rspamd/conf/metrics.conf

# Metrics settings

metric {
    name = "default";
    # If this param is set to non-zero 
    # then a metric would accept all symbols
    # unknown_weight = 1.0

	actions {
		reject = 15;
		add_header = 6;
		greylist = 4;
	};
    symbol {
        weight = 2.0;
        description = "Subject is missing inside message";
        name = "MISSING_SUBJECT";
    }
    symbol {
        weight = 2.100000;
        description = "Message pretends to be send from Outlook but has 'strange' tags ";
        name = "FORGED_OUTLOOK_TAGS";
    }
    symbol {
        weight = 0.30;
        description = "Sender is forged (different From: header and smtp MAIL FROM: addresses)";
        name = "FORGED_SENDER";
    }
    symbol {
        weight = 3.500000;
        description = "Recipients seems to be autogenerated (works if recipients count is more than 5)";
        name = "SUSPICIOUS_RECIPS";
    }
    symbol {
        weight = 6.0;
        description = "Fake reply (has RE in subject, but has not References header)";
        name = "FAKE_REPLY_C";
    }
    symbol {
        weight = 1.0;
        description = "Messages that have only HTML part";
        name = "MIME_HTML_ONLY";
    }
    symbol {
        weight = 2.0;
        description = "Forged yahoo msgid";
        name = "FORGED_MSGID_YAHOO";
    }
    symbol {
        weight = 2.0;
        description = "Forged The Bat! MUA headers";
        name = "FORGED_MUA_THEBAT_BOUN";
    }
    symbol {
        weight = 5.0;
        description = "Charset is missing in a message";
        name = "R_MISSING_CHARSET";
    }
    symbol {
        weight = 2.0;
        description = "Two received headers with ip addresses";
        name = "RCVD_DOUBLE_IP_SPAM";
    }
    symbol {
        weight = 5.0;
        description = "Forged outlook HTML signature";
        name = "FORGED_OUTLOOK_HTML";
    }
    symbol {
        weight = 5.0;
        description = "Recipients are absent or undisclosed";
        name = "R_UNDISC_RCPT";
    }
    symbol {
        weight = 9.0;
        description = "White color on white background in HTML messages";
        name = "R_WHITE_ON_WHITE";
    }
    symbol {
        weight = 3.0;
        description = "Short html part with a link to an image";
        name = "HTML_SHORT_LINK_IMG_2";
    }
    symbol {
        weight = 3.0;
        description = "Forged outlook MUA";
        name = "FORGED_MUA_OUTLOOK";
    }
    symbol {
        weight = 0.0;
        description = "Forged outlook MUA, but from maillist";
        name = "FORGED_MUA_OUTLOOK_MAILLIST";
    }
    symbol {
        weight = 5.0;
        description = "Suspicious boundary in header Content-Type";
        name = "SUSPICIOUS_BOUNDARY";
    }
    symbol {
        weight = 4.0;
        description = "Suspicious boundary in header Content-Type";
        name = "SUSPICIOUS_BOUNDARY2";
    }
    symbol {
        weight = 3.0;
        description = "Suspicious boundary in header Content-Type";
        name = "SUSPICIOUS_BOUNDARY3";
    }
    symbol {
        weight = 4.0;
        description = "Suspicious boundary in header Content-Type";
        name = "SUSPICIOUS_BOUNDARY4";
    }
    symbol {
        weight = 4.0;
        description = "Message pretends to be send from The Bat! but has forged Message-ID";
        name = "FORGED_MUA_THEBAT_MSGID";
    }
    symbol {
        weight = 3.0;
        description = "Message pretends to be send from The Bat! but has forged Message-ID";
        name = "FORGED_MUA_THEBAT_MSGID_UNKNOWN";
    }
    symbol {
        weight = 3.0;
        description = "Message pretends to be send from KMail but has forged Message-ID";
        name = "FORGED_MUA_KMAIL_MSGID";
    }
    symbol {
        weight = 2.500000;
        description = "Message pretends to be send from KMail but has forged Message-ID";
        name = "FORGED_MUA_KMAIL_MSGID_UNKNOWN";
    }
    symbol {
        weight = 4.0;
        description = "Message pretends to be send from Opera Mail but has forged Message-ID";
        name = "FORGED_MUA_OPERA_MSGID";
    }
    symbol {
        weight = 4.0;
        description = "Message pretends to be send from suspicious Opera Mail/10.x (Windows) but has forged Message-ID, apparently from KMail";
        name = "SUSPICIOUS_OPERA_10W_MSGID";
    }
    symbol {
        weight = 4.0;
        description = "Message pretends to be send from Mozilla Mail but has forged Message-ID";
        name = "FORGED_MUA_MOZILLA_MAIL_MSGID";
    }
    symbol {
        weight = 2.500000;
        description = "Message pretends to be send from Mozilla Mail but has forged Message-ID";
        name = "FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN";
    }
    symbol {
        weight = 4.0;
        description = "Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID";
        name = "FORGED_MUA_THUNDERBIRD_MSGID";
    }
    symbol {
        weight = 2.500000;
        description = "Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID";
        name = "FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN";
    }
    symbol {
        weight = 4.0;
