diff options
author | Alexander Moisseev <moiseev@mezonplus.ru> | 2019-03-25 10:07:35 +0300 |
---|---|---|
committer | Alexander Moisseev <moiseev@mezonplus.ru> | 2019-03-25 10:07:35 +0300 |
commit | a6f6525f7d8433e1c3abea7241fbfd7d94e84d5c (patch) | |
tree | 83b2526a3a640f0eac21b9656d0d53a93ccf2bc3 /rules | |
parent | 31bc20082ddb3a52222fe15e42300dc53e47e4fd (diff) | |
download | rspamd-a6f6525f7d8433e1c3abea7241fbfd7d94e84d5c.tar.gz rspamd-a6f6525f7d8433e1c3abea7241fbfd7d94e84d5c.zip |
[Minor] Header regexps: Add Postbox User-Agent
Diffstat (limited to 'rules')
-rw-r--r-- | rules/regexp/headers.lua | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index 7abf52bb0..5ee848018 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -464,12 +464,13 @@ reconf['FORGED_MUA_OPERA_MSGID'] = { group = 'mua' } --- Detect forged Mozilla Mail/Thunderbird/Seamonkey headers +-- Detect forged Mozilla Mail/Thunderbird/Seamonkey/Postbox headers -- Mozilla based X-Mailer local user_agent_mozilla5 = 'User-Agent=/^\\s*Mozilla\\/5\\.0/H' local user_agent_thunderbird = 'User-Agent=/^\\s*(Thunderbird|Mozilla Thunderbird|Mozilla\\/.*Gecko\\/.*(Thunderbird|Icedove)\\/)/H' local user_agent_seamonkey = 'User-Agent=/^\\s*Mozilla\\/5\\.0\\s.+\\sSeaMonkey\\/\\d+\\.\\d+/H' -local user_agent_mozilla = string.format('(%s) & !(%s) & !(%s)', user_agent_mozilla5, user_agent_thunderbird, user_agent_seamonkey) +local user_agent_postbox = [[User-Agent=/^\s*Mozilla\/5\.0\s\([^)]+\)\sGecko\/\d+\sPostboxApp\/\d+(?:\.\d+){2,3}$/H]] +local user_agent_mozilla = string.format('(%s) & !(%s) & !(%s) & !(%s)', user_agent_mozilla5, user_agent_thunderbird, user_agent_seamonkey, user_agent_postbox) -- Mozilla based common Message-ID template local mozilla_msgid_common = 'Message-ID=/^\\s*<[\\dA-F]{8}\\.\\d{1,7}\\@([^>\\.]+\\.)+[^>\\.]+>$/H' local mozilla_msgid_common_sec = 'Message-ID=/^\\s*<[\\da-f]{8}-([\\da-f]{4}-){3}[\\da-f]{12}\\@([^>\\.]+\\.)+[^>\\.]+>$/H' @@ -514,6 +515,19 @@ reconf['FORGED_MUA_SEAMONKEY_MSGID_UNKNOWN'] = { description = 'Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID', group = 'mua' } +-- Summary rule for forged Postbox Message-ID header +reconf['FORGED_MUA_POSTBOX_MSGID'] = { + re = string.format('(%s) & (%s) & !(%s) & !(%s)', user_agent_postbox, mozilla_msgid_common, mozilla_msgid, unusable_msgid), + score = 4.0, + description = 'Forged mail pretending to be from Postbox but has forged Message-ID', + group = 'mua' +} +reconf['FORGED_MUA_POSTBOX_MSGID_UNKNOWN'] = { + re = string.format('(%s) & !((%s) | (%s)) & !(%s) & !(%s)', user_agent_postbox, mozilla_msgid_common, mozilla_msgid_common_sec, mozilla_msgid, unusable_msgid), + score = 2.5, + description = 'Forged mail pretending to be from Postbox but has forged Message-ID', + group = 'mua' +} -- Message id validity |