[Conf] Massive config rework for new structure of symbols and scores

11 files changed, 789 insertions, 0 deletions

diff --git a/conf/scores.d/fuzzy_group.conf b/conf/scores.d/fuzzy_group.conf
new file mode 100644
index 000000000..ecce1b495
--- /dev/null
+++ b/conf/scores.d/fuzzy_group.conf
@@ -0,0 +1,35 @@
+# Fuzzy rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+    "FUZZY_UNKNOWN" {
+        weight = 5.0;
+        description = "Generic fuzzy hash match";
+    }
+    "FUZZY_DENIED" {
+        weight = 12.0;
+        description = "Denied fuzzy hash";
+    }
+    "FUZZY_PROB" {
+        weight = 5.0;
+        description = "Probable fuzzy hash";
+    }
+    "FUZZY_WHITE" {
+        weight = -2.1;
+        description = "Whitelisted fuzzy hash";
+    }
+}
\ No newline at end of file
diff --git a/conf/scores.d/headers_group.conf b/conf/scores.d/headers_group.conf
new file mode 100644
index 000000000..ac3134e36
--- /dev/null
+++ b/conf/scores.d/headers_group.conf
@@ -0,0 +1,61 @@
+# Headers rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+    "FORGED_SENDER" {
+        weight = 0.30;
+        description = "Sender is forged (different From: header and smtp MAIL FROM: addresses)";
+    }
+    "R_MIXED_CHARSET" {
+        weight = 5.0;
+        description = "Mixed characters in a message";
+        one_shot = true;
+    }
+    "R_MIXED_CHARSET_URL" {
+        weight = 7.0;
+        description = "Mixed characters in a URL inside message";
+        one_shot = true;
+    }
+    "FORGED_RECIPIENTS" {
+        weight = 2.0;
+        description = "Recipients are not the same as RCPT TO: mail command";
+    }
+    "FORGED_RECIPIENTS_MAILLIST" {
+        weight = 0.0;
+        description = "Recipients are not the same as RCPT TO: mail command, but a message from a maillist";
+    }
+    "FORGED_SENDER_MAILLIST" {
+        weight = 0.0;
+        description = "Sender is not the same as MAIL FROM: envelope, but a message is from a maillist";
+    }
+    "ONCE_RECEIVED" {
+        weight = 0.1;
+        description = "One received header in a message";
+    }
+    "RDNS_NONE" {
+        weight = 1.0;
+        description = "Cannot resolve reverse DNS for sender's IP";
+    }
+    "ONCE_RECEIVED_STRICT" {
+        weight = 4.0;
+        description = "One received header with 'bad' patterns inside";
+    }
+    "MAILLIST" {
+        weight = -0.2;
+        description = "Message seems to be from maillist";
+    }
+}
\ No newline at end of file
diff --git a/conf/scores.d/hfilter_group.conf b/conf/scores.d/hfilter_group.conf
new file mode 100644
index 000000000..6b6f31031
--- /dev/null
+++ b/conf/scores.d/hfilter_group.conf
@@ -0,0 +1,131 @@
+# Host and connection rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+    "HFILTER_HELO_BAREIP" {
+        weight = 3.00;
+        description = "Helo host is bare ip";
+    }
+    "HFILTER_HELO_BADIP" {
+        weight = 4.50;
+        description = "Helo host is very bad ip";
+    }
+    "HFILTER_HELO_1" {
+        weight = 0.5;
+        description = "Helo host checks (very low)";
+    }
+    "HFILTER_HELO_2" {
+        weight = 1.00;
+        description = "Helo host checks (low)";
+    }
+    "HFILTER_HELO_3" {
+        weight = 2.00;
+        description = "Helo host checks (medium)";
+    }
+    "HFILTER_HELO_4" {
+        weight = 2.50;
+        description = "Helo host checks (hard)";
+    }
+    "HFILTER_HELO_5" {
+        weight = 3.00;
+        description = "Helo host checks (very hard)";
+    }
+    "HFILTER_HOSTNAME_1" {
+        weight = 0.5;
+        description = "Hostname checks (very low)";
+    }
+    "HFILTER_HOSTNAME_2" {
+        weight = 1.00;
+        description = "Hostname checks (low)";
+    }
+    "HFILTER_HOSTNAME_3" {
+        weight = 2.00;
+        description = "Hostname checks (medium)";
+    }
+    "HFILTER_HOSTNAME_4" {
