diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-12-24 14:42:52 +0000 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-12-24 14:42:52 +0000 |
commit | a136f681432ba4b1ea0b127a3d80fdf4b004ae53 (patch) | |
tree | edd9fe4c49b277bb2b549336ee19d9d6d1e0bdf9 /rules/regexp | |
parent | e73170c271165ea79c4f29cc26d89103f99ad228 (diff) | |
download | rspamd-a136f681432ba4b1ea0b127a3d80fdf4b004ae53.tar.gz rspamd-a136f681432ba4b1ea0b127a3d80fdf4b004ae53.zip |
Remove R_TO_SEEMS_AUTO as it generates a lot of FP
Diffstat (limited to 'rules/regexp')
-rw-r--r-- | rules/regexp/headers.lua | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index 50bc4d07e..e0679c583 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -6,9 +6,9 @@ -- The ASF licenses this file to you under the Apache License, Version 2.0 -- (the "License"); you may not use this file except in compliance with -- the License. You may obtain a copy of the License at: --- +-- -- http://www.apache.org/licenses/LICENSE-2.0 --- +-- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -35,11 +35,11 @@ reconf['R_NO_SPACE_IN_FROM'] = 'From=/\\S<[-\\w\\.]+\\@[-\\w\\.]+>/X' rspamd_config.MISSING_SUBJECT = function(task) local hdr = task:get_header('Subject') - + if not hdr or #hdr == 0 then return true end - + return false end @@ -66,16 +66,13 @@ reconf['MISSING_MID'] = '!header_exists(Message-Id)'; -- Received seems to be fake reconf['R_RCVD_SPAMBOTS'] = 'Received=/^from \\[\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\] by [-.\\w+]{5,255}; [SMTWF][a-z][a-z], [\\s\\d]?\\d [JFMAJSOND][a-z][a-z] \\d{4} \\d{2}:\\d{2}:\\d{2} [-+]\\d{4}$/mH' --- To header seems to be autogenerated -reconf['R_TO_SEEMS_AUTO'] = 'To=/^\\"?(?<bt>[-.\\w]{1,64})\\"?\\s<\\k<bt>\\@/H' - -- Charset is missing in message reconf['R_MISSING_CHARSET']= string.format('content_type_is_type(text) & !content_type_has_param(charset) & !%s', r_cte_7bit); -- Subject seems to be spam reconf['R_SAJDING'] = 'Subject=/\\bsajding(?:om|a)?\\b/iH' --- Find forged Outlook MUA +-- Find forged Outlook MUA -- Yahoo groups messages local yahoo_bulk = 'Received=/from \\[\\S+\\] by \\S+\\.(?:groups|scd|dcn)\\.yahoo\\.com with NNFMP/H' -- Outlook MUA @@ -169,7 +166,7 @@ local sympatico_msgid = 'Message-Id=/^<?BAYC\\d+-PASMTP\\d+[A-Z0-9]{25}\\@CEZ\\. -- Mailman message id local mailman_msgid = 'Message-ID=/^<mailman\\.\\d+\\.\\d+\\.\\d+\\..+\\@\\S+>$/H' -- Message id seems to be forged -local unusable_msgid = string.format('(%s | %s | %s | %s | %s | %s)', +local unusable_msgid = string.format('(%s | %s | %s | %s | %s | %s)', lyris_ezml_remailer, wacky_sendmail_version, iplanet_messaging_server, hotmail_baydav_msgid, sympatico_msgid, mailman_msgid) -- Outlook express data seems to be forged local forged_oe = string.format('(%s & !%s & !%s & !%s)', oe_mua, oe_msgid_1, oe_msgid_2, unusable_msgid) @@ -185,12 +182,12 @@ local forged_outlook_dollars = string.format('(%s & !%s & !%s & !%s & !%s & !%s) local fmo_excl_o3416 = 'X-Mailer=/^Microsoft Outlook, Build 10.0.3416$/H' local fmo_excl_oe3790 = 'X-Mailer=/^Microsoft Outlook Express 6.00.3790.3959$/H' -- Summary rule for forged outlook -reconf['FORGED_MUA_OUTLOOK'] = string.format('(%s | %s) & !%s & !%s & !%s', +reconf['FORGED_MUA_OUTLOOK'] = string.format('(%s | %s) & !%s & !%s & !%s', forged_oe, forged_outlook_dollars, fmo_excl_o3416, fmo_excl_oe3790, vista_msgid) -- HTML outlook signs local mime_html = 'content_type_is_type(text) & content_type_is_subtype(/.?html/)' -local tag_exists_html = 'has_html_tag(html)' +local tag_exists_html = 'has_html_tag(html)' local tag_exists_head = 'has_html_tag(head)' local tag_exists_meta = 'has_html_tag(meta)' local tag_exists_body = 'has_html_tag(body)' |