twesterhever
be0bc2701e
[Minor] Add rule for messages missing both X-Mailer and User-Agent header
7 months ago
Andrew Lewis
c17ffcd4e5
[Rules] Blank spam detection
8 months ago
Andrew Lewis
f66bd5ac03
[Fix] MISSING_MIMEOLE: avoid matching messages from Android GMail app (#4561)
8 months ago
Vsevolod Stakhov
662145d055
[Minor] Reformat all Lua code, no functional changes
10 months ago
twesterhever
d47473f553
[Minor] Tweak HAS_GOOGLE_REDIR to detect Google AMP URLs as well
Rationale: https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
10 months ago
Dmitriy Alekseev
876a834378
Adjust apple_x_mailer regex
11 months ago
Dmitriy Alekseev
7bed05f8f6
[Minor] A bit better apple_x_mailer regex
11 months ago
Dmitriy Alekseev
7ff31bdb95
Optimize apple_ios_x_mailer regex
11 months ago
Dmitriy Alekseev
a0d7e03366
Support regex rules to detect Apple Mail
11 months ago
twesterhever
472537fc83
[Minor] Remove superfluous '|' in regular expression
11 months ago
twesterhever
be4c99d32e
[Minor] Simplify regular expression for HAS_GOOGLE_REDIR
https://github.com/rspamd/rspamd/pull/4497#issuecomment-1586265815
11 months ago
Vsevolod Stakhov
5ae23df139
Apply suggestions from code review
1 year ago
twesterhever
bc833035ff
[Minor] Fix description of MIME_HTML_ONLY
Thanks, @moisseev!
1 year ago
twesterhever
68d9f76dc1
[Minor] Improve various rule descriptions
1 year ago
twesterhever
2fb6b9a2aa
[Enhancement] Improve detection of Google redirection URLs
The list is derived from Firefox' static HPKP entires, retrieved from:
https://searchfox.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.h
1 year ago
twesterhever
433dc0e2d7
[Minor] Move HAS_ONION_URI from "experimental" to "url" group
1 year ago
twesterhever
ba414d6c0b
[Enhancement] Make Google Firebase rule productive
1 year ago
Vsevolod Stakhov
cac6696192
[Feature] Add controller endpoint to get fuzzy hashes from messages
Sample usage:
```
curl -XPOST 'http://localhost:11334/plugins/fuzzy/hashes?flag=1 ' --data-binary '@-' < file
```
Sample output:
```json
{
"hashes": {
"local": [
"24b6e7de2f489778d828c827079c48bacb086f816d0a7acabbe42e8d0da703b89b913176ad67eefaf5b54fa59f5e0ecfc7015846c4043fcfb0c7a4ed7a235025",
"72789777cbec926f4143de4c08c87acc3fbf3b909b5c39f1edcf82ed12e2d8bc2f56be8d68ee681feccf44ca04e3eca5b8ec039cb84a0d40e22258c370a10cbb"
],
"rspamd.com": [
"24b6e7de2f489778d828c827079c48bacb086f816d0a7acabbe42e8d0da703b89b913176ad67eefaf5b54fa59f5e0ecfc7015846c4043fcfb0c7a4ed7a235025",
"72789777cbec926f4143de4c08c87acc3fbf3b909b5c39f1edcf82ed12e2d8bc2f56be8d68ee681feccf44ca04e3eca5b8ec039cb84a0d40e22258c370a10cbb"
],
},
"success": true
}
```
Issue: #4489
1 year ago
Anton Yuzhaninov
84b0676210
[Minor] Account for one more undisclosed-recipients address variant
1 year ago
georglauterbach
c18f0561bf
add Betterbird to `user_agent_thunderbird`
See https://github.com/Betterbird/thunderbird-patches/issues/125 for
reference.
This way, Rspamd will not add `FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN` to
mails sent perfectly find with Betterbird. Betterbird
(<https://www.betterbird.eu/ >) is an adjusted version of Thunderbird,
fixing many bugs and adding long-wanted features. It is a common and
well-known alternative to Thunderbird, so I think the addition is
justified.
