Merge pull request #4681 from twesterhever/temp-suspicious-url-composite

[Enhancement] Add composite rule for suspicious URLs in suspicious messages
author: Vsevolod Stakhov <vsevolod@rspamd.com> 2023-11-03 15:25:41 +0000
committer: GitHub <noreply@github.com> 2023-11-03 15:25:41 +0000
commit: c4bdf929ffafea67475bfe791af49768ed42a603 (patch)
tree: d6a0ddaca8997df19ae832123929d193e31fb61b /conf
parent: 740e1833a5fb8e912aa0c9c4bd3dd7a63ca488c9 (diff)
parent: 8f6fced6f01cf5fb3c5b8b9391f989fc1fdc1098 (diff)
download: rspamd-c4bdf929ffafea67475bfe791af49768ed42a603.tar.gz
rspamd-c4bdf929ffafea67475bfe791af49768ed42a603.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/conf/composites.conf b/conf/composites.conf
index fe89808fb..df5543be6 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -181,6 +181,12 @@ composites {
     description = "Fake reply exhibiting characteristics of being injected into a compromised mail server, possibly e-mail thread hijacking";
     group = "compromised_hosts";
   }
+  SUSPICIOUS_URL_IN_SUSPICIOUS_MESSAGE {
+    expression = "(REDIRECTOR_URL | HAS_ANON_DOMAIN | HAS_IPFS_GATEWAY_URL) & (-g+:fuzzy | -g+:statistics | -g+:surbl | -g+:rbl)";
+    score = 1.0;
+    policy = "leave";
+    description = "Message contains redirector, anonymous or IPFS gateway URL and is marked by fuzzy/bayes/SURBL/RBL";
+  }
 
   .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
   .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
author	Vsevolod Stakhov <vsevolod@rspamd.com>	2023-11-03 15:25:41 +0000
committer	GitHub <noreply@github.com>	2023-11-03 15:25:41 +0000
commit	c4bdf929ffafea67475bfe791af49768ed42a603 (patch)
tree	d6a0ddaca8997df19ae832123929d193e31fb61b /conf
parent	740e1833a5fb8e912aa0c9c4bd3dd7a63ca488c9 (diff)
parent	8f6fced6f01cf5fb3c5b8b9391f989fc1fdc1098 (diff)
download	rspamd-c4bdf929ffafea67475bfe791af49768ed42a603.tar.gz rspamd-c4bdf929ffafea67475bfe791af49768ed42a603.zip