+        weight = 2.50;
+        description = "Hostname checks (hard)";
+    }
+    "HFILTER_HOSTNAME_5" {
+        weight = 3.00;
+        description = "Hostname checks (very hard)";
+    }
+    "HFILTER_HELO_NORESOLVE_MX" {
+        weight = 0.20;
+        description = "MX found in Helo and no resolve";
+    }
+    "HFILTER_HELO_NORES_A_OR_MX" {
+        weight = 0.3;
+        description = "Helo no resolve to A or MX";
+    }
+    "HFILTER_HELO_IP_A" {
+        weight = 1.00;
+        description = "Helo A IP != hostname IP";
+    }
+    "HFILTER_HELO_NOT_FQDN" {
+        weight = 2.00;
+        description = "Helo not FQDN";
+    }
+    "HFILTER_FROMHOST_NORESOLVE_MX" {
+        weight = 0.5;
+        description = "MX found in FROM host and no resolve";
+    }
+    "HFILTER_FROMHOST_NORES_A_OR_MX" {
+        weight = 1.50;
+        description = "FROM host no resolve to A or MX";
+    }
+    "HFILTER_FROMHOST_NOT_FQDN" {
+        weight = 3.00;
+        description = "FROM host not FQDN";
+    }
+    "HFILTER_FROM_BOUNCE" {
+        weight = 0.00;
+        description = "Bounce message";
+    }
+/*
+    # Disabled by default
+    "HFILTER_MID_NORESOLVE_MX" {
+        weight = 0.50;
+        description = "MX found in Message-id host and no resolve";
+    }
+    "HFILTER_MID_NORES_A_OR_MX" {
+        weight = 0.50;
+        name = ;
+        description = "Message-id host no resolve to A or MX";
+    }
+    "HFILTER_MID_NOT_FQDN" {
+        weight = 0.50;
+        description = "Message-id host not FQDN";
+    }
+*/
+    "HFILTER_HOSTNAME_UNKNOWN" {
+        weight = 2.50;
+        description = "Unknown hostname (no PTR or no resolve PTR to hostname)";
+    }
+    "HFILTER_RCPT_BOUNCEMOREONE" {
+        weight = 1.50;
+        description = "Message from bounce and over 1 recipient";
+    }
+    "HFILTER_URL_ONLY" {
+        weight = 2.20;
+        description = "URL only in body";
+    }
+    "HFILTER_URL_ONELINE" {
+        weight = 2.50;
+        description = "One line URL and text in body";
+    }
+}
\ No newline at end of file
diff --git a/conf/scores.d/mime_types_group.conf b/conf/scores.d/mime_types_group.conf
new file mode 100644
index 000000000..10cb1ba93
--- /dev/null
+++ b/conf/scores.d/mime_types_group.conf
@@ -0,0 +1,59 @@
+# Mime types rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+    "MIME_GOOD" {
+        weight = -0.1;
+        description = "Known content-type";
+        one_shot = true;
+    }
+    "MIME_BAD" {
+        weight = 1.0;
+        description = "Known bad content-type";
+        one_shot = true;
+    }
+    "MIME_UNKNOWN" {
+        weight = 0.1;
+        description = "Missing or unknown content-type";
+        one_shot = true;
+    }
+    "MIME_BAD_ATTACHMENT" {
+        weight = 4.0;
+        description = "Invalid attachment mime type";
+        one_shot = true;
+    }
+    "MIME_ENCRYPTED_ARCHIVE" {
+        weight = 2.0;
+        description = "Encrypted archive in a message";
+        one_shot = true;
+    }
+    "MIME_ARCHIVE_IN_ARCHIVE" {
+        weight = 5.0;
+        description = "Archive within another archive";
+        one_shot = true;
+    }
+    "MIME_DOUBLE_BAD_EXTENSION" {
+        weight = 3.0; # This rule has dynamic weight up to 4.0
+        description = "Bad extension cloaking";
+        one_shot = true;
+    }
+    "MIME_BAD_EXTENSION" {
+        weight = 2.0; # This rule has dynamic weight up to 4.0
+        description = "Bad extension";
+        one_shot = true;
+    }
+}
\ No newline at end of file
diff --git a/conf/scores.d/mua_group.conf b/conf/scores.d/mua_group.conf
new file mode 100644
index 000000000..b912a854a
--- /dev/null
+++ b/conf/scores.d/mua_group.conf
@@ -0,0 +1,24 @@
+# MUA rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+
+symbols = {
+    "FORGED_MUA_MAILLIST" {
+        weight = 0.0;
