mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19047 Commits
28 Branches
Tree: ed22f77cc2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ed22f77cc2'
${ noResults }
rspamd/conf/scores.d/surbl_group.conf

surbl_group.conf 7.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262 
  1. # URIBL rules scores

  2. #

  3. # Please don't modify this file as your changes might be overwritten with

  4. # the next update.

  5. #

  6. # You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine

  7. # parameters defined on the top level

  8. #

  9. # You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add

  10. # parameters defined on the top level

  11. #

  12. # For specific modules or configuration you can also modify

  13. # '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults

  14. # '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults

  15. #

  16. # See https://rspamd.com/doc/tutorials/writing_rules.html for details

  17. 

  18. description = "URL DNS lists";

  19. 

  20. max_score = 12.5;

  21. 

  22. symbols = {

  23.     "SURBL_BLOCKED" {

  24.         weight = 0.0;

  25.         description = "SURBL: blocked by policy/overusage";

  26.         one_shot = true;

  27.         groups = ["surblorg", "blocked"];

  28.     }

  29.     "PH_SURBL_MULTI" {

  30.         weight = 5.5;

  31.         description = "SURBL: Phishing sites";

  32.         one_shot = true;

  33.         groups = ["surblorg", "phishing"];

  34.     }

  35.     "MW_SURBL_MULTI" {

  36.         weight = 5.5;

  37.         description = "SURBL: Malware sites";

  38.         one_shot = true;

  39.         groups = ["surblorg"];

  40.     }

  41.     "ABUSE_SURBL" {

  42.         weight = 5.5;

  43.         description = "SURBL: ABUSE";

  44.         one_shot = true;

  45.         groups = ["surblorg"];

  46.     }

  47.     "CRACKED_SURBL" {

  48.         weight = 4.0;

  49.         description = "SURBL: cracked site";

  50.         one_shot = true;

  51.         groups = ["surblorg"];

  52.     }

  53.     "RSPAMD_URIBL" {

  54.         weight = 4.5;

  55.         description = "Rspamd uribl, bl.rspamd.com";

  56.         one_shot = true;

  57.         groups = ["rspamdbl"];

  58.     }

  59. 

  60.     "RSPAMD_EMAILBL" {

  61.         weight = 2.5;

  62.         description = "Rspamd emailbl, bl.rspamd.com";

  63.         one_shot = true;

  64.         groups = ["rspamdbl"];

  65.     }

  66. 

  67.     "MSBL_EBL" {

  68.         weight = 7.5;

  69.         description = "MSBL emailbl";

  70.         one_shot = true;

  71.         groups = ["ebl"];

  72.     }

  73. 

  74.     "MSBL_EBL_GREY" {

  75.         weight = 0.5; # TODO: test it

  76.         description = "MSBL emailbl grey list";

  77.         one_shot = true;

  78.         groups = ["ebl"];

  79.     }

  80. 

  81.     "SEM_URIBL_UNKNOWN" {

  82.         weight = 0.0;

  83.         description = "Spameatingmonkey uribl: unknown result";

  84.         one_shot = true;

  85.         groups = ["sem"];

  86.     }

  87.     "SEM_URIBL" {

  88.         weight = 3.5;

  89.         description = "Spameatingmonkey uribl";

  90.         one_shot = true;

  91.         groups = ["sem"];

  92.     }

  93. 

  94.     "SEM_URIBL_FRESH15_UNKNOWN" {

  95.         weight = 0.0;

  96.         description = "Spameatingmonkey Fresh15 uribl: unknown result";

  97.         one_shot = true;

  98.         groups = ["sem"];

  99.     }

  100.     "SEM_URIBL_FRESH15" {

  101.         weight = 3.0;

  102.         description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)";

  103.         one_shot = true;

  104.         groups = ["sem"];

  105.     }

  106. 

  107.     "DBL" {

  108.         weight = 0.0;

  109.         description = "DBL unknown result";

  110.         one_shot = true;

  111.         groups = ["spamhaus"];

  112.     }

  113.     "DBL_SPAM" {

  114.         weight = 6.5;

  115.         description = "DBL uribl spam";

  116.         one_shot = true;

  117.         groups = ["spamhaus"];

  118.     }

  119.     "DBL_PHISH" {

  120.         weight = 6.5;

  121.         description = "DBL uribl phishing";

  122.         one_shot = true;

  123.         groups = ["spamhaus"];

  124.     }

  125.     "DBL_MALWARE" {

  126.         weight = 6.5;

  127.         description = "DBL uribl malware";

  128.         one_shot = true;

  129.         groups = ["spamhaus"];

  130.     }

  131.     "DBL_BOTNET" {

  132.         weight = 5.5;

  133.         description = "DBL uribl botnet C&C domain";

