summaryrefslogtreecommitdiffstats
path: root/conf/scores.d
diff options
context:
space:
mode:
Diffstat (limited to 'conf/scores.d')
-rw-r--r--conf/scores.d/content_group.conf7
-rw-r--r--conf/scores.d/headers_group.conf1
-rw-r--r--conf/scores.d/mime_types_group.conf5
-rw-r--r--conf/scores.d/policies_group.conf4
-rw-r--r--conf/scores.d/rbl_group.conf49
-rw-r--r--conf/scores.d/subject_group.conf4
-rw-r--r--conf/scores.d/surbl_group.conf69
7 files changed, 66 insertions, 73 deletions
diff --git a/conf/scores.d/content_group.conf b/conf/scores.d/content_group.conf
index 56255bea0..88b476501 100644
--- a/conf/scores.d/content_group.conf
+++ b/conf/scores.d/content_group.conf
@@ -35,18 +35,17 @@ symbols = {
}
"PDF_LONG_TRAILER" {
weight = 0.2;
- description = "There is an PDF with a long trailer";
+ description = "There is an PDF with a long trailer in the message";
one_shot = true;
}
"PDF_MANY_OBJECTS" {
weight = 0;
- description = "There is a PDF file with too many objects";
+ description = "There is a PDF with too many objects in the message";
one_shot = true;
}
"PDF_TIMEOUT" {
weight = 0;
- description = "There is a PDF file that caused timeout in processing";
+ description = "There is a PDF in the message that caused timeout in processing";
one_shot = true;
}
}
-
diff --git a/conf/scores.d/headers_group.conf b/conf/scores.d/headers_group.conf
index 56a8f7f3d..c9b078c5a 100644
--- a/conf/scores.d/headers_group.conf
+++ b/conf/scores.d/headers_group.conf
@@ -16,6 +16,7 @@
# See https://rspamd.com/doc/tutorials/writing_rules.html for details
description = "Various headers checks";
+
max_score = 8.0;
symbols = {
diff --git a/conf/scores.d/mime_types_group.conf b/conf/scores.d/mime_types_group.conf
index 2453ba6f7..268709ee9 100644
--- a/conf/scores.d/mime_types_group.conf
+++ b/conf/scores.d/mime_types_group.conf
@@ -16,9 +16,8 @@
# See https://rspamd.com/doc/tutorials/writing_rules.html for details
description = "Mime attachments rules";
-# Define some limit for this group
-max_score = 10.0;
+max_score = 10.0;
symbols = {
"MIME_GOOD" {
@@ -76,4 +75,4 @@ symbols = {
description = "Filename with known obscured unicode characters";
one_shot = true;
}
-} \ No newline at end of file
+}
diff --git a/conf/scores.d/policies_group.conf b/conf/scores.d/policies_group.conf
index ee3d0bbce..4a8bdb6b7 100644
--- a/conf/scores.d/policies_group.conf
+++ b/conf/scores.d/policies_group.conf
@@ -124,25 +124,21 @@ symbols = {
description = "ARC checks success";
groups = ["arc"];
}
-
"ARC_REJECT" {
weight = 1.0;
description = "ARC checks failed";
groups = ["arc"];
}
-
"ARC_INVALID" {
weight = 0.5;
description = "ARC structure invalid";
groups = ["arc"];
}
-
"ARC_DNSFAIL" {
weight = 0.0;
description = "ARC DNS error";
groups = ["arc"];
}
-
"ARC_NA" {
weight = 0.0;
description = "ARC signature absent";
diff --git a/conf/scores.d/rbl_group.conf b/conf/scores.d/rbl_group.conf
index 7fd13b06f..e24d7d14c 100644
--- a/conf/scores.d/rbl_group.conf
+++ b/conf/scores.d/rbl_group.conf
@@ -21,7 +21,7 @@ symbols = {
"DNSWL_BLOCKED" {
weight = 0.0;
- description = "Resolver blocked due to excessive queries";
+ description = "https://www.dnswl.org: Resolver blocked due to excessive queries";
groups = ["dnswl", "blocked"];
}
"RCVD_IN_DNSWL" {
@@ -52,12 +52,12 @@ symbols = {
"DWL_DNSWL_BLOCKED" {
weight = 0.0;
- description = "Resolver blocked due to excessive queries (dwl)";
+ description = "https://www.dnswl.org: Resolver blocked due to excessive queries (DWL)";
groups = ["dnswl", "blocked"];
}
"DWL_DNSWL" {
weight = 0.0;
- description = "Unrecognised result from https://www.dnswl.org (dwl)";
+ description = "Unrecognised result from https://www.dnswl.org (DWL)";
groups = ["dnswl"];
}
"DWL_DNSWL_NONE" {
@@ -88,48 +88,48 @@ symbols = {
}
"RBL_SPAMHAUS_SBL" {
weight = 4.0;
