diff options
author | Vsevolod Stakhov <vsevolod@rambler-co.ru> | 2011-02-09 19:42:23 +0300 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@rambler-co.ru> | 2011-02-09 19:42:23 +0300 |
commit | 8f97c6a684a47ff25166c04a1b0e96e20d4b2302 (patch) | |
tree | ff152b4de9c0993294316b6c61afe7da6ace1852 /rspamd.xml.sample | |
parent | 849a4e522197e7bbfcb0c29ca62026e10a2a6361 (diff) | |
download | rspamd-8f97c6a684a47ff25166c04a1b0e96e20d4b2302.tar.gz rspamd-8f97c6a684a47ff25166c04a1b0e96e20d4b2302.zip |
Polish sample config.
Diffstat (limited to 'rspamd.xml.sample')
-rw-r--r-- | rspamd.xml.sample | 129 |
1 files changed, 95 insertions, 34 deletions
diff --git a/rspamd.xml.sample b/rspamd.xml.sample index b56820b51..2226eb948 100644 --- a/rspamd.xml.sample +++ b/rspamd.xml.sample @@ -30,90 +30,151 @@ <metric> <name>default</name> <required_score>10.0</required_score> + <!-- Sample actions --> <action>reject</action> <action>greylist:5</action> <action>add_header:5</action> + + <!-- Weights for symbols --> + + <!-- Subject is missing inside message --> <symbol weight="2.00">MISSING_SUBJECT</symbol> + <!-- Message pretends to be send from Outlook but has 'strange' tags --> <symbol weight="2.10">FORGED_OUTLOOK_TAGS</symbol> + <!-- Sender is forged (different From: header and smtp MAIL FROM: addresses) --> <symbol weight="5.00">FORGED_SENDER</symbol> - <symbol weight="2.00">DRUGS_MANYKINDS</symbol> - <symbol weight="3.30">ADVANCE_FEE_2</symbol> - <symbol weight="2.12">ADVANCE_FEE_3</symbol> + <!-- Recipients seems to be autogenerated (works if recipients count is more than 5) --> <symbol weight="3.50">SUSPICIOUS_RECIPS</symbol> + <!-- Fake reply (has RE in subject, but has not References header) --> <symbol weight="6.00">FAKE_REPLY_C</symbol> + <!-- Messages that have only HTML part --> <symbol weight="1.00">MIME_HTML_ONLY</symbol> - <symbol weight="5.50">AB_SURBL_MULTI</symbol> + <!-- Forged yahoo msgid --> <symbol weight="2.00">FORGED_MSGID_YAHOO</symbol> - <symbol weight="5.50">SC_SURBL_MULTI</symbol> + <!-- Forged The Bat! MUA headers --> <symbol weight="2.00">FORGED_MUA_THEBAT_BOUN</symbol> + <!-- Charset is missing in a message --> <symbol weight="5.00">R_MISSING_CHARSET</symbol> + <!-- Two received headers with ip addresses --> <symbol weight="2.00">RCVD_DOUBLE_IP_SPAM</symbol> - <symbol weight="5.50">OB_SURBL_MULTI</symbol> + <!-- Forged outlook HTML signature --> <symbol weight="5.00">FORGED_OUTLOOK_HTML</symbol> - <symbol weight="-2.00">WHITELIST_IP</symbol> + <!-- Recipients are absent or undisclosed --> <symbol weight="5.00">R_UNDISC_RCPT</symbol> - <symbol weight="2.00">DRUGS_ANXIETY</symbol> - <symbol weight="2.00">DRUGS_MUSCLE</symbol> - <symbol weight="2.00">DRUGS_ANXIETY_EREC</symbol> - <symbol weight="5.50">PH_SURBL_MULTI</symbol> + <!-- White color on white background in HTML messages --> <symbol weight="9.00">R_WHITE_ON_WHITE</symbol> + <!-- Short html part with a link to an image --> <symbol weight="3.00">HTML_SHORT_LINK_IMG_2</symbol> + <!-- Forged outlook MUA --> <symbol weight="3.00">FORGED_MUA_OUTLOOK</symbol> - <symbol weight="2.00">DRUGS_ERECTILE</symbol> + <!-- Fake helo for verizon provider --> <symbol weight="2.00">FM_FAKE_HELO_VERIZON</symbol> + <!--Quoted reply-to from yahoo (seems to be forged) --> <symbol weight="2.00">REPTO_QUOTE_YAHOO</symbol> + <!-- Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange) --> <symbol weight="5.00">MISSING_MIMEOLE</symbol> - <symbol weight="9.50">RAMBLER_URIBL</symbol> + <!-- To header is missing --> <symbol weight="2.00">MISSING_TO</symbol> - <symbol weight="0.33">FROM_EXCESS_BASE64</symbol> - <symbol weight="-5.00">FROM_WORLDBANK</symbol> - <symbol weight="-5.00">FROM_CBR</symbol> - <symbol weight="-5.00">FROM_CSHOP</symbol> - <symbol weight="-5.00">FROM_MIRHOSTING</symbol> - <symbol weight="-5.00">FROM_PASSIFLORA</symbol> - <symbol weight="10.00">R_SPAM_FROM_VALUEHOST</symbol> + <!-- From that contains encoded characters while base 64 is not needed as all symbols are 7bit --> + <symbol weight="0.33">FROM_EXCESS_BASE64</symbol> + <!-- Mixed characters in a message --> <symbol weight="5.00">R_MIXED_CHARSET</symbol> + <!-- Recipients list seems to be sorted --> <symbol weight="3.50">SORTED_RECIPS</symbol> + <!