summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--conf/actions.conf30
-rw-r--r--conf/common.conf2
-rw-r--r--conf/groups.conf99
-rw-r--r--conf/metrics.conf605
-rw-r--r--conf/scores.d/fuzzy_group.conf35
-rw-r--r--conf/scores.d/headers_group.conf61
-rw-r--r--conf/scores.d/hfilter_group.conf131
-rw-r--r--conf/scores.d/mime_types_group.conf59
-rw-r--r--conf/scores.d/mua_group.conf24
-rw-r--r--conf/scores.d/phishing_group.conf36
-rw-r--r--conf/scores.d/policies_group.conf104
-rw-r--r--conf/scores.d/rbl_group.conf132
-rw-r--r--conf/scores.d/statistics_group.conf27
-rw-r--r--conf/scores.d/subject_group.conf21
-rw-r--r--conf/scores.d/surbl_group.conf159
-rw-r--r--src/plugins/lua/arc.lua10
16 files changed, 928 insertions, 607 deletions
diff --git a/conf/actions.conf b/conf/actions.conf
new file mode 100644
index 000000000..75b0d2f73
--- /dev/null
+++ b/conf/actions.conf
@@ -0,0 +1,30 @@
+# Actions settings
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+actions {
+ reject = 15; # Reject when reaching this score
+ add_header = 6; # Add header when reaching this score
+ greylist = 4; # Apply greylisting when reaching this score (will emit `soft reject action`)
+
+ #unknown_weight = 1.0; # Enable if need to set score for all symbols implicitly
+ # Each new symbol is added multiplied by gf^N, where N is the number of spammy symbols
+ #grow_factor = 1.1;
+ # Set rewrite subject to this value (%s is replaced by the original subject)
+ #subject = "***SPAM*** %s"
+
+ .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/actions.conf"
+ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/actions.conf"
+} \ No newline at end of file
diff --git a/conf/common.conf b/conf/common.conf
index ebb52bf78..6a50099f9 100644
--- a/conf/common.conf
+++ b/conf/common.conf
@@ -17,6 +17,8 @@
lua = "$RULESDIR/rspamd.lua"
.include "$CONFDIR/metrics.conf"
+.include "$CONFDIR/actions.conf"
+.include "$CONFDIR/groups.conf"
.include "$CONFDIR/composites.conf"
.include "$CONFDIR/statistic.conf"
diff --git a/conf/groups.conf b/conf/groups.conf
new file mode 100644
index 000000000..f3d966745
--- /dev/null
+++ b/conf/groups.conf
@@ -0,0 +1,99 @@
+# Symbols groups setup
+# Each individual group lives in scores.d/<GROUPNAME>
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+group "headers" = {
+ .include "$CONFDIR/scores.d/headers_group.conf"
+ .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/headers_group.conf"
+ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/headers_group.conf"
+}
+
+group "subject" = {
+ .include "$CONFDIR/scores.d/subject_group.conf"
+ .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/subject_group.conf"
+ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/subject_group.conf"
+}
+
+group "mua" = {
+ .include "$CONFDIR/scores.d/mua_group.conf"
+ .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/mua_group.conf"
+ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/mua_group.conf"
+}
+
+group "rbl" = {
+ .include "$CONFDIR/scores.d/rbl_group.conf"
+ .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/rbl_group.conf"
+ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/rbl_group.conf"
+}
+
+group "statistics" = {
+ .include "$CONFDIR/scores.d/statistics_group.conf"
+ .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/statistics_group.conf"
+ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/statistics_group.conf"
+}
+
+group "fuzzy" = {
+ .include "$CONFDIR/scores.d/fuzzy_group.conf"
+ .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/fuzzy_group.conf"
+ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/fuzzy_group.conf"
+}
+
+# SPF + DKIM + DMARC + ARC
+group "policies" = {
+ .include "$CONFDIR/scores.d/policies_group.conf"
+ .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/policies_group.conf"
+ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/policies_group.conf"
+}
+
+group "surbl" = {
+ .include "$CONFDIR/scores.d/surbl_group.conf"
+ .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/surbl_group.conf"
+ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/surbl_group.conf"
+}
+
+group "phishing" = {
+ .include "$CONFDIR/scores.d/phishing_group.conf"
+ .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/phishing_group.conf"
+ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/phishing_group.conf"
+}
+
+group "hfilter" = {
+ .include "$CONFDIR/scores.d/hfilter_group.conf"
+ .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/hfilter_group.conf"
+ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/hfilter_group.conf"
+}
+
+group "mime_types" = {
+ .include "$CONFDIR/scores.d/mime_types_group.conf"
+ .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/mime_types_group.conf"
+ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/mime_types_group.conf"
+}
+
+# Used to limit maximium score
+group "excessqp" {
+ max_score = 2.4;
+ .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/excessqp_group.conf"
+ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/excessqp_group.conf"
+}
+group "excessb64" {
+ max_score = 3.0;
+ .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/excessb64_group.conf"
+ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/excessb64_group.conf"
+}
+
+.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/groups.conf"
+.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/groups.conf" \ No newline at end of file
diff --git a/conf/metrics.conf b/conf/metrics.conf
index 6553b86cf..9c4358f30 100644
--- a/conf/metrics.conf
+++ b/conf/metrics.conf
@@ -14,610 +14,11 @@
#
# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+# DEPRECATION WARNING!!
