mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16481 Commits
29 Branches
Tree: 626107bb0f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '626107bb0f'
${ noResults }
rspamd/conf/scores.d/surbl_group.conf

surbl_group.conf 6.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228 
  1. # URIBL rules scores

  2. #

  3. # Please don't modify this file as your changes might be overwritten with

  4. # the next update.

  5. #

  6. # You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine

  7. # parameters defined on the top level

  8. #

  9. # You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add

  10. # parameters defined on the top level

  11. #

  12. # For specific modules or configuration you can also modify

  13. # '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults

  14. # '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults

  15. #

  16. # See https://rspamd.com/doc/tutorials/writing_rules.html for details

  17. 

  18. description = "URL DNS lists";

  19. 

  20. max_score = 12.5;

  21. 

  22. symbols = {

  23.     "SURBL_BLOCKED" {

  24.         weight = 0.0;

  25.         description = "SURBL: blocked by policy/overusage";

  26.         groups = ["surblorg", "blocked"];

  27.     }

  28.     "PH_SURBL_MULTI" {

  29.         weight = 5.5;

  30.         description = "SURBL: Phishing sites";

  31.         groups = ["surblorg", "phishing"];

  32.     }

  33.     "MW_SURBL_MULTI" {

  34.         weight = 5.5;

  35.         description = "SURBL: Malware sites";

  36.         groups = ["surblorg"];

  37.     }

  38.     "ABUSE_SURBL" {

  39.         weight = 5.5;

  40.         description = "SURBL: ABUSE";

  41.         groups = ["surblorg"];

  42.     }

  43.     "CRACKED_SURBL" {

  44.         weight = 4.0;

  45.         description = "SURBL: cracked site";

  46.         groups = ["surblorg"];

  47.     }

  48.     "RSPAMD_URIBL" {

  49.         weight = 4.5;

  50.         description = "Rspamd uribl, bl.rspamd.com";

  51.         one_shot = true;

  52.         groups = ["rspamdbl"];

  53.     }

  54. 

  55.     "RSPAMD_EMAILBL" {

  56.         weight = 2.5;

  57.         description = "Rspamd emailbl, bl.rspamd.com";

  58.         one_shot = true;

  59.         groups = ["rspamdbl"];

  60.     }

  61. 

  62.     "MSBL_EBL" {

  63.         weight = 7.5;

  64.         description = "MSBL emailbl";

  65.         one_shot = true;

  66.         groups = ["ebl"];

  67.     }

  68. 

  69.     "MSBL_EBL_GREY" {

  70.         weight = 0.5; # TODO: test it

  71.         description = "MSBL emailbl grey list";

  72.         one_shot = true;

  73.         groups = ["ebl"];

  74.     }

  75. 

  76.     "SEM_URIBL_UNKNOWN" {

  77.         weight = 0.0;

  78.         description = "Spameatingmonkey uribl: unknown result";

  79.         groups = ["sem"];

  80.     }

  81.     "SEM_URIBL" {

  82.         weight = 3.5;

  83.         description = "Spameatingmonkey uribl";

  84.         groups = ["sem"];

  85.     }

  86. 

  87.     "SEM_URIBL_FRESH15_UNKNOWN" {

  88.         weight = 0.0;

  89.         description = "Spameatingmonkey Fresh15 uribl: unknown result";

  90.         groups = ["sem"];

  91.     }

  92.     "SEM_URIBL_FRESH15" {

  93.         weight = 3.0;

  94.         description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)";

  95.         groups = ["sem"];

  96.     }

  97. 

  98.     "DBL" {

  99.         weight = 0.0;

  100.         description = "DBL unknown result";

  101.         groups = ["spamhaus"];

  102.     }

  103.     "DBL_SPAM" {

  104.         weight = 6.5;

  105.         description = "DBL uribl spam";

  106.         groups = ["spamhaus"];

  107.     }

  108.     "DBL_PHISH" {

  109.         weight = 6.5;

  110.         description = "DBL uribl phishing";

  111.         groups = ["spamhaus"];

  112.     }

  113.     "DBL_MALWARE" {

  114.         weight = 6.5;

  115.         description = "DBL uribl malware";

  116.         groups = ["spamhaus"];

  117.     }

  118.     "DBL_BOTNET" {

  119.         weight = 5.5;

