aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--conf/composites.conf6
-rw-r--r--conf/metrics.conf5
2 files changed, 10 insertions, 1 deletions
diff --git a/conf/composites.conf b/conf/composites.conf
index 35c23c375..1a0dacb68 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -10,7 +10,11 @@ composite {
}
composite {
name = "FORGED_MUA_OUTLOOK_MAILLIST";
- expression = "FORGED_MUA_OUTLOOK and MAILLIST";
+ expression = "FORGED_MUA_OUTLOOK and -MAILLIST";
+}
+composite {
+ name = "FORGED_MUA_THUNDERBIRD_MSGID_MAILLIST";
+ expression = "(FORGED_MUA_THUNDERBIRD_MSGID orFORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN) and -MAILLIST";
}
composite {
name = "RBL_SPAMHAUS_XBL";
diff --git a/conf/metrics.conf b/conf/metrics.conf
index 75abf37ae..7c4839245 100644
--- a/conf/metrics.conf
+++ b/conf/metrics.conf
@@ -394,6 +394,11 @@ metric {
name = "FORGED_MUA_THUNDERBIRD_MSGID";
}
symbol {
+ weight = 0.0;
+ description = "Avoid false positives for FORGED_MUA_THUNDERBIRD_MSGID in maillist";
+ name = "FORGED_MUA_THUNDERBIRD_MSGID_MAILLIST";
+ }
+ symbol {
weight = 2.500000;
description = "Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID";
name = "FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN";