* Add descriptions for all symbols in default configuration, adjust symbols' weights [1]

* Improve rspamc output by adding '--verbose' flag

Suggested by: Victor Ustugov [1]

1 files changed, 80 insertions, 75 deletions

diff --git a/rspamd.xml.sample b/rspamd.xml.sample
index 875cb6b93..44d6a6566 100644
--- a/rspamd.xml.sample
+++ b/rspamd.xml.sample
@@ -26,7 +26,7 @@
 <!-- End of logging section -->
 
 
-<!-- Factors section -->
+<!-- Metrics section -->
 <metric>
  <name>default</name>
  <required_score>10.0</required_score>
@@ -38,153 +38,158 @@
  <!-- Weights for symbols -->
 
  <!-- Subject is missing inside message -->
- <symbol weight="2.00">MISSING_SUBJECT</symbol>
+ <symbol weight="2.00" description="Subject is missing inside message">MISSING_SUBJECT</symbol>
  <!-- Message pretends to be send from Outlook but has 'strange' tags -->
- <symbol weight="2.10">FORGED_OUTLOOK_TAGS</symbol>
+ <symbol weight="2.10" description="Message pretends to be send from Outlook but has 'strange' tags ">FORGED_OUTLOOK_TAGS</symbol>
  <!-- Sender is forged (different From: header and smtp MAIL FROM: addresses) -->
- <symbol weight="5.00">FORGED_SENDER</symbol>
+ <symbol weight="5.00" description="Sender is forged (different From: header and smtp MAIL FROM: addresses)">FORGED_SENDER</symbol>
  <!-- Recipients seems to be autogenerated (works if recipients count is more than 5) -->
- <symbol weight="3.50">SUSPICIOUS_RECIPS</symbol>
- <!--  Fake reply (has RE in subject, but has not References header) --> 
- <symbol weight="6.00">FAKE_REPLY_C</symbol>
+ <symbol weight="3.50" description="Recipients seems to be autogenerated (works if recipients count is more than 5)">SUSPICIOUS_RECIPS</symbol>
+ <!-- Fake reply (has RE in subject, but has not References header) --> 
+ <symbol weight="6.00" description="Fake reply (has RE in subject, but has not References header)">FAKE_REPLY_C</symbol>
  <!-- Messages that have only HTML part -->
- <symbol weight="1.00">MIME_HTML_ONLY</symbol>
+ <symbol weight="1.00" description="Messages that have only HTML part">MIME_HTML_ONLY</symbol>
  <!-- Forged yahoo msgid -->
- <symbol weight="2.00">FORGED_MSGID_YAHOO</symbol>
+ <symbol weight="2.00" description="Forged yahoo msgid">FORGED_MSGID_YAHOO</symbol>
  <!-- Forged The Bat! MUA headers -->
- <symbol weight="2.00">FORGED_MUA_THEBAT_BOUN</symbol>
+ <symbol weight="2.00" description="Forged The Bat! MUA headers">FORGED_MUA_THEBAT_BOUN</symbol>
  <!-- Charset is missing in a message -->
- <symbol weight="5.00">R_MISSING_CHARSET</symbol>
+ <symbol weight="5.00" description="Charset is missing in a message">R_MISSING_CHARSET</symbol>
  <!-- Two received headers with ip addresses -->
- <symbol weight="2.00">RCVD_DOUBLE_IP_SPAM</symbol>
+ <symbol weight="2.00" description="Two received headers with ip addresses">RCVD_DOUBLE_IP_SPAM</symbol>
  <!-- Forged outlook HTML signature -->
- <symbol weight="5.00">FORGED_OUTLOOK_HTML</symbol>
+ <symbol weight="5.00" description="Forged outlook HTML signature">FORGED_OUTLOOK_HTML</symbol>
  <!-- Recipients are absent or undisclosed -->
- <symbol weight="5.00">R_UNDISC_RCPT</symbol>
+ <symbol weight="5.00" description="Recipients are absent or undisclosed">R_UNDISC_RCPT</symbol>
  <!-- White color on white background in HTML messages -->
- <symbol weight="9.00">R_WHITE_ON_WHITE</symbol>
+ <symbol weight="9.00" description="White color on white background in HTML messages">R_WHITE_ON_WHITE</symbol>
  <!-- Short html part with a link to an image -->
- <symbol weight="3.00">HTML_SHORT_LINK_IMG_2</symbol>
+ <symbol weight="3.00" description="Short html part with a link to an image">HTML_SHORT_LINK_IMG_2</symbol>
  <!-- Forged outlook MUA -->
- <symbol weight="3.00">FORGED_MUA_OUTLOOK</symbol>
+ <symbol weight="3.00" description="Forged outlook MUA ">FORGED_MUA_OUTLOOK</symbol>
  <!-- Fake helo for verizon provider -->
- <symbol weight="2.00">FM_FAKE_HELO_VERIZON</symbol>
+ <symbol weight="2.00" description="Fake helo for verizon provider">FM_FAKE_HELO_VERIZON</symbol>
  <!--Quoted reply-to from yahoo (seems to be forged) --> 
- <symbol weight="2.00">REPTO_QUOTE_YAHOO</symbol>
+ <symbol weight="2.00" description="Quoted reply-to from yahoo (seems to be forged)">REPTO_QUOTE_YAHOO</symbol>
  <!-- Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange) -->
- <symbol weight="5.00">MISSING_MIMEOLE</symbol>
+ <symbol weight="5.00" description="Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange)">MISSING_MIMEOLE</symbol>
  <!-- To header is missing -->
- <symbol weight="2.00">MISSING_TO</symbol>
+ <symbol weight="2.00" description="To header is missing">MISSING_TO</symbol>
