aboutsummaryrefslogtreecommitdiffstats
path: root/rules
diff options
context:
space:
mode:
authorAlexander Moisseev <moiseev@mezonplus.ru>2019-03-25 10:07:35 +0300
committerAlexander Moisseev <moiseev@mezonplus.ru>2019-03-25 10:07:35 +0300
commita6f6525f7d8433e1c3abea7241fbfd7d94e84d5c (patch)
tree83b2526a3a640f0eac21b9656d0d53a93ccf2bc3 /rules
parent31bc20082ddb3a52222fe15e42300dc53e47e4fd (diff)
downloadrspamd-a6f6525f7d8433e1c3abea7241fbfd7d94e84d5c.tar.gz
rspamd-a6f6525f7d8433e1c3abea7241fbfd7d94e84d5c.zip
[Minor] Header regexps: Add Postbox User-Agent
Diffstat (limited to 'rules')
-rw-r--r--rules/regexp/headers.lua18
1 files changed, 16 insertions, 2 deletions
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index 7abf52bb0..5ee848018 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -464,12 +464,13 @@ reconf['FORGED_MUA_OPERA_MSGID'] = {
group = 'mua'
}
--- Detect forged Mozilla Mail/Thunderbird/Seamonkey headers
+-- Detect forged Mozilla Mail/Thunderbird/Seamonkey/Postbox headers
-- Mozilla based X-Mailer
local user_agent_mozilla5 = 'User-Agent=/^\\s*Mozilla\\/5\\.0/H'
local user_agent_thunderbird = 'User-Agent=/^\\s*(Thunderbird|Mozilla Thunderbird|Mozilla\\/.*Gecko\\/.*(Thunderbird|Icedove)\\/)/H'
local user_agent_seamonkey = 'User-Agent=/^\\s*Mozilla\\/5\\.0\\s.+\\sSeaMonkey\\/\\d+\\.\\d+/H'
-local user_agent_mozilla = string.format('(%s) & !(%s) & !(%s)', user_agent_mozilla5, user_agent_thunderbird, user_agent_seamonkey)
+local user_agent_postbox = [[User-Agent=/^\s*Mozilla\/5\.0\s\([^)]+\)\sGecko\/\d+\sPostboxApp\/\d+(?:\.\d+){2,3}$/H]]
+local user_agent_mozilla = string.format('(%s) & !(%s) & !(%s) & !(%s)', user_agent_mozilla5, user_agent_thunderbird, user_agent_seamonkey, user_agent_postbox)
-- Mozilla based common Message-ID template
local mozilla_msgid_common = 'Message-ID=/^\\s*<[\\dA-F]{8}\\.\\d{1,7}\\@([^>\\.]+\\.)+[^>\\.]+>$/H'
local mozilla_msgid_common_sec = 'Message-ID=/^\\s*<[\\da-f]{8}-([\\da-f]{4}-){3}[\\da-f]{12}\\@([^>\\.]+\\.)+[^>\\.]+>$/H'
@@ -514,6 +515,19 @@ reconf['FORGED_MUA_SEAMONKEY_MSGID_UNKNOWN'] = {
description = 'Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID',
group = 'mua'
}
+-- Summary rule for forged Postbox Message-ID header
+reconf['FORGED_MUA_POSTBOX_MSGID'] = {
+ re = string.format('(%s) & (%s) & !(%s) & !(%s)', user_agent_postbox, mozilla_msgid_common, mozilla_msgid, unusable_msgid),
+ score = 4.0,
+ description = 'Forged mail pretending to be from Postbox but has forged Message-ID',
+ group = 'mua'
+}
+reconf['FORGED_MUA_POSTBOX_MSGID_UNKNOWN'] = {
+ re = string.format('(%s) & !((%s) | (%s)) & !(%s) & !(%s)', user_agent_postbox, mozilla_msgid_common, mozilla_msgid_common_sec, mozilla_msgid, unusable_msgid),
+ score = 2.5,
+ description = 'Forged mail pretending to be from Postbox but has forged Message-ID',
+ group = 'mua'
+}
-- Message id validity