  120.         description = "DBL uribl botnet C&C domain";

  121.         groups = ["spamhaus"];

  122.     }

  123.     "DBL_ABUSE" {

  124.         weight = 6.5;

  125.         description = "DBL uribl abused legit spam";

  126.         groups = ["spamhaus"];

  127.     }

  128.     "DBL_ABUSE_REDIR" {

  129.         weight = 1.5;

  130.         description = "DBL uribl abused spammed redirector domain";

  131.         groups = ["spamhaus"];

  132.     }

  133.     "DBL_ABUSE_PHISH" {

  134.         weight = 7.5;

  135.         description = "DBL uribl abused legit phish";

  136.         groups = ["spamhaus"];

  137.     }

  138.     "DBL_ABUSE_MALWARE" {

  139.         weight = 7.5;

  140.         description = "DBL uribl abused legit malware";

  141.         groups = ["spamhaus"];

  142.     }

  143.     "DBL_ABUSE_BOTNET" {

  144.         weight = 5.5;

  145.         description = "DBL uribl abused legit botnet C&C";

  146.         groups = ["spamhaus"];

  147.     }

  148.     "DBL_PROHIBIT" {

  149.         weight = 0.0;

  150.         description = "DBL uribl IP queries prohibited!";

  151.         groups = ["spamhaus"];

  152.     }

  153.     "DBL_BLOCKED_OPENRESOLVER" {

  154.       weight = 0.0;

  155.       description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";

  156.       groups = ["spamhaus"];

  157.     }

  158.     "DBL_BLOCKED" {

  159.       weight = 0.0;

  160.       description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";

  161.       groups = ["spamhaus"];

  162.     }

  163.     "URIBL_MULTI" {

  164.         weight = 0.0;

  165.         description = "uribl.com: unrecognised result";

  166.         groups = ["uribl"];

  167.     }

  168.     "URIBL_BLOCKED" {

  169.         weight = 0.0;

  170.         description = "uribl.com: query refused";

  171.         groups = ["uribl", "blocked"];

  172.     }

  173.     "URIBL_BLACK" {

  174.         weight = 7.5;

  175.         description = "uribl.com black url";

  176.         groups = ["uribl"];

  177.     }

  178.     "URIBL_RED" {

  179.         weight = 3.5;

  180.         description = "uribl.com red url";

  181.         groups = ["uribl"];

  182.     }

  183.     "URIBL_GREY" {

  184.         weight = 1.5;

  185.         description = "uribl.com grey url";

  186.         one_shot = true;

  187.         groups = ["uribl"];

  188.     }

  189.     #"SPAMHAUS_ZEN_URIBL" {

  190.     #    weight = 0.0;

  191.     #    description = "Spamhaus ZEN URIBL: Filtered result";

  192.     #    groups = ["spamhaus"];

  193.     #}

  194.     #"URIBL_SBL" {

  195.     #    weight = 6.5;

  196.     #    description = "A domain in the message body resolves to an IP listed in Spamhaus SBL";

  197.     #    one_shot = true;

  198.     #    groups = ["v"];

  199.     #}

  200.     #"URIBL_SBL_CSS" {

  201.     #   weight = 6.5;

  202.     #    description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS";

  203.     #    one_shot = true;

  204.     #    groups = ["spamhaus"];

  205.     #}

  206.     #"URIBL_XBL" {

  207.     #    weight = 1.5;

  208.     #    description = "A domain in the message body resolves to an IP listed in Spamhaus XBL";

  209.     #    one_shot = true;

  210.     #    groups = ["spamhaus"];

  211.     #}

  212.     #"URIBL_PBL" {

  213.     #    weight = 0.01;

  214.     #    description = "A domain in the message body resolves to an IP listed in Spamhaus PBL";

  215.     #    groups = ["spamhaus"];

  216.     #}

  217.     #"URIBL_DROP" {

  218.     #    weight = 5.0;

  219.     #    description = "A domain in the message body resolves to an IP listed in Spamhaus DROP";

  220.     #    one_shot = true;

  221.     #    groups = ["spamhaus"];

  222.     #}

  223.     #"RBL_SARBL_BAD" {

  224.     #    weight = 2.5;

  225.     #    description = "A domain in the message body is blacklisted in SARBL";

  226.     #    one_shot = true;

  227.     #}

  228. }