aboutsummaryrefslogtreecommitdiffstats
path: root/conf/composites.conf
diff options
context:
space:
mode:
Diffstat (limited to 'conf/composites.conf')
-rw-r--r--conf/composites.conf3
1 files changed, 3 insertions, 0 deletions
diff --git a/conf/composites.conf b/conf/composites.conf
index 41cd7749f..2526e701b 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -83,12 +83,14 @@ composites {
expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | CRACKED_SURBL | PH_SURBL_MULTI | DBL_PHISH | DBL_ABUSE_PHISH | URIBL_BLACK | PHISHED_OPENPHISH | PHISHED_PHISHTANK)";
description = "Phish message sent by hacked Wordpress instance";
policy = "leave";
+ group = "compromised_hosts";
}
COMPROMISED_ACCT_BULK {
expression = "(HAS_XOIP | RCVD_FROM_SMTP_AUTH) & DCC_BULK";
description = "Likely to be from a compromised account";
score = 3.0;
policy = "leave";
+ group = "compromised_hosts";
}
UNDISC_RCPTS_BULK {
expression = "DCC_BULK & (MISSING_TO | R_UNDISC_RCPT)";
@@ -167,6 +169,7 @@ composites {
score = 4.0;
policy = "leave";
description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";
+ group = "scams";
}
REDIRECTOR_URL_ONLY {
expression = "HFILTER_URL_ONLY & REDIRECTOR_URL";
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-25 00:34:19 +0000