[Minor] unify rule scores and weights and improve descriptions

5 years ago · e6e72472ad
--- a/conf/modules.d/spamtrap.conf
+++ b/conf/modules.d/spamtrap.conf
  # Fuzzy flag
  #fuzzy_flag = 1;
  # Fuzzy weight
  #fuzzy_weight = 10;
  #fuzzy_weight = 10.0;
  # Redis key prefix
  #key_prefix = 'sptr_';
  # Skip spamtrap checks for authorized users
--- a/conf/scores.d/headers_group.conf
+++ b/conf/scores.d/headers_group.conf
 symbols = {
    "FORGED_SENDER" {
        weight = 0.30;
        weight = 0.3;
        description = "Sender is forged (different From: header and smtp MAIL FROM: addresses)";
    }
    "R_MIXED_CHARSET" {
        weight = -0.2;
        description = "Message seems to be from maillist";
    }
 }
 }
--- a/conf/scores.d/hfilter_group.conf
+++ b/conf/scores.d/hfilter_group.conf
 symbols = {
    "HFILTER_HELO_BAREIP" {
        weight = 3.00;
        weight = 3.0;
        description = "Helo host is bare ip";
    }
    "HFILTER_HELO_BADIP" {
        weight = 4.50;
        weight = 4.5;
        description = "Helo host is very bad ip";
    }
    "HFILTER_HELO_1" {
        description = "Helo host checks (very low)";
    }
    "HFILTER_HELO_2" {
        weight = 1.00;
        weight = 1.0;
        description = "Helo host checks (low)";
    }
    "HFILTER_HELO_3" {
        weight = 2.00;
        weight = 2.0;
        description = "Helo host checks (medium)";
    }
    "HFILTER_HELO_4" {
        weight = 2.50;
        weight = 2.5;
        description = "Helo host checks (hard)";
    }
    "HFILTER_HELO_5" {
        weight = 3.00;
        weight = 3.0;
        description = "Helo host checks (very hard)";
    }
    "HFILTER_HOSTNAME_1" {
        description = "Hostname checks (very low)";
    }
    "HFILTER_HOSTNAME_2" {
        weight = 1.00;
        weight = 1.0;
        description = "Hostname checks (low)";
    }
    "HFILTER_HOSTNAME_3" {
        weight = 2.00;
        weight = 2.0;
        description = "Hostname checks (medium)";
    }
    "HFILTER_HOSTNAME_4" {
        weight = 2.50;
        weight = 2.5;
        description = "Hostname checks (hard)";
    }
    "HFILTER_HOSTNAME_5" {
        weight = 3.00;
        weight = 3.0;
        description = "Hostname checks (very hard)";
    }
    "HFILTER_HELO_NORESOLVE_MX" {
        weight = 0.20;
        weight = 0.2;
        description = "MX found in Helo and no resolve";
    }
    "HFILTER_HELO_NORES_A_OR_MX" {
        description = "Helo no resolve to A or MX";
    }
    "HFILTER_HELO_IP_A" {
        weight = 1.00;
        weight = 1.0;
        description = "Helo A IP != hostname IP";
    }
    "HFILTER_HELO_NOT_FQDN" {
        weight = 2.00;
        weight = 2.0;
        description = "Helo not FQDN";
    }
    "HFILTER_FROMHOST_NORESOLVE_MX" {
        description = "MX found in FROM host and no resolve";
    }
    "HFILTER_FROMHOST_NORES_A_OR_MX" {
        weight = 1.50;
        weight = 1.5;
        description = "FROM host no resolve to A or MX";
    }
    "HFILTER_FROMHOST_NOT_FQDN" {
        weight = 3.00;
        weight = 3.0;
        description = "FROM host not FQDN";
    }
    "HFILTER_FROM_BOUNCE" {
        weight = 0.00;
        weight = 0.0;
        description = "Bounce message";
    }
 /*
    # Disabled by default
    "HFILTER_MID_NORESOLVE_MX" {