+# This file is deprecated since 1.7
+# Please use actions.conf and groups.conf files instead
metric {
name = "default";
- # If this param is set to non-zero
- # then a metric would accept all symbols
- # unknown_weight = 1.0
-
- actions {
- reject = 15;
- add_header = 6;
- greylist = 4;
- }
-
- group "excessqp" {
- max_score = 2.4;
- }
- group "excessb64" {
- max_score = 3.0;
- }
- group "header" {
- symbol "FORGED_SENDER" {
- weight = 0.30;
- description = "Sender is forged (different From: header and smtp MAIL FROM: addresses)";
- }
- symbol "R_MIXED_CHARSET" {
- weight = 5.0;
- description = "Mixed characters in a message";
- one_shot = true;
- }
- symbol "R_MIXED_CHARSET_URL" {
- weight = 7.0;
- description = "Mixed characters in a URL inside message";
- one_shot = true;
- }
- symbol "FORGED_RECIPIENTS" {
- weight = 2.0;
- description = "Recipients are not the same as RCPT TO: mail command";
- }
- symbol "FORGED_RECIPIENTS_MAILLIST" {
- weight = 0.0;
- description = "Recipients are not the same as RCPT TO: mail command, but a message from a maillist";
- }
- symbol "FORGED_SENDER_MAILLIST" {
- weight = 0.0;
- description = "Sender is not the same as MAIL FROM: envelope, but a message is from a maillist";
- }
- symbol "ONCE_RECEIVED" {
- weight = 0.1;
- description = "One received header in a message";
- }
- symbol "RDNS_NONE" {
- weight = 1.0;
- description = "Cannot resolve reverse DNS for sender's IP";
- }
- symbol "ONCE_RECEIVED_STRICT" {
- weight = 4.0;
- description = "One received header with 'bad' patterns inside";
- }
- symbol "MAILLIST" {
- weight = -0.2;
- description = "Message seems to be from maillist";
- }
- }
-
- group "subject" {
- max_score = 6.0;
- }
-
- group "mua" {
- symbol "FORGED_MUA_MAILLIST" {
- weight = 0.0;
- description = "Avoid false positives for FORGED_MUA_* in maillist";
- }
- }
-
- group "rbl" {
- symbol "DNSWL_BLOCKED" {
- weight = 0.0;
- description = "Resolver blocked due to excessive queries";
- }
- symbol "RCVD_IN_DNSWL" {
- weight = 0.0;
- description = "Unrecognised result from dnswl.org";
- }
- symbol "RCVD_IN_DNSWL_NONE" {
- weight = 0.0;
- description = "Sender listed at http://www.dnswl.org, low none";
- }
- symbol "RCVD_IN_DNSWL_LOW" {
- weight = 0.0;
- description = "Sender listed at http://www.dnswl.org, low trust";
- }
- symbol "RCVD_IN_DNSWL_MED" {
- weight = 0.0;
- description = "Sender listed at http://www.dnswl.org, medium trust";
- }
- symbol "RCVD_IN_DNSWL_HI" {
- weight = 0.0;
- description = "Sender listed at http://www.dnswl.org, high trust";
- }
-
- symbol "RBL_SPAMHAUS" {
- weight = 0.0;
- description = "Unrecognised result from Spamhaus zen";
- }
- symbol "RBL_SPAMHAUS_SBL" {
- weight = 2.0;
- description = "From address is listed in zen sbl";
- }
- symbol "RBL_SPAMHAUS_CSS" {
- weight = 2.0;
- description = "From address is listed in zen css";
- }
- symbol "RBL_SPAMHAUS_XBL" {
- weight = 4.0;
- description = "From address is listed in zen xbl";
- }
- symbol "RBL_SPAMHAUS_XBL_ANY" {
- weight = 4.0;
- description = "From or received address is listed in zen xbl (any list)";
- }
- symbol "RBL_SPAMHAUS_PBL" {
- weight = 2.0;
- description = "From address is listed in zen pbl (ISP list)";
- }
- symbol "RBL_SPAMHAUS_DROP" {
- weight = 7.0;
- description = "From address is listed in zen drop bl";
- }
- symbol "RECEIVED_SPAMHAUS_XBL" {
- weight = 3.0;
- description = "Received address is listed in zen xbl";
- one_shot = true;
- }
-
- symbol "RBL_SENDERSCORE" {
- weight = 2.0;
- description = "From address is listed in senderscore.com BL";
- }
- symbol "RBL_ABUSECH" {
- weight = 1.0;
- description = "From address is listed in ABUSE.CH BL";
- }
- symbol "MAILSPIKE" {
- weight = 0.0;
- description = "Unrecognised result from Mailspike";
- }
- symbol "RWL_MAILSPIKE_NEUTRAL" {
- weight = 0.0;
- description = "Neutral result from Mailspike";
- }
- symbol "RBL_MAILSPIKE_WORST" {
- weight = 2.0;
- description = "From address is listed in RBL - worst possible reputation";
- }
- symbol "RBL_MAILSPIKE_VERYBAD" {
- weight = 1.5;
- description = "From address is listed in RBL - very bad reputation";
- }
- symbol "RBL_MAILSPIKE_BAD" {
- weight = 1.0;
- description = "From address is listed in RBL - bad reputation";
- }
- symbol "RWL_MAILSPIKE_POSSIBLE" {
- weight = 0.0;
- description = "From address is listed in RWL - possibly legit";
- }
- symbol "RWL_MAILSPIKE_GOOD" {
- weight = 0.0;
- description = "From address is listed in RWL - good reputation";
- }
- symbol "RWL_MAILSPIKE_VERYGOOD" {
- weight = 0.0;