1 year ago
twesterhever
08ce184740
[Enhancement] Add rule to detect Google Firebase URLs
1 year ago
twesterhever
fd6ebc9f80
[Enhancement] Make Google URL redirection rules productive
1 year ago
twesterhever
e39879962f
[Minor] Fix some whitespace issues
1 year ago
dpetrov67
4028247ac6
Fix pcall() argument in rspamd.lua
1 year ago
Kako, Chang
6d5db1e04e
[Fix] received: filtering of artificial header
1 year ago
Vsevolod Stakhov
038ed3f012
[Rules] Mid: Add MID_END_EQ_FROM_USER_PART rule
Issue: #4299
1 year ago
twesterhever
2a9abee4cb
[Minor] Regexp is case-insensitive, omit redundant characters
1 year ago
twesterhever
b1781565e2
[Minor] Fix rule comment
1 year ago
twesterhever
1f78100963
[Minor] Limit CIDv1 detection to 128 bytes
As requested by @vstakhov in https://github.com/rspamd/rspamd/pull/4310#pullrequestreview-1148226107 , try to limit the performance impact of this regular expression. However, given that there does not seem to be a hard limit for CIDv1s in IPFS itself, using an hashing algorithm with large output my permit miscreants to get around this rule.
1 year ago
twesterhever
ac6d1a6566
[Minor] Implement multibase prefixes for IPFS gateway URL rule
1 year ago
twesterhever
9ac1a75132
[Minor] Clarify that IPFS *gateway* URLs are likely considered malicious
1 year ago
Vsevolod Stakhov
4ae8a27cb1
[Minor] Use unicode property for currency detection
Issue: #4320
1 year ago
Vsevolod Stakhov
1803e71558
[Rules] Reduce score of HTTP_TO_HTTPS - subject to remove completely
1 year ago
twesterhever
39aeb394c8
[Enhancement] Add IPFS URL heuristic
1 year ago
Vsevolod Stakhov
05fd471df5
[Rework] Reiterate on priorities
1 year ago
Vsevolod Stakhov
79417a5f81
[Minor] Update more copyright years/email
2 years ago
Vsevolod Stakhov
2fa0e126c7
[Minor] Update my email and the copyright year
2 years ago
Vsevolod Stakhov
968d318a0c
[Rules] Slightly reduce MULTIPLE_FROM score
2 years ago
Josh Soref
2b8e6958f4
Spelling (#4086)
[Rework] Massive spelling fix from @jsoref
2 years ago
Vsevolod Stakhov
e834cdb26d
[Minor] Oops, fix foldl call
2 years ago
Vsevolod Stakhov
c6f7b897d4
[Minor] Fix some issues in URI_COUNT_ODD rule
Issue: #4037
2 years ago
Vsevolod Stakhov
c23d728d75
[Minor] Fix rule
2 years ago
Vsevolod Stakhov
c1b3e4821a
[Rules] Remove ancient and inefficient rules
2 years ago
Vsevolod Stakhov
13dd78c687
[Rules] Fix old rules to stop global functions usage
2 years ago
Andrew Lewis
b7e3440024
[Feature] JSON endpoint for querying maps
2 years ago
Anton Yuzhaninov
98b205709f
[Minor] Skip bitcoin address check for very long words
Exclude very long words (which can be extracted e. g. from some text
attachments) from bitcoin address check to avoid excessive resource
usage.
2 years ago
Vsevolod Stakhov
d2ca787313
[Rules] Improve zero font rule
2 years ago
Sebastian Lipponer
44d83209e2
[Minor] Regexp: Extend upstream spam filter regexp
2 years ago
Anton Yuzhaninov
0248bd6615
[Rules] Micro-optimize X_PHP_EVAL
Remove /i flag from regexp string "eval()'d code" is always in
lower case. While here use long string format for readability.
2 years ago
Vsevolod Stakhov
dde092ef09
[Minor] Fix checks safety
2 years ago