- description = "From address is listed in ZEN SBL";
+ description = "From address is listed in Spamhaus SBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_CSS" {
weight = 2.0;
- description = "From address is listed in ZEN CSS";
+ description = "From address is listed in Spamhaus CSS";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_XBL" {
weight = 4.0;
- description = "From address is listed in ZEN XBL";
+ description = "From address is listed in Spamhaus XBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_PBL" {
weight = 2.0;
- description = "From address is listed in ZEN PBL (ISP list)";
+ description = "From address is listed in Spamhaus PBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_DROP" {
weight = 7.0;
- description = "From address is listed in ZEN DROP BL";
+ description = "From address is listed in Spamhaus DROP";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_BLOCKED_OPENRESOLVER" {
weight = 0.0;
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
- groups = ["spamhaus"];
+ groups = ["spamhaus", "blocked"];
}
"RBL_SPAMHAUS_BLOCKED" {
weight = 0.0;
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
- groups = ["spamhaus"];
+ groups = ["spamhaus", "blocked"];
}
"RECEIVED_SPAMHAUS_SBL" {
weight = 3.0;
- description = "Received address is listed in ZEN SBL";
+ description = "Received address is listed in Spamhaus SBL";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_CSS" {
weight = 1.0;
- description = "Received address is listed in ZEN CSS";
+ description = "Received address is listed in Spamhaus CSS";
groups = ["spamhaus"];
one_shot = true;
}
@@ -141,31 +141,32 @@ symbols = {
}
"RECEIVED_SPAMHAUS_PBL" {
weight = 0.0;
- description = "Received address is listed in ZEN PBL (ISP list)";
+ description = "Received address is listed in Spamhaus PBL";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_DROP" {
weight = 6.0;
- description = "Received address is listed in ZEN DROP BL";
+ description = "Received address is listed in Spamhaus DROP";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER" {
weight = 0.0;
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
- groups = ["spamhaus"];
+ groups = ["spamhaus", "blocked"];
}
"RECEIVED_SPAMHAUS_BLOCKED" {
weight = 0.0;
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
- groups = ["spamhaus"];
+ groups = ["spamhaus", "blocked"];
}
"RBL_SENDERSCORE" {
weight = 2.0;
description = "From address is listed in senderscore.com BL";
}
+
"MAILSPIKE" {
weight = 0.0;
description = "Unrecognised result from Mailspike";
@@ -178,37 +179,37 @@ symbols = {
}
"RBL_MAILSPIKE_WORST" {
weight = 2.0;
- description = "From address is listed in RBL - worst possible reputation";
+ description = "From address is listed in Mailspike RBL - worst possible reputation";
groups = ["mailspike"];
}
"RBL_MAILSPIKE_VERYBAD" {
weight = 1.5;
- description = "From address is listed in RBL - very bad reputation";
+ description = "From address is listed in Mailspike RBL - very bad reputation";
groups = ["mailspike"];
}
"RBL_MAILSPIKE_BAD" {
weight = 1.0;
- description = "From address is listed in RBL - bad reputation";
+ description = "From address is listed in Mailspike RBL - bad reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_POSSIBLE" {
weight = 0.0;
- description = "From address is listed in RWL - possibly legit";
+ description = "From address is listed in Mailspike RWL - possibly legit";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_GOOD" {
weight = -0.1;
- description = "From address is listed in RWL - good reputation";
+ description = "From address is listed in Mailspike RWL - good reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_VERYGOOD" {
weight = -0.2;
- description = "From address is listed in RWL - very good reputation";
