diff options
| author | Andrew Lewis <nerf@judo.za.org> | 2015-08-19 17:32:43 +0200 |
|---|---|---|
| committer | Andrew Lewis <nerf@judo.za.org> | 2015-08-19 18:15:53 +0200 |
| commit | 4e8b22d80c606e764db91b4cab4083d07413e0f1 (patch) | |
| tree | 75ee6fe57c9705d7e142d317fd32eb16317ba413 /doc/markdown/modules/phishing.md | |
| parent | e58ee7df16b4dc74a1976dd44b219b4ac48925d8 (diff) | |
| download | rspamd-4e8b22d80c606e764db91b4cab4083d07413e0f1.tar.gz rspamd-4e8b22d80c606e764db91b4cab4083d07413e0f1.zip | |
Add redirector_domains setting
Diffstat (limited to 'doc/markdown/modules/phishing.md')
| -rw-r--r-- | doc/markdown/modules/phishing.md | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/doc/markdown/modules/phishing.md b/doc/markdown/modules/phishing.md index bca4211af..12e10fde4 100644 --- a/doc/markdown/modules/phishing.md +++ b/doc/markdown/modules/phishing.md @@ -20,9 +20,6 @@ And the following URLs are considered as phished: <a href="http://t.co/xxx">http://example.com</a> <a href="http://redir.to/example.com">http://example.com</a> -Unfortunately, rspamd can generate false positives for different redirectors or -URL shorteners. In future rspamd releases, this issue is going to be fixed. - ## Configuration of phishing module Here is an example of full module configuraition. @@ -34,15 +31,29 @@ phishing { # Check only domains from this list domains = "file:///path/to/map"; + # Make exclusions for known redirectors + redirector_domains = [ + # URL/path for map, colon, name of symbol + "${CONFDIR}/redirectors.map:REDIRECTOR_FALSE" + ]; # For certain domains from the specified strict maps # use another symbol for phishing plugin strict_domains = [ - "${CONFDIR}/paypal.map:PAYPAL_PHISHING", - "${CONFDIR}/redirectors.map:REDIRECTOR_FALSE" + "${CONFDIR}/paypal.map:PAYPAL_PHISHING" ]; } ~~~ -If `domains` is unspecified then rspamd checks all domains for phishing. `strict_domains` -allows fine-grained control to avoid false positives and enforce some really bad phishing -mails, such as bank phishing or other payments system phishing. +If an anchoring (actual as opposed to phished) domain is found in a map +referenced by the `redirector_domains` setting then the related symbol is +yielded and the URL is not checked further. This allows making exclusions +for known redirectors, especially ESPs. + +Further to this, if the phished domain is found in a map referenced by +`strict_domains` the related symbol is yielded and the URL not checked +further. This allows fine-grained control to avoid false positives and +enforce some really bad phishing mails, such as bank phishing or other +payments system phishing. + +Finally, the default symbol is yielded- if `domains` is specified then +only if the phished domain is found in the related map. |