDINTERNET_SPAM'] = { | |||
re = 'X-UI-Out-Filterresults=/^junk:/H', | |||
score = 5, | |||
score = 5.0, | |||
description = "United Internet says this message is spam", | |||
group = 'upstream_spam_filters' | |||
} |