  <!-- From that contains encoded characters while base 64 is not needed as all symbols are 7bit -->
- <symbol weight="0.33">FROM_EXCESS_BASE64</symbol>
+ <symbol weight="2.0" description="From that contains encoded characters while base 64 is not needed as all symbols are 7bit">FROM_EXCESS_BASE64</symbol>
  <!-- Mixed characters in a message -->
- <symbol weight="5.00">R_MIXED_CHARSET</symbol>
+ <symbol weight="5.00" description="Mixed characters in a message">R_MIXED_CHARSET</symbol>
  <!-- Recipients list seems to be sorted -->
- <symbol weight="3.50">SORTED_RECIPS</symbol>
+ <symbol weight="3.50" description="Recipients list seems to be sorted">SORTED_RECIPS</symbol>
  <!-- Spambots signatures in received headers -->
- <symbol weight="3.00">R_RCVD_SPAMBOTS</symbol>
+ <symbol weight="3.00" description="Spambots signatures in received headers">R_RCVD_SPAMBOTS</symbol>
  <!-- To header seems to be autogenerated -->
- <symbol weight="3.00">R_TO_SEEMS_AUTO</symbol>
+ <symbol weight="2.00" description="To header seems to be autogenerated">R_TO_SEEMS_AUTO</symbol>
  <!-- Subject needs encoding -->
- <symbol weight="1.00">SUBJECT_NEEDS_ENCODING</symbol>
+ <symbol weight="1.00" description="Subject needs encoding">SUBJECT_NEEDS_ENCODING</symbol>
  <!-- Spam string at the end of message to make statistics faults 0-->
- <symbol weight="3.84">TRACKER_ID</symbol>
+ <symbol weight="3.84" description="Spam string at the end of message to make statistics faults 0">TRACKER_ID</symbol>
  <!-- No space in from header -->
- <symbol weight="3.00">R_NO_SPACE_IN_FROM</symbol>
+ <symbol weight="3.00" description="No space in from header">R_NO_SPACE_IN_FROM</symbol>
  <!-- Subject seems to be spam --> 
- <symbol weight="8.00">R_SAJDING</symbol>
+ <symbol weight="8.00" description="Subject seems to be spam">R_SAJDING</symbol>
  <!-- Detects bad content-transfer-encoding for text parts -->
- <symbol weight="3.00">R_BAD_CTE_7BIT</symbol>
+ <symbol weight="3.00" description="Detects bad content-transfer-encoding for text parts">R_BAD_CTE_7BIT</symbol>
  <!-- Flash redirect on imageshack.us -->
- <symbol weight="10.00">R_FLASH_REDIR_IMGSHACK</symbol>
+ <symbol weight="10.00" description="Flash redirect on imageshack.us">R_FLASH_REDIR_IMGSHACK</symbol>
  <!-- Message id is incorrect -->
- <symbol weight="5.00">INVALID_MSGID</symbol>
+ <symbol weight="5.00" description="Message id is incorrect">INVALID_MSGID</symbol>
  <!-- Message id is missing -->
- <symbol weight="3.00">MISSING_MID</symbol>
+ <symbol weight="3.00" description="Message id is missing ">MISSING_MID</symbol>
  <!-- Recipients are not the same as RCPT TO: mail command -->
- <symbol weight="3.00">FORGED_RECIPIENTS</symbol>
+ <symbol weight="3.00" description="Recipients are not the same as RCPT TO: mail command">FORGED_RECIPIENTS</symbol>
  <!-- Forged Exchange messages -->
- <symbol weight="2.00">RATWARE_MS_HASH</symbol>
+ <symbol weight="2.00" description="Forged Exchange messages ">RATWARE_MS_HASH</symbol>
  <!-- Reply-type in content-type -->
- <symbol weight="1.00">STOX_REPLY_TYPE</symbol>
+ <symbol weight="1.00" description="Reply-type in content-type">STOX_REPLY_TYPE</symbol>
  <!-- IP in received headers is in PBL -->
- <symbol weight="3.00">R_IP_PBL</symbol>
+ <symbol weight="3.00" description="IP in received headers is in PBL">R_IP_PBL</symbol>
  <!-- One received header in a message -->
- <symbol weight="1.00">ONCE_RECEIVED</symbol>
+ <symbol weight="1.00" description="One received header in a message ">ONCE_RECEIVED</symbol>
  <!-- One received header with 'bad' patterns inside -->
- <symbol weight="4.00">ONCE_RECEIVED_STRICT</symbol>
+ <symbol weight="4.00" description="One received header with 'bad' patterns inside">ONCE_RECEIVED_STRICT</symbol>
  <!-- Received headers contains addresses from RBL -->
- <symbol weight="1.00">RECEIVED_RBL</symbol>
+ <symbol weight="1.00" description="Received headers contains addresses from RBL">RECEIVED_RBL</symbol>
  <!-- Text and HTML parts differ -->
- <symbol weight="3.00">R_PARTS_DIFFER</symbol>
+ <symbol weight="3.00" description="Text and HTML parts differ">R_PARTS_DIFFER</symbol>
  <!-- Only Content-Type header without other MIME headers -->
- <symbol weight="2.00">MIME_HEADER_CTYPE_ONLY</symbol>
+ <symbol weight="2.00" description="Only Content-Type header without other MIME headers">MIME_HEADER_CTYPE_ONLY</symbol>
  <!-- Message contains empty parts and image -->
- <symbol weight="2.00">R_EMPTY_IMAGE</symbol>
+ <symbol weight="2.00" description="Message contains empty parts and image ">R_EMPTY_IMAGE</symbol>
 
