diff options
author | twesterhever <40121680+twesterhever@users.noreply.github.com> | 2023-08-02 13:11:03 +0000 |
---|---|---|
committer | twesterhever <40121680+twesterhever@users.noreply.github.com> | 2023-08-02 13:11:03 +0000 |
commit | c3b48ef388a4c551bfcaf637d2112aca12adebe8 (patch) | |
tree | 27e60b73cfcca7a690f9a982de077ce0c4d995fb /conf | |
parent | c83818fd386beeaee866928308a3019dd50e4011 (diff) | |
download | rspamd-c3b48ef388a4c551bfcaf637d2112aca12adebe8.tar.gz rspamd-c3b48ef388a4c551bfcaf637d2112aca12adebe8.zip |
[Minor] Align scores of Spamhaus DBL, SURBL, URIBL DNSBL symbols
Given that they have about the same false positive rate, it makes sense
to treat them equal in terms of scoring:
- Particular threats (phishing, malware) are scored a bit higher than
mere spam domain listings
- "Abused legitimate" listings are scored lower for some DNSBLs already,
this has now been aligned.
- For SURBL, cracked and abused sites are treated with the same score.
Diffstat (limited to 'conf')
-rw-r--r-- | conf/scores.d/surbl_group.conf | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/conf/scores.d/surbl_group.conf b/conf/scores.d/surbl_group.conf index b7cf7d1e6..25e8ed7e2 100644 --- a/conf/scores.d/surbl_group.conf +++ b/conf/scores.d/surbl_group.conf @@ -27,25 +27,25 @@ symbols = { groups = ["surblorg", "blocked"]; } "PH_SURBL_MULTI" { - weight = 5.5; + weight = 7.5; description = "A domain in the message is listed in SURBL as phishing"; one_shot = true; groups = ["surblorg", "phishing"]; } "MW_SURBL_MULTI" { - weight = 5.5; + weight = 7.5; description = "A domain in the message is listed in SURBL as malware"; one_shot = true; groups = ["surblorg"]; } "ABUSE_SURBL" { - weight = 5.5; + weight = 5.0; description = "A domain in the message is listed in SURBL as abused"; one_shot = true; groups = ["surblorg"]; } "CRACKED_SURBL" { - weight = 4.0; + weight = 5.0; description = "A domain in the message is listed in SURBL as cracked"; one_shot = true; groups = ["surblorg"]; @@ -117,49 +117,49 @@ symbols = { groups = ["spamhaus"]; } "DBL_PHISH" { - weight = 6.5; + weight = 7.5; description = "A domain in the message is listed in Spamhaus DBL as phishing"; one_shot = true; groups = ["spamhaus"]; } "DBL_MALWARE" { - weight = 6.5; + weight = 7.5; description = "A domain in the message is listed in Spamhaus DBL as malware"; one_shot = true; groups = ["spamhaus"]; } "DBL_BOTNET" { - weight = 5.5; + weight = 7.5; description = "A domain in the message is listed in Spamhaus DBL as botnet C&C"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE" { - weight = 6.5; + weight = 5.0; description = "A domain in the message is listed in Spamhaus DBL as abused legit spam"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_REDIR" { - weight = 1.5; + weight = 5.0; description = "A domain in the message is listed in Spamhaus DBL as spammed redirector domain"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_PHISH" { - weight = 7.5; + weight = 6.5; description = "A domain in the message is listed in Spamhaus DBL as abused legit phish"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_MALWARE" { - weight = 7.5; + weight = 6.5; description = "A domain in the message is listed in Spamhaus DBL as abused legit malware"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_BOTNET" { - weight = 5.5; + weight = 6.5; description = "A domain in the message is listed in Spamhaus DBL as abused legit botnet C&C"; one_shot = true; groups = ["spamhaus"]; |