-- Spambots signatures in received headers --> <symbol weight="3.00">R_RCVD_SPAMBOTS</symbol> - <symbol weight="5.50">JP_SURBL_MULTI</symbol> + <!-- To header seems to be autogenerated --> <symbol weight="3.00">R_TO_SEEMS_AUTO</symbol> + <!-- Subject needs encoding --> <symbol weight="1.00">SUBJECT_NEEDS_ENCODING</symbol> + <!-- Spam string at the end of message to make statistics faults 0--> <symbol weight="3.84">TRACKER_ID</symbol> - <symbol weight="8.00">R_LOTTO</symbol> + <!-- No space in from header --> <symbol weight="3.00">R_NO_SPACE_IN_FROM</symbol> + <!-- Subject seems to be spam --> <symbol weight="8.00">R_SAJDING</symbol> + <!-- Detects bad content-transfer-encoding for text parts --> <symbol weight="6.00">R_BAD_CTE_7BIT</symbol> - <symbol weight="5.50">WS_SURBL_MULTI</symbol> + <!-- Flash redirect on imageshack.us --> <symbol weight="10.00">R_FLASH_REDIR_IMGSHACK</symbol> + <!-- Message id is incorrect --> <symbol weight="5.00">INVALID_MSGID</symbol> + <!-- Message id is missing --> <symbol weight="3.00">MISSING_MID</symbol> - <symbol weight="2.00">DRUGS_DIET</symbol> + <!-- Recipients are not the same as RCPT TO: mail command --> <symbol weight="3.00">FORGED_RECIPIENTS</symbol> + <!-- Forged Exchange messages --> <symbol weight="2.00">RATWARE_MS_HASH</symbol> + <!-- Reply-type in content-type --> <symbol weight="1.00">STOX_REPLY_TYPE</symbol> + <!-- IP in received headers is in PBL --> + <symbol weight="3.00">R_IP_PBL</symbol> + <!-- One received header in a message --> + <symbol weight="1.00">ONCE_RECEIVED</symbol> + <!-- One received header with 'bad' patterns inside --> + <symbol weight="4.00">ONCE_RECEIVED_STRICT</symbol> + <!-- Received headers contains addresses from RBL --> + <symbol weight="1.00">RECEIVED_RBL</symbol> + <!-- Text and HTML parts differ --> + <symbol weight="3.00">R_PARTS_DIFFER</symbol> + <!-- Only Content-Type header without other MIME headers --> + <symbol weight="2.00">MIME_HEADER_CTYPE_ONLY</symbol> + <!-- Message contains empty parts and image --> + <symbol weight="2.00">R_EMPTY_IMAGE</symbol> + + <!-- Drugs patterns inside message --> + <symbol weight="2.00">DRUGS_MANYKINDS</symbol> + <!-- Specific drugs signatures --> + <symbol weight="2.00">DRUGS_ANXIETY</symbol> + <symbol weight="2.00">DRUGS_MUSCLE</symbol> + <symbol weight="2.00">DRUGS_ANXIETY_EREC</symbol> + <symbol weight="2.00">DRUGS_DIET</symbol> + <symbol weight="2.00">DRUGS_ERECTILE</symbol> + + <!-- 2 or 3 'advance fee' patterns in a message --> + <symbol weight="3.30">ADVANCE_FEE_2</symbol> + <symbol weight="2.12">ADVANCE_FEE_3</symbol> + + <!-- Lotto signatures --> + <symbol weight="8.00">R_LOTTO</symbol> + + <!-- Statistics --> <symbol weight="3.00">BAYES_SPAM</symbol> <symbol weight="-3.00">BAYES_HAM</symbol> + + <!-- Fuzzy lists example --> <symbol weight="1.00">R_FUZZY</symbol> <symbol weight="1.00">R_FUZZY1</symbol> <symbol weight="1.00">R_FUZZY2</symbol> <symbol weight="1.00">R_FUZZY3</symbol> - + + <!-- SPF rules --> <symbol weight="3.00">R_SPF_FAIL</symbol> <symbol weight="1.00">R_SPF_SOFTFAIL</symbol> <symbol weight="-3.00">R_SPF_ALLOW</symbol> - - <symbol weight="-2.00">MAILLIST</symbol> - <symbol weight="3.00">R_IP_PBL</symbol> + <!-- Whitelisted client's IP --> + <symbol weight="-2.00">WHITELIST_IP</symbol> + <!-- Message seems to be from maillist --> + <symbol weight="-2.00">MAILLIST</symbol> + <!-- multi.surbl.org lists (more details at http://www.surbl.org) --> + <!-- Phishing and malware sites --> + <symbol weight="5.50">PH_SURBL_MULTI</symbol> + <!-- Outblaze URI Blacklist --> + <symbol weight="5.50">OB_SURBL_MULTI</symbol> + <!-- AbuseButler web sites --> + <symbol weight="5.50">AB_SURBL_MULTI</symbol> + <!-- SpamCop web sites --> + <symbol weight="5.50">SC_SURBL_MULTI</symbol> + <!-- jwSpamSpy + Prolocation sites --> + <symbol weight="5.50">JP_SURBL_MULTI</symbol> + <!-- sa-blacklist web sites --> + <symbol weight="5.50">WS_SURBL_MULTI</symbol> - <symbol weight="1.00">ONCE_RECEIVED</symbol> - <symbol weight="4.00">ONCE_RECEIVED_STRICT</symbol> + <!-- rambler.ru uribl --> + <symbol weight="9.50">RAMBLER_URIBL</symbol> - <symbol weight="1.00">RECEIVED_RBL</symbol> - - <symbol weight="3.00">R_PARTS_DIFFER</symbol> - <symbol weight="2.00">MIME_HEADER_CTYPE_ONLY</symbol> </metric> <!-- End of factors section --> |