        description = "Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID";
        name = "FORGED_MUA_SEAMONKEY_MSGID";
    }
    symbol {
        weight = 2.500000;
        description = "Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID";
        name = "FORGED_MUA_SEAMONKEY_MSGID_UNKNOWN";
    }
    symbol {
        weight = 2.0;
        description = "Fake helo for verizon provider";
        name = "FM_FAKE_HELO_VERIZON";
    }
    symbol {
        weight = 2.0;
        description = "Quoted reply-to from yahoo (seems to be forged)";
        name = "REPTO_QUOTE_YAHOO";
    }
    symbol {
        weight = 5.0;
        description = "Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange)";
        name = "MISSING_MIMEOLE";
    }
    symbol {
        weight = 2.0;
        description = "To header is missing";
        name = "MISSING_TO";
    }
    symbol {
        weight = 1.500000;
        description = "From that contains encoded characters while base 64 is not needed as all symbols are 7bit";
        name = "FROM_EXCESS_BASE64";
    }
    symbol {
        weight = 1.200000;
        description = "From that contains encoded characters while quoted-printable is not needed as all symbols are 7bit";
        name = "FROM_EXCESS_QP";
    }
    symbol {
        weight = 1.500000;
        description = "To that contains encoded characters while base 64 is not needed as all symbols are 7bit";
        name = "TO_EXCESS_BASE64";
    }
    symbol {
        weight = 1.200000;
        description = "To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit";
        name = "TO_EXCESS_QP";
    }
    symbol {
        weight = 1.500000;
        description = "Reply-To that contains encoded characters while base 64 is not needed as all symbols are 7bit";
        name = "REPLYTO_EXCESS_BASE64";
    }
    symbol {
        weight = 1.200000;
        description = "Reply-To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit";
        name = "REPLYTO_EXCESS_QP";
    }
    symbol {
        weight = 1.500000;
        description = "Cc that contains encoded characters while base 64 is not needed as all symbols are 7bit";
        name = "CC_EXCESS_BASE64";
    }
    symbol {
        weight = 1.200000;
        description = "Cc that contains encoded characters while quoted-printable is not needed as all symbols are 7bit";
        name = "CC_EXCESS_QP";
    }
    symbol {
        weight = 5.0;
        description = "Mixed characters in a message";
        name = "R_MIXED_CHARSET";
    }
    symbol {
        weight = 3.500000;
        description = "Recipients list seems to be sorted";
        name = "SORTED_RECIPS";
    }
    symbol {
        weight = 3.0;
        description = "Spambots signatures in received headers";
        name = "R_RCVD_SPAMBOTS";
    }
    symbol {
        weight = 2.0;
        description = "To header seems to be autogenerated";
        name = "R_TO_SEEMS_AUTO";
    }
    symbol {
        weight = 1.0;
        description = "Subject needs encoding";
        name = "SUBJECT_NEEDS_ENCODING";
    }
    symbol {
        weight = 3.840000;
        description = "Spam string at the end of message to make statistics faults 0";
        name = "TRACKER_ID";
    }
    symbol {
        weight = 1.0;
        description = "No space in from header";
        name = "R_NO_SPACE_IN_FROM";
    }
    symbol {
        weight = 8.0;
        description = "Subject seems to be spam";
        name = "R_SAJDING";
    }
    symbol {
        weight = 3.0;
        description = "Detects bad content-transfer-encoding for text parts";
        name = "R_BAD_CTE_7BIT";
    }
    symbol {
        weight = 10.0;
        description = "Flash redirect on imageshack.us";
        name = "R_FLASH_REDIR_IMGSHACK";
    }
    symbol {
        weight = 5.0;
        description = "Message id is incorrect";
        name = "INVALID_MSGID";
    }
    symbol {
        weight = 3.0;
        description = "Message id is missing ";
        name = "MISSING_MID";
    }
    symbol {
        weight = 1.0;
        description = "Recipients are not the same as RCPT TO: mail command";
        name = "FORGED_RECIPIENTS";
    }
    symbol {
        weight = 0.0;
        description = "Recipients are not the same as RCPT TO: mail command, but a message from a maillist";
        name = "FORGED_RECIPIENTS_MAILLIST";
    }
    symbol {
        weight = 0.0;
        description = "Sender is not the same as MAIL FROM: envelope, but a message is from a maillist";
        name = "FORGED_SENDER_MAILLIST";
    }
    symbol {
        weight = 2.0;
        description = "Forged Exchange messages ";
        name = "RATWARE_MS_HASH";
    }
    symbol {
        weight = 1.0;
        description = "Reply-type in content-type";
        name = "STOX_REPLY_TYPE";
    }
    symbol {
        weight = 1.0;
        description = "One received header in a message ";
        name = "ONCE_RECEIVED";
    }
    symbol {
        weight = 4.0;
        description = "One received header with 'bad' patterns inside";
        name = "ONCE_RECEIVED_STRICT";
    }

    symbol { name = "DNSWL_BLOCKED"; weight = 0.0; description = "Resolver blocked due to excessive queries"; }
    symbol { name = "RCVD_IN_DNSWL"; weight = 0.0; description = "Sender listed at http://www.dnswl.org"; }
    symbol { name = "RCVD_IN_DNSWL_NONE"; weight = -0.05; description = "Sender listed at http://www.dnswl.org, low none"; }
    symbol { name = "RCVD_IN_DNSWL_LOW"; weight = -0.1; description = "Sender listed at http://www.dnswl.org, low trust"; }
    symbol { name = "RCVD_IN_DNSWL_MED"; weight = -1.0; description = "Sender listed at http://www.dnswl.org, medium trust"; }
    symbol { name = "RCVD_IN_DNSWL_HI"; weight = -5.0; description = "Sender listed at http://www.dnswl.org, high trust"; }

    symbol { name = "RBL_SPAMHAUS"; weight = 0.0; description = "From address is listed in zen"; }
    symbol { name = "RBL_SPAMHAUS_SBL"; weight = 2.0; description = "From address is listed in zen sbl"; }
    symbol { name = "RBL_SPAMHAUS_CSS"; weight = 2.0; description = "From address is listed in zen css"; }
    symbol { name = "RBL_SPAMHAUS_XBL"; weight = 4.0; description = "From address is listed in zen xbl"; }
    symbol { name = "RBL_SPAMHAUS_PBL"; weight = 2.0; description = "From address is listed in zen pbl"; }
    symbol { name = "RECEIVED_SPAMHAUS_XBL"; weight = 3.0; description = "Received address is listed in zen pbl"; one_shot = true; }
    
    symbol { name = "RWL_SPAMHAUS_WL"; weight = 0.0; description = "Sender listed at Spamhaus whitelist"; }
    symbol { name = "RWL_SPAMHAUS_WL_IND"; weight = -0.7; description = "Sender listed at Spamhaus whitelist"; }
    symbol { name = "RWL_SPAMHAUS_WL_TRANS"; weight = -0.6; description = "Sender listed at Spamhaus whitelist"; }
    symbol { name = "RWL_SPAMHAUS_WL_IND_EXP"; weight = -0.3; description = "Sender listed at Spamhaus whitelist"; }
    symbol { name = "RWL_SPAMHAUS_WL_TRANS_EXP"; weight = -0.2; description = "Sender listed at Spamhaus whitelist"; }
    