+        description = "Avoid false positives for FORGED_MUA_* in maillist";
+    }
+}
\ No newline at end of file
diff --git a/conf/scores.d/phishing_group.conf b/conf/scores.d/phishing_group.conf
new file mode 100644
index 000000000..d5a4ee098
--- /dev/null
+++ b/conf/scores.d/phishing_group.conf
@@ -0,0 +1,36 @@
+# Phishing rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+    "PHISHING" {
+        weight = 4.0;
+        description = "Phished URL";
+        one_shot = true;
+    }
+    "PHISHED_OPENPHISH" {
+        weight = 7.0;
+        description = "Phished URL found in openphish.com";
+    }
+    "PHISHED_PHISHTANK" {
+        weight = 7.0;
+        description = "Phished URL found in phishtank.com";
+    }
+    HACKED_WP_PHISHING {
+        weight = 4.5;
+        description = "Phishing message from hacked wordpress";
+    }
+}
\ No newline at end of file
diff --git a/conf/scores.d/policies_group.conf b/conf/scores.d/policies_group.conf
new file mode 100644
index 000000000..9885a5efa
--- /dev/null
+++ b/conf/scores.d/policies_group.conf
@@ -0,0 +1,104 @@
+# Policies rules scores, includes SPF, DKIM, DMARC and ARC symbols
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+    # SPF
+    "R_SPF_FAIL" {
+        weight = 1.0;
+        description = "SPF verification failed";
+    }
+    "R_SPF_SOFTFAIL" {
+        weight = 0.0;
+        description = "SPF verification soft-failed";
+    }
+    "R_SPF_NEUTRAL" {
+        weight = 0.0;
+        description = "SPF policy is neutral";
+    }
+    "R_SPF_ALLOW" {
+        weight = -0.2;
+        description = "SPF verification allows sending";
+    }
+    "R_SPF_DNSFAIL" {
+        weight = 0.0;
+        description = "SPF DNS failure";
+    }
+
+    # DKIM
+    "R_DKIM_REJECT" {
+        weight = 1.0;
+        description = "DKIM verification failed";
+        one_shot = true;
+    }
+    "R_DKIM_TEMPFAIL" {
+        weight = 0.0;
+        description = "DKIM verification soft-failed";
+    }
+    "R_DKIM_ALLOW" {
+        weight = -0.2;
+        description = "DKIM verification succeed";
+        one_shot = true;
+    }
+
+    # DMARC
+    "DMARC_POLICY_ALLOW" {
+        weight = -0.5;
+        description = "DMARC permit policy";
+    }
+    "DMARC_POLICY_ALLOW_WITH_FAILURES" {
+        weight = -0.5;
+        description = "DMARC permit policy with DKIM/SPF failure";
+    }
+    "DMARC_POLICY_REJECT" {
+        weight = 2.0;
+        description = "DMARC reject policy";
+    }
+    "DMARC_POLICY_QUARANTINE" {
+        weight = 1.5;
+        description = "DMARC quarantine policy";
+    }
+    "DMARC_POLICY_SOFTFAIL" {
+        weight = 0.1;
+        description = "DMARC failed";
+    }
+
+    # ARC
+    "ARC_ALLOW" {
+        weight = -1.0;
+        description = "ARC checks success"
+    }
+
+    "ARC_REJECT" {
+        weight = 2.0;
+        description = "ARC checks success"
+    }
+
+    "ARC_INVALID" {
+        weight = 1.0;
+        description = "ARC structure invalid"
+    }
+
+    "ARC_DNSFAIL" {
+        weight = 0.0;
+        description = "ARC DNS error"
+    }
+
+    "ARC_NA" {
+        weight = 0.0;
+        description = "ARC signature absent"
+    }
+}
\ No newline at end of file
diff --git a/conf/scores.d/rbl_group.conf b/conf/scores.d/rbl_group.conf
new file mode 100644
index 000000000..8703afd3d
--- /dev/null
+++ b/conf/scores.d/rbl_group.conf
@@ -0,0 +1,132 @@
+# RBL rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+    "DNSWL_BLOCKED" {
+        weight = 0.0;
+        description = "Resolver blocked due to excessive queries";
+    }
+    "RCVD_IN_DNSWL" {
+        weight = 0.0;
+        description = "Unrecognised result from dnswl.org";
+    }
+    "RCVD_IN_DNSWL_NONE" {
+        weight = 0.0;
+        description = "Sender listed at http://www.dnswl.org, low none";
+    }
+    "RCVD_IN_DNSWL_LOW" {