        weight = 0.50;
        weight = 0.5;
        description = "MX found in Message-id host and no resolve";
    }
    "HFILTER_MID_NORES_A_OR_MX" {
        weight = 0.50;
        weight = 0.5;
        name = ;
        description = "Message-id host no resolve to A or MX";
    }
    "HFILTER_MID_NOT_FQDN" {
        weight = 0.50;
        weight = 0.5;
        description = "Message-id host not FQDN";
    }
 */
    "HFILTER_HOSTNAME_UNKNOWN" {
        weight = 2.50;
        weight = 2.5;
        description = "Unknown client hostname (PTR or FCrDNS verification failed)";
    }
    "HFILTER_RCPT_BOUNCEMOREONE" {
        weight = 1.50;
        weight = 1.5;
        description = "Message from bounce and over 1 recipient";
    }
    "HFILTER_URL_ONLY" {
        weight = 2.20;
        weight = 2.2;
        description = "URL only in body";
    }
    "HFILTER_URL_ONELINE" {
        weight = 2.50;
        weight = 2.5;
        description = "One line URL and text in body";
    }
 }
--- a/conf/scores.d/rbl_group.conf
+++ b/conf/scores.d/rbl_group.conf
        groups = ["dnswl"];
    }
    "DWL_DNSWL_LOW" {
        weight = -1;
        weight = -1.0;
        description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, low trust";
        groups = ["dnswl"];
    }
    "DWL_DNSWL_MED" {
        weight = -2;
        weight = -2.0;
        description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, medium trust";
        groups = ["dnswl"];
    }
--- a/conf/scores.d/surbl_group.conf
+++ b/conf/scores.d/surbl_group.conf
        groups = ["spamhaus"];
    }
    "DBL_PROHIBIT" {
        weight = 0.00000;
        weight = 0.0;
        description = "DBL uribl IP queries prohibited!";
        groups = ["spamhaus"];
    }
--- a/rules/forwarding.lua
+++ b/rules/forwarding.lua
    return false
  end,
  score = 0.0,
  description = "Message was forwarded using SRS",
  description = "Message was forwarded using Sender Rewriting Scheme (SRS)",
  group = "forwarding"
 }
--- a/rules/headers_checks.lua
+++ b/rules/headers_checks.lua
  score = 0.0,
  parent = rcvd_cb_id,
  type = 'virtual',
  description = 'No received',
  description = 'Message has no Received headers',
  group = 'headers',
 }
 rspamd_config:register_symbol{
  score = 0.0,
  parent = rcvd_cb_id,
  type = 'virtual',
  description = 'One received',
  description = 'Message has one Received header',
  group = 'headers',
 }
 rspamd_config:register_symbol{
  score = 0.0,
  parent = rcvd_cb_id,
  type = 'virtual',
  description = 'Two received',
  description = 'Message has two Received headers',
  group = 'headers',
 }
 rspamd_config:register_symbol{
  score = 0.0,
  parent = rcvd_cb_id,
  type = 'virtual',
  description = '3-5 received',
  description = 'Message has 3-5 Received headers',
  group = 'headers',
 }
 rspamd_config:register_symbol{
  score = 0.0,
  parent = rcvd_cb_id,
  type = 'virtual',
  description = '5-7 received',
  description = 'Message has 5-7 Received headers',
  group = 'headers',
 }
 rspamd_config:register_symbol{
  score = 0.0,
  parent = rcvd_cb_id,
  type = 'virtual',
  description = '7-11 received',
  description = 'Message has 7-11 Received headers',
  group = 'headers',
 }
 rspamd_config:register_symbol{
  score = 0.0,
  parent = rcvd_cb_id,
