aboutsummaryrefslogtreecommitdiffstats
path: root/conf/composites.conf
diff options
context:
space:
mode:
Diffstat (limited to 'conf/composites.conf')
-rw-r--r--conf/composites.conf9
1 files changed, 8 insertions, 1 deletions
diff --git a/conf/composites.conf b/conf/composites.conf
index c1b603e51..b1bff1c1a 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -165,12 +165,19 @@ composites {
group = "scams";
}
FREEMAIL_AFF {
- expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & (TO_DN_RECIPIENTS | R_UNDISC_RCPT) & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM | SUBJECT_HAS_CURRENCY)";
+ expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO | FREEMAIL_MDN) & (TO_DN_RECIPIENTS | R_UNDISC_RCPT) & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM | SUBJECT_HAS_CURRENCY)";
score = 4.0;
policy = "leave";
description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";
group = "scams";
}
+ SUSPICIOUS_MDN {
+ expression = "(FREEMAIL_MDN | DISPOSABLE_MDN) & !(FREEMAIL_FROM | FREEMAIL_ENVFROM)";
+ score = 2.0;
+ policy = "leave";
+ description = "Message delivery notification should go to freemail or disposable e-mail, but message was not sent from a freemail address";
+ group = "scams";
+ }
REDIRECTOR_URL_ONLY {
expression = "HFILTER_URL_ONLY & REDIRECTOR_URL";
score = 1.0;
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 15:17:17 +0000