  <!-- Drugs patterns inside message -->
- <symbol weight="2.00">DRUGS_MANYKINDS</symbol>
+ <symbol weight="2.00" description="Drugs patterns inside message">DRUGS_MANYKINDS</symbol>
  <!-- Specific drugs signatures -->
- <symbol weight="2.00">DRUGS_ANXIETY</symbol>
- <symbol weight="2.00">DRUGS_MUSCLE</symbol>
- <symbol weight="2.00">DRUGS_ANXIETY_EREC</symbol>
- <symbol weight="2.00">DRUGS_DIET</symbol>
- <symbol weight="2.00">DRUGS_ERECTILE</symbol>
+ <symbol weight="2.00" description="">DRUGS_ANXIETY</symbol>
+ <symbol weight="2.00" description="">DRUGS_MUSCLE</symbol>
+ <symbol weight="2.00" description="">DRUGS_ANXIETY_EREC</symbol>
+ <symbol weight="2.00" description="">DRUGS_DIET</symbol>
+ <symbol weight="2.00" description="">DRUGS_ERECTILE</symbol>
 
  <!-- 2 or 3 'advance fee' patterns in a message -->
- <symbol weight="3.30">ADVANCE_FEE_2</symbol>
- <symbol weight="2.12">ADVANCE_FEE_3</symbol>
+ <symbol weight="3.30" description="2 'advance fee' patterns in a message">ADVANCE_FEE_2</symbol>
+ <symbol weight="2.12" description="3 'advance fee' patterns in a message">ADVANCE_FEE_3</symbol>
 
  <!-- Lotto signatures -->
- <symbol weight="8.00">R_LOTTO</symbol>
+ <symbol weight="8.00" description="Lotto signatures">R_LOTTO</symbol>
 
  <!-- Statistics -->
- <symbol weight="3.00">BAYES_SPAM</symbol>
- <symbol weight="-3.00">BAYES_HAM</symbol>
+ <symbol weight="3.00" description="Message probably spam, probability: ">BAYES_SPAM</symbol>
+ <symbol weight="-3.00" description="Message probably ham, probability: ">BAYES_HAM</symbol>
 