+ description = "From address is listed in Mailspike RWL - very good reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_EXCELLENT" {
weight = -0.4;
- description = "From address is listed in RWL - excellent reputation";
+ description = "From address is listed in Mailspike RWL - excellent reputation";
groups = ["mailspike"];
}
@@ -231,7 +232,7 @@ symbols = {
"RBL_NIXSPAM" {
weight = 4.0;
- description = "From address is listed in NiX Spam (http://www.dnsbl.manitu.net/)";
+ description = "From address is listed in NiX Spam (https://www.nixspam.net/)";
}
"RBL_BLOCKLISTDE" {
diff --git a/conf/scores.d/subject_group.conf b/conf/scores.d/subject_group.conf
index 3e47161a2..1cc2e0c4d 100644
--- a/conf/scores.d/subject_group.conf
+++ b/conf/scores.d/subject_group.conf
@@ -17,7 +17,7 @@
description = "Subject filters";
+max_score = 6.0;
+
symbols = {
}
-
-max_score = 6.0; \ No newline at end of file
diff --git a/conf/scores.d/surbl_group.conf b/conf/scores.d/surbl_group.conf
index 34064a174..de7e2ce7c 100644
--- a/conf/scores.d/surbl_group.conf
+++ b/conf/scores.d/surbl_group.conf
@@ -22,41 +22,41 @@ max_score = 12.5;
symbols = {
"SURBL_BLOCKED" {
weight = 0.0;
- description = "SURBL: blocked by policy/overusage";
+ description = "SURBL: query blocked by policy/overusage";
one_shot = true;
groups = ["surblorg", "blocked"];
}
"PH_SURBL_MULTI" {
weight = 5.5;
- description = "SURBL: Phishing sites";
+ description = "A domain in the message is listed in SURBL as phishing";
one_shot = true;
groups = ["surblorg", "phishing"];
}
"MW_SURBL_MULTI" {
weight = 5.5;
- description = "SURBL: Malware sites";
+ description = "A domain in the message is listed in SURBL as malware";
one_shot = true;
groups = ["surblorg"];
}
"ABUSE_SURBL" {
weight = 5.5;
- description = "SURBL: ABUSE";
+ description = "A domain in the message is listed in SURBL as abused";
one_shot = true;
groups = ["surblorg"];
}
"CRACKED_SURBL" {
weight = 4.0;
- description = "SURBL: cracked site";
+ description = "A domain in the message is listed in as SURBL cracked";
one_shot = true;
groups = ["surblorg"];
}
+
"RSPAMD_URIBL" {
weight = 4.5;
description = "Rspamd uribl, bl.rspamd.com";
one_shot = true;
groups = ["rspamdbl"];
}
-
"RSPAMD_EMAILBL" {
weight = 2.5;
description = "Rspamd emailbl, bl.rspamd.com";
@@ -66,101 +66,101 @@ symbols = {
"MSBL_EBL" {
weight = 7.5;
- description = "MSBL emailbl";
+ description = "MSBL emailbl (https://www.msbl.org/)";
one_shot = true;
groups = ["ebl"];
}
"MSBL_EBL_GREY" {
weight = 0.5; # TODO: test it
- description = "MSBL emailbl grey list";
+ description = "MSBL emailbl grey list (https://www.msbl.org/)";
one_shot = true;
groups = ["ebl"];
}
"SEM_URIBL_UNKNOWN" {
weight = 0.0;
- description = "Spameatingmonkey uribl: unknown result";
+ description = "Unrecognised result from Spameatingmonkey URIBL";
one_shot = true;
groups = ["sem"];
}
"SEM_URIBL" {
weight = 3.5;
- description = "Spameatingmonkey uribl";
+ description = "A domain in the message is listed in Spameatingmonkey URIBL";
one_shot = true;
groups = ["sem"];
}
"SEM_URIBL_FRESH15_UNKNOWN" {
weight = 0.0;
- description = "Spameatingmonkey Fresh15 uribl: unknown result";
+ description = "Unrecognised result from Spameatingmonkey Fresh15 URIBL";
one_shot = true;
groups = ["sem"];
}
"SEM_URIBL_FRESH15" {
weight = 3.0;
- description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)";
+ description = "A domain in the message is listed in Spameatingmonkey Fresh15 URIBL (registered in the past 15 days, .AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US only)";
one_shot = true;
groups = ["sem"];
}
"DBL" {
weight = 0.0;
- description = "DBL unknown result";
+ description = "Unrecognised result from Spamhaus DBL";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_SPAM" {
weight = 6.5;
- description = "DBL uribl spam";
