diff options
author | Vsevolod Stakhov <vsevolod@rspamd.com> | 2024-11-05 01:17:36 +0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-11-05 01:17:36 +0600 |
commit | b5ba154e32a7c72a2be852b50a92a7c681f5da04 (patch) | |
tree | 6d61a8616ea855517580a5b2c9aebf12f6af743f /conf | |
parent | 795f26c72a92919395491604f0a9739239f4f0c3 (diff) | |
parent | cb3bbb54eadf5e4148ffdad856ba4961c8a78118 (diff) | |
download | rspamd-b5ba154e32a7c72a2be852b50a92a7c681f5da04.tar.gz rspamd-b5ba154e32a7c72a2be852b50a92a7c681f5da04.zip |
Merge pull request #5209 from twesterhever/temp-auth-origin-helo-user
[Minor] Add "User" HELO in Received headers to ABUSE_FROM_INJECTOR
Diffstat (limited to 'conf')
-rw-r--r-- | conf/composites.conf | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/conf/composites.conf b/conf/composites.conf index c3669a675..34a6c170e 100644 --- a/conf/composites.conf +++ b/conf/composites.conf @@ -191,7 +191,7 @@ composites { description = "Message authenticated, but from a suspicios origin (potentially an injector)"; } ABUSE_FROM_INJECTOR { - expression = "SUSPICIOUS_AUTH_ORIGIN & (FAKE_REPLY | HAS_IPFS_GATEWAY_URL | HTML_SHORT_LINK_IMG_1)"; + expression = "SUSPICIOUS_AUTH_ORIGIN & (RCVD_HELO_USER | FAKE_REPLY | HAS_IPFS_GATEWAY_URL | HTML_SHORT_LINK_IMG_1)"; score = 2.0; policy = "leave"; description = "Message is sent from a suspicios origin and showing signs of abuse, likely spam injected in compromised account"; |