- description = "From address is listed in RWL - very good reputation";
- }
- symbol "RWL_MAILSPIKE_EXCELLENT" {
- weight = 0.0;
- description = "From address is listed in RWL - excellent reputation";
- }
-
- symbol "RBL_SEM" {
- weight = 1.0;
- description = "Address is listed in Spameatingmonkey RBL";
- }
-
- symbol "RBL_SEM_IPV6" {
- weight = 1.0;
- description = "Address is listed in Spameatingmonkey RBL (ipv6)";
- }
- }
-
- group "bayes" {
- symbol "BAYES_SPAM" {
- weight = 4.0;
- description = "Message probably spam, probability: ";
- }
- symbol "BAYES_HAM" {
- weight = -3.0;
- description = "Message probably ham, probability: ";
- }
- }
-
- group "fuzzy" {
- symbol "FUZZY_UNKNOWN" {
- weight = 5.0;
- description = "Generic fuzzy hash match";
- }
- symbol "FUZZY_DENIED" {
- weight = 12.0;
- description = "Denied fuzzy hash";
- }
- symbol "FUZZY_PROB" {
- weight = 5.0;
- description = "Probable fuzzy hash";
- }
- symbol "FUZZY_WHITE" {
- weight = -2.1;
- description = "Whitelisted fuzzy hash";
- }
- }
-
- group "spf" {
- symbol "R_SPF_FAIL" {
- weight = 1.0;
- description = "SPF verification failed";
- }
- symbol "R_SPF_SOFTFAIL" {
- weight = 0.0;
- description = "SPF verification soft-failed";
- }
- symbol "R_SPF_NEUTRAL" {
- weight = 0.0;
- description = "SPF policy is neutral";
- }
- symbol "R_SPF_ALLOW" {
- weight = -0.2;
- description = "SPF verification allows sending";
- }
- symbol "R_SPF_DNSFAIL" {
- weight = 0.0;
- description = "SPF DNS failure";
- }
- }
-
- group "dkim" {
- symbol "R_DKIM_REJECT" {
- weight = 1.0;
- description = "DKIM verification failed";
- one_shot = true;
- }
- symbol "R_DKIM_TEMPFAIL" {
- weight = 0.0;
- description = "DKIM verification soft-failed";
- }
- symbol "R_DKIM_ALLOW" {
- weight = -0.2;
- description = "DKIM verification succeed";
- one_shot = true;
- }
- }
-
- group "surbl" {
- max_score = 12.5;
-
- symbol "SURBL_BLOCKED" {
- weight = 0.0;
- description = "SURBL: blocked by policy/overusage";
- }
- symbol "PH_SURBL_MULTI" {
- weight = 5.5;
- description = "SURBL: Phishing sites";
- }
- symbol "MW_SURBL_MULTI" {
- weight = 5.5;
- description = "SURBL: Malware sites";
- }
- symbol "ABUSE_SURBL" {
- weight = 5.5;
- description = "SURBL: ABUSE";
- }
- symbol "CRACKED_SURBL" {
- weight = 4.0;
- description = "SURBL: cracked site";
- }
- symbol "RAMBLER_URIBL" {
- weight = 4.5;
- description = "Rambler uribl";
- one_shot = true;
- }
-
- symbol "RAMBLER_EMAILBL" {
- weight = 9.5;
- description = "Rambler emailbl";
- one_shot = true;
- }
-
- symbol "MSBL_EBL" {
- weight = 7.5;
- description = "MSBL emailbl";
- one_shot = true;
- }
-
- symbol "SEM_URIBL_UNKNOWN" {
- weight = 0.0;
- description = "Spameatingmonkey uribl: unknown result";
- }
- symbol "SEM_URIBL" {
- weight = 3.5;
- description = "Spameatingmonkey uribl";
- }
-
- symbol "SEM_URIBL_FRESH15_UNKNOWN" {
- weight = 0.0;
- description = "Spameatingmonkey Fresh15 uribl: unknown result";
- }
- symbol "SEM_URIBL_FRESH15" {
- weight = 3.0;
- description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)";
- }
-
- symbol "DBL" {
- weight = 0.0;
- description = "DBL unknown result";
- }
- symbol "DBL_SPAM" {
- weight = 6.5;
- description = "DBL uribl spam";
- }
- symbol "DBL_PHISH" {
- weight = 6.5;
- description = "DBL uribl phishing";
- }
- symbol "DBL_MALWARE" {
- weight = 6.5;
- description = "DBL uribl malware";
- }
- symbol "DBL_BOTNET" {
- weight = 5.5;
- description = "DBL uribl botnet C&C domain";
- }
- symbol "DBL_ABUSE" {
- weight = 6.5;
- description = "DBL uribl abused legit spam";
- }
- symbol "DBL_ABUSE_REDIR" {
- weight = 1.5;
- description = "DBL uribl abused spammed redirector domain";
- }
- symbol "DBL_ABUSE_PHISH" {
- weight = 7.5;
- description = "DBL uribl abused legit phish";
- }
- symbol "DBL_ABUSE_MALWARE" {
- weight = 7.5;
- description = "DBL uribl abused legit malware";
- }
- symbol "DBL_ABUSE_BOTNET" {
- weight = 5.5;
- description = "DBL uribl abused legit botnet C&C";
- }
- symbol "DBL_PROHIBIT" {
- weight = 0.00000;
- description = "DBL uribl IP queries prohibited!";
- }
- symbol "URIBL_MULTI" {
- weight = 0.0;
- description = "uribl.com: unrecognised result";
- }
- symbol "URIBL_BLOCKED" {
- weight = 0.0;
- description = "uribl.com: query refused";
- }
- symbol "URIBL_BLACK" {
- weight = 7.5;
- description = "uribl.com black url";
- }
- symbol "URIBL_RED" {
- weight = 3.5;
- description = "uribl.com red url";
- }
- symbol "URIBL_GREY" {
- weight = 1.5;
- description = "uribl.com grey url";
- one_shot = true;
- }
- symbol "SBL_URIBL" {
