diff options
Diffstat (limited to 'conf')
| -rw-r--r-- | conf/actions.conf | 2 | ||||
| -rw-r--r-- | conf/composites.conf | 19 | ||||
| -rw-r--r-- | conf/maps.d/maillist.inc | 340 | ||||
| -rw-r--r-- | conf/maps.d/redirectors.inc | 2 | ||||
| -rw-r--r-- | conf/maps.d/surbl-whitelist.inc | 24 | ||||
| -rw-r--r-- | conf/modules.d/arc.conf | 2 | ||||
| -rw-r--r-- | conf/modules.d/bimi.conf | 2 | ||||
| -rw-r--r-- | conf/modules.d/clickhouse.conf | 1 | ||||
| -rw-r--r-- | conf/modules.d/multimap.conf | 1 | ||||
| -rw-r--r-- | conf/modules.d/rbl.conf | 40 | ||||
| -rw-r--r-- | conf/modules.d/redis.conf | 2 | ||||
| -rw-r--r-- | conf/modules.d/spamassassin.conf | 2 | ||||
| -rw-r--r-- | conf/scores.d/content_group.conf | 7 | ||||
| -rw-r--r-- | conf/scores.d/headers_group.conf | 1 | ||||
| -rw-r--r-- | conf/scores.d/mime_types_group.conf | 5 | ||||
| -rw-r--r-- | conf/scores.d/policies_group.conf | 4 | ||||
| -rw-r--r-- | conf/scores.d/rbl_group.conf | 56 | ||||
| -rw-r--r-- | conf/scores.d/subject_group.conf | 4 | ||||
| -rw-r--r-- | conf/scores.d/surbl_group.conf | 69 | ||||
| -rw-r--r-- | conf/worker-proxy.inc | 2 |
20 files changed, 275 insertions, 310 deletions
diff --git a/conf/actions.conf b/conf/actions.conf index a141be778..8be38230d 100644 --- a/conf/actions.conf +++ b/conf/actions.conf @@ -26,4 +26,4 @@ actions { .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/actions.conf" .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/actions.conf" -}
\ No newline at end of file +} diff --git a/conf/composites.conf b/conf/composites.conf index e2096b291..db2cba1fe 100644 --- a/conf/composites.conf +++ b/conf/composites.conf @@ -45,10 +45,6 @@ composites { FORGED_MUA_MAILLIST { expression = "g:mua & -MAILLIST"; } - RBL_SPAMHAUS_XBL_ANY { - expression = "RBL_SPAMHAUS_XBL & RECEIVED_SPAMHAUS_XBL"; - description = "From and Received address are listed in Spamhaus XBL"; - } AUTH_NA { expression = "R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA"; score = 1.0; @@ -98,7 +94,7 @@ composites { } RCVD_UNAUTH_PBL { expression = "RECEIVED_PBL & !RCVD_VIA_SMTP_AUTH"; - description = "Relayed through ZEN PBL IP without sufficient authentication (possible indicating an open relay)"; + description = "Relayed through Spamhaus PBL IP without sufficient authentication (possible indicating an open relay)"; score = 2.0; policy = "leave"; } @@ -133,18 +129,16 @@ composites { policy = "leave"; } BAD_REP_POLICIES { - description = "Contains valid policies but are also marked by fuzzy/bayes/surbl/rbl"; + description = "Contains valid policies but are also marked by fuzzy/bayes/SURBL/RBL"; expression = "(~g-:policies) & (-g+:fuzzy | -g+:statistics | -g+:surbl | -g+:rbl)"; score = 0.1; } - VIOLATED_DIRECT_SPF { description = "Has no Received (or no trusted received relays) and SPF policy fails or soft fails"; expression = "(R_SPF_FAIL | R_SPF_SOFTFAIL) & (RCVD_COUNT_ZERO | RCVD_NO_TLS_LAST)"; policy = "leave"; score = 3.5; } - IP_SCORE_FREEMAIL { description = "Negate IP_SCORE when message comes from FreeMail"; expression = "FREEMAIL_FROM & SENDER_REP_SPAM"; @@ -164,12 +158,11 @@ composites { score = 7.0; group = "scams"; } - FREEMAIL_AFF { - expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & R_UNDISC_RCPT & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)"; - score = 4.0; - policy = "leave"; - description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses"; + expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & R_UNDISC_RCPT & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)"; + score = 4.0; + policy = "leave"; + description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses"; } .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf" diff --git a/conf/maps.d/maillist.inc b/conf/maps.d/maillist.inc index 97b2158f0..b2de86de5 100644 --- a/conf/maps.d/maillist.inc +++ b/conf/maps.d/maillist.inc @@ -1,208 +1,176 @@ -usndr.com -subscribe.ru -smartsndr.com - -hh.ru -free-lance.ru -superjob.ru -rabota.ru -job.ru -odesk.com -jobinmoscow.ru - -russianpost.ru -shopotam.ru - -ebay.com +1c-bitrix.ru +360.cn +360.com +activeby.net +adobe.com +aeroflot.ru alibaba.com aliexpress.com alipay.com - -github.net -github.com -molotok.ru - +amazon.co.jp +amazon.com +amazon.co.uk +amazon.de +amazon.in +apple.com +ask.com +avito.ru +b2b-center.ru +baby.ru +babysfera.ru +baidu.com +beeline.ru +bing.com +blogger.com +blogspot.com +booking.com +chase.com +cnn.com +comodo.com +comodogroup.com +comodo.net +dating.ru +dmir.ru +dropbox.com +ebay.com +electrozon.ru +e-moskva.ru +etp-micex.ru +exist.ru +fabrikant.ru facebook.com -vk.com -odnoklassniki.ru -vkrugudruzei.ru +fc2.com +flipkart.com +free-lance.ru +github.com +github.net +gmw.cn +go.com +google.ca +google.co.id +google.co.in +google.co.jp +google.com.au +google.com.br +google.com.hk +google.com.mx +google.com.tr +google.co.uk +google.de +google.fr +google.it +google.pl +google.ru +googleusercontent.com +gosuslugi.ru +gov.ru +habramail.net +hao123.com +hh.ru +imdb.com +imgur.com +instagram.com +ispsystem.com +ispsystem.net +ispsystem.ru +jobinmoscow.ru +job.ru linkedin.com -professionali.ru -mail.mtml.ru +live.com livejournal.com -twitter.com - -avito.ru -dmir.ru +mailgun.com +mailgun.net +mail.mtml.ru +mamba.ru +megafon.ru +microsoft.com +microsoftonline.com mnogo.ru +mobilelement.ru +moesk.ru +molotok.ru +mos.ru +msn.com +mts.ru +nalog.ru +naukanet.ru +netflix.com +nic.ru +nix.ru +nytimes.com +odesk.com +odnoklassniki.ru +office.com +ok.ru +osmp.ru +outbrain.com +ozon.ru paypal.com -roboxchange.com -sberbank.ru - +pinterest.com +pixnet.net +pornhub.com +professionali.ru +psport.ru qiwi.com qiwi.ru -osmp.ru -mobilelement.ru -rp-system.ru +qq.com quickpay.ru +r01.ru +rabota.ru rbkmoney.ru - -gosuslugi.ru -rostelecom.ru -mos.ru -gov.ru -nalog.ru -sitesoft.ru -e-moskva.ru -rosreestr.ru +reddit.com +reg.ru +regtime.net +returnpath.net +roboxchange.com roseltorg.ru -sberbank-ast.ru -etp-micex.ru -zakazrf.ru -rtstender.ru +rosreestr.ru +rostelecom.ru +rp-system.ru rts-tender.ru -b2b-center.ru -yamoney.ru - -fabrikant.ru - -apple.com -dropbox.com +rtstender.ru +russianpost.ru +sberbank-ast.ru +sberbank.ru +senderscore.net +shopotam.ru +sipnet.ru +sitesoft.ru skype.com - -habramail.net -mamba.ru -dating.ru +smartsndr.com +sohu.com +soso.com +stackoverflow.com +startcomca.com +subscribe.ru +superjob.ru +taobao.com +tario.ru +t.co +tks.ru +tmall.com topface.com - -ulmart.ru -electrozon.ru -nix.ru -ozon.ru - -beeline.ru -mts.ru -megafon.ru - -booking.com +tumblr.com tutu.ru -aeroflot.ru - +twitter.com +ulmart.ru +usndr.com vedomosti.ru - -1c-bitrix.ru - -moesk.ru - -exist.ru -tks.ru -zzap.ru - -activeby.net -babysfera.ru -baby.ru - -wordpress.com - -ispsystem.net -ispsystem.com -ispsystem.ru - -naukanet.ru - -startcomca.com - -wmtransfer.com - -sipnet.ru -tario.ru - -mailgun.com -mailgun.net - -psport.ru - -returnpath.net -senderscore.net - +vk.com +vkrugudruzei.ru webnames.ru -regtime.net - -nic.ru -r01.ru -reg.ru - -ztel.ru - -youtube.com -baidu.com -yahoo.com -amazon.com -wikipedia.org -qq.com -google.co.in -live.com -taobao.com -msn.com -yahoo.co.jp -google.co.jp weibo.com -bing.com -hao123.com -instagram.com -google.de -amazon.co.jp -360.cn -tmall.com -google.co.uk -pinterest.com -google.ru -reddit.com -google.com.br -t.co -netflix.com -google.fr -sohu.com -microsoft.com -google.it -blogspot.com -tumblr.com -ok.ru -gmw.cn -imgur.com -stackoverflow.com -xvideos.com -google.com.mx -fc2.com -imdb.com -google.com.hk -amazon.de -ask.com -google.com.tr -google.ca -office.com -pornhub.com -google.co.id -soso.com -go.com -pixnet.net -amazon.co.uk -googleusercontent.com -outbrain.com -amazon.in -blogger.com -cnn.com -google.pl -google.com.au -360.com -xhamster.com -adobe.com -flipkart.com -microsoftonline.com whatsapp.com -nytimes.com -chase.com +wikipedia.org +wmtransfer.com +wordpress.com wosign.com -comodo.com -comodogroup.com -comodo.net +xhamster.com +xvideos.com +yahoo.co.jp +yahoo.com +yamoney.ru +youtube.com +zakazrf.ru +ztel.ru +zzap.ru diff --git a/conf/maps.d/redirectors.inc b/conf/maps.d/redirectors.inc index 812f40539..c7d7f2549 100644 --- a/conf/maps.d/redirectors.inc +++ b/conf/maps.d/redirectors.inc @@ -233,8 +233,8 @@ email.account.2gis.com email.mail.ostrovok.ru email.news.ostrovok.ru e.mail.ru -em.digium.com emap.ws +em.digium.com etdurl.com eweri.com exa.im diff --git a/conf/maps.d/surbl-whitelist.inc b/conf/maps.d/surbl-whitelist.inc index 401c1cec9..479c929aa 100644 --- a/conf/maps.d/surbl-whitelist.inc +++ b/conf/maps.d/surbl-whitelist.inc @@ -34,6 +34,7 @@ americanexpress.ch americanexpress.com anadolubank.nl ancestry.com +anpdm.com anz.com anz.co.nz aol.com @@ -294,6 +295,7 @@ discovery.co.za dnbnord.lt domain.com doubleclick.com +dovecot.org dresdner-bank.de dsbbank.sr dsbl.org @@ -314,6 +316,7 @@ egroups.com e-gulfbank.com emode.com esunbank.com.tw +exacttarget.com example.com example.net example.org @@ -349,6 +352,7 @@ generali.es genevoise.ch gentoo.org geocities.com +github.com gkb.ch gmail.com gmx.net @@ -416,6 +420,7 @@ isbank.de isbank.ge isbank.iq isbankkosova.com +isc.org itau.com.br ivillage.com joingevalia.com @@ -444,6 +449,8 @@ lcl.com lcl.fr li.ru list.ru +lists.isc.org +lists.roundcube.net liveinternet.ru livejournal.com lloydsbank.com @@ -697,6 +704,7 @@ subscribe.ru sun.com suncorpbank.com.au suntrust.com +svn.apache.org swedbank.com swedbank.ee swedbank.lt @@ -707,6 +715,7 @@ swisscaution.ch swissquote.ch sydbank.dk sympatico.ca +taggedmail.com tails.nl tangerine.ca tcb-bank.com.tw @@ -726,6 +735,7 @@ top4top.ru tsbbank.co.nz tsb.co.nz tsb.co.uk +tumblr.com tux.org twitter.com ubibanca.com @@ -759,6 +769,8 @@ visa.com.br visaeurope.ch visaeurope.com viseca.ch +vistaprint.com +vistaprint.dk volksbank.de volkswagenbank.de vpbank.com @@ -813,18 +825,6 @@ zdnet.com zenithbank.com zkb.ch zugerkb.ch -vistaprint.dk -vistaprint.com -anpdm.com -dovecot.org -exacttarget.com -github.com -isc.org # list-manage1.com # grey # list-manage2.com # grey # list-manage.com # grey -lists.isc.org -lists.roundcube.net -svn.apache.org -taggedmail.com -tumblr.com
\ No newline at end of file diff --git a/conf/modules.d/arc.conf b/conf/modules.d/arc.conf index 4b5682b77..f26dad86e 100644 --- a/conf/modules.d/arc.conf +++ b/conf/modules.d/arc.conf @@ -44,7 +44,7 @@ arc { # If false, messages from local networks are not selected for signing sign_local = false; # Symbol to add when message is signed - symbol_sign = "ARC_SIGNED"; + sign_symbol = "ARC_SIGNED"; # Whether to fallback to global config try_fallback = true; # Domain to use for ARC signing: can be "header", "envelope" or "recipient" diff --git a/conf/modules.d/bimi.conf b/conf/modules.d/bimi.conf index 63c0f7135..91f48b601 100644 --- a/conf/modules.d/bimi.conf +++ b/conf/modules.d/bimi.conf @@ -26,4 +26,4 @@ bimi { .include(try=true,priority=5) "${DBDIR}/dynamic/bimi.conf" .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/bimi.conf" .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/bimi.conf" -}
\ No newline at end of file +} diff --git a/conf/modules.d/clickhouse.conf b/conf/modules.d/clickhouse.conf index dc176c664..5edf710d5 100644 --- a/conf/modules.d/clickhouse.conf +++ b/conf/modules.d/clickhouse.conf @@ -12,7 +12,6 @@ # # Module documentation can be found at https://rspamd.com/doc/modules/clickhouse.html - clickhouse { # Push update when 1000 records are collected (1000 if unset) limit = 1000; diff --git a/conf/modules.d/multimap.conf b/conf/modules.d/multimap.conf index 5713c8368..6c4f25bd5 100644 --- a/conf/modules.d/multimap.conf +++ b/conf/modules.d/multimap.conf @@ -173,4 +173,3 @@ url_tld_re { symbol = "URL_MAP_RE"; } */ - diff --git a/conf/modules.d/rbl.conf b/conf/modules.d/rbl.conf index 94b3ee7c6..e3ece5a66 100644 --- a/conf/modules.d/rbl.conf +++ b/conf/modules.d/rbl.conf @@ -23,6 +23,14 @@ rbl { "fallback+file://${CONFDIR}/maps.d/surbl-whitelist.inc" ]; + attached_maps = [ + { + selector_alias = "surbl_hashbl_map", + description = "SURBL hashbl map", + url = "regexp;http://sa-update.surbl.org/rspamd/surbl-hashbl-map.inc", + } + ] + rbls { spamhaus { @@ -38,8 +46,7 @@ rbl { returncodes { SPAMHAUS_SBL = "127.0.0.2"; SPAMHAUS_CSS = "127.0.0.3"; - SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5", - "127.0.0.6", "127.0.0.7"]; + SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"]; SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"]; SPAMHAUS_DROP = "127.0.0.9"; SPAMHAUS_BLOCKED_OPENRESOLVER = "127.255.255.254"; @@ -170,6 +177,7 @@ rbl { RSPAMD_EMAILBL = "127.0.0.2"; } } + MSBL_EBL { ignore_whitelist = true; ignore_defaults = true; @@ -189,7 +197,7 @@ rbl { ]; } } - # Old SURBL module + "SURBL_MULTI" { ignore_defaults = true; rbl = "multi.surbl.org"; @@ -198,7 +206,7 @@ rbl { exclude_users = false; returnbits = { - CRACKED_SURBL = 128; # From February 2016 + CRACKED_SURBL = 128; ABUSE_SURBL = 64; MW_SURBL_MULTI = 16; PH_SURBL_MULTI = 8; @@ -206,6 +214,23 @@ rbl { } } + SURBL_HASHBL { + rbl = "hashbl.surbl.org"; + ignore_defaults = true; + random_monitored = true, + # TODO: make limit more configurable maybe? + selector = "specific_urls_filter_map('surbl_hashbl_map', {limit = 10}).apply_methods('get_host', 'get_path').join_tables('/')", + hash = 'md5'; + hash_len = 32; + returncodes = { + SURBL_HASHBL_PHISH = "127.0.0.8"; + SURBL_HASHBL_MALWARE = "127.0.0.16"; + SURBL_HASHBL_ABUSE = "127.0.0.64"; + SURBL_HASHBL_CRACKED = "127.0.0.128"; + SURBL_HASHBL_EMAIL = "127.0.1.%d+"; + } + } + "URIBL_MULTI" { ignore_defaults = true; rbl = "multi.uribl.com"; @@ -309,13 +334,6 @@ rbl { SEM_URIBL_FRESH15 = 2; } } - - # Proved to be broken - #"RBL_SARBL_BAD" { - # suffix = "public.sarbl.org"; - # noip = true; - # images = true; - #} } .include(try=true,priority=5) "${DBDIR}/dynamic/rbl.conf" diff --git a/conf/modules.d/redis.conf b/conf/modules.d/redis.conf index 9fec0a241..eb430cbb1 100644 --- a/conf/modules.d/redis.conf +++ b/conf/modules.d/redis.conf @@ -23,4 +23,4 @@ redis { .include(try=true,priority=5) "${DBDIR}/dynamic/redis.conf" .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/redis.conf" .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/redis.conf" -}
\ No newline at end of file +} diff --git a/conf/modules.d/spamassassin.conf b/conf/modules.d/spamassassin.conf index 054443071..79f75270f 100644 --- a/conf/modules.d/spamassassin.conf +++ b/conf/modules.d/spamassassin.conf @@ -23,4 +23,4 @@ spamassassin { .include(try=true,priority=5) "${DBDIR}/dynamic/spamassassin.conf" .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/spamassassin.conf" .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/spamassassin.conf" -}
\ No newline at end of file +} diff --git a/conf/scores.d/content_group.conf b/conf/scores.d/content_group.conf index 56255bea0..88b476501 100644 --- a/conf/scores.d/content_group.conf +++ b/conf/scores.d/content_group.conf @@ -35,18 +35,17 @@ symbols = { } "PDF_LONG_TRAILER" { weight = 0.2; - description = "There is an PDF with a long trailer"; + description = "There is an PDF with a long trailer in the message"; one_shot = true; } "PDF_MANY_OBJECTS" { weight = 0; - description = "There is a PDF file with too many objects"; + description = "There is a PDF with too many objects in the message"; one_shot = true; } "PDF_TIMEOUT" { weight = 0; - description = "There is a PDF file that caused timeout in processing"; + description = "There is a PDF in the message that caused timeout in processing"; one_shot = true; } } - diff --git a