Merge branch 'master' into vstakhov-utf8-mime

10 files changed, 226 insertions, 19 deletions

diff --git a/conf/groups.conf b/conf/groups.conf
index 2aeb4ed5d..4f40d865c 100644
--- a/conf/groups.conf
+++ b/conf/groups.conf
@@ -39,6 +39,13 @@ group "rbl" {
     .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/rbl_group.conf"
 }
 
+# Limits the maximum score when both bl.score.senderscore.com and score.senderscore.com RBLs are enabled.
+group "senderscore" {
+    max_score = 4.0;
+    .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/senderscore_group.conf"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/senderscore_group.conf"
+}
+
 group "statistics" {
     .include "$CONFDIR/scores.d/statistics_group.conf"
     .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/statistics_group.conf"
diff --git a/conf/modules.d/gpt.conf b/conf/modules.d/gpt.conf
index 7a2e11d40..c76a08c92 100644
--- a/conf/modules.d/gpt.conf
+++ b/conf/modules.d/gpt.conf
@@ -18,13 +18,11 @@ gpt {
   # Your key to access the API (add this to enable this plugin)
   #api_key = "xxx";
   # Model name
-  model = "gpt-3.5-turbo";
+  model = "gpt-4o-mini";
   # Maximum tokens to generate
   max_tokens = 1000;
   # Temperature for sampling
-  temperature = 0.7;
-  # Top p for sampling
-  top_p = 0.9;
+  temperature = 0.0;
   # Timeout for requests
   timeout = 10s;
   # Prompt for the model (use default if not set)
diff --git a/conf/modules.d/once_received.conf b/conf/modules.d/once_received.conf
index ab0749295..6fcc35bb6 100644
--- a/conf/modules.d/once_received.conf
+++ b/conf/modules.d/once_received.conf
@@ -14,8 +14,7 @@
 
 once_received {
   good_host = "mail";
-  bad_host = "static";
-  bad_host = "dynamic";
+  bad_host = ["static", "dynamic"];
   symbol_strict = "ONCE_RECEIVED_STRICT";
   symbol = "ONCE_RECEIVED";
   symbol_mx = "DIRECT_TO_MX";
diff --git a/conf/modules.d/rbl.conf b/conf/modules.d/rbl.conf
index c3594dbc9..2a718e5a4 100644
--- a/conf/modules.d/rbl.conf
+++ b/conf/modules.d/rbl.conf
@@ -79,9 +79,55 @@ rbl {
     }
 
     senderscore {
-      symbol = "RBL_SENDERSCORE";
+      # Disabled by default to prioritize the use of score.senderscore.com.
+      # Note: The free query limit applies to both bl.score.senderscore.com and score.senderscore.com RBLs
+      # (see https://knowledge.validity.com/hc/en-us/articles/20961730681243).
+      # Enabling this RBL is recommended for low-traffic systems or MyValidity account users who benefit from using both RBLs.
+      enabled = false;
+      symbol = "RBL_SENDERSCORE_UNKNOWN";
       checks = ['from'];
       rbl = "bl.score.senderscore.com";
+      returncodes {
+        RBL_SENDERSCORE_BOT = "127.0.0.1";
+        RBL_SENDERSCORE_NA = "127.0.0.2";
+        RBL_SENDERSCORE_NA_BOT = "127.0.0.3";
+        RBL_SENDERSCORE_PRST = "127.0.0.4";
+        RBL_SENDERSCORE_PRST_BOT = "127.0.0.5";
+        RBL_SENDERSCORE_PRST_NA = "127.0.0.6";
+        RBL_SENDERSCORE_PRST_NA_BOT = "127.0.0.7";
+        RBL_SENDERSCORE_SUS_ATT = "127.0.0.8";
+        RBL_SENDERSCORE_SUS_ATT_NA = "127.0.0.10";
+        RBL_SENDERSCORE_SUS_ATT_NA_BOT = "127.0.0.11";
+        RBL_SENDERSCORE_SUS_ATT_PRST_NA = "127.0.0.14";
+        RBL_SENDERSCORE_SUS_ATT_PRST_NA_BOT = "127.0.0.15";
+        RBL_SENDERSCORE_SCORE = "127.0.0.16";
+        RBL_SENDERSCORE_SCORE_NA = "127.0.0.18";
+        RBL_SENDERSCORE_SCORE_PRST = "127.0.0.20";
+        RBL_SENDERSCORE_SCORE_PRST_NA = "127.0.0.22";
+        RBL_SENDERSCORE_SCORE_SUS_ATT_NA = "127.0.0.26";
+        RBL_SENDERSCORE_BLOCKED = "127.255.255.255";
+      }
+    }
+
+    senderscore_reputation {
+      symbol = "RBL_SENDERSCORE_REPUT_UNKNOWN";
+      checks = ['from'];
+      rbl = "score.senderscore.com";
+      returncodes_matcher = "luapattern";
+
+      returncodes {
+        RBL_SENDERSCORE_REPUT_0 = "127%.0%.4%.%d";
+        RBL_SENDERSCORE_REPUT_1 = "127%.0%.4%.1%d";
+        RBL_SENDERSCORE_REPUT_2 = "127%.0%.4%.2%d";
+        RBL_SENDERSCORE_REPUT_3 = "127%.0%.4%.3%d";
+        RBL_SENDERSCORE_REPUT_4 = "127%.0%.4%.4%d";
+        RBL_SENDERSCORE_REPUT_5 = "127%.0%.4%.5%d";
+        RBL_SENDERSCORE_REPUT_6 = "127%.0%.4%.6%d";
+        RBL_SENDERSCORE_REPUT_7 = "127%.0%.4%.7%d";
+        RBL_SENDERSCORE_REPUT_8 = "127%.0%.4%.8%d";  # Neutral reputation (80-89).
+        RBL_SENDERSCORE_REPUT_9 = ["127%.0%.4%.9%d", "127%.0%.4%.100"];  # Good reputation (90-100).
+        RBL_SENDERSCORE_REPUT_BLOCKED = "127%.255%.255%.255";
+      }
     }
 
