diff options
| author | Vsevolod Stakhov <vsevolod@rambler-co.ru> | 2011-02-19 23:10:39 +0300 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@rambler-co.ru> | 2011-02-19 23:10:39 +0300 |
| commit | 8a3eadfc9b740981241d95a0ee2ef2b57dd7fc9f (patch) | |
| tree | 929a3b040d39dfe613cc5098254a11c12fe6a3b8 /conf/lua | |
| parent | e0593fbd3b6d9c39ad7891387fc6a0faa4eea29c (diff) | |
| download | rspamd-8a3eadfc9b740981241d95a0ee2ef2b57dd7fc9f.tar.gz rspamd-8a3eadfc9b740981241d95a0ee2ef2b57dd7fc9f.zip | |
Reduce weight of NO_SPACE_IN_FROM.
Change default pid file location.
Change MISSING_TO rule not to work when header exists but empty.
Add rules for bad bondaries and message ids.
Suggested by: Victor Ustugov.
Diffstat (limited to 'conf/lua')
| -rw-r--r-- | conf/lua/regexp/headers.lua | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/conf/lua/regexp/headers.lua b/conf/lua/regexp/headers.lua index 66dd912de..e68067d5b 100644 --- a/conf/lua/regexp/headers.lua +++ b/conf/lua/regexp/headers.lua @@ -30,7 +30,7 @@ local r_body_8bit = '/[^\\x01-\\x7f]/Pr' reconf['R_BAD_CTE_7BIT'] = string.format('(%s) & (%s) & (%s)', r_ctype_text, r_cte_7bit, r_body_8bit) -- Detects missing To header -reconf['MISSING_TO']= '!header_exists(To)'; +reconf['MISSING_TO']= '!raw_header_exists(To)'; -- Detects undisclosed recipients local undisc_rcpt = 'To=/^<?undisclosed[- ]recipient/Hi' @@ -179,6 +179,17 @@ reconf['FORGED_OUTLOOK_TAGS'] = string.format('!%s & %s & %s & !(%s & %s & %s & yahoo_bulk, any_outlook_mua, mime_html, tag_exists_html, tag_exists_head, tag_exists_meta, tag_exists_body) +-- Forged OE/MSO boundary +reconf['SUSPICIOUS_BOUNDARY'] = 'Content-Type=/^\\s*multipart.+boundary="----=_NextPart_000_[A-Z\\d]{4}_(00EBFFA4|0102FFA4|32C6FFA4|3302FFA4)\\.[A-Z\\d]{8}"[\\r\\n]*$/siX' +-- Forged OE/MSO boundary +reconf['SUSPICIOUS_BOUNDARY2'] = 'Content-Type=/^\\s*multipart.+boundary="----=_NextPart_000_[A-Z\\d]{4}_(01C6527E)\\.[A-Z\\d]{8}"[\\r\\n]*$/siX' +-- Forged OE/MSO boundary +reconf['SUSPICIOUS_BOUNDARY3'] = 'Content-Type=/^\\s*multipart.+boundary="-----000-00\\d\\d-01C[\\dA-F]{5}-[\\dA-F]{8}"[\\r\\n]*$/siX' +-- Forged OE/MSO boundary +local suspicious_boundary_01C4 = 'Content-Type=/^\\s*multipart.+boundary="----=_NextPart_000_[A-Z\\d]{4}_01C4[\\dA-F]{4}\\.[A-Z\\d]{8}"[\\r\\n]*$/siX' +local suspicious_boundary_01C4_date = 'Date=/^\\s*\\w\\w\\w,\\s+\\d+\\s+\\w\\w\\w 20(0[56789]|1\\d)/' +reconf['SUSPICIOUS_BOUNDARY4'] = string.format('(%s) & (%s)', suspicious_boundary_01C4, suspicious_boundary_01C4_date) + -- Detect forged The Bat! headers -- The Bat! X-Mailer header local thebat_mua_any = 'X-Mailer=/^\\s*The Bat!/H' @@ -191,6 +202,27 @@ reconf['FORGED_MUA_THEBAT_MSGID'] = string.format('(%s) & !(%s) & (%s) & !(%s)', -- Summary rule for forged The Bat! Message-ID header with unknown template reconf['FORGED_MUA_THEBAT_MSGID_UNKNOWN'] = string.format('(%s) & !(%s) & !(%s) & !(%s)', thebat_mua_any, thebat_msgid, thebat_msgid_common, unusable_msgid) + +-- Detect forged Mozilla Mail/Thunderbird/Seamonkey headers +-- Mozilla based X-Mailer +local user_agent_mozilla5 = 'User-Agent=/^\\s*Mozilla\\/5\\.0/' +local user_agent_thunderbird = 'User-Agent=/^\\s*(Thunderbird|Mozilla Thunderbird|Mozilla\\/.*Gecko\\/.*Thunderbird\\/)/' +local user_agent_seamonkey = 'User-Agent=/^\\s*Mozilla\\/5\\.0\\s.+\\sSeaMonkey\\/\\d+\\.\\d+/' +local user_agent_mozilla = string.format('(%s) & !(%s) & !(%s)', user_agent_mozilla5, user_agent_thunderbird, user_agent_seamonkey) +-- Mozilla based common Message-ID template +local mozilla_msgid_common = 'Message-ID=/^\\s*<[\\dA-F]{8}\\.\\d{1,7}\\@([^>\\.]+\\.)+[^>\\.]+>$/X' +local mozilla_msgid = 'Message-ID=/^\\s*<(3[3-9A-F]|4[\\dA-F])[\\dA-F]{6}\\.(\\d0){0,3}\\d\\@([^>\\.]+\\.)+[^>\\.]+>$/XS' +-- Summary rule for forged Mozilla Mail Message-ID header +reconf['FORGED_MUA_MOZILLA_MAIL_MSGID'] = string.format('(%s) & (%s) & !(%s) & !(%s)', user_agent_mozilla, mozilla_msgid_common, mozilla_msgid, unusable_msgid) +reconf['FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN'] = string.format('(%s) & !(%s) & !(%s) & !(%s)', user_agent_mozilla, mozilla_msgid_common, mozilla_msgid, unusable_msgid) +-- Summary rule for forged Thunderbird Message-ID header +reconf['FORGED_MUA_THUNDERBIRD_MSGID'] = string.format('(%s) & (%s) & !(%s) & !(%s)', user_agent_thunderbird, mozilla_msgid_common, mozilla_msgid, unusable_msgid) +reconf['FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN'] = string.format('(%s) & !(%s) & !(%s) & !(%s)', user_agent_thunderbird, mozilla_msgid_common, mozilla_msgid, unusable_msgid) +-- Summary rule for forged Seamonkey Message-ID header +reconf['FORGED_MUA_SEAMONKEY_MSGID'] = string.format('(%s) & (%s) & !(%s) & !(%s)', user_agent_seamonkey, mozilla_msgid_common, mozilla_msgid, unusable_msgid) +reconf['FORGED_MUA_SEAMONKEY_MSGID_UNKNOWN'] = string.format('(%s) & !(%s) & !(%s) & !(%s)', user_agent_seamonkey, mozilla_msgid_common, mozilla_msgid, unusable_msgid) + + -- Message id validity local sane_msgid = 'Message-Id=/^[^<>\\\\ \\t\\n\\r\\x0b\\x80-\\xff]+\\@[^<>\\\\ \\t\\n\\r\\x0b\\x80-\\xff]+\\s*$/mH' local msgid_comment = 'Message-Id=/\\(.*\\)/mH' |