[Enhancement] Add composite rule against AFF involving freemailers

author: twesterhever <40121680+twesterhever@users.noreply.github.com> 2022-10-09 08:29:21 +0000
committer: GitHub <noreply@github.com> 2022-10-09 08:29:21 +0000
commit: 740443dc929af3e8b2c9612b5358abcdbc206b1c (patch)
tree: 420b98eae78d8a594ba00c71b472d28f3a00fa0d /conf
parent: 90b0edae421d31c12cbc8c29fa294f7732bb4f21 (diff)
download: rspamd-740443dc929af3e8b2c9612b5358abcdbc206b1c.tar.gz
rspamd-740443dc929af3e8b2c9612b5358abcdbc206b1c.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/conf/composites.conf b/conf/composites.conf
index cd03d5fdd..fc5b7922d 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -154,6 +154,13 @@ composites {
     score = 7.0;
     group = "scams";
   }
+  
+  FREEMAIL_AFF {
+	  expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & R_UNDISC_RCPT & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)";
+	  score = 4.0;
+	  policy = "leave";
+	  description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";
+  }
 
   .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
   .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
author	twesterhever <40121680+twesterhever@users.noreply.github.com>	2022-10-09 08:29:21 +0000
committer	GitHub <noreply@github.com>	2022-10-09 08:29:21 +0000
commit	740443dc929af3e8b2c9612b5358abcdbc206b1c (patch)
tree	420b98eae78d8a594ba00c71b472d28f3a00fa0d /conf
parent	90b0edae421d31c12cbc8c29fa294f7732bb4f21 (diff)
download	rspamd-740443dc929af3e8b2c9612b5358abcdbc206b1c.tar.gz rspamd-740443dc929af3e8b2c9612b5358abcdbc206b1c.zip