twesterhever
fc13524169
[Minor] Improve FREEMAIL_AFF capture rates
8 months ago
twesterhever
8f6fced6f0
[Enhancement] Add composite rule for suspicious URLs in suspicious messages
8 months ago
Andrew Lewis
c17ffcd4e5
[Rules] Blank spam detection
8 months ago
twesterhever
9bd38a3f44
[Minor] Improve catch rates of FREEMAIL_AFF
11 months ago
Dmitriy Alekseev
0729c58cb0
Add composites exclusions for known Apple Mail bad symbols
11 months ago
twesterhever
31424ff57e
[Minor] Fix RCVD_UNAUTH_PBL
1 year ago
twesterhever
36e5821213
[Rules] Add thread hijacking composite rule
1 year ago
twesterhever
6a9bb3606b
[Minor] Improve HACKED_WP_PHISHING coverage
1 year ago
twesterhever
1e9c019581
[Enhancement] Add composite rule for messages only containing a redirector URL
1 year ago
Vsevolod Stakhov
9c6373baf6
[Conf] Remove outdated composite rules
1 year ago
twesterhever
00896ca733
[Minor] Replace "Spamhaus XBL any" hack with a more clear solution
1 year ago
twesterhever
b605f37d65
[Minor] Improve readability of composites rule configuration
1 year ago
Frederik Bosch
04912a0f5b
Update composites.conf
1 year ago
Frederik Bosch
f03b4d1c7c
Composites should not be recursive
1 year ago
Frederik Bosch
92c0511897
Protect against bounce spam
1 year ago
twesterhever
740443dc92
[Enhancement] Add composite rule against AFF involving freemailers
1 year ago
Player701
73485446f7
[Fix] BAD_REP_POLICIES did not trigger when message was classified as spam by Bayes
1 year ago
Anton Yuzhaninov
9ba051d292
[Rules] Fix symbol for DKIM temporary failure
There is no R_DKIM_DNSFAIL symbol (in default config), but there is R_DKIM_TEMPFAIL.
2 years ago
Vsevolod Stakhov
f0004af022
[Conf] Clarify documentation in the config files
4 years ago
Vsevolod Stakhov
84384ae4e6
[Conf] Make LEAKED_PASSWORD_SCAM a composite rule again
4 years ago
Vsevolod Stakhov
48d68b15e0
[Rework] Migrate from ip_score to reputation
5 years ago
Vsevolod Stakhov
7fe418890c
[Conf] Add BROKEN_HEADERS_MAILLIST composite
5 years ago
Vsevolod Stakhov
4cd0665750
[Rules] Rework LEAKED_PASSWORD_SCAM rule one more time
5 years ago
Vsevolod Stakhov
6c2080f59b
[Conf] Add IP_SCORE_FREEMAIL composite rule
5 years ago
Edmond
0d2f2dca84
Add a reference to the doc of composite rules
5 years ago
Vsevolod Stakhov
c427048cec
[Feature] Validate BTC addresses in LEAKED_PASSWORD_SCAM
5 years ago
heraklit256
4e878f443d
fix typo in RCVD_UNAUTH_PBL
5 years ago
Vsevolod Stakhov
ae8f199719
[Rules] Add VIOLATED_DIRECT_SPF composite
5 years ago
heraklit256
574536f825
lower score for PHISH_EMOTION to 1.0
5 years ago
heraklit256
e5fbf6435a
lower score for HAS_ANON_DOMAIN to 0.1
5 years ago
Vsevolod Stakhov
20337000c7
[Conf] Extend BAD_POLICIES composite
5 years ago
heraklit256
8f76d99b15
add HAS_ONION_URI to HAS_ANON_DOMAIN
5 years ago
Vsevolod Stakhov
abaa90892c
[Minor] Fixes for the previous project
5 years ago
Vsevolod Stakhov
62b3a7c5e9
[Conf] Add composite to negate policies when fuzzy/bayes found
5 years ago
heraklit256
b6092b1f92
lower weight of RCVD_DKIM_ARC_DNSWL_HI to -1.0
5 years ago
heraklit256
0455923baf
Include ARC into AUTH_NA rule
5 years ago
heraklit256
a15bd65a86
Composite rules: Minor cleanups
Added descriptions to some rules and unified AND operator.
5 years ago
heraklit256
baec25184f
leave original symbols for composite rules
Removing original symbols if a composite rule triggers is kind
of confusing and makes debugging harder.
5 years ago
heraklit256
1a55afb110
lower weight for RCVD_DKIM_ARC_DNSWL_MED and RCVD_DKIM_ARC_DNSWL_HIGH
These were too high as other symbols - such as ARC_ALLOW - already
introduce some negative scores.
Thanks to @moisseev for reporting this.
5 years ago
heraklit256
fc0cec888f
Fix description for composite rule RBL_SPAMHAUS_XBL_ANY
5 years ago
heraklit256
6e44ac9fb4
leaving original symbols if DNSWL composite rules are triggered
Without policy = "leave", rspamd replaces the original symbols
in log and message header (if enabled), which makes debugging more
hard and is not used in this case.
5 years ago
Alexander Moisseev
957e3c6d1a
[Minor] Remove UNPRECISE_RCPT_DETAIL_FROM_SPAMMY
5 years ago
heraklit256
648c87a935
add rule for domains trying to stay anonymous
5 years ago
heraklit256
04b52561b0
improve composite rules for phish messages
5 years ago
heraklit256
5312495106
add some missing composite rule description
5 years ago
heraklit256
5afbc581fa
add rule for spammy mails with detailled sender but generic recipients
5 years ago
heraklit256
faadf253ad
add rule for phish messages containing emotional subjects
5 years ago
heraklit256
46bb18fa93
add rule for spammy PHP generated mails
5 years ago
heraklit256
f1ebed1f9c
also trigger DNSWL score rule in case mails are properly ARC signed
5 years ago
heraklit256
1ecd691570
add negative weight to DNSWL entries
However, a message must be correctly DKIM signed to get some more
negative weight in case an received IP is listed with medium or
high trust at DNSWL.
This supersedes a first patch without the DKIM condition.
5 years ago