diff options
author | Vsevolod Stakhov <vsevolod@rspamd.com> | 2024-04-30 20:07:58 +0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-04-30 20:07:58 +0600 |
commit | a7d2543250b176eff03668eccfa774f2e4bd3bdb (patch) | |
tree | 0bae1c0e1cd751b7d4db90f55502390a17c41d7d | |
parent | 12f965bf98a0c89b67d132c2a5ec196378c49893 (diff) | |
parent | e4fcdfd2765c57d356f2e38d4f24b95ebef15550 (diff) | |
download | rspamd-a7d2543250b176eff03668eccfa774f2e4bd3bdb.tar.gz rspamd-a7d2543250b176eff03668eccfa774f2e4bd3bdb.zip |
Merge pull request #4915 from twesterhever/temp-freemail-mdn
Add detection for freemail and disposable e-mail usage for message delivery notification
-rw-r--r-- | conf/composites.conf | 9 | ||||
-rw-r--r-- | conf/modules.d/multimap.conf | 20 |
2 files changed, 28 insertions, 1 deletions
diff --git a/conf/composites.conf b/conf/composites.conf index c1b603e51..b1bff1c1a 100644 --- a/conf/composites.conf +++ b/conf/composites.conf @@ -165,12 +165,19 @@ composites { group = "scams"; } FREEMAIL_AFF { - expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & (TO_DN_RECIPIENTS | R_UNDISC_RCPT) & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM | SUBJECT_HAS_CURRENCY)"; + expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO | FREEMAIL_MDN) & (TO_DN_RECIPIENTS | R_UNDISC_RCPT) & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM | SUBJECT_HAS_CURRENCY)"; score = 4.0; policy = "leave"; description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses"; group = "scams"; } + SUSPICIOUS_MDN { + expression = "(FREEMAIL_MDN | DISPOSABLE_MDN) & !(FREEMAIL_FROM | FREEMAIL_ENVFROM)"; + score = 2.0; + policy = "leave"; + description = "Message delivery notification should go to freemail or disposable e-mail, but message was not sent from a freemail address"; + group = "scams"; + } REDIRECTOR_URL_ONLY { expression = "HFILTER_URL_ONLY & REDIRECTOR_URL"; score = 1.0; diff --git a/conf/modules.d/multimap.conf b/conf/modules.d/multimap.conf index b707ddfb1..0b43b6ca9 100644 --- a/conf/modules.d/multimap.conf +++ b/conf/modules.d/multimap.conf @@ -85,6 +85,16 @@ multimap { score = 0.0; } + freemail_mdn { + type = "header"; + header = "Disposition-Notification-To"; + filter = "email:domain"; + map = "https://maps.rspamd.com/freemail/free.txt.zst"; + symbol = "FREEMAIL_MDN"; + description = "Disposition-Notification-To is a Freemail address"; + score = 0.0; + } + # Disposable Addresses disposable_envfrom { type = "from"; @@ -147,6 +157,16 @@ multimap { score = 0.0; } + disposable_mdn { + type = "header"; + header = "Disposition-Notification-To"; + filter = "email:domain"; + map = "https://maps.rspamd.com/freemail/disposable.txt.zst"; + symbol = "DISPOSABLE_MDN"; + description = "Disposition-Notification-To is a disposable e-mail address"; + score = 0.5; + } + .include(try=true,priority=5) "${DBDIR}/dynamic/multimap.conf" .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/multimap.conf" .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/multimap.conf" |