+        weight = 0.0;
+        description = "Sender listed at http://www.dnswl.org, low trust";
+    }
+    "RCVD_IN_DNSWL_MED" {
+        weight = 0.0;
+        description = "Sender listed at http://www.dnswl.org, medium trust";
+    }
+    "RCVD_IN_DNSWL_HI" {
+        weight = 0.0;
+        description = "Sender listed at http://www.dnswl.org, high trust";
+    }
+
+    "RBL_SPAMHAUS" {
+        weight = 0.0;
+        description = "Unrecognised result from Spamhaus zen";
+    }
+    "RBL_SPAMHAUS_SBL" {
+        weight = 2.0;
+        description = "From address is listed in zen sbl";
+    }
+    "RBL_SPAMHAUS_CSS" {
+        weight = 2.0;
+        description = "From address is listed in zen css";
+    }
+    "RBL_SPAMHAUS_XBL" {
+        weight = 4.0;
+        description = "From address is listed in zen xbl";
+    }
+    "RBL_SPAMHAUS_XBL_ANY" {
+        weight = 4.0;
+        description = "From or received address is listed in zen xbl (any list)";
+    }
+    "RBL_SPAMHAUS_PBL" {
+        weight = 2.0;
+        description = "From address is listed in zen pbl (ISP list)";
+    }
+    "RBL_SPAMHAUS_DROP" {
+        weight = 7.0;
+        description = "From address is listed in zen drop bl";
+    }
+    "RECEIVED_SPAMHAUS_XBL" {
+        weight = 3.0;
+        description = "Received address is listed in zen xbl";
+        one_shot = true;
+    }
+
+    "RBL_SENDERSCORE" {
+        weight = 2.0;
+        description = "From address is listed in senderscore.com BL";
+    }
+    "RBL_ABUSECH" {
+        weight = 1.0;
+        description = "From address is listed in ABUSE.CH BL";
+    }
+    "MAILSPIKE" {
+        weight = 0.0;
+        description = "Unrecognised result from Mailspike";
+    }
+    "RWL_MAILSPIKE_NEUTRAL" {
+        weight = 0.0;
+        description = "Neutral result from Mailspike";
+    }
+    "RBL_MAILSPIKE_WORST" {
+        weight = 2.0;
+        description = "From address is listed in RBL - worst possible reputation";
+    }
+    "RBL_MAILSPIKE_VERYBAD" {
+        weight = 1.5;
+        description = "From address is listed in RBL - very bad reputation";
+    }
+    "RBL_MAILSPIKE_BAD" {
+        weight = 1.0;
+        description = "From address is listed in RBL - bad reputation";
+    }
+    "RWL_MAILSPIKE_POSSIBLE" {
+        weight = 0.0;
+        description = "From address is listed in RWL - possibly legit";
+    }
+    "RWL_MAILSPIKE_GOOD" {
+        weight = 0.0;
+        description = "From address is listed in RWL - good reputation";
+    }
+    "RWL_MAILSPIKE_VERYGOOD" {
+        weight = 0.0;
+        description = "From address is listed in RWL - very good reputation";
+    }
+    "RWL_MAILSPIKE_EXCELLENT" {
+        weight = 0.0;
+        description = "From address is listed in RWL - excellent reputation";
+    }
+
+    "RBL_SEM" {
+        weight = 1.0;
+        description = "Address is listed in Spameatingmonkey RBL";
+    }
+
+    "RBL_SEM_IPV6" {
+        weight = 1.0;
+        description = "Address is listed in Spameatingmonkey RBL (ipv6)";
+    }
+}
\ No newline at end of file
diff --git a/conf/scores.d/statistics_group.conf b/conf/scores.d/statistics_group.conf
new file mode 100644
index 000000000..0d257d4bd
--- /dev/null
+++ b/conf/scores.d/statistics_group.conf
@@ -0,0 +1,27 @@
+# Bayes and statistics rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+    "BAYES_SPAM" {
+        weight = 4.0;
+        description = "Message probably spam, probability: ";
+    }
+    "BAYES_HAM" {
+        weight = -3.0;
+        description = "Message probably ham, probability: ";
+    }
+}
\ No newline at end of file
diff --git a/conf/scores.d/subject_group.conf b/conf/scores.d/subject_group.conf
new file mode 100644
index 000000000..d151e0401
--- /dev/null
+++ b/conf/scores.d/subject_group.conf
@@ -0,0 +1,21 @@
+# Subject rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+}