- weight = 0.0;
- description = "SBL URIBL: Filtered result";
- }
- symbol "URIBL_SBL" {
- weight = 6.5;
- description = "Spamhaus SBL URIBL";
- }
- symbol "URIBL_SBL_CSS" {
- weight = 6.5;
- description = "Spamhaus SBL CSS URIBL";
- }
- symbol "RBL_SARBL_BAD" {
- weight = 2.5;
- description = "A domain listed in the mail is blacklisted in SARBL";
- }
- }
-
- group "phishing" {
- symbol "PHISHING" {
- weight = 4.0;
- description = "Phished URL";
- one_shot = true;
- }
- symbol "PHISHED_OPENPHISH" {
- weight = 7.0;
- description = "Phished URL found in openphish.com";
- }
- symbol "PHISHED_PHISHTANK" {
- weight = 7.0;
- description = "Phished URL found in phishtank.com";
- }
- symbol HACKED_WP_PHISHING {
- weight = 4.5;
- description = "Phishing message from hacked wordpress";
- }
- }
-
- group "hfilter" {
- symbol "HFILTER_HELO_BAREIP" {
- weight = 3.00;
- description = "Helo host is bare ip";
- }
- symbol "HFILTER_HELO_BADIP" {
- weight = 4.50;
- description = "Helo host is very bad ip";
- }
- symbol "HFILTER_HELO_1" {
- weight = 0.5;
- description = "Helo host checks (very low)";
- }
- symbol "HFILTER_HELO_2" {
- weight = 1.00;
- description = "Helo host checks (low)";
- }
- symbol "HFILTER_HELO_3" {
- weight = 2.00;
- description = "Helo host checks (medium)";
- }
- symbol "HFILTER_HELO_4" {
- weight = 2.50;
- description = "Helo host checks (hard)";
- }
- symbol "HFILTER_HELO_5" {
- weight = 3.00;
- description = "Helo host checks (very hard)";
- }
- symbol "HFILTER_HOSTNAME_1" {
- weight = 0.5;
- description = "Hostname checks (very low)";
- }
- symbol "HFILTER_HOSTNAME_2" {
- weight = 1.00;
- description = "Hostname checks (low)";
- }
- symbol "HFILTER_HOSTNAME_3" {
- weight = 2.00;
- description = "Hostname checks (medium)";
- }
- symbol "HFILTER_HOSTNAME_4" {
- weight = 2.50;
- description = "Hostname checks (hard)";
- }
- symbol "HFILTER_HOSTNAME_5" {
- weight = 3.00;
- description = "Hostname checks (very hard)";
- }
- symbol "HFILTER_HELO_NORESOLVE_MX" {
- weight = 0.20;
- description = "MX found in Helo and no resolve";
- }
- symbol "HFILTER_HELO_NORES_A_OR_MX" {
- weight = 0.3;
- description = "Helo no resolve to A or MX";
- }
- symbol "HFILTER_HELO_IP_A" {
- weight = 1.00;
- description = "Helo A IP != hostname IP";
- }
- symbol "HFILTER_HELO_NOT_FQDN" {
- weight = 2.00;
- description = "Helo not FQDN";
- }
- symbol "HFILTER_FROMHOST_NORESOLVE_MX" {
- weight = 0.5;
- description = "MX found in FROM host and no resolve";
- }
- symbol "HFILTER_FROMHOST_NORES_A_OR_MX" {
- weight = 1.50;
- description = "FROM host no resolve to A or MX";
- }
- symbol "HFILTER_FROMHOST_NOT_FQDN" {
- weight = 3.00;
- description = "FROM host not FQDN";
- }
- symbol "HFILTER_FROM_BOUNCE" {
- weight = 0.00;
- description = "Bounce message";
- }
- /*
- symbol {
- weight = 0.50;
- name = "HFILTER_MID_NORESOLVE_MX";
- description = "MX found in Message-id host and no resolve";
- }
- symbol {
- weight = 0.50;
- name = "HFILTER_MID_NORES_A_OR_MX";
- description = "Message-id host no resolve to A or MX";
- }
- symbol {
- weight = 0.50;
- name = "HFILTER_MID_NOT_FQDN";
- description = "Message-id host not FQDN";
- }
- */
- symbol "HFILTER_HOSTNAME_UNKNOWN" {
- weight = 2.50;
- description = "Unknown hostname (no PTR or no resolve PTR to hostname)";
- }
- symbol "HFILTER_RCPT_BOUNCEMOREONE" {
- weight = 1.50;
- description = "Message from bounce and over 1 recipient";
- }
- symbol "HFILTER_URL_ONLY" {
- weight = 2.20;
- description = "URL only in body";
- }
- symbol "HFILTER_URL_ONELINE" {
- weight = 2.50;
- description = "One line URL and text in body";
- }
- }
-
- group "dmarc" {
-
- symbol "DMARC_POLICY_ALLOW" {
- weight = -0.5;
- description = "DMARC permit policy";
- }
- symbol "DMARC_POLICY_ALLOW_WITH_FAILURES" {
- weight = -0.5;
- description = "DMARC permit policy with DKIM/SPF failure";
- }
- symbol "DMARC_POLICY_REJECT" {
- weight = 2.0;
- description = "DMARC reject policy";
- }
- symbol "DMARC_POLICY_QUARANTINE" {
- weight = 1.5;
- description = "DMARC quarantine policy";
- }
- symbol "DMARC_POLICY_SOFTFAIL" {
- weight = 0.1;
- description = "DMARC failed";
- }
- }
- group "mime_types" {
- symbol "MIME_GOOD" {
- weight = -0.1;
- description = "Known content-type";
- one_shot = true;
- }
- symbol "MIME_BAD" {
- weight = 1.0;
- description = "Known bad content-type";
- one_shot = true;
- }
- symbol "MIME_UNKNOWN" {
- weight = 0.1;
- description = "Missing or unknown content-type";
- one_shot = true;
- }
- symbol "MIME_BAD_ATTACHMENT" {
- weight = 4.0;
