diff options
author | Andrew Lewis <nerf@judo.za.org> | 2016-11-09 15:20:34 +0200 |
---|---|---|
committer | Andrew Lewis <nerf@judo.za.org> | 2016-11-09 15:29:04 +0200 |
commit | 137b08a00bf67f186f4903d70fd28fff2c5676e9 (patch) | |
tree | f213f7b4831316c4711336d9cfc47f71ccd983fc /rules/regexp | |
parent | 183d73976f64a8777f64c49438ca8d51b5217ce6 (diff) | |
download | rspamd-137b08a00bf67f186f4903d70fd28fff2c5676e9.tar.gz rspamd-137b08a00bf67f186f4903d70fd28fff2c5676e9.zip |
[Feature] Rule to detect some obvious X-PHP-Originating-Script forgeries
Diffstat (limited to 'rules/regexp')
-rw-r--r-- | rules/regexp/headers.lua | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index 6b43c2f05..56f710650 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -790,6 +790,13 @@ reconf['X_PHP_EVAL'] = { group = 'header' } +reconf['X_PHP_FORGED_0X'] = { + re = "X-PHP-Originating-Script=/^0\\d/X", + score = 4.0, + description = "X-PHP-Originating-Script header appears forged", + group = 'header' +} + reconf['GOOGLE_FORWARDING_MID_MISSING'] = { re = "Message-ID=/SMTPIN_ADDED_MISSING\\@mx\\.google\\.com>$/X", score = 2.5, |