     sem {
diff --git a/conf/scores.d/headers_group.conf b/conf/scores.d/headers_group.conf
index 1c70ca588..972c6872a 100644
--- a/conf/scores.d/headers_group.conf
+++ b/conf/scores.d/headers_group.conf
@@ -50,14 +50,6 @@ symbols = {
         weight = 0.1;
         description = "One received header in a message";
     }
-    "RDNS_NONE" {
-        weight = 2.0;
-        description = "Cannot resolve reverse DNS for sender's IP";
-    }
-    "RDNS_DNSFAIL" {
-        weight = 0.0;
-        description = "PTR verification DNS error";
-    }
     "ONCE_RECEIVED_STRICT" {
         weight = 4.0;
         description = "One received header with 'bad' patterns inside";
diff --git a/conf/scores.d/hfilter_group.conf b/conf/scores.d/hfilter_group.conf
index 09fcfcd8d..21cd11a60 100644
--- a/conf/scores.d/hfilter_group.conf
+++ b/conf/scores.d/hfilter_group.conf
@@ -130,4 +130,12 @@ symbols = {
         weight = 2.5;
         description = "One line URL and text in body";
     }
+    "RDNS_NONE" {
+        weight = 2.0;
+        description = "Cannot resolve reverse DNS for sender's IP";
+    }
+    "RDNS_DNSFAIL" {
+        weight = 0.0;
+        description = "PTR verification DNS error";
+    }
 }
diff --git a/conf/scores.d/policies_group.conf b/conf/scores.d/policies_group.conf
index 4a8bdb6b7..712c61523 100644
--- a/conf/scores.d/policies_group.conf
+++ b/conf/scores.d/policies_group.conf
@@ -55,6 +55,11 @@ symbols = {
         description = "SPF record is malformed or persistent DNS error";
         groups = ["spf"];
     }
+    "R_SPF_PLUSALL" {
+        weight = 4.0;
+        description = "SPF record allows to send from any IP";
+        groups = ["spf"];
+    }
 
     # DKIM
     "R_DKIM_REJECT" {
diff --git a/conf/scores.d/rbl_group.conf b/conf/scores.d/rbl_group.conf
index ef29ed2fa..6a59b865f 100644
--- a/conf/scores.d/rbl_group.conf
+++ b/conf/scores.d/rbl_group.conf
@@ -162,9 +162,160 @@ symbols = {
         groups = ["spamhaus", "blocked"];
     }
 
