twesterhever
a41c12a4e3
[Minor] Constrain Content-Description regexp
1 week ago
twesterhever
eed763a7cf
[Minor] Remove superflous "string.format()"
1 week ago
twesterhever
ce23345c5d
[Enhancement] Catch "Mail message body" Content-Description
This header frequently surfaces in spam, mostly advance fee fraud.
1 week ago
twesterhever
3e1c8da3e9
[Minor] Add rule for presence of Content-Description header
1 week ago
Dmitriy Alekseev
db03a55444
Fix error in headers_checks.lua
2 weeks ago
twesterhever
65c8a66198
[Minor] Add rule for localhost HELOs in Received headers
1 month ago
twesterhever
434f9f79e2
[Enhancement] Add more symbols for Reply-To header characteristics
1 month ago
twesterhever
c599cb599e
[Minor] Add HAS_FILE_URL rule for messages containing a file:// URL
These are frequently abused for distributing malware via non-HTTP
protocols, such as public Samba servers. file:// URLs may also be abused
for including files from the victims' machine in a message. Either way,
a legitimate usecase is unlikely.
Signed-off-by: twesterhever <40121680+twesterhever@users.noreply.github.com>
2 months ago
twesterhever
608a080d11
[Minor] Add rule for messages missing both X-Mailer and User-Agent header
6 months ago
Andrew Lewis
c17ffcd4e5
[Rules] Blank spam detection
6 months ago
Andrew Lewis
f66bd5ac03
[Fix] MISSING_MIMEOLE: avoid matching messages from Android GMail app (#4561)
7 months ago
Vsevolod Stakhov
662145d055
[Minor] Reformat all Lua code, no functional changes
9 months ago
twesterhever
d47473f553
[Minor] Tweak HAS_GOOGLE_REDIR to detect Google AMP URLs as well
Rationale: https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
9 months ago
Dmitriy Alekseev
876a834378
Adjust apple_x_mailer regex
10 months ago
Dmitriy Alekseev
7bed05f8f6
[Minor] A bit better apple_x_mailer regex
10 months ago
Dmitriy Alekseev
7ff31bdb95
Optimize apple_ios_x_mailer regex
10 months ago
Dmitriy Alekseev
a0d7e03366
Support regex rules to detect Apple Mail
10 months ago
twesterhever
472537fc83
[Minor] Remove superfluous '|' in regular expression
10 months ago
twesterhever
be4c99d32e
[Minor] Simplify regular expression for HAS_GOOGLE_REDIR
https://github.com/rspamd/rspamd/pull/4497#issuecomment-1586265815
10 months ago
Vsevolod Stakhov
5ae23df139
Apply suggestions from code review
11 months ago
twesterhever
bc833035ff
[Minor] Fix description of MIME_HTML_ONLY
Thanks, @moisseev!
11 months ago
twesterhever
68d9f76dc1
[Minor] Improve various rule descriptions
11 months ago
twesterhever
2fb6b9a2aa
[Enhancement] Improve detection of Google redirection URLs
The list is derived from Firefox' static HPKP entires, retrieved from:
https://searchfox.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.h
11 months ago
twesterhever
433dc0e2d7
[Minor] Move HAS_ONION_URI from "experimental" to "url" group
11 months ago
twesterhever
ba414d6c0b
[Enhancement] Make Google Firebase rule productive
11 months ago
Vsevolod Stakhov
cac6696192
[Feature] Add controller endpoint to get fuzzy hashes from messages
Sample usage:
```
curl -XPOST 'http://localhost:11334/plugins/fuzzy/hashes?flag=1 ' --data-binary '@-' < file
```
Sample output:
```json
{
"hashes": {
"local": [
"24b6e7de2f489778d828c827079c48bacb086f816d0a7acabbe42e8d0da703b89b913176ad67eefaf5b54fa59f5e0ecfc7015846c4043fcfb0c7a4ed7a235025",
"72789777cbec926f4143de4c08c87acc3fbf3b909b5c39f1edcf82ed12e2d8bc2f56be8d68ee681feccf44ca04e3eca5b8ec039cb84a0d40e22258c370a10cbb"
],
"rspamd.com": [
"24b6e7de2f489778d828c827079c48bacb086f816d0a7acabbe42e8d0da703b89b913176ad67eefaf5b54fa59f5e0ecfc7015846c4043fcfb0c7a4ed7a235025",
"72789777cbec926f4143de4c08c87acc3fbf3b909b5c39f1edcf82ed12e2d8bc2f56be8d68ee681feccf44ca04e3eca5b8ec039cb84a0d40e22258c370a10cbb"
],
},
"success": true
}
```
Issue: #4489
11 months ago
Anton Yuzhaninov
84b0676210
[Minor] Account for one more undisclosed-recipients address variant
1 year ago
georglauterbach
c18f0561bf
add Betterbird to `user_agent_thunderbird`
See https://github.com/Betterbird/thunderbird-patches/issues/125 for
reference.