  <!-- Fuzzy lists example -->
- <symbol weight="1.00">R_FUZZY</symbol>
- <symbol weight="1.00">R_FUZZY1</symbol>
- <symbol weight="1.00">R_FUZZY2</symbol>
- <symbol weight="1.00">R_FUZZY3</symbol>
+ <symbol weight="1.00" description="">R_FUZZY</symbol>
+ <symbol weight="1.00" description="">R_FUZZY1</symbol>
+ <symbol weight="1.00" description="">R_FUZZY2</symbol>
+ <symbol weight="1.00" description="">R_FUZZY3</symbol>
 
  <!-- SPF rules -->
- <symbol weight="3.00">R_SPF_FAIL</symbol>
- <symbol weight="1.00">R_SPF_SOFTFAIL</symbol>
- <symbol weight="-3.00">R_SPF_ALLOW</symbol>
+ <symbol weight="3.00" description="SPF verification failed">R_SPF_FAIL</symbol>
+ <symbol weight="1.00" description="SPF verification soft-failed">R_SPF_SOFTFAIL</symbol>
+ <symbol weight="-3.00" description="SPF verification alowed">R_SPF_ALLOW</symbol>
 
  <!-- Whitelisted client's IP --> 
- <symbol weight="-2.00">WHITELIST_IP</symbol>
+ <symbol weight="-2.00" description="Whitelisted client's IP">WHITELIST_IP</symbol>
  <!-- Message seems to be from maillist -->
- <symbol weight="-2.00">MAILLIST</symbol>
+ <symbol weight="-2.00" description="Message seems to be from maillist">MAILLIST</symbol>
 
  <!-- multi.surbl.org lists (more details at http://www.surbl.org) -->
  <!-- Phishing and malware sites -->
- <symbol weight="5.50">PH_SURBL_MULTI</symbol>
+ <symbol weight="5.50" description="Phishing and malware sites">PH_SURBL_MULTI</symbol>
  <!-- Outblaze URI Blacklist -->
- <symbol weight="5.50">OB_SURBL_MULTI</symbol>
+ <symbol weight="5.50" description="Outblaze URI Blacklist">OB_SURBL_MULTI</symbol>
  <!-- AbuseButler web sites -->
- <symbol weight="5.50">AB_SURBL_MULTI</symbol>
+ <symbol weight="5.50" description="AbuseButler web sites">AB_SURBL_MULTI</symbol>
  <!-- SpamCop web sites -->
- <symbol weight="5.50">SC_SURBL_MULTI</symbol>
+ <symbol weight="5.50" description="SpamCop web sites">SC_SURBL_MULTI</symbol>
  <!-- jwSpamSpy + Prolocation sites -->
- <symbol weight="5.50">JP_SURBL_MULTI</symbol>
+ <symbol weight="5.50" description="jwSpamSpy + Prolocation sites">JP_SURBL_MULTI</symbol>
  <!-- sa-blacklist web sites -->
- <symbol weight="5.50">WS_SURBL_MULTI</symbol>
+ <symbol weight="5.50" description="sa-blacklist web sites ">WS_SURBL_MULTI</symbol>
 
  <!-- rambler.ru uribl -->
- <symbol weight="9.50">RAMBLER_URIBL</symbol>
+ <symbol weight="9.50" description="rambler.ru uribl">RAMBLER_URIBL</symbol>
 
  <!-- rambler.ru emailbl -->
- <symbol weight="9.50">RAMBLER_EMAILBL</symbol>
+ <symbol weight="9.50" description="rambler.ru emailbl">RAMBLER_EMAILBL</symbol>
 
  <!-- Phished mail -->
- <symbol weight="5.0">PHISHING</symbol>
+ <symbol weight="5.0" description="Phished mail">PHISHING</symbol>
+
+ <!-- Recipients are not the same as RCPT TO: mail command, but from maillist -->
+ <symbol weight="-0.1" description="Recipients are not the same as RCPT TO: mail command, but from maillist">FORGED_RECIPIENTS_MAILLIST</symbol>
+
 
 </metric>
-<!-- End of factors section -->
+<!-- End of metrics section -->
 
 <!-- Composites section -->
+<composite name="FORGED_RECIPIENTS_MAILLIST">FORGED_RECIPIENTS &amp; MAILLIST</composite>
 <!-- End of composites section -->
 
 <!-- Workers section -->
@@ -310,7 +315,7 @@
 
 <!-- Emails blacklist -->
 <module name="emails">
-  <option name="rule">symbol = RAMBLER_EMAILBL, dnsbl = emailbl.rambler.ru, domain_only = false</option>
+  <option name="rule">symbol = RAMBLER_EMAILBL, dnsbl = email-bl.rambler.ru, domain_only = false</option>
   <!--
   <option name="rule">symbol = R_BAD_EMAIL1, map = file:///tmp/emails.list, domain_only = true</option>
   -->