- description = "Invalid attachment mime type";
- one_shot = true;
- }
- symbol "MIME_ENCRYPTED_ARCHIVE" {
- weight = 2.0;
- description = "Encrypted archive in a message";
- one_shot = true;
- }
- symbol "MIME_ARCHIVE_IN_ARCHIVE" {
- weight = 5.0;
- description = "Archive within another archive";
- one_shot = true;
- }
- symbol "MIME_DOUBLE_BAD_EXTENSION" {
- weight = 3.0; # This rule has dynamic weight up to 4.0
- description = "Bad extension cloaking";
- one_shot = true;
- }
- symbol "MIME_BAD_EXTENSION" {
- weight = 2.0; # This rule has dynamic weight up to 4.0
- description = "Bad extension";
- one_shot = true;
- }
- }
-
.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/metrics.conf"
.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/metrics.conf"
}
diff --git a/conf/scores.d/fuzzy_group.conf b/conf/scores.d/fuzzy_group.conf
new file mode 100644
index 000000000..ecce1b495
--- /dev/null
+++ b/conf/scores.d/fuzzy_group.conf
@@ -0,0 +1,35 @@
+# Fuzzy rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+ "FUZZY_UNKNOWN" {
+ weight = 5.0;
+ description = "Generic fuzzy hash match";
+ }
+ "FUZZY_DENIED" {
+ weight = 12.0;
+ description = "Denied fuzzy hash";
+ }
+ "FUZZY_PROB" {
+ weight = 5.0;
+ description = "Probable fuzzy hash";
+ }
+ "FUZZY_WHITE" {
+ weight = -2.1;
+ description = "Whitelisted fuzzy hash";
+ }
+} \ No newline at end of file
diff --git a/conf/scores.d/headers_group.conf b/conf/scores.d/headers_group.conf
new file mode 100644
index 000000000..ac3134e36
--- /dev/null
+++ b/conf/scores.d/headers_group.conf
@@ -0,0 +1,61 @@
+# Headers rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+ "FORGED_SENDER" {
+ weight = 0.30;
+ description = "Sender is forged (different From: header and smtp MAIL FROM: addresses)";
+ }
+ "R_MIXED_CHARSET" {
+ weight = 5.0;
+ description = "Mixed characters in a message";
+ one_shot = true;
+ }
+ "R_MIXED_CHARSET_URL" {
+ weight = 7.0;
+ description = "Mixed characters in a URL inside message";
+ one_shot = true;
+ }
+ "FORGED_RECIPIENTS" {
+ weight = 2.0;
+ description = "Recipients are not the same as RCPT TO: mail command";
+ }
+ "FORGED_RECIPIENTS_MAILLIST" {
+ weight = 0.0;
+ description = "Recipients are not the same as RCPT TO: mail command, but a message from a maillist";
+ }
+ "FORGED_SENDER_MAILLIST" {
+ weight = 0.0;
+ description = "Sender is not the same as MAIL FROM: envelope, but a message is from a maillist";
+ }
+ "ONCE_RECEIVED" {
+ weight = 0.1;
+ description = "One received header in a message";
+ }
+ "RDNS_NONE" {
+ weight = 1.0;
+ description = "Cannot resolve reverse DNS for sender's IP";
+ }
+ "ONCE_RECEIVED_STRICT" {
+ weight = 4.0;
+ description = "One received header with 'bad' patterns inside";
+ }
+ "MAILLIST" {
+ weight = -0.2;
+ description = "Message seems to be from maillist";
+ }
+} \ No newline at end of file
diff --git a/conf/scores.d/hfilter_group.conf b/conf/scores.d/hfilter_group.conf
new file mode 100644
index 000000000..6b6f31031
--- /dev/null
+++ b/conf/scores.d/hfilter_group.conf
@@ -0,0 +1,131 @@
+# Host and connection rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+ "HFILTER_HELO_BAREIP" {
+ weight = 3.00;
+ description = "Helo host is bare ip";
+ }
+ "HFILTER_HELO_BADIP" {
+ weight = 4.50;
+ description = "Helo host is very bad ip";
+ }
+ "HFILTER_HELO_1" {
+ weight = 0.5;
+ description = "Helo host checks (very low)";
+ }
+ "HFILTER_HELO_2" {
+ weight = 1.00;
+ description = "Helo host checks (low)";
+ }
+ "HFILTER_HELO_3" {
+ weight = 2.00;
+ description = "Helo host checks (medium)";
+ }
+ "HFILTER_HELO_4" {
+ weight = 2.50;
+ description = "Helo host checks (hard)";
+ }
+ "HFILTER_HELO_5" {
+ weight = 3.00;
+ description = "Helo host checks (very hard)";
+ }
+ "HFILTER_HOSTNAME_1" {
+ weight = 0.5;
+ description = "Hostname checks (very low)";
+ }
+ "HFILTER_HOSTNAME_2" {
+ weight = 1.00;
+ description = "Hostname checks (low)";
+ }
+ "HFILTER_HOSTNAME_3" {
+ weight = 2.00;
+ description = "Hostname checks (medium)";
+ }
+ "HFILTER_HOSTNAME_4" {
+ weight = 2.50;
+ description = "Hostname checks (hard)";
+ }
+ "HFILTER_HOSTNAME_5" {
+ weight = 3.00;
+ description = "Hostname checks (very hard)";
+ }
+ "HFILTER_HELO_NORESOLVE_MX" {
+ weight = 0.20;
+ description = "MX found in Helo and no resolve";
+ }
+ "HFILTER_HELO_NORES_A_OR_MX" {
+ weight = 0.3;
+ description = "Helo no resolve to A or MX";
+ }
+ "HFILTER_HELO_IP_A" {
+ weight = 1.00;
+ description = "Helo A IP != hostname IP";
+ }
+ "HFILTER_HELO_NOT_FQDN" {
+ weight = 2.00;
