summaryrefslogtreecommitdiffstats
path: root/doc/markdown
diff options
context:
space:
mode:
authorAndrew Lewis <nerf@judo.za.org>2015-08-19 17:32:43 +0200
committerAndrew Lewis <nerf@judo.za.org>2015-08-19 18:15:53 +0200
commit4e8b22d80c606e764db91b4cab4083d07413e0f1 (patch)
tree75ee6fe57c9705d7e142d317fd32eb16317ba413 /doc/markdown
parente58ee7df16b4dc74a1976dd44b219b4ac48925d8 (diff)
downloadrspamd-4e8b22d80c606e764db91b4cab4083d07413e0f1.tar.gz
rspamd-4e8b22d80c606e764db91b4cab4083d07413e0f1.zip
Add redirector_domains setting
Diffstat (limited to 'doc/markdown')
-rw-r--r--doc/markdown/modules/phishing.md27
1 files changed, 19 insertions, 8 deletions
diff --git a/doc/markdown/modules/phishing.md b/doc/markdown/modules/phishing.md
index bca4211af..12e10fde4 100644
--- a/doc/markdown/modules/phishing.md
+++ b/doc/markdown/modules/phishing.md
@@ -20,9 +20,6 @@ And the following URLs are considered as phished:
<a href="http://t.co/xxx">http://example.com</a>
<a href="http://redir.to/example.com">http://example.com</a>
-Unfortunately, rspamd can generate false positives for different redirectors or
-URL shorteners. In future rspamd releases, this issue is going to be fixed.
-
## Configuration of phishing module
Here is an example of full module configuraition.
@@ -34,15 +31,29 @@ phishing {
# Check only domains from this list
domains = "file:///path/to/map";
+ # Make exclusions for known redirectors
+ redirector_domains = [
+ # URL/path for map, colon, name of symbol
+ "${CONFDIR}/redirectors.map:REDIRECTOR_FALSE"
+ ];
# For certain domains from the specified strict maps
# use another symbol for phishing plugin
strict_domains = [
- "${CONFDIR}/paypal.map:PAYPAL_PHISHING",
- "${CONFDIR}/redirectors.map:REDIRECTOR_FALSE"
+ "${CONFDIR}/paypal.map:PAYPAL_PHISHING"
];
}
~~~
-If `domains` is unspecified then rspamd checks all domains for phishing. `strict_domains`
-allows fine-grained control to avoid false positives and enforce some really bad phishing
-mails, such as bank phishing or other payments system phishing.
+If an anchoring (actual as opposed to phished) domain is found in a map
+referenced by the `redirector_domains` setting then the related symbol is
+yielded and the URL is not checked further. This allows making exclusions
+for known redirectors, especially ESPs.
+
+Further to this, if the phished domain is found in a map referenced by
+`strict_domains` the related symbol is yielded and the URL not checked
+further. This allows fine-grained control to avoid false positives and
+enforce some really bad phishing mails, such as bank phishing or other
+payments system phishing.
+
+Finally, the default symbol is yielded- if `domains` is specified then
+only if the phished domain is found in the related map.