Merge branch 'master' into temp-add-ipfs-heuristics

9 files changed, 37 insertions, 12 deletions

diff --git a/rules/content.lua b/rules/content.lua
index 038d4f63a..0936f5898 100644
--- a/rules/content.lua
+++ b/rules/content.lua
@@ -113,4 +113,4 @@ rspamd_config:register_symbol{
   name = 'PDF_TIMEOUT',
   parent = id,
   groups = {"content", "pdf"},
-}
\ No newline at end of file
+}
diff --git a/rules/forwarding.lua b/rules/forwarding.lua
index f88c767ab..7d79a0c31 100644
--- a/rules/forwarding.lua
+++ b/rules/forwarding.lua
@@ -153,4 +153,3 @@ rspamd_config.FORWARDED = {
   description = "Message was forwarded",
   group = "forwarding"
 }
-
diff --git a/rules/headers_checks.lua b/rules/headers_checks.lua
index d88847003..7a02bc2eb 100644
--- a/rules/headers_checks.lua
+++ b/rules/headers_checks.lua
@@ -42,7 +42,7 @@ local rcvd_cb_id = rspamd_config:register_symbol{
     local nreceived = fun.reduce(function(acc, rcvd)
         return acc + 1
       end, 0, fun.filter(function(h)
-        return not h['artificial']
+        return not h['flags']['artificial']
       end, received))
 
     for k,v in pairs(cnts) do
diff --git a/rules/html.lua b/rules/html.lua
index 6427a325a..e2345e45d 100644
--- a/rules/html.lua
+++ b/rules/html.lua
@@ -396,7 +396,7 @@ rspamd_config.HTTP_TO_HTTPS = {
     return false
   end,
   description = 'Anchor text contains different scheme to target URL',
-  score = 2.0,
+  score = 0.5,
   group = 'html'
 }
 
diff --git a/rules/mid.lua b/rules/mid.lua
index 0d3e52c24..14c701cf6 100644
--- a/rules/mid.lua
+++ b/rules/mid.lua
@@ -105,3 +105,23 @@ rspamd_config:set_metric_symbol('MID_CONTAINS_TO', 1.0, 'Message-ID contains To
 rspamd_config:register_virtual_symbol('MID_RHS_MATCH_TO', 1.0, check_mid_id)
 rspamd_config:set_metric_symbol('MID_RHS_MATCH_TO', 1.0, 'Message-ID RHS matches To domain', 'default', 'Message ID')
 
+-- Another check from https://github.com/rspamd/rspamd/issues/4299
+rspamd_config:register_symbol {
+  type = 'normal,mime',
+  group = 'mid',
+  name = 'MID_END_EQ_FROM_USER_PART',
+  description = 'Message-ID RHS (after @) and MIME from local part are the same',
+  score = 4.0,
+
+  callback = function(task)
+    local mid = task:get_header('Message-ID')
+    if not mid then return end
+    local mime_from = task:get_from('mime')
+    local _,_,mid_realm = mid:find("@([a-z]+)>?$")
+    if mid_realm and mime_from and mime_from[1] and mime_from[1].user then
+      if (mid_realm == mime_from[1].user) then
+        return true
+      end
+    end
+  end
+}
diff --git a/rules/regexp/compromised_hosts.lua b/rules/regexp/compromised_hosts.lua
index 0a9a9f0aa..cfd560bc2 100644
--- a/rules/regexp/compromised_hosts.lua
+++ b/rules/regexp/compromised_hosts.lua
@@ -211,4 +211,3 @@ reconf['WWW_DOT_DOMAIN'] = {
   score = 0.5,
   group = "compromised_hosts"
 }
-
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index 9a01426fc..a2b95c2c7 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -439,7 +439,7 @@ reconf['FORGED_MUA_OPERA_MSGID'] = {
 -- Detect forged Mozilla Mail/Thunderbird/Seamonkey/Postbox headers
 -- Mozilla based X-Mailer
 local user_agent_mozilla5	= 'User-Agent=/^\\s*Mozilla\\/5\\.0/H'
-local user_agent_thunderbird	= 'User-Agent=/^\\s*(Thunderbird|Mozilla Thunderbird|Mozilla\\/.*Gecko\\/.*(Thunderbird|Icedove)\\/)/H'
+local user_agent_thunderbird	= 'User-Agent=/^\\s*(Thunderbird|Mozilla Thunderbird|Mozilla\\/.*Gecko\\/.*(Thunderbird|Betterbird|Icedove)\\/)/H'
 local user_agent_seamonkey	= 'User-Agent=/^\\s*Mozilla\\/5\\.0\\s.+\\sSeaMonkey\\/\\d+\\.\\d+/H'
 local user_agent_postbox	= [[User-Agent=/^\s*Mozilla\/5\.0\s\([^)]+\)\sGecko\/\d+\sPostboxApp\/\d+(?:\.\d+){2,3}$/H]]
 local user_agent_mozilla	= string.format('(%s) & !(%s) & !(%s) & !(%s)', user_agent_mozilla5, user_agent_thunderbird, user_agent_seamonkey, user_agent_postbox)
@@ -865,7 +865,7 @@ reconf['SUBJECT_HAS_QUESTION'] = {
 }
 
 reconf['SUBJECT_HAS_CURRENCY'] = {
-  re = 'Subject=/[$€$¢¥₽]/Hu',
+  re = 'Subject=/\\p{Sc}/Hu',
   description = 'Subject contains currency',
   score = 1.0,
   group = 'headers'
@@ -908,14 +908,21 @@ reconf['HAS_LIST_UNSUB'] = {
 
 reconf['HAS_GUC_PROXY_URI'] = {
   re = '/\\.googleusercontent\\.com\\/proxy/{url}i',
-  description = 'Has googleusercontent.com proxy URI',
-  score = 0.01,
-  group = 'experimental'
+  description = 'Has googleusercontent.com proxy URL',
+  score = 1.0,
+  group = 'url'
 }
 
 reconf['HAS_GOOGLE_REDIR'] = {
   re = '/\\.google\\.com\\/url\\?/{url}i',
   description = 'Has google.com/url redirection',
+  score = 1.0,
+  group = 'url'
+}
+
+reconf['HAS_GOOGLE_FIREBASE_URL'] = {
+  re = '/\\.firebasestorage\\.googleapis\\.com\\//{url}i',
+  description = 'Contains firebasestorage.googleapis.com URL',
   score = 0.01,
   group = 'experimental'
 }
diff --git a/rules/rspamd.lua b/rules/rspamd.lua
index 98fc5e09e..5d93dec00 100644
--- a/rules/rspamd.lua
+++ b/rules/rspamd.lua
@@ -57,7 +57,7 @@ local rmaps =  rspamd_config:get_all_opt("lua_maps")
 if rmaps and type(rmaps) == 'table' then
   local rspamd_logger = require "rspamd_logger"
   for k,v in pairs(rmaps) do
-    local status,map_or_err = pcall(rspamd_config:add_map(v))
+    local status,map_or_err = pcall(function () return rspamd_config:add_map(v) end)
 
     if not status then
       rspamd_logger.errx(rspamd_config, "cannot add map %s: %s", k, map_or_err)
diff --git a/rules/subject_checks.lua b/rules/subject_checks.lua
index d0a41d920..27f435729 100644
--- a/rules/subject_checks.lua
+++ b/rules/subject_checks.lua
@@ -67,4 +67,4 @@ rspamd_config.LONG_SUBJ = {
   group = 'subject',
   type = 'mime',
   description = 'Subject is too long'
-}
\ No newline at end of file
+}