+ description = "Helo not FQDN";
+ }
+ "HFILTER_FROMHOST_NORESOLVE_MX" {
+ weight = 0.5;
+ description = "MX found in FROM host and no resolve";
+ }
+ "HFILTER_FROMHOST_NORES_A_OR_MX" {
+ weight = 1.50;
+ description = "FROM host no resolve to A or MX";
+ }
+ "HFILTER_FROMHOST_NOT_FQDN" {
+ weight = 3.00;
+ description = "FROM host not FQDN";
+ }
+ "HFILTER_FROM_BOUNCE" {
+ weight = 0.00;
+ description = "Bounce message";
+ }
+/*
+ # Disabled by default
+ "HFILTER_MID_NORESOLVE_MX" {
+ weight = 0.50;
+ description = "MX found in Message-id host and no resolve";
+ }
+ "HFILTER_MID_NORES_A_OR_MX" {
+ weight = 0.50;
+ name = ;
+ description = "Message-id host no resolve to A or MX";
+ }
+ "HFILTER_MID_NOT_FQDN" {
+ weight = 0.50;
+ description = "Message-id host not FQDN";
+ }
+*/
+ "HFILTER_HOSTNAME_UNKNOWN" {
+ weight = 2.50;
+ description = "Unknown hostname (no PTR or no resolve PTR to hostname)";
+ }
+ "HFILTER_RCPT_BOUNCEMOREONE" {
+ weight = 1.50;
+ description = "Message from bounce and over 1 recipient";
+ }
+ "HFILTER_URL_ONLY" {
+ weight = 2.20;
+ description = "URL only in body";
+ }
+ "HFILTER_URL_ONELINE" {
+ weight = 2.50;
+ description = "One line URL and text in body";
+ }
+} \ No newline at end of file
diff --git a/conf/scores.d/mime_types_group.conf b/conf/scores.d/mime_types_group.conf
new file mode 100644
index 000000000..10cb1ba93
--- /dev/null
+++ b/conf/scores.d/mime_types_group.conf
@@ -0,0 +1,59 @@
+# Mime types rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+ "MIME_GOOD" {
+ weight = -0.1;
+ description = "Known content-type";
+ one_shot = true;
+ }
+ "MIME_BAD" {
+ weight = 1.0;
+ description = "Known bad content-type";
+ one_shot = true;
+ }
+ "MIME_UNKNOWN" {
+ weight = 0.1;
+ description = "Missing or unknown content-type";
+ one_shot = true;
+ }
+ "MIME_BAD_ATTACHMENT" {
+ weight = 4.0;
+ description = "Invalid attachment mime type";
+ one_shot = true;
+ }
+ "MIME_ENCRYPTED_ARCHIVE" {
+ weight = 2.0;
+ description = "Encrypted archive in a message";
+ one_shot = true;
+ }
+ "MIME_ARCHIVE_IN_ARCHIVE" {
+ weight = 5.0;
+ description = "Archive within another archive";
+ one_shot = true;
+ }
+ "MIME_DOUBLE_BAD_EXTENSION" {
+ weight = 3.0; # This rule has dynamic weight up to 4.0
+ description = "Bad extension cloaking";
+ one_shot = true;
+ }
+ "MIME_BAD_EXTENSION" {
+ weight = 2.0; # This rule has dynamic weight up to 4.0
+ description = "Bad extension";
+ one_shot = true;
+ }
+} \ No newline at end of file
diff --git a/conf/scores.d/mua_group.conf b/conf/scores.d/mua_group.conf
new file mode 100644
index 000000000..b912a854a
--- /dev/null
+++ b/conf/scores.d/mua_group.conf
@@ -0,0 +1,24 @@
+# MUA rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+
+symbols = {
+ "FORGED_MUA_MAILLIST" {
+ weight = 0.0;
+ description = "Avoid false positives for FORGED_MUA_* in maillist";
+ }
+} \ No newline at end of file
diff --git a/conf/scores.d/phishing_group.conf b/conf/scores.d/phishing_group.conf
new file mode 100644
index 000000000..d5a4ee098
--- /dev/null
+++ b/conf/scores.d/phishing_group.conf
@@ -0,0 +1,36 @@
+# Phishing rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+ "PHISHING" {
+ weight = 4.0;
+ description = "Phished URL";
+ one_shot = true;
+ }
+ "PHISHED_OPENPHISH" {
+ weight = 7.0;
+ description = "Phished URL found in openphish.com";
+ }
+ "PHISHED_PHISHTANK" {
+ weight = 7.0;
+ description = "Phished URL found in phishtank.com";
+ }
+ HACKED_WP_PHISHING {
+ weight = 4.5;
+ description = "Phishing message from hacked wordpress";
+ }
+} \ No newline at end of file
diff --git a/conf/scores.d/policies_group.conf b/conf/scores.d/policies_group.conf
new file mode 100644
index 000000000..9885a5efa
--- /dev/null
+++ b/conf/scores.d/policies_group.conf
@@ -0,0 +1,104 @@
+# Policies rules scores, includes SPF, DKIM, DMARC and ARC symbols
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+ # SPF
+ "R_SPF_FAIL" {
+ weight = 1.0;
+ description = "SPF verification failed";
+ }
+ "R_SPF_SOFTFAIL" {
+ weight = 0.0;
+ description = "SPF verification soft-failed";
+ }
+ "R_SPF_NEUTRAL" {
+ weight = 0.0;
+ description = "SPF policy is neutral";
+ }
+ "R_SPF_ALLOW" {
+ weight = -0.2;
+ description = "SPF verification allows sending";
+ }
+ "R_SPF_DNSFAIL" {
+ weight = 0.0;
+ description = "SPF DNS failure";
+ }
+
+ # DKIM
+ "R_DKIM_REJECT" {
+ weight = 1.0;
+ description = "DKIM verification failed";
+ one_shot = true;
+ }
+ "R_DKIM_TEMPFAIL" {
+ weight = 0.0;
+ description = "DKIM verification soft-failed";
+ }
+ "R_DKIM_ALLOW" {
