diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-10-18 19:57:38 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-18 19:57:38 +0100 |
commit | 04fe3d3f7cad8603328788bd76947e97e9318cd9 (patch) | |
tree | a79631ebfb0081be66f2d872f955d5496f3a620f /conf/composites.conf | |
parent | 5cc330650e6a1de612dbedfd547946e9d01b4ffa (diff) | |
parent | 574536f825e2ad8c2d4d462c5ab183738eadbdb5 (diff) | |
download | rspamd-04fe3d3f7cad8603328788bd76947e97e9318cd9.tar.gz rspamd-04fe3d3f7cad8603328788bd76947e97e9318cd9.zip |
Merge pull request #2566 from heraklit256/composites-leave
Minor Composite rule cleanup
Diffstat (limited to 'conf/composites.conf')
-rw-r--r-- | conf/composites.conf | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/conf/composites.conf b/conf/composites.conf index fc0918e00..09ae5c156 100644 --- a/conf/composites.conf +++ b/conf/composites.conf @@ -24,6 +24,7 @@ composites { } FORGED_SENDER_FORWARDING { expression = "FORGED_SENDER & g:forwarding"; + description = "Forged sender, but message is forwarded"; policy = "remove_weight"; } SPF_FAIL_FORWARDING { @@ -42,17 +43,17 @@ composites { expression = "FORGED_SENDER & (ENVFROM_PRVS | ENVFROM_VERP)"; } FORGED_MUA_MAILLIST { - expression = "g:mua and -MAILLIST"; + expression = "g:mua & -MAILLIST"; } RBL_SPAMHAUS_XBL_ANY { expression = "RBL_SPAMHAUS_XBL & RECEIVED_SPAMHAUS_XBL"; description = "From and Received address are listed in Spamhaus XBL"; } AUTH_NA { - expression = "R_DKIM_NA & R_SPF_NA & DMARC_NA"; + expression = "R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA"; score = 1.0; policy = "remove_weight"; - description = "Authenticating message via SPF/DKIM/DMARC not possible"; + description = "Authenticating message via SPF/DKIM/DMARC/ARC not possible"; } DKIM_MIXED { expression = "-R_DKIM_ALLOW & (R_DKIM_DNSFAIL | R_DKIM_PERMFAIL | R_DKIM_REJECT)" @@ -66,6 +67,7 @@ composites { } MAILER_1C_8_BASE64 { expression = "MAILER_1C_8 & (FROM_EXCESS_BASE64 | MIME_BASE64_TEXT | SUBJ_EXCESS_BASE64 | TO_EXCESS_BASE64)"; + description = "Message was sent by '1C:Enterprise 8' and uses base64 encoded data"; } HACKED_WP_PHISHING { expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | DBL_PHISH | PHISHED_OPENPHISH | PHISHED_PHISHTANK)"; @@ -106,16 +108,19 @@ composites { expression = "(HAS_X_POS | HAS_PHPMAILER_SIG | HAS_X_PHP_SCRIPT) & (SUBJECT_ENDS_QUESTION | SUBJECT_ENDS_EXCLAIM | MANY_INVISIBLE_PARTS)"; description = "Message was generated by PHP script and contains some spam indicators"; score = 1.0; + policy = "leave"; } PHISH_EMOTION { expression = "(PHISHING | DBL_PHISH | PHISHED_OPENPHISH | PHISHED_PHISHTANK) & (SUBJECT_ENDS_QUESTION | SUBJECT_ENDS_EXCLAIM)"; description = "Phish message with subject trying to address users emotion"; - score = 2.0; + score = 1.0; + policy = "leave"; } HAS_ANON_DOMAIN { expression = "HAS_GUC_PROXY_URI | URIBL_RED | DBL_ABUSE_REDIR | HAS_ONION_URI"; description = "Contains one or more domains trying to disguise owner/destination"; - score = 0.5; + score = 0.1; + policy = "leave"; } BAD_REP_POLICIES { description = "Contains valid policies but are also marked by fuzzy/bayes/surbl/rbl"; |