summaryrefslogtreecommitdiffstats
path: root/rules/regexp
diff options
context:
space:
mode:
authorAndrew Lewis <nerf@judo.za.org>2016-11-09 15:20:34 +0200
committerAndrew Lewis <nerf@judo.za.org>2016-11-09 15:29:04 +0200
commit137b08a00bf67f186f4903d70fd28fff2c5676e9 (patch)
treef213f7b4831316c4711336d9cfc47f71ccd983fc /rules/regexp
parent183d73976f64a8777f64c49438ca8d51b5217ce6 (diff)
downloadrspamd-137b08a00bf67f186f4903d70fd28fff2c5676e9.tar.gz
rspamd-137b08a00bf67f186f4903d70fd28fff2c5676e9.zip
[Feature] Rule to detect some obvious X-PHP-Originating-Script forgeries
Diffstat (limited to 'rules/regexp')
-rw-r--r--rules/regexp/headers.lua7
1 files changed, 7 insertions, 0 deletions
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index 6b43c2f05..56f710650 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -790,6 +790,13 @@ reconf['X_PHP_EVAL'] = {
group = 'header'
}
+reconf['X_PHP_FORGED_0X'] = {
+ re = "X-PHP-Originating-Script=/^0\\d/X",
+ score = 4.0,
+ description = "X-PHP-Originating-Script header appears forged",
+ group = 'header'
+}
+
reconf['GOOGLE_FORWARDING_MID_MISSING'] = {
re = "Message-ID=/SMTPIN_ADDED_MISSING\\@mx\\.google\\.com>$/X",
score = 2.5,