aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2016-11-09 18:08:43 +0400
committerGitHub <noreply@github.com>2016-11-09 18:08:43 +0400
commit8067edf7cc504a81cfdf2fa534a618c2dc592357 (patch)
tree376b6b61b4a83950ceecc7c1272b719c5299b467
parent1e11007cf4fcccc21792d9cd917b3d31aeccfeab (diff)
parent137b08a00bf67f186f4903d70fd28fff2c5676e9 (diff)
downloadrspamd-8067edf7cc504a81cfdf2fa534a618c2dc592357.tar.gz
rspamd-8067edf7cc504a81cfdf2fa534a618c2dc592357.zip
Merge pull request #1114 from fatalbanana/rules
[Feature] Rule to detect some obvious X-PHP-Originating-Script forgeries
-rw-r--r--rules/regexp/headers.lua7
1 files changed, 7 insertions, 0 deletions
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index 6b43c2f05..56f710650 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -790,6 +790,13 @@ reconf['X_PHP_EVAL'] = {
group = 'header'
}
+reconf['X_PHP_FORGED_0X'] = {
+ re = "X-PHP-Originating-Script=/^0\\d/X",
+ score = 4.0,
+ description = "X-PHP-Originating-Script header appears forged",
+ group = 'header'
+}
+
reconf['GOOGLE_FORWARDING_MID_MISSING'] = {
re = "Message-ID=/SMTPIN_ADDED_MISSING\\@mx\\.google\\.com>$/X",
score = 2.5,