diff options
| -rw-r--r-- | conf/composites.conf | 3 | ||||
| -rw-r--r-- | rules/regexp/headers.lua | 10 |
2 files changed, 13 insertions, 0 deletions
diff --git a/conf/composites.conf b/conf/composites.conf index f414fa9f0..b05a92b94 100644 --- a/conf/composites.conf +++ b/conf/composites.conf @@ -52,6 +52,9 @@ composite "DKIM_MIXED" { expression = "-R_DKIM_ALLOW & (R_DKIM_DNSFAIL | R_DKIM_PERMFAIL | R_DKIM_REJECT)" policy = "remove_weight"; } +composite "MAIL_RU_MAILER_BASE64" { + expression = "MAIL_RU_MAILER & (FROM_EXCESS_BASE64 | REPLYTO_EXCESS_BASE64 | TO_EXCESS_BASE64)"; +} .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf" .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf" diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index 143171ae2..414a13aef 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -565,6 +565,16 @@ reconf['FORGED_MUA_THEBAT_BOUN'] = { group = 'header' } +-- Detect Mail.Ru web-mail +local xm_mail_ru_mailer_1_0 = 'X-Mailer=/^Mail\\.Ru Mailer 1\\.0$/H' +local rcvd_e_mail_ru = 'Received=/^from \\[\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\] by e\\.mail\\.ru with HTTP;/mH' +reconf['MAIL_RU_MAILER'] = { + re = string.format('(%s) & (%s)', xm_mail_ru_mailer_1_0, rcvd_e_mail_ru), + score = 0.0, + description = 'Sent with Mail.Ru web-mail', + group = 'header' +} + -- Two received headers with ip addresses local double_ip_spam_1 = 'Received=/from \\[\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\] by \\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3} with/H' local double_ip_spam_2 = 'Received=/from\\s+\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\s+by\\s+\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3};/H' |