    symbol {
        weight = 2.0;
        description = "From address is listed in senderscore.com BL";
        name = "RBL_SENDERSCORE";
    }
    symbol {
        weight = 1.0;
        description = "From address is listed in ABUSE.CH BL";
        name = "RBL_ABUSECH";
    }
    symbol {
        weight = 1.0;
        description = "From address is listed in UCEPROTECT LEVEL1 BL";
        name = "RBL_UCEPROTECT_LEVEL1";
    }
    
    symbol { name = "RBL_MAILSPIKE"; weight = 0.0; description = "From address is listed in RBL"; }
    symbol { name = "RBL_MAILSPIKE_WORST"; weight = 2.0; description = "From address is listed in RBL"; }
    symbol { name = "RBL_MAILSPIKE_VERYBAD"; weight = 1.5; description = "From address is listed in RBL"; }
    symbol { name = "RBL_MAILSPIKE_BAD"; weight = 1.0; description = "From address is listed in RBL"; }
    symbol { name = "RBL_MAILSPIKE_SUSP"; weight = 0.5; description = "From address is listed in RBL"; }
    symbol { name = "RBL_MAILSPIKE_PROB"; weight = 0.3; description = "From address is listed in RBL"; }
    symbol { name = "RWL_MAILSPIKE_POSSIBLE"; weight = -0.2; description = "From address is listed in RWL"; }
    symbol { name = "RWL_MAILSPIKE_GOOD"; weight = -0.5; description = "From address is listed in RWL"; }
    symbol { name = "RWL_MAILSPIKE_VERYGOOD"; weight = -0.6; description = "From address is listed in RWL"; }
    symbol { name = "RWL_MAILSPIKE_EXCELLENT"; weight = -0.7; description = "From address is listed in RWL"; }
	
    symbol {
        weight = 1.0;
        name = "RBL_SORBS";
        description = "From address is listed in SORBS RBL";
    }
    symbol {
        weight = 2.5; 
        name = "RBL_SORBS_HTTP";
        description = "List of Open HTTP Proxy Servers.";
    }
    symbol {
        weight = 2.5;
        name = "RBL_SORBS_SOCKS";
        description = "List of Open SOCKS Proxy Servers.";
    }
    symbol {
        weight = 1.0;
        name = "RBL_SORBS_MISC";
        description = "List of open Proxy Servers not listed in the SOCKS or HTTP lists.";
    }
    symbol {
        weight = 3.0;
        name = "RBL_SORBS_SMTP";
        description = "List of Open SMTP relay servers.";
    }
    symbol {
        weight = 1.5;
        name = "RBL_SORBS_RECENT";
        description = "List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS within the last 28 days (includes new.spam.dnsbl.sorbs.net).";
    }
    symbol {
        weight = 0.4;
        name = "RBL_SORBS_WEB";
        description = "List of web (WWW) servers which have spammer abusable vulnerabilities (e.g. FormMail scripts)";
    }
    symbol {
        weight = 2.0;
        name = "RBL_SORBS_DUL";
        description = "Dynamic IP Address ranges (NOT a Dial Up list!)";
    }
    symbol {
        weight = 1.0;
        name = "RBL_SORBS_BLOCK";
        description = "List of hosts demanding that they never be tested by SORBS.";
    }
    symbol {
        weight = 1.0;
        name = "RBL_SORBS_ZOMBIE";
        description = "List of networks hijacked from their original owners, some of which have already used for spamming.";
    }
    
    symbol {
        weight = 1.0; 
        name = "RBL_SEM";
        description = "Address is listed in Spameatingmonkey RBL";
    }
    
    symbol {
        weight = 1.0; 
        name = "RBL_SEM_IPV6";
        description = "Address is listed in Spameatingmonkey RBL (ipv6)";
    }

