aboutsummaryrefslogtreecommitdiffstats
path: root/rules/regexp/headers.lua
diff options
context:
space:
mode:
authorAnton Yuzhaninov <citrin+git@citrin.ru>2020-12-13 21:10:05 +0000
committerAnton Yuzhaninov <citrin+git@citrin.ru>2020-12-14 13:31:08 +0000
commit5d6b526c6b764af902c85b0430497368b82a0368 (patch)
tree91d2811251bda4afe39a7820bf2af0c8f5569422 /rules/regexp/headers.lua
parenta7aa9adc0cb2e6046b9136992eb41c0f89a2f401 (diff)
downloadrspamd-5d6b526c6b764af902c85b0430497368b82a0368.tar.gz
rspamd-5d6b526c6b764af902c85b0430497368b82a0368.zip
[Minor] Add rule for old MUA version
These versions are rarely used by real uses nowadays, but can be found in spam.
Diffstat (limited to 'rules/regexp/headers.lua')
-rw-r--r--rules/regexp/headers.lua25
1 files changed, 25 insertions, 0 deletions
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index 21866ac7b..b760b802e 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -960,3 +960,28 @@ reconf['XM_UA_NO_VERSION'] = {
group = 'experimental'
}
+-- X-Mailer for old MUA versions which are forged by spammers
+local old_x_mailers = {
+ -- Outlook Express 6.0 was last included in Windows XP (EOL 2014). Windows
+ -- XP is still used (in 2020) by relatively small number of internet users,
+ -- but this header is widely abused by spammers.
+ 'Microsoft Outlook Express',
+ -- Qualcomm Eudora for Windows 7.1.0.9 was released in 2006
+ [[QUALCOMM Windows Eudora (Pro )?Version [1-6]\.]],
+ -- The Bat 3.0 was released in 2004
+ [[The Bat! \(v[12]\.]],
+ -- Can be found in public maillist archives, messages circa 2000
+ [[Microsoft Outlook IMO, Build 9\.0\.]],
+ -- Outlook 2002 (Office XP)
+ [[Microsoft Outlook, Build 10\.]],
+ -- Some old Apple iOS version are used on old devices, so instead of matching
+ -- all old versions, match only versions seen in spam
+ [[i(Phone|Pad) Mail \((?:12[A-Z]|13E)]],
+}
+
+reconf['OLD_X_MAILER'] = {
+ description = 'X-Mailer has a very old MUA version',
+ re = string.format('X-Mailer=/^(?:%s)/', table.concat(old_x_mailers, '|')),
+ score = 2.0,
+ group = 'headers',
+}