aboutsummaryrefslogtreecommitdiffstats
path: root/rules/regexp
diff options
context:
space:
mode:
authorAnton Yuzhaninov <citrin+git@citrin.ru>2020-12-21 18:40:41 +0000
committerAnton Yuzhaninov <citrin+git@citrin.ru>2020-12-21 18:40:41 +0000
commit689c49dd1ad5a588d4cd0e01044bb47407d73609 (patch)
tree78eb2c32b440979b9e3a265149a49f74caebbc37 /rules/regexp
parent3f7587fc5812c66f66bb1574507ba077e26e814c (diff)
downloadrspamd-689c49dd1ad5a588d4cd0e01044bb47407d73609.tar.gz
rspamd-689c49dd1ad5a588d4cd0e01044bb47407d73609.zip
[Minor] Add FORGED_X_MAILER rule for X-Mailer used by spamboots
Diffstat (limited to 'rules/regexp')
-rw-r--r--rules/regexp/headers.lua20
1 files changed, 20 insertions, 0 deletions
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index c47205fea..3a044c498 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -993,3 +993,23 @@ reconf['OLD_X_MAILER'] = {
score = 2.0,
group = 'headers',
}
+
+-- X-Mailer header values which should not occur (in the modern mail) at all
+local bad_x_mailers = {
+ -- header name repeated in the header value
+ [[X-Mailer: ]],
+ -- Mozilla Thunderbird uses User-Agnet header, not X-Mailer
+ -- Early Thunderbird had U-A like:
+ -- Mozilla Thunderbird 1.0.2 (Windows/20050317)
+ -- Thunderbird 2.0.0.23 (X11/20090812)
+ [[(?:Mozilla )?Thunderbird \d]],
+ -- Was used by Yahoo Groups in 2000s
+ [[eGroups Message Poster]],
+}
+
+reconf['FORGED_X_MAILER'] = {
+ description = 'Forged X-Mailer header',
+ re = string.format('X-Mailer=/^(?:%s)/', table.concat(bad_x_mailers, '|')),
+ score = 4.0,
+ group = 'headers',
+}