Vsevolod Stakhov
923a70bbce
Revert "[Fix] Fix history key, as we use `{=` and not `{{` in templates"
4 months ago
Vsevolod Stakhov
50e9652789
[Fix] Fix history key, as we use `{=` and not `{{` in templates
4 months ago
Andrew Lewis
a5c8054115
[Minor] Add more returnbits to surbl configuration
4 months ago
Vsevolod Stakhov
5faefe0c6c
[Feature] Allow to add templates to redis history prefix
Issue: #4793
Closes: #4793
4 months ago
Andrew Lewis
d06fc3bea3
[Feature] rbl: support disabling or replacing url_whitelist per RBL
6 months ago
twesterhever
fc13524169
[Minor] Improve FREEMAIL_AFF capture rates
7 months ago
twesterhever
8f6fced6f0
[Enhancement] Add composite rule for suspicious URLs in suspicious messages
7 months ago
Vsevolod Stakhov
a230d606e7
[Conf] Add note
Issue: #4677
7 months ago
Andrew Lewis
15e3f277fa
[Minor] Reiterate on the previous changes
- Demote message to info level
- Name it returncodes_matcher for better specificity
8 months ago
Andrew Lewis
fea6bf4c35
[Minor] rbl: support use of different matchers for return codes
8 months ago
Andrew Lewis
9ac6d71006
[Minor] RSPAMD_SHAREDIR is called SHAREDIR in configuration
8 months ago
Andrew Lewis
c17ffcd4e5
[Rules] Blank spam detection
8 months ago
Marc Dierksen
5f5a126a4e
[Fix] Prevent DNSWL sabotage
When exceeding the query limit for DNSWL it can happen that instead
of the returncode 127.0.0.255, that according to documentation
(https://www.dnswl.org/?page_id=15 ) indicates a block, the
returncode 127.0.10.3 is returned for all queries.
According to documentation (https://www.dnswl.org/?page_id=15 ) the
127.0.10.3 returncode indicates the highest level of trustworthiness
that should never be blocked and a category of 'some special cases'.
As it turns out that documentation is a lie and that 127.0.10.3
returncode is used by DNSWL to intentionally sabotage email security
by marking all sending servers as highly trustworthy
(https://www.dnswl.org/?p=120 ).
8 months ago
Andrew Lewis
19d2adf388
[Minor] Move configuration to proper location
8 months ago
Andrew Lewis
e5318e1729
[Minor] Fix copypasta (#4469)
8 months ago
Vsevolod Stakhov
c6bec0f8df
[Conf] Add new plugin default configuration
9 months ago
laodc
75fdc829ba
Added support for Redis 6 ACL (username/password)
10 months ago
Dmitriy Alekseev
7d0d4e7bee
Update phishing_group.conf
10 months ago
Dmitriy Alekseev
12f3489633
Update phishing.conf
10 months ago
twesterhever
c3b48ef388
[Minor] Align scores of Spamhaus DBL, SURBL, URIBL DNSBL symbols
Given that they have about the same false positive rate, it makes sense
to treat them equal in terms of scoring:
- Particular threats (phishing, malware) are scored a bit higher than
mere spam domain listings
- "Abused legitimate" listings are scored lower for some DNSBLs already,
this has now been aligned.
- For SURBL, cracked and abused sites are treated with the same score.
10 months ago
twesterhever
c83818fd38
[Minor] Increase score of URIBL_XBL
This aids with detecting FQDNs hosted on hacked machines, such as used
in Fast Flux-style botnet spam.
10 months ago
twesterhever
e0d9991191
[Minor] Reduce score of URIBL_SBL_CSS
Given that CSS is an automated component of SBL, this should not receive
the same scoring as manually conducted SBL listings. Particularly for
shared hosting environments, CSS hits on IP addresses derived from FQDNs
sometimes were found to be scored a bit too high.
10 months ago
twesterhever
9bd38a3f44
[Minor] Improve catch rates of FREEMAIL_AFF
10 months ago
Dmitriy Alekseev
0729c58cb0
Add composites exclusions for known Apple Mail bad symbols
11 months ago
twesterhever
31424ff57e
[Minor] Fix RCVD_UNAUTH_PBL
1 year ago
twesterhever
36e5821213
[Rules] Add thread hijacking composite rule
1 year ago
twesterhever
6a9bb3606b
[Minor] Improve HACKED_WP_PHISHING coverage
1 year ago
twesterhever
18a8b22cc3
[Minor] Fix quirk in CRACKED_SURBL rule description
1 year ago
twesterhever
68d9f76dc1
[Minor] Improve various rule descriptions
1 year ago
twesterhever
1e9c019581
[Enhancement] Add composite rule for messages only containing a redirector URL
1 year ago
Vsevolod Stakhov
9c6373baf6
[Conf] Remove outdated composite rules
1 year ago
Vsevolod Stakhov
e92b112a8a
[Feature] Allow to use other methods when fasttext detection is enabled
1 year ago
Vsevolod Stakhov
915885232b
[Conf] Add missing attributes for the language detection configuration
1 year ago
Vsevolod Stakhov
fea5bdc797
[Conf] Add language detection configuration
1 year ago
Vsevolod Stakhov
0a0e3f35c8
[Conf] Add `one_shot` to some specific multimap rules
1 year ago
Vsevolod Stakhov
a8a58053e0
[Feature] Add extra symbol when URL redirector reaches nested limit
Issue: #4406
1 year ago
Mehmet Tolga Avcioglu
c133f24197
fix incorrect asn references in bimi.conf
1 year ago
twesterhever
00896ca733
[Minor] Replace "Spamhaus XBL any" hack with a more clear solution
1 year ago
twesterhever
ded1b937d0
[Minor] Sort maps.d contents for better readability
1 year ago
twesterhever
b605f37d65
[Minor] Improve readability of composites rule configuration
1 year ago
twesterhever
fbe0e146a5
[Minor] Add newline at EOF where missing
1 year ago
twesterhever
7d63c8b3cb
[Minor] Improve readability of RBL module configuration file
1 year ago
twesterhever
aba2b987b7
[Minor] Remove orphaned SARBL directives
1 year ago
twesterhever
a651be3ffb
[Minor] Unify configuration file structure
1 year ago
twesterhever
6c96b48c23
[Minor] Improve content rule descriptions
1 year ago
twesterhever
0ea54f8305
[Minor] Improve readability of policies group configuration file
1 year ago
twesterhever
e7b3a62fa1
[Minor] Add project URL for MSBL
1 year ago
twesterhever
8d67630f2a
[Minor] Add "blocked" tag to DBL_BLOCKED_OPENRESOLVER and DBL_BLOCKED
1 year ago
twesterhever
595ddb96d0
[Minor] Improve SURBL rule descriptions
1 year ago
twesterhever
425d65d7e0
[Minor] Improve readability of RBL/SURBL configuration files
1 year ago