Add composites for outlook.

Submitted by: Victor Ustugov

2 files changed, 11 insertions, 8 deletions

diff --git a/conf/lua/regexp/headers.lua b/conf/lua/regexp/headers.lua
index 85208b982..838bca2f3 100644
--- a/conf/lua/regexp/headers.lua
+++ b/conf/lua/regexp/headers.lua
@@ -98,9 +98,11 @@ local iplanet_messaging_server = 'Received=/iPlanet Messaging Server/H'
 local hotmail_baydav_msgid = 'Message-Id=/^BAY\\d+-DAV\\d+[A-Z0-9]{25}\\@phx\\.gbl$/mH'
 -- Sympatico message id
 local sympatico_msgid = 'Message-Id=/^BAYC\\d+-PASMTP\\d+[A-Z0-9]{25}\\@CEZ\\.ICE$/mH'
+-- Mailman message id
+local mailman_msgid = 'Message-ID=/^<mailman\\.\\d+\\.\\d+\\.\\d+\\..+\\@\\S+>$/XS'
 -- Message id seems to be forged
-local unusable_msgid = string.format('(%s | %s | %s | %s | %s)', 
-					lyris_ezml_remailer, wacky_sendmail_version, iplanet_messaging_server, hotmail_baydav_msgid, sympatico_msgid)
+local unusable_msgid = string.format('(%s | %s | %s | %s | %s | %s)', 
+					lyris_ezml_remailer, wacky_sendmail_version, iplanet_messaging_server, hotmail_baydav_msgid, sympatico_msgid, mailman_msgid)
 -- Outlook express data seems to be forged
 local forged_oe = string.format('(%s & !%s & !%s & !%s)', oe_mua, oe_msgid_1, oe_msgid_2, unusable_msgid)
 -- Outlook specific headers
diff --git a/rspamd.xml.sample b/rspamd.xml.sample
index 44d6a6566..e099e5868 100644
--- a/rspamd.xml.sample
+++ b/rspamd.xml.sample
@@ -66,7 +66,9 @@
  <!-- Short html part with a link to an image -->
  <symbol weight="3.00" description="Short html part with a link to an image">HTML_SHORT_LINK_IMG_2</symbol>
  <!-- Forged outlook MUA -->
- <symbol weight="3.00" description="Forged outlook MUA ">FORGED_MUA_OUTLOOK</symbol>
+ <symbol weight="3.00" description="Forged outlook MUA">FORGED_MUA_OUTLOOK</symbol>
+ <!-- Forged outlook MUA, but from maillist -->
+ <symbol weight="0.00" description="Forged outlook MUA, but from maillist">FORGED_MUA_OUTLOOK_MAILLIST</symbol>
  <!-- Fake helo for verizon provider -->
  <symbol weight="2.00" description="Fake helo for verizon provider">FM_FAKE_HELO_VERIZON</symbol>
  <!--Quoted reply-to from yahoo (seems to be forged) --> 
@@ -103,6 +105,8 @@
  <symbol weight="3.00" description="Message id is missing ">MISSING_MID</symbol>
  <!-- Recipients are not the same as RCPT TO: mail command -->
  <symbol weight="3.00" description="Recipients are not the same as RCPT TO: mail command">FORGED_RECIPIENTS</symbol>
+ <!-- Recipients are not the same as RCPT TO: mail command, but from maillist -->
+ <symbol weight="0.00" description="Recipients are not the same as RCPT TO: mail command, but from maillist">FORGED_RECIPIENTS_MAILLIST</symbol>
  <!-- Forged Exchange messages -->
  <symbol weight="2.00" description="Forged Exchange messages ">RATWARE_MS_HASH</symbol>
  <!-- Reply-type in content-type -->
@@ -181,15 +185,12 @@
  <!-- Phished mail -->
  <symbol weight="5.0" description="Phished mail">PHISHING</symbol>
 
- <!-- Recipients are not the same as RCPT TO: mail command, but from maillist -->
- <symbol weight="-0.1" description="Recipients are not the same as RCPT TO: mail command, but from maillist">FORGED_RECIPIENTS_MAILLIST</symbol>
-
-
 </metric>
 <!-- End of metrics section -->
 
 <!-- Composites section -->
-<composite name="FORGED_RECIPIENTS_MAILLIST">FORGED_RECIPIENTS &amp; MAILLIST</composite>
+<composite name="FORGED_RECIPIENTS_MAILLIST">FORGED_RECIPIENTS &amp; ~MAILLIST</composite>
+<composite name="FORGED_MUA_OUTLOOK_MAILLIST">FORGED_MUA_OUTLOOK &amp; ~MAILLIST</composite>
 <!-- End of composites section -->
 
 <!-- Workers section -->