summaryrefslogtreecommitdiffstats
path: root/conf
diff options
context:
space:
mode:
authortwesterhever <40121680+twesterhever@users.noreply.github.com>2023-11-03 13:48:58 +0000
committertwesterhever <40121680+twesterhever@users.noreply.github.com>2023-11-03 13:48:58 +0000
commit8f6fced6f01cf5fb3c5b8b9391f989fc1fdc1098 (patch)
tree0817d09dab6f0b26adcd57b0f3b7362491ea0b54 /conf
parent533e56e13187e21cbdc87722e0ab221ce28be2dd (diff)
downloadrspamd-8f6fced6f01cf5fb3c5b8b9391f989fc1fdc1098.tar.gz
rspamd-8f6fced6f01cf5fb3c5b8b9391f989fc1fdc1098.zip
[Enhancement] Add composite rule for suspicious URLs in suspicious messages
Diffstat (limited to 'conf')
-rw-r--r--conf/composites.conf6
1 files changed, 6 insertions, 0 deletions
diff --git a/conf/composites.conf b/conf/composites.conf
index fe89808fb..df5543be6 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -181,6 +181,12 @@ composites {
description = "Fake reply exhibiting characteristics of being injected into a compromised mail server, possibly e-mail thread hijacking";
group = "compromised_hosts";
}
+ SUSPICIOUS_URL_IN_SUSPICIOUS_MESSAGE {
+ expression = "(REDIRECTOR_URL | HAS_ANON_DOMAIN | HAS_IPFS_GATEWAY_URL) & (-g+:fuzzy | -g+:statistics | -g+:surbl | -g+:rbl)";
+ score = 1.0;
+ policy = "leave";
+ description = "Message contains redirector, anonymous or IPFS gateway URL and is marked by fuzzy/bayes/SURBL/RBL";
+ }
.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"