+ weight = -0.2;
+ description = "DKIM verification succeed";
+ one_shot = true;
+ }
+
+ # DMARC
+ "DMARC_POLICY_ALLOW" {
+ weight = -0.5;
+ description = "DMARC permit policy";
+ }
+ "DMARC_POLICY_ALLOW_WITH_FAILURES" {
+ weight = -0.5;
+ description = "DMARC permit policy with DKIM/SPF failure";
+ }
+ "DMARC_POLICY_REJECT" {
+ weight = 2.0;
+ description = "DMARC reject policy";
+ }
+ "DMARC_POLICY_QUARANTINE" {
+ weight = 1.5;
+ description = "DMARC quarantine policy";
+ }
+ "DMARC_POLICY_SOFTFAIL" {
+ weight = 0.1;
+ description = "DMARC failed";
+ }
+
+ # ARC
+ "ARC_ALLOW" {
+ weight = -1.0;
+ description = "ARC checks success"
+ }
+
+ "ARC_REJECT" {
+ weight = 2.0;
+ description = "ARC checks success"
+ }
+
+ "ARC_INVALID" {
+ weight = 1.0;
+ description = "ARC structure invalid"
+ }
+
+ "ARC_DNSFAIL" {
+ weight = 0.0;
+ description = "ARC DNS error"
+ }
+
+ "ARC_NA" {
+ weight = 0.0;
+ description = "ARC signature absent"
+ }
+} \ No newline at end of file
diff --git a/conf/scores.d/rbl_group.conf b/conf/scores.d/rbl_group.conf
new file mode 100644
index 000000000..8703afd3d
--- /dev/null
+++ b/conf/scores.d/rbl_group.conf
@@ -0,0 +1,132 @@
+# RBL rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+ "DNSWL_BLOCKED" {
+ weight = 0.0;
+ description = "Resolver blocked due to excessive queries";
+ }
+ "RCVD_IN_DNSWL" {
+ weight = 0.0;
+ description = "Unrecognised result from dnswl.org";
+ }
+ "RCVD_IN_DNSWL_NONE" {
+ weight = 0.0;
+ description = "Sender listed at http://www.dnswl.org, low none";
+ }
+ "RCVD_IN_DNSWL_LOW" {
+ weight = 0.0;
+ description = "Sender listed at http://www.dnswl.org, low trust";
+ }
+ "RCVD_IN_DNSWL_MED" {
+ weight = 0.0;
+ description = "Sender listed at http://www.dnswl.org, medium trust";
+ }
+ "RCVD_IN_DNSWL_HI" {
+ weight = 0.0;
+ description = "Sender listed at http://www.dnswl.org, high trust";
+ }
+
+ "RBL_SPAMHAUS" {
+ weight = 0.0;
+ description = "Unrecognised result from Spamhaus zen";
+ }
+ "RBL_SPAMHAUS_SBL" {
+ weight = 2.0;
+ description = "From address is listed in zen sbl";
+ }
+ "RBL_SPAMHAUS_CSS" {
+ weight = 2.0;
+ description = "From address is listed in zen css";
+ }
+ "RBL_SPAMHAUS_XBL" {
+ weight = 4.0;
+ description = "From address is listed in zen xbl";
+ }
+ "RBL_SPAMHAUS_XBL_ANY" {
+ weight = 4.0;
+ description = "From or received address is listed in zen xbl (any list)";
+ }
+ "RBL_SPAMHAUS_PBL" {
+ weight = 2.0;
+ description = "From address is listed in zen pbl (ISP list)";
+ }
+ "RBL_SPAMHAUS_DROP" {
+ weight = 7.0;
+ description = "From address is listed in zen drop bl";
+ }
+ "RECEIVED_SPAMHAUS_XBL" {
+ weight = 3.0;
+ description = "Received address is listed in zen xbl";
+ one_shot = true;
+ }
+
+ "RBL_SENDERSCORE" {
+ weight = 2.0;
+ description = "From address is listed in senderscore.com BL";
+ }
+ "RBL_ABUSECH" {
+ weight = 1.0;
+ description = "From address is listed in ABUSE.CH BL";
+ }
+ "MAILSPIKE" {
+ weight = 0.0;
+ description = "Unrecognised result from Mailspike";
+ }
+ "RWL_MAILSPIKE_NEUTRAL" {
+ weight = 0.0;
+ description = "Neutral result from Mailspike";
+ }
+ "RBL_MAILSPIKE_WORST" {
+ weight = 2.0;
+ description = "From address is listed in RBL - worst possible reputation";
+ }
+ "RBL_MAILSPIKE_VERYBAD" {
+ weight = 1.5;
+ description = "From address is listed in RBL - very bad reputation";
+ }
+ "RBL_MAILSPIKE_BAD" {
+ weight = 1.0;
+ description = "From address is listed in RBL - bad reputation";
+ }
+ "RWL_MAILSPIKE_POSSIBLE" {
+ weight = 0.0;
+ description = "From address is listed in RWL - possibly legit";
+ }
+ "RWL_MAILSPIKE_GOOD" {
+ weight = 0.0;
+ description = "From address is listed in RWL - good reputation";
+ }
+ "RWL_MAILSPIKE_VERYGOOD" {
+ weight = 0.0;
+ description = "From address is listed in RWL - very good reputation";
+ }
+ "RWL_MAILSPIKE_EXCELLENT" {
+ weight = 0.0;
+ description = "From address is listed in RWL - excellent reputation";
+ }
+
+ "RBL_SEM" {
+ weight = 1.0;
+ description = "Address is listed in Spameatingmonkey RBL";
+ }
+
+ "RBL_SEM_IPV6" {
+ weight = 1.0;
+ description = "Address is listed in Spameatingmonkey RBL (ipv6)";
+ }
+} \ No newline at end of file
diff --git a/conf/scores.d/statistics_group.conf b/conf/scores.d/statistics_group.conf
new file mode 100644
index 000000000..0d257d4bd
--- /dev/null
+++ b/conf/scores.d/statistics_group.conf
@@ -0,0 +1,27 @@
+# Bayes and statistics rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+ "BAYES_SPAM" {
+ weight = 4.0;
+ description = "Message probably spam, probability: ";