  type = 'virtual',
  description = '12+ received',
  description = 'Message has 12 or more Received headers',
  group = 'headers',
 }
  score = 0.0,
  parent = prio_cb_id,
  type = 'virtual',
  description = 'Priority 0',
  description = 'Message has X-Priority header set to 0',
  group = 'headers',
 }
 rspamd_config:register_symbol{
  score = 0.0,
  parent = prio_cb_id,
  type = 'virtual',
  description = 'Priority 1',
  description = 'Message has X-Priority header set to 1',
  group = 'headers',
 }
 rspamd_config:register_symbol{
  score = 0.0,
  parent = prio_cb_id,
  type = 'virtual',
  description = 'Priority 2',
  description = 'Message has X-Priority header set to 2',
  group = 'headers',
 }
 rspamd_config:register_symbol{
  score = 0.0,
  parent = prio_cb_id,
  type = 'virtual',
  description = 'Priority 3-4',
  description = 'Message has X-Priority header set to 3 or 4',
  group = 'headers',
 }
 rspamd_config:register_symbol{
  score = 0.0,
  parent = prio_cb_id,
  type = 'virtual',
  description = 'Priority 5+',
  description = 'Message has X-Priority header set to 5 or higher',
  group = 'headers',
 }
 rspamd_config:register_symbol{
  name = 'FROM_NO_DN',
  score = 0,
  score = 0.0,
  group = 'headers',
  parent = check_from_id,
  type = 'virtual',
--- a/rules/misc.lua
+++ b/rules/misc.lua
  name = 'TAGGED_RCPT',
  description = 'SMTP recipients have plus tags',
  group = 'headers',
  score = 0,
  score = 0.0,
 }
 rspamd_config:register_symbol{
  type = 'virtual',
  name = 'TAGGED_FROM',
  description = 'SMTP from has plus tags',
  group = 'headers',
  score = 0,
  score = 0.0,
 }
 local check_from_display_name = rspamd_config:register_symbol{
  name = 'SPOOF_DISPLAY_NAME',
  description = 'Display name is being used to spoof and trick the recipient',
  group = 'headers',
  score = 8,
  score = 8.0,
 }
 rspamd_config:register_symbol{
  name = 'FROM_NEQ_DISPLAY_NAME',
  group = 'headers',
  description = 'Display name contains an email address different to the From address',
  score = 4,
  score = 4.0,
 }
 rspamd_config.SPOOF_REPLYTO = {
--- a/rules/regexp/upstream_spam_filters.lua
+++ b/rules/regexp/upstream_spam_filters.lua
 reconf['MICROSOFT_SPAM'] = {
  -- https://technet.microsoft.com/en-us/library/dn205071(v=exchg.150).aspx
  re = 'X-Forefront-Antispam-Report=/SFV:SPM/H',
  score = 4,
  score = 4.0,
  description = "Microsoft says the message is spam",
  group = 'upstream_spam_filters'
 }
 reconf['AOL_SPAM'] = {
  re = 'X-AOL-Global-Disposition=/^S/H',
  score = 5,
  score = 5.0,
  description = "AOL says this message is spam",
  group = 'upstream_spam_filters'
 }
 reconf['KLMS_SPAM'] = {
  re = 'X-KLMS-AntiSpam-Status=/^spam/H',
  score = 5,
  score = 5.0,
  description = "Kaspersky Security for Mail Server says this message is spam",
  group = 'upstream_spam_filters'
 }
      'X-Spam-Flag=/^(?:yes|true)/Hi',
      'X-Spam=/^(?:yes|true)/Hi',
      'X-Spam-Status=/^(?:yes|true)/Hi'),
  score = 5,
  score = 5.0,
  description = "Message was already marked as spam",
  group = 'upstream_spam_filters'
 }
 reconf['UNITEDINTERNET_SPAM'] = {
  re = 'X-UI-Out-Filterresults=/^junk:/H',
  score = 5,
  score = 5.0,
  description = "United Internet says this message is spam",
  group = 'upstream_spam_filters'
 }