    symbol {
        weight = 3.0;
        description = "Text and HTML parts differ";
        name = "R_PARTS_DIFFER";
    }
    symbol {
        weight = 2.0;
        description = "Only Content-Type header without other MIME headers";
        name = "MIME_HEADER_CTYPE_ONLY";
    }
    symbol {
        weight = 2.0;
        description = "Message contains empty parts and image ";
        name = "R_EMPTY_IMAGE";
    }
    symbol {
        weight = 2.0;
        description = "Drugs patterns inside message";
        name = "DRUGS_MANYKINDS";
    }
    symbol {
        weight = 2.0;
        description = "";
        name = "DRUGS_ANXIETY";
    }
    symbol {
        weight = 2.0;
        description = "";
        name = "DRUGS_MUSCLE";
    }
    symbol {
        weight = 2.0;
        description = "";
        name = "DRUGS_ANXIETY_EREC";
    }
    symbol {
        weight = 2.0;
        description = "";
        name = "DRUGS_DIET";
    }
    symbol {
        weight = 2.0;
        description = "";
        name = "DRUGS_ERECTILE";
    }
    symbol {
        weight = 3.300000;
        description = "2 'advance fee' patterns in a message";
        name = "ADVANCE_FEE_2";
    }
    symbol {
        weight = 2.120000;
        description = "3 'advance fee' patterns in a message";
        name = "ADVANCE_FEE_3";
    }
    symbol {
        weight = 8.0;
        description = "Lotto signatures";
        name = "R_LOTTO";
    }
    symbol {
        weight = 3.0;
        description = "Message probably spam, probability: ";
        name = "BAYES_SPAM";
    }
    symbol {
        weight = -3.0;
        description = "Message probably ham, probability: ";
        name = "BAYES_HAM";
    }
    symbol {
        weight = 5.0;
        description = "Generic fuzzy hash match";
        name = "FUZZY_UNKNOWN";
    }
    symbol {
        weight = 10.0;
        description = "Denied fuzzy hash";
        name = "FUZZY_DENIED";
    }
    symbol {
        weight = 5.0;
        description = "Probable fuzzy hash";
        name = "FUZZY_PROB";
    }
    symbol {
        weight = -2.1;
        description = "Whitelisted fuzzy hash";
        name = "FUZZY_WHITE";
    }
    symbol {
        weight = 1.0;
        description = "SPF verification failed";
        name = "R_SPF_FAIL";
    }
    symbol {
        weight = 0.0;
        description = "SPF verification soft-failed";
        name = "R_SPF_SOFTFAIL";
    }
    symbol {
        weight = 0.0;
        description = "SPF policy is neutral";
        name = "R_SPF_NEUTRAL";
    }
    symbol {
        weight = -1.1;
        description = "SPF verification alowed";
        name = "R_SPF_ALLOW";
    }
    symbol {
        weight = 1.0;
        description = "DKIM verification failed";
        name = "R_DKIM_REJECT";
    }
    symbol {
        weight = 0.0;
        description = "DKIM verification soft-failed";
        name = "R_DKIM_TEMPFAIL";
    }
    symbol {
        weight = -1.1;
        description = "DKIM verification succeed";
        name = "R_DKIM_ALLOW";
    }
    symbol {
        weight = -1.0;
        description = "Message seems to be from maillist";
        name = "MAILLIST";
    }
    symbol {
        weight = 5.500000;
        description = "SURBL: Phishing sites";
        name = "PH_SURBL_MULTI";
    }
    symbol {
        weight = 5.500000;
        description = "SURBL: Malware sites";
        name = "MW_SURBL_MULTI";
    }
    symbol {
        weight = 5.500000;
        description = "SURBL: AbuseButler web sites";
        name = "AB_SURBL_MULTI";
    }
    symbol {
        weight = 5.500000;
        description = "SURBL: SpamCop web sites";
        name = "SC_SURBL_MULTI";
    }
    symbol {
        weight = 5.500000;
        description = "SURBL: jwSpamSpy + Prolocation sites";
        name = "JP_SURBL_MULTI";
    }
    symbol {
        weight = 5.500000;
        description = "SURBL: sa-blacklist web sites ";
        name = "WS_SURBL_MULTI";
    }
    symbol {
        weight = 4.500000;
        description = "rambler.ru uribl";
        name = "RAMBLER_URIBL";
    }
    
    symbol { weight = 0.0; name = "SEM_URIBL_UNKNOWN"; description = "Spameatingmonkey uribl unknown"; }
    symbol { weight = 3.5; name = "SEM_URIBL"; description = "Spameatingmonkey uribl"; }

