Mirrors/rspamd
1
0
Fork 0
mirror of https://github.com/rspamd/rspamd.git synced 2024-08-17 02:10:14 +02:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
4e7ac93ca2
rspamd/conf/composites.conf
Alexander Moisseev 22f9f56f87 [Minor] Suppress base64 symbols for mails sent with 1C v8
2017-08-23 12:18:03 +03:00

86 lines
3.0 KiB
Plaintext
Raw Blame History

# Composites setup
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
# parameters defined on the top level
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
# parameters defined on the top level
#
# For specific modules or configuration you can also modify
# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
#
# See https://rspamd.com/doc/tutorials/writing_rules.html for details
composites {
FORGED_RECIPIENTS_MAILLIST {
expression = "FORGED_RECIPIENTS & -MAILLIST";
}
FORGED_SENDER_MAILLIST {
expression = "FORGED_SENDER & -MAILLIST";
}
FORGED_SENDER_FORWARDING {
expression = "FORGED_SENDER & g:forwarding";
}
SPF_FAIL_FORWARDING {
expression = "g:forwarding & (R_SPF_SOFTFAIL | R_SPF_FAIL)";
policy = "remove_weight";
}
DMARC_POLICY_ALLOW_WITH_FAILURES {
expression = "DMARC_POLICY_ALLOW & (R_SPF_SOFTFAIL | R_SPF_FAIL | R_DKIM_REJECT)";
policy = "remove_weight";
}
FORGED_RECIPIENTS_FORWARDING {
expression = "FORGED_RECIPIENTS & g:forwarding";
}
FORGED_SENDER_VERP_SRS {
expression = "FORGED_SENDER & (ENVFROM_PRVS | ENVFROM_VERP)";
}
FORGED_MUA_MAILLIST {
expression = "g:mua and -MAILLIST";
}
RBL_SPAMHAUS_XBL_ANY {
expression = "RBL_SPAMHAUS_XBL & RECEIVED_SPAMHAUS_XBL";
}
AUTH_NA {
expression = "R_DKIM_NA & R_SPF_NA & DMARC_NA";
score = 1.0;
policy = "remove_weight";
}
DKIM_MIXED {
expression = "-R_DKIM_ALLOW & (R_DKIM_DNSFAIL | R_DKIM_PERMFAIL | R_DKIM_REJECT)"
policy = "remove_weight";
}
MAIL_RU_MAILER_BASE64 {
expression = "MAIL_RU_MAILER & (FROM_EXCESS_BASE64 | MIME_BASE64_TEXT | REPLYTO_EXCESS_BASE64 | SUBJ_EXCESS_BASE64 | TO_EXCESS_BASE64)";
}
YANDEX_RU_MAILER_CTYPE_MIXED_BOGUS {
expression = "YANDEX_RU_MAILER & -HAS_ATTACHMENT & CTYPE_MIXED_BOGUS";
}
MAILER_1C_8_BASE64 {
expression = "MAILER_1C_8 & (FROM_EXCESS_BASE64 | MIME_BASE64_TEXT | SUBJ_EXCESS_BASE64 | TO_EXCESS_BASE64)";
}
HACKED_WP_PHISHING {
expression = "HAS_X_POS & HAS_WP_URI & PHISHING";
policy = "leave";
}
COMPROMISED_ACCT_BULK {
expression = "(HAS_XOIP | RCVD_FROM_SMTP_AUTH) & DCC_BULK";
description = "Likely to be from a compromised account";
score = 3.0;
policy = "leave";
}
UNDISC_RCPTS_BULK {
expression = "DCC_BULK & (MISSING_TO | R_UNDISC_RCPT)";
description = "Missing or undisclosed recipients with a bulk signature";
score = 3.0;
policy = "leave";
}
.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
}
Reference in New Issue View Git Blame Copy Permalink