summaryrefslogtreecommitdiffstats
path: root/conf
diff options
context:
space:
mode:
authortwesterhever <40121680+twesterhever@users.noreply.github.com>2023-08-02 13:11:03 +0000
committertwesterhever <40121680+twesterhever@users.noreply.github.com>2023-08-02 13:11:03 +0000
commitc3b48ef388a4c551bfcaf637d2112aca12adebe8 (patch)
tree27e60b73cfcca7a690f9a982de077ce0c4d995fb /conf
parentc83818fd386beeaee866928308a3019dd50e4011 (diff)
downloadrspamd-c3b48ef388a4c551bfcaf637d2112aca12adebe8.tar.gz
rspamd-c3b48ef388a4c551bfcaf637d2112aca12adebe8.zip
[Minor] Align scores of Spamhaus DBL, SURBL, URIBL DNSBL symbols
Given that they have about the same false positive rate, it makes sense to treat them equal in terms of scoring: - Particular threats (phishing, malware) are scored a bit higher than mere spam domain listings - "Abused legitimate" listings are scored lower for some DNSBLs already, this has now been aligned. - For SURBL, cracked and abused sites are treated with the same score.
Diffstat (limited to 'conf')
-rw-r--r--conf/scores.d/surbl_group.conf24
1 files changed, 12 insertions, 12 deletions
diff --git a/conf/scores.d/surbl_group.conf b/conf/scores.d/surbl_group.conf
index b7cf7d1e6..25e8ed7e2 100644
--- a/conf/scores.d/surbl_group.conf
+++ b/conf/scores.d/surbl_group.conf
@@ -27,25 +27,25 @@ symbols = {
groups = ["surblorg", "blocked"];
}
"PH_SURBL_MULTI" {
- weight = 5.5;
+ weight = 7.5;
description = "A domain in the message is listed in SURBL as phishing";
one_shot = true;
groups = ["surblorg", "phishing"];
}
"MW_SURBL_MULTI" {
- weight = 5.5;
+ weight = 7.5;
description = "A domain in the message is listed in SURBL as malware";
one_shot = true;
groups = ["surblorg"];
}
"ABUSE_SURBL" {
- weight = 5.5;
+ weight = 5.0;
description = "A domain in the message is listed in SURBL as abused";
one_shot = true;
groups = ["surblorg"];
}
"CRACKED_SURBL" {
- weight = 4.0;
+ weight = 5.0;
description = "A domain in the message is listed in SURBL as cracked";
one_shot = true;
groups = ["surblorg"];
@@ -117,49 +117,49 @@ symbols = {
groups = ["spamhaus"];
}
"DBL_PHISH" {
- weight = 6.5;
+ weight = 7.5;
description = "A domain in the message is listed in Spamhaus DBL as phishing";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_MALWARE" {
- weight = 6.5;
+ weight = 7.5;
description = "A domain in the message is listed in Spamhaus DBL as malware";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_BOTNET" {
- weight = 5.5;
+ weight = 7.5;
description = "A domain in the message is listed in Spamhaus DBL as botnet C&C";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE" {
- weight = 6.5;
+ weight = 5.0;
description = "A domain in the message is listed in Spamhaus DBL as abused legit spam";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_REDIR" {
- weight = 1.5;
+ weight = 5.0;
description = "A domain in the message is listed in Spamhaus DBL as spammed redirector domain";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_PHISH" {
- weight = 7.5;
+ weight = 6.5;
description = "A domain in the message is listed in Spamhaus DBL as abused legit phish";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_MALWARE" {
- weight = 7.5;
+ weight = 6.5;
description = "A domain in the message is listed in Spamhaus DBL as abused legit malware";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_BOTNET" {
- weight = 5.5;
+ weight = 6.5;
description = "A domain in the message is listed in Spamhaus DBL as abused legit botnet C&C";
one_shot = true;
groups = ["spamhaus"];