+
+max_score = 6.0;
\ No newline at end of file
diff --git a/conf/scores.d/surbl_group.conf b/conf/scores.d/surbl_group.conf
new file mode 100644
index 000000000..6f5ba4302
--- /dev/null
+++ b/conf/scores.d/surbl_group.conf
@@ -0,0 +1,159 @@
+# URIBL rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+
+max_score = 12.5;
+
+symbols = {
+    "SURBL_BLOCKED" {
+        weight = 0.0;
+        description = "SURBL: blocked by policy/overusage";
+    }
+    "PH_SURBL_MULTI" {
+        weight = 5.5;
+        description = "SURBL: Phishing sites";
+    }
+    "MW_SURBL_MULTI" {
+        weight = 5.5;
+        description = "SURBL: Malware sites";
+    }
+    "ABUSE_SURBL" {
+        weight = 5.5;
+        description = "SURBL: ABUSE";
+    }
+    "CRACKED_SURBL" {
+        weight = 4.0;
+        description = "SURBL: cracked site";
+    }
+    "RAMBLER_URIBL" {
+        weight = 4.5;
+        description = "Rambler uribl";
+        one_shot = true;
+    }
+
+    "RAMBLER_EMAILBL" {
+        weight = 9.5;
+        description = "Rambler emailbl";
+        one_shot = true;
+    }
+
+    "MSBL_EBL" {
+        weight = 7.5;
+        description = "MSBL emailbl";
+        one_shot = true;
+    }
+
+    "SEM_URIBL_UNKNOWN" {
+        weight = 0.0;
+        description = "Spameatingmonkey uribl: unknown result";
+    }
+    "SEM_URIBL" {
+        weight = 3.5;
+        description = "Spameatingmonkey uribl";
+    }
+
+    "SEM_URIBL_FRESH15_UNKNOWN" {
+        weight = 0.0;
+        description = "Spameatingmonkey Fresh15 uribl: unknown result";
+    }
+    "SEM_URIBL_FRESH15" {
+        weight = 3.0;
+        description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)";
+    }
+
+    "DBL" {
+        weight = 0.0;
+        description = "DBL unknown result";
+    }
+    "DBL_SPAM" {
+        weight = 6.5;
+        description = "DBL uribl spam";
+    }
+    "DBL_PHISH" {
+        weight = 6.5;
+        description = "DBL uribl phishing";
+    }
+    "DBL_MALWARE" {
+        weight = 6.5;
+        description = "DBL uribl malware";
+    }
+    "DBL_BOTNET" {
+        weight = 5.5;
+        description = "DBL uribl botnet C&C domain";
+    }
+    "DBL_ABUSE" {
+        weight = 6.5;
+        description = "DBL uribl abused legit spam";
+    }
+    "DBL_ABUSE_REDIR" {
+        weight = 1.5;
+        description = "DBL uribl abused spammed redirector domain";
+    }
+    "DBL_ABUSE_PHISH" {
+        weight = 7.5;
+        description = "DBL uribl abused legit phish";
+    }
+    "DBL_ABUSE_MALWARE" {
+        weight = 7.5;
+        description = "DBL uribl abused legit malware";
+    }
+    "DBL_ABUSE_BOTNET" {
+        weight = 5.5;
+        description = "DBL uribl abused legit botnet C&C";
+    }
+    "DBL_PROHIBIT" {
+        weight = 0.00000;
+        description = "DBL uribl IP queries prohibited!";
+    }
+    "URIBL_MULTI" {
+        weight = 0.0;
+        description = "uribl.com: unrecognised result";
+    }
+    "URIBL_BLOCKED" {
+        weight = 0.0;
+        description = "uribl.com: query refused";
+    }
+    "URIBL_BLACK" {
+        weight = 7.5;
+        description = "uribl.com black url";
+    }
+    "URIBL_RED" {
+        weight = 3.5;
+        description = "uribl.com red url";
+    }
+    "URIBL_GREY" {
+        weight = 1.5;
+        description = "uribl.com grey url";
+        one_shot = true;
+    }
+    "SBL_URIBL" {
+        weight = 0.0;
+        description = "SBL URIBL: Filtered result";
+    }
+    "URIBL_SBL" {
+        weight = 6.5;
+        description = "Spamhaus SBL URIBL";
+    }
+    "URIBL_SBL_CSS" {
+        weight = 6.5;
+        description = "Spamhaus SBL CSS URIBL";
+    }
+    "RBL_SARBL_BAD" {
+        weight = 2.5;
+        description = "A domain listed in the mail is blacklisted in SARBL";
+   }
+}
\ No newline at end of file