    symbol { weight = 0.0; name = "SEM_URIBL_FRESH15_UNKNOWN"; description = "Spameatingmonkey uribl unknown"; }
    symbol { weight = 3.0; name = "SEM_URIBL_FRESH15"; description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)"; }
    
    symbol {
        weight = 5.500000;
        description = "DBL uribl";
        name = "DBL";
    }
    symbol {
        weight = 7.5;
        description = "uribl.com black url";
        name = "URIBL_BLACK";
    }
    symbol {
        weight = 3.5;
        description = "uribl.com red url";
        name = "URIBL_RED";
    }
    symbol {
        weight = 1.5;
        description = "uribl.com grey url";
        name = "URIBL_GREY";
    }
    symbol {
        weight = 9.500000;
        description = "rambler.ru emailbl";
        name = "RAMBLER_EMAILBL";
    }
    symbol {
        weight = 5.0;
        description = "Phished mail";
        name = "PHISHING";
    }
    symbol {
        weight = 1.0;
        description = "Header From begins with tab";
        name = "HEADER_FROM_DELIMITER_TAB";
    }
    symbol {
        weight = 1.0;
        description = "Header To begins with tab";
        name = "HEADER_TO_DELIMITER_TAB";
    }
    symbol {
        weight = 1.0;
        description = "Header Cc begins with tab";
        name = "HEADER_CC_DELIMITER_TAB";
    }
    symbol {
        weight = 1.0;
        description = "Header Reply-To begins with tab";
        name = "HEADER_REPLYTO_DELIMITER_TAB";
    }
    symbol {
        weight = 1.0;
        description = "Header Date begins with tab";
        name = "HEADER_DATE_DELIMITER_TAB";
    }
    symbol {
        weight = 1.0;
        description = "Header From has no delimiter between header name and header value";
        name = "HEADER_FROM_EMPTY_DELIMITER";
    }
    symbol {
        weight = 1.0;
        description = "Header To has no delimiter between header name and header value";
        name = "HEADER_TO_EMPTY_DELIMITER";
    }
    symbol {
        weight = 1.0;
        description = "Header Cc has no delimiter between header name and header value";
        name = "HEADER_CC_EMPTY_DELIMITER";
    }
    symbol {
        weight = 1.0;
        description = "Header Reply-To has no delimiter between header name and header value";
        name = "HEADER_REPLYTO_EMPTY_DELIMITER";
    }
    symbol {
        weight = 1.0;
        description = "Header Date has no delimiter between header name and header value";
        name = "HEADER_DATE_EMPTY_DELIMITER";
    }
    symbol {
        weight = 4.0;
        description = "Header Received has raw illegal character";
        name = "RCVD_ILLEGAL_CHARS";
    }
    symbol {
        weight = 4.0;
        description = "Fake helo mail.ru in header Received from non mail.ru sender address";
        name = "FAKE_RECEIVED_mail_ru";
    }
    symbol {
        weight = 4.0;
        description = "Fake smtp.yandex.ru Received";
        name = "FAKE_RECEIVED_smtp_yandex_ru";
    }
    symbol {
        weight = 3.600000;
        description = "Forged generic Received";
        name = "FORGED_GENERIC_RECEIVED";
    }
    symbol {
        weight = 3.600000;
        description = "Forged generic Received";
        name = "FORGED_GENERIC_RECEIVED2";
    }
    symbol {
        weight = 3.600000;
        description = "Forged generic Received";
        name = "FORGED_GENERIC_RECEIVED3";
    }
    symbol {
        weight = 3.600000;
        description = "Forged generic Received";
        name = "FORGED_GENERIC_RECEIVED4";
    }
    symbol {
        weight = 4.600000;
        description = "Forged generic Received";
        name = "FORGED_GENERIC_RECEIVED5";
    }
    symbol {
        weight = 3.0;