+ description = "A domain in the message is listed in Spamhaus DBL as spam";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_PHISH" {
weight = 6.5;
- description = "DBL uribl phishing";
+ description = "A domain in the message is listed in Spamhaus DBL as phishing";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_MALWARE" {
weight = 6.5;
- description = "DBL uribl malware";
+ description = "A domain in the message is listed in Spamhaus DBL as malware";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_BOTNET" {
weight = 5.5;
- description = "DBL uribl botnet C&C domain";
+ description = "A domain in the message is listed in Spamhaus DBL as botnet C&C";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE" {
weight = 6.5;
- description = "DBL uribl abused legit spam";
+ description = "A domain in the message is listed in Spamhaus DBL as abused legit spam";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_REDIR" {
weight = 1.5;
- description = "DBL uribl abused spammed redirector domain";
+ description = "A domain in the message is listed in Spamhaus DBL as spammed redirector domain";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_PHISH" {
weight = 7.5;
- description = "DBL uribl abused legit phish";
+ description = "A domain in the message is listed in Spamhaus DBL as abused legit phish";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_MALWARE" {
weight = 7.5;
- description = "DBL uribl abused legit malware";
+ description = "A domain in the message is listed in Spamhaus DBL as abused legit malware";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_BOTNET" {
weight = 5.5;
- description = "DBL uribl abused legit botnet C&C";
+ description = "A domain in the message is listed in Spamhaus DBL as abused legit botnet C&C";
one_shot = true;
groups = ["spamhaus"];
}
@@ -174,48 +174,50 @@ symbols = {
weight = 0.0;
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
one_shot = true;
- groups = ["spamhaus"];
+ groups = ["spamhaus", "blocked"];
}
"DBL_BLOCKED" {
weight = 0.0;
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
one_shot = true;
- groups = ["spamhaus"];
+ groups = ["spamhaus", "blocked"];
}
+
"URIBL_MULTI" {
weight = 0.0;
- description = "uribl.com: unrecognised result";
+ description = "Unrecognised result from URIBL.com";
one_shot = true;
groups = ["uribl"];
}
"URIBL_BLOCKED" {
weight = 0.0;
- description = "uribl.com: query refused";
+ description = "URIBL.com: query refused, likely due to policy/overusage";
one_shot = true;
groups = ["uribl", "blocked"];
}
"URIBL_BLACK" {
weight = 7.5;
- description = "uribl.com black url";
+ description = "A domain in the message is listed in URIBL.com black";
one_shot = true;
groups = ["uribl"];
}
"URIBL_RED" {
weight = 3.5;
- description = "uribl.com red url";
+ description = "A domain in the message is listed in URIBL.com red";
one_shot = true;
groups = ["uribl"];
}
"URIBL_GREY" {
weight = 1.5;
- description = "uribl.com grey url";
+ description = "A domain in the message is listed in URIBL.com grey";
one_shot = true;
groups = ["uribl"];
}
+
"SPAMHAUS_ZEN_URIBL" {
ignore = true;
weight = 0.0;
- description = "Spamhaus ZEN URIBL: Filtered result";
+ description = "Unrecognised result from Spamhaus ZEN URIBL";
one_shot = true;
groups = ["spamhaus"];
}
@@ -229,7 +231,7 @@ symbols = {
"URIBL_SBL_CSS" {
ignore = true;
weight = 6.5;
- description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS";
+ description = "A domain in the message body resolves to an IP listed in Spamhaus CSS";
one_shot = true;
groups = ["spamhaus"];
}
@@ -254,9 +256,4 @@ symbols = {
one_shot = true;
groups = ["spamhaus"];
}
- #"RBL_SARBL_BAD" {
- # weight = 2.5;
- # description = "A domain in the message body is blacklisted in SARBL";
- # one_shot = true;
- #}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-28 03:12:37 +0000