Be more clever about forged MUA rules and maillist.

author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2015-05-06 10:05:27 +0100
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2015-05-06 10:05:27 +0100
commit: cfd7e090d7ea199b524e4ab7c25525081875147b (patch)
tree: f499d16024480b2f52c642e777811866dc723d63 /conf
parent: 836939f0cce79dbcd14338982dabc632dcc0928f (diff)
download: rspamd-cfd7e090d7ea199b524e4ab7c25525081875147b.tar.gz
rspamd-cfd7e090d7ea199b524e4ab7c25525081875147b.zip
2 files changed, 19 insertions, 28 deletions
diff --git a/conf/composites.conf b/conf/composites.conf
index 3166c57b5..0c8e0d4e8 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -9,12 +9,8 @@ composite {
     expression = "FORGED_SENDER & -MAILLIST";
 }
 composite {
-    name = "FORGED_MUA_OUTLOOK_MAILLIST";
-    expression = "FORGED_MUA_OUTLOOK and -MAILLIST";
-}
-composite {
-    name = "FORGED_MUA_THUNDERBIRD_MSGID_MAILLIST";
-    expression = "(FORGED_MUA_THUNDERBIRD_MSGID or FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN) and -MAILLIST";
+    name = "FORGED_MUA_MAILLIST";
+    expression = "g:mua and -MAILLIST";
 }
 composite {
     name = "RBL_SPAMHAUS_XBL";
diff --git a/conf/metrics.conf b/conf/metrics.conf
index de59b04ef..49f179e9f 100644
--- a/conf/metrics.conf
+++ b/conf/metrics.conf
@@ -13,7 +13,7 @@ metric {
 	};
 	
 	group {
-		name = "Header checks";
+		name = "header";
 	    symbol {
 	        weight = 2.0;
 	        description = "Subject is missing inside message";
@@ -347,7 +347,7 @@ metric {
     }
     
     group {
-    	name = "Forged MUA";
+    	name = "mua";
 	    symbol {
 	        weight = 4.0;
 	        description = "Message pretends to be send from The Bat! but has forged Message-ID";
@@ -394,11 +394,6 @@ metric {
 	        name = "FORGED_MUA_THUNDERBIRD_MSGID";
 	    }
 	    symbol {
-	        weight = 0.0;
-	        description = "Avoid false positives for FORGED_MUA_THUNDERBIRD_MSGID in maillist";
-	        name = "FORGED_MUA_THUNDERBIRD_MSGID_MAILLIST";
-	    }
-	    symbol {
 	        weight = 2.500000;
 	        description = "Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID";
 	        name = "FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN";
@@ -418,15 +413,15 @@ metric {
 	        description = "Forged outlook MUA";
 	        name = "FORGED_MUA_OUTLOOK";
 	    }
-	    symbol {
-	        weight = 0.0;
-	        description = "Forged outlook MUA, but from maillist";
-	        name = "FORGED_MUA_OUTLOOK_MAILLIST";
-	    }
     }
+	symbol {
+		weight = 0.0;
+		description = "Avoid false positives for FORGED_MUA_* in maillist";
+		name = "FORGED_MUA_MAILLIST";
+	}
     
 	group {
-		name = "Body checks";
+		name = "body";
 	    symbol {
 	        weight = 9.0;
 	        description = "White color on white background in HTML messages";
@@ -516,7 +511,7 @@ metric {
     }
     
     group {
-    	name = "RBL";
+    	name = "rbl";
 	    symbol { name = "DNSWL_BLOCKED"; weight = 0.0; description = "Resolver blocked due to excessive queries"; }
 	    symbol { name = "RCVD_IN_DNSWL"; weight = 0.0; description = "Sender listed at http://www.dnswl.org"; }
 	    symbol { name = "RCVD_IN_DNSWL_NONE"; weight = -0.05; description = "Sender listed at http://www.dnswl.org, low none"; }
@@ -627,7 +622,7 @@ metric {
 	}
 	
 	group {
-		name = "Bayes";
+		name = "bayes";
 		
 	    symbol {
 	        weight = 3.0;
@@ -642,7 +637,7 @@ metric {
 	}
 	
 	group {
-		name = "Fuzzy";
+		name = "fuzzy";
 	    symbol {
 	        weight = 5.0;
 	        description = "Generic fuzzy hash match";
@@ -666,7 +661,7 @@ metric {
 	}
 	
 	group {
-		name = "SPF";
+		name = "spf";
 	    symbol {
 	        weight = 1.0;
 	        description = "SPF verification failed";
@@ -690,7 +685,7 @@ metric {
 	}
 	
 	group {
-		name = "DKIM";
+		name = "dkim";
 	    symbol {
 	        weight = 1.0;
 	        description = "DKIM verification failed";
@@ -709,7 +704,7 @@ metric {
 	}
     
     group {
-    	name = "URL blacklists";
+    	name = "surbl";
 	    symbol {
 	        weight = 5.500000;
 	        description = "SURBL: Phishing sites";
@@ -830,7 +825,7 @@ metric {
     }
     
     group {
-    	name = "Phishing";
+    	name = "phishing";
     	
     	symbol {
         	weight = 5.0;
@@ -840,7 +835,7 @@ metric {
     }
 	
 	group {
-		name = "Date checks";
+		name = "date";
 		
 	    symbol {
 	        weight = 4.0;
@@ -860,7 +855,7 @@ metric {
     }
 	
 	group {
-		name = "Hfilter rules";
+		name = "hfilter";
 		
 	    symbol { weight = 4.00; name = "HFILTER_HELO_BAREIP"; description = "Helo host is bare ip"; }
 	    symbol { weight = 4.50; name = "HFILTER_HELO_BADIP"; description = "Helo host is very bad ip"; }
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2015-05-06 10:05:27 +0100
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2015-05-06 10:05:27 +0100
commit	cfd7e090d7ea199b524e4ab7c25525081875147b (patch)
tree	f499d16024480b2f52c642e777811866dc723d63 /conf
parent	836939f0cce79dbcd14338982dabc632dcc0928f (diff)
download	rspamd-cfd7e090d7ea199b524e4ab7c25525081875147b.tar.gz rspamd-cfd7e090d7ea199b524e4ab7c25525081875147b.zip