diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-01-24 14:10:33 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-01-24 14:10:33 +0000 |
| commit | 1678075da31b6939396a95b9aa2c93c90ee7485b (patch) | |
| tree | 52ac042b06ced6bb6234ee02a2c69ee63abf4710 | |
| parent | 53cbe6468b24f172dea501e5ce336e7e0ee126ba (diff) | |
| download | rspamd-1678075da31b6939396a95b9aa2c93c90ee7485b.tar.gz rspamd-1678075da31b6939396a95b9aa2c93c90ee7485b.zip | |
Add rule to detect spammers attempts to cheat mime parsing
| -rw-r--r-- | rules/misc.lua | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/rules/misc.lua b/rules/misc.lua index 90767d70c..e49603278 100644 --- a/rules/misc.lua +++ b/rules/misc.lua @@ -185,3 +185,36 @@ rspamd_config.HEADER_FORGED_MDN = { group = 'headers', description = 'Read confirmation address is different to return path' } + +local headers_unique = { + 'Content-Type', + 'Content-Transfer-Encoding', + 'Date', + 'Message-ID' +} + +rspamd_config.MULTIPLE_UNIQUE_HEADERS = { + callback = function (task) + local res = 0 + local res_tbl = {} + + for i,hdr in ipairs(headers_unique) do + local h = task:get_header_full(hdr) + + if h and #h > 1 then + res = res + 1 + table.insert(res_tbl, hdr) + end + end + + if res > 0 then + return true,res,table.concat(res_tbl, ',') + end + + return false + end, + + score = 5.0, + group = 'headers', + description = 'Repeated unique headers' +} |