rspamd/conf/scores.d/phishing_group.conf

# Phishing rules scores
#
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
# parameters defined on the top level
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
# parameters defined on the top level
#
# For specific modules or configuration you can also modify
# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
#
# See https://rspamd.com/doc/tutorials/writing_rules.html for details

description = "Phishing in emails";

max_score = 10.0;

symbols = {
    "PHISHING" {
        weight = 4.0;
        description = "Phished URL";
        one_shot = true;
    }
    "PHISHED_EXCLUDED" {
        weight = 0.0;
        description = "Phished URL found in exclusions list";
    }
    "PHISHED_OPENPHISH" {
        weight = 7.0;
        description = "Phished URL found in openphish.com";
    }
    "PHISHED_PHISHTANK" {
        weight = 7.0;
        description = "Phished URL found in phishtank.com";
    }
    HACKED_WP_PHISHING {
        weight = 4.5;
        description = "Phish message sent by hacked Wordpress instance";
    }
    REDIRECTOR_FALSE {
        weight = 0.0;
        description = "Phishing exclusion symbol for known redirectors";
    }
    URL_REDIRECTOR_NESTED {
        weight = 1.0;
        description = "URL redirector nested limit has been reached";
        one_shot = true;
    }
    PHISHED_WHITELISTED {
        weight = 0.0;
        description = "Phishing exclusion symbol for known exceptions";
    }
}