+ }
+ "BAYES_HAM" {
+ weight = -3.0;
+ description = "Message probably ham, probability: ";
+ }
+} \ No newline at end of file
diff --git a/conf/scores.d/subject_group.conf b/conf/scores.d/subject_group.conf
new file mode 100644
index 000000000..d151e0401
--- /dev/null
+++ b/conf/scores.d/subject_group.conf
@@ -0,0 +1,21 @@
+# Subject rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+symbols = {
+}
+
+max_score = 6.0; \ No newline at end of file
diff --git a/conf/scores.d/surbl_group.conf b/conf/scores.d/surbl_group.conf
new file mode 100644
index 000000000..6f5ba4302
--- /dev/null
+++ b/conf/scores.d/surbl_group.conf
@@ -0,0 +1,159 @@
+# URIBL rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+
+max_score = 12.5;
+
+symbols = {
+ "SURBL_BLOCKED" {
+ weight = 0.0;
+ description = "SURBL: blocked by policy/overusage";
+ }
+ "PH_SURBL_MULTI" {
+ weight = 5.5;
+ description = "SURBL: Phishing sites";
+ }
+ "MW_SURBL_MULTI" {
+ weight = 5.5;
+ description = "SURBL: Malware sites";
+ }
+ "ABUSE_SURBL" {
+ weight = 5.5;
+ description = "SURBL: ABUSE";
+ }
+ "CRACKED_SURBL" {
+ weight = 4.0;
+ description = "SURBL: cracked site";
+ }
+ "RAMBLER_URIBL" {
+ weight = 4.5;
+ description = "Rambler uribl";
+ one_shot = true;
+ }
+
+ "RAMBLER_EMAILBL" {
+ weight = 9.5;
+ description = "Rambler emailbl";
+ one_shot = true;
+ }
+
+ "MSBL_EBL" {
+ weight = 7.5;
+ description = "MSBL emailbl";
+ one_shot = true;
+ }
+
+ "SEM_URIBL_UNKNOWN" {
+ weight = 0.0;
+ description = "Spameatingmonkey uribl: unknown result";
+ }
+ "SEM_URIBL" {
+ weight = 3.5;
+ description = "Spameatingmonkey uribl";
+ }
+
+ "SEM_URIBL_FRESH15_UNKNOWN" {
+ weight = 0.0;
+ description = "Spameatingmonkey Fresh15 uribl: unknown result";
+ }
+ "SEM_URIBL_FRESH15" {
+ weight = 3.0;
+ description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)";
+ }
+
+ "DBL" {
+ weight = 0.0;
+ description = "DBL unknown result";
+ }
+ "DBL_SPAM" {
+ weight = 6.5;
+ description = "DBL uribl spam";
+ }
+ "DBL_PHISH" {
+ weight = 6.5;
+ description = "DBL uribl phishing";
+ }
+ "DBL_MALWARE" {
+ weight = 6.5;
+ description = "DBL uribl malware";
+ }
+ "DBL_BOTNET" {
+ weight = 5.5;
+ description = "DBL uribl botnet C&C domain";
+ }
+ "DBL_ABUSE" {
+ weight = 6.5;
+ description = "DBL uribl abused legit spam";
+ }
+ "DBL_ABUSE_REDIR" {
+ weight = 1.5;
+ description = "DBL uribl abused spammed redirector domain";
+ }
+ "DBL_ABUSE_PHISH" {
+ weight = 7.5;
+ description = "DBL uribl abused legit phish";
+ }
+ "DBL_ABUSE_MALWARE" {
+ weight = 7.5;
+ description = "DBL uribl abused legit malware";
+ }
+ "DBL_ABUSE_BOTNET" {
+ weight = 5.5;
+ description = "DBL uribl abused legit botnet C&C";
+ }
+ "DBL_PROHIBIT" {
+ weight = 0.00000;
+ description = "DBL uribl IP queries prohibited!";
+ }
+ "URIBL_MULTI" {
+ weight = 0.0;
+ description = "uribl.com: unrecognised result";
+ }
+ "URIBL_BLOCKED" {
+ weight = 0.0;
+ description = "uribl.com: query refused";
+ }
+ "URIBL_BLACK" {
+ weight = 7.5;
+ description = "uribl.com black url";
+ }
+ "URIBL_RED" {
+ weight = 3.5;
+ description = "uribl.com red url";
+ }
+ "URIBL_GREY" {
+ weight = 1.5;
+ description = "uribl.com grey url";
+ one_shot = true;
+ }
+ "SBL_URIBL" {
+ weight = 0.0;
+ description = "SBL URIBL: Filtered result";
+ }
+ "URIBL_SBL" {
+ weight = 6.5;
+ description = "Spamhaus SBL URIBL";
+ }
+ "URIBL_SBL_CSS" {
+ weight = 6.5;
+ description = "Spamhaus SBL CSS URIBL";
+ }
+ "RBL_SARBL_BAD" {
+ weight = 2.5;
+ description = "A domain listed in the mail is blacklisted in SARBL";
+ }
+} \ No newline at end of file
diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua
index 53765917e..fc101b0f7 100644
--- a/src/plugins/lua/arc.lua
+++ b/src/plugins/lua/arc.lua
@@ -320,35 +320,35 @@ rspamd_config:register_symbol({
parent = id,
type = 'virtual',
score = -1.0,
- group = 'arc',
+ group = 'policies',
})
rspamd_config:register_symbol({
name = arc_symbols['reject'],
parent = id,
type = 'virtual',
score = 2.0,
- group = 'arc',
+ group = 'policies',
})
rspamd_config:register_symbol({
name = arc_symbols['invalid'],
parent = id,
type = 'virtual',
score = 1.0,
- group = 'arc',
+ group = 'policies',
})
rspamd_config:register_symbol({
name = arc_symbols['dnsfail'],
parent = id,
type = 'virtual',
score = 0.0,
- group = 'arc',
+ group = 'policies',
})
rspamd_config:register_symbol({
name = arc_symbols['na'],
parent = id,
type = 'virtual',
score = 0.0,
- group = 'arc',
+ group = 'policies',
})
rspamd_config:register_dependency(id, symbols['spf_allow_symbol'])