-    "RBL_SENDERSCORE" {
+    "RBL_SENDERSCORE_UNKNOWN" {
+        weight = 0.0;
+        description = "Unrecognised result from SenderScore RPBL";
+    }
+    "RBL_SENDERSCORE_BOT" {
+        weight = 2.0;
+        description = "From address is listed in SenderScore RPBL - botnet";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_NA" {
+        weight = 0.0;
+        description = "From address is listed in SenderScore RPBL - noauth";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_NA_BOT" {
+        weight = 1.0;
+        description = "From address is listed in SenderScore RPBL - noauth+botnet";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_PRST" {
         weight = 2.0;
-        description = "From address is listed in senderscore.com BL";
+        description = "From address is listed in SenderScore RPBL - pristine";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_PRST_BOT" {
+        weight = 3.0;
+        description = "From address is listed in SenderScore RPBL - pristine+botnet";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_PRST_NA" {
+        weight = 2.0;
+        description = "From address is listed in SenderScore RPBL - pristine+noauth";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_PRST_NA_BOT" {
+        weight = 3.0;
+        description = "From address is listed in SenderScore RPBL - pristine+noauth+botnet";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_SUS_ATT" {
+        weight = 1.0;
+        description = "From address is listed in SenderScore RPBL - suspect_attachments";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_SUS_ATT_NA" {
+        weight = 1.0;
+        description = "From address is listed in SenderScore RPBL - suspect_attachments+noauth";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_SUS_ATT_NA_BOT" {
+        weight = 1.5;
+        description = "From address is listed in SenderScore RPBL - suspect_attachments+noauth+botnet";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_SUS_ATT_PRST_NA" {
+        weight = 3.0;
+        description = "From address is listed in SenderScore RPBL - suspect_attachments+pristine+noauth";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_SUS_ATT_PRST_NA_BOT" {
+        weight = 3.5;
+        description = "From address is listed in SenderScore RPBL - suspect_attachments+pristine+noauth+botnet";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_SCORE" {
+        weight = 2.0;
+        description = "From address is listed in SenderScore RPBL - sender_score";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_SCORE_NA" {
+        weight = 2.0;
+        description = "From address is listed in SenderScore RPBL - sender_score+noauth";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_SCORE_PRST" {
+        weight = 4.0;
+        description = "From address is listed in SenderScore RPBL - sender_score+pristine";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_SCORE_PRST_NA" {
+        weight = 4.0;
+        description = "From address is listed in SenderScore RPBL - sender_score+pristine+noauth";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_SCORE_SUS_ATT_NA" {
+        weight = 3.0;
+        description = "From address is listed in SenderScore RPBL - sender_score+suspect_attachments+noauth";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_BLOCKED" {
+        weight = 0.0;
+        description = "Excessive number of queries to SenderScore RPBL, more info: https://knowledge.validity.com/hc/en-us/articles/20961730681243";
+        groups = ["senderscore", "blocked"];
+    }
+
+    "RBL_SENDERSCORE_REPUT_UNKNOWN" {
+        weight = 0.0;
+        description = "Unrecognized result from SenderScore Reputation list.";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_REPUT_0" {
+        weight = 4.0;
+        description = "SenderScore Reputation: Very Bad (0-9).";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_REPUT_1" {
+        weight = 3.5;
+        description = "SenderScore Reputation: Bad (10-19).";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_REPUT_2" {
+        weight = 3.0;
+        description = "SenderScore Reputation: Bad (20-29).";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_REPUT_3" {
+        weight = 2.5;
+        description = "SenderScore Reputation: Bad (30-39).";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_REPUT_4" {
+        weight = 2.0;
+        description = "SenderScore Reputation: Bad (40-49).";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_REPUT_5" {
+        weight = 1.5;
+        description = "SenderScore Reputation: Bad (50-59).";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_REPUT_6" {
+        weight = 1.0;
+        description = "SenderScore Reputation: Bad (60-69).";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_REPUT_7" {
+        weight = 0.5;
+        description = "SenderScore Reputation: Bad (70-79).";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_REPUT_8" {
+        weight = 0.0;
+        description = "SenderScore Reputation: Neutral (80-89).";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_REPUT_9" {
+        weight = -1.0;
+        description = "SenderScore Reputation: Good (90-100).";
+        groups = ["senderscore"];
+    }
+    "RBL_SENDERSCORE_REPUT_BLOCKED" {
+        weight = 0.0;
+        description = "Excessive number of queries to SenderScore RPBL, more info: https://knowledge.validity.com/hc/en-us/articles/20961730681243";
+        groups = ["senderscore", "blocked"];
     }
 
     "MAILSPIKE" {
diff --git a/conf/scores.d/surbl_group.conf b/conf/scores.d/surbl_group.conf
index 89579ca15..255c03214 100644
--- a/conf/scores.d/surbl_group.conf
+++ b/conf/scores.d/surbl_group.conf
@@ -214,13 +214,13 @@ symbols = {
         groups = ["uribl"];
     }
     "URIBL_RED" {
-        weight = 3.5;
+        weight = 0.5;
         description = "A domain in the message is listed in URIBL.com red";
         one_shot = true;
         groups = ["uribl"];
     }
     "URIBL_GREY" {
-        weight = 1.5;
+        weight = 2.5;
         description = "A domain in the message is listed in URIBL.com grey";
         one_shot = true;
         groups = ["uribl"];
diff --git a/conf/statistic.conf b/conf/statistic.conf
index 0ba8302e8..36d418935 100644
--- a/conf/statistic.conf
+++ b/conf/statistic.conf
@@ -19,6 +19,7 @@
 # Module documentation: https://rspamd.com/doc/configuration/statistic.html
 
 classifier "bayes" {
+  # name = "custom";  # 'name' parameter must be set if multiple classifiers are defined
   tokenizer {
     name = "osb";
   }