This way, Rspamd will not add `FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN` to
mails sent perfectly find with Betterbird. Betterbird
(<https://www.betterbird.eu/ >) is an adjusted version of Thunderbird,
fixing many bugs and adding long-wanted features. It is a common and
well-known alternative to Thunderbird, so I think the addition is
justified.
1 year ago
twesterhever
08ce184740
[Enhancement] Add rule to detect Google Firebase URLs
1 year ago
twesterhever
fd6ebc9f80
[Enhancement] Make Google URL redirection rules productive
1 year ago
twesterhever
e39879962f
[Minor] Fix some whitespace issues
1 year ago
dpetrov67
4028247ac6
Fix pcall() argument in rspamd.lua
1 year ago
Kako, Chang
6d5db1e04e
[Fix] received: filtering of artificial header
1 year ago
Vsevolod Stakhov
038ed3f012
[Rules] Mid: Add MID_END_EQ_FROM_USER_PART rule
Issue: #4299
1 year ago
twesterhever
2a9abee4cb
[Minor] Regexp is case-insensitive, omit redundant characters
1 year ago
twesterhever
b1781565e2
[Minor] Fix rule comment
1 year ago
twesterhever
1f78100963
[Minor] Limit CIDv1 detection to 128 bytes
As requested by @vstakhov in https://github.com/rspamd/rspamd/pull/4310#pullrequestreview-1148226107 , try to limit the performance impact of this regular expression. However, given that there does not seem to be a hard limit for CIDv1s in IPFS itself, using an hashing algorithm with large output my permit miscreants to get around this rule.
1 year ago
twesterhever
ac6d1a6566
[Minor] Implement multibase prefixes for IPFS gateway URL rule
1 year ago
twesterhever
9ac1a75132
[Minor] Clarify that IPFS *gateway* URLs are likely considered malicious
1 year ago
Vsevolod Stakhov
4ae8a27cb1
[Minor] Use unicode property for currency detection
Issue: #4320
1 year ago
Vsevolod Stakhov
1803e71558
[Rules] Reduce score of HTTP_TO_HTTPS - subject to remove completely
1 year ago
twesterhever
39aeb394c8
[Enhancement] Add IPFS URL heuristic
1 year ago
Vsevolod Stakhov
05fd471df5
[Rework] Reiterate on priorities
1 year ago
Vsevolod Stakhov
79417a5f81
[Minor] Update more copyright years/email
2 years ago
Vsevolod Stakhov
2fa0e126c7
[Minor] Update my email and the copyright year
2 years ago
Vsevolod Stakhov
968d318a0c
[Rules] Slightly reduce MULTIPLE_FROM score
2 years ago
Josh Soref
2b8e6958f4
Spelling (#4086)
[Rework] Massive spelling fix from @jsoref
2 years ago
Vsevolod Stakhov
e834cdb26d
[Minor] Oops, fix foldl call
2 years ago
Vsevolod Stakhov
c6f7b897d4
[Minor] Fix some issues in URI_COUNT_ODD rule
Issue: #4037
2 years ago
Vsevolod Stakhov
c23d728d75
[Minor] Fix rule
2 years ago