        description = "Invalid Postfix Received";
        name = "INVALID_POSTFIX_RECEIVED";
    }
    symbol {
        weight = 5.0;
        description = "Invalid Exim Received";
        name = "INVALID_EXIM_RECEIVED";
    }
    symbol {
        weight = 3.0;
        description = "Invalid Exim Received";
        name = "INVALID_EXIM_RECEIVED2";
    }
    symbol {
        weight = 4.0;
        description = "Message date is in future";
        name = "DATE_IN_FUTURE";
    }
    symbol {
        weight = 1.0;
        description = "Message date is in past";
        name = "DATE_IN_PAST";
    }
    symbol {
        weight = 1.0;
        description = "Message date is missing";
        name = "MISSING_DATE";
    }
# hfilter symbols
    symbol { weight = 4.00; name = "HFILTER_HELO_BAREIP"; description = "Helo host is bare ip"; }
    symbol { weight = 4.50; name = "HFILTER_HELO_BADIP"; description = "Helo host is very bad ip"; }
    symbol { weight = 4.00; name = "HFILTER_HELO_UNKNOWN"; description = "Helo host empty or unknown"; }
    symbol { weight = 1.00; name = "HFILTER_HELO_1"; description = "Helo host checks (very low)"; }
    symbol { weight = 2.00; name = "HFILTER_HELO_2"; description = "Helo host checks (low)"; }
    symbol { weight = 3.00; name = "HFILTER_HELO_3"; description = "Helo host checks (medium)"; }
    symbol { weight = 3.50; name = "HFILTER_HELO_4"; description = "Helo host checks (hard)"; }
    symbol { weight = 4.00; name = "HFILTER_HELO_5"; description = "Helo host checks (very hard)"; }
    symbol { weight = 1.00; name = "HFILTER_HOSTNAME_1"; description = "Hostname checks (very low)"; }
    symbol { weight = 2.00; name = "HFILTER_HOSTNAME_2"; description = "Hostname checks (low)"; }
    symbol { weight = 3.00; name = "HFILTER_HOSTNAME_3"; description = "Hostname checks (medium)"; }
    symbol { weight = 3.50; name = "HFILTER_HOSTNAME_4"; description = "Hostname checks (hard)"; }
    symbol { weight = 4.00; name = "HFILTER_HOSTNAME_5"; description = "Hostname checks (very hard)"; }
    symbol { weight = 1.50; name = "HFILTER_HELO_NORESOLVE_MX"; description = "MX found in Helo and no resolve"; }
    symbol { weight = 2.00; name = "HFILTER_HELO_NORES_A_OR_MX"; description = "Helo no resolve to A or MX"; }
    symbol { weight = 1.00; name = "HFILTER_HELO_IP_A"; description = "Helo A IP != hostname IP"; }
    symbol { weight = 3.00; name = "HFILTER_HELO_NOT_FQDN"; description = "Helo not FQDN"; }
    symbol { weight = 1.50; name = "HFILTER_FROMHOST_NORESOLVE_MX"; description = "MX found in FROM host and no resolve"; }
    symbol { weight = 3.50; name = "HFILTER_FROMHOST_NORES_A_OR_MX"; description = "FROM host no resolve to A or MX"; }
    symbol { weight = 4.00; name = "HFILTER_FROMHOST_NOT_FQDN"; description = "FROM host not FQDN"; }
    symbol { weight = 0.00; name = "HFILTER_FROM_BOUNCE"; description = "Bounce message"; }
    symbol { weight = 0.50; name = "HFILTER_MID_NORESOLVE_MX"; description = "MX found in Message-id host and no resolve"; }
    symbol { weight = 0.50; name = "HFILTER_MID_NORES_A_OR_MX"; description = "Message-id host no resolve to A or MX"; }
    symbol { weight = 0.50; name = "HFILTER_MID_NOT_FQDN"; description = "Message-id host not FQDN"; }
    symbol { weight = 4.00; name = "HFILTER_HOSTNAME_UNKNOWN"; description = "Unknown hostname (no PTR or no resolve PTR to hostname)"; }
    symbol { weight = 1.50; name = "HFILTER_RCPT_BOUNCEMOREONE"; description = "Message from bounce and over 1 recepient"; }
    symbol { weight = 3.50; name = "HFILTER_URL_ONLY"; description = "URL only in body"; }
    symbol { weight = 2.20; name = "HFILTER_URL_ONELINE"; description = "One line URL and text in body"; }
}