  134.         one_shot = true;

  135.         groups = ["spamhaus"];

  136.     }

  137.     "DBL_ABUSE" {

  138.         weight = 6.5;

  139.         description = "DBL uribl abused legit spam";

  140.         one_shot = true;

  141.         groups = ["spamhaus"];

  142.     }

  143.     "DBL_ABUSE_REDIR" {

  144.         weight = 1.5;

  145.         description = "DBL uribl abused spammed redirector domain";

  146.         one_shot = true;

  147.         groups = ["spamhaus"];

  148.     }

  149.     "DBL_ABUSE_PHISH" {

  150.         weight = 7.5;

  151.         description = "DBL uribl abused legit phish";

  152.         one_shot = true;

  153.         groups = ["spamhaus"];

  154.     }

  155.     "DBL_ABUSE_MALWARE" {

  156.         weight = 7.5;

  157.         description = "DBL uribl abused legit malware";

  158.         one_shot = true;

  159.         groups = ["spamhaus"];

  160.     }

  161.     "DBL_ABUSE_BOTNET" {

  162.         weight = 5.5;

  163.         description = "DBL uribl abused legit botnet C&C";

  164.         one_shot = true;

  165.         groups = ["spamhaus"];

  166.     }

  167.     "DBL_PROHIBIT" {

  168.         weight = 0.0;

  169.         description = "DBL uribl IP queries prohibited!";

  170.         one_shot = true;

  171.         groups = ["spamhaus"];

  172.     }

  173.     "DBL_BLOCKED_OPENRESOLVER" {

  174.         weight = 0.0;

  175.         description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";

  176.         one_shot = true;

  177.         groups = ["spamhaus"];

  178.     }

  179.     "DBL_BLOCKED" {

  180.         weight = 0.0;

  181.         description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";

  182.         one_shot = true;

  183.         groups = ["spamhaus"];

  184.     }

  185.     "URIBL_MULTI" {

  186.         weight = 0.0;

  187.         description = "uribl.com: unrecognised result";

  188.         one_shot = true;

  189.         groups = ["uribl"];

  190.     }

  191.     "URIBL_BLOCKED" {

  192.         weight = 0.0;

  193.         description = "uribl.com: query refused";

  194.         one_shot = true;

  195.         groups = ["uribl", "blocked"];

  196.     }

  197.     "URIBL_BLACK" {

  198.         weight = 7.5;

  199.         description = "uribl.com black url";

  200.         one_shot = true;

  201.         groups = ["uribl"];

  202.     }

  203.     "URIBL_RED" {

  204.         weight = 3.5;

  205.         description = "uribl.com red url";

  206.         one_shot = true;

  207.         groups = ["uribl"];

  208.     }

  209.     "URIBL_GREY" {

  210.         weight = 1.5;

  211.         description = "uribl.com grey url";

  212.         one_shot = true;

  213.         groups = ["uribl"];

  214.     }

  215.     "SPAMHAUS_ZEN_URIBL" {

  216.         ignore = true;

  217.         weight = 0.0;

  218.         description = "Spamhaus ZEN URIBL: Filtered result";

  219.         one_shot = true;

  220.         groups = ["spamhaus"];

  221.     }

  222.     "URIBL_SBL" {

  223.         ignore = true;

  224.         weight = 6.5;

  225.         description = "A domain in the message body resolves to an IP listed in Spamhaus SBL";

  226.         one_shot = true;

  227.         groups = ["spamhaus"];

  228.     }

  229.     "URIBL_SBL_CSS" {

  230.         ignore = true;

  231.         weight = 6.5;

  232.         description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS";

  233.         one_shot = true;

  234.         groups = ["spamhaus"];

  235.     }

  236.     "URIBL_XBL" {

  237.         ignore = true;

  238.         weight = 1.5;

  239.         description = "A domain in the message body resolves to an IP listed in Spamhaus XBL";

  240.         one_shot = true;

  241.         groups = ["spamhaus"];

  242.     }

  243.     "URIBL_PBL" {

  244.         ignore = true;

  245.         weight = 0.01;

  246.         description = "A domain in the message body resolves to an IP listed in Spamhaus PBL";

  247.         one_shot = true;

  248.         groups = ["spamhaus"];

  249.     }

  250.     "URIBL_DROP" {

  251.         ignore = true;

  252.         weight = 5.0;

  253.         description = "A domain in the message body resolves to an IP listed in Spamhaus DROP";

  254.         one_shot = true;

  255.         groups = ["spamhaus"];

  256.     }

  257.     #"RBL_SARBL_BAD" {

  258.     #    weight = 2.5;

  259.     #    description = "A domain in the message body is blacklisted in SARBL";

  260.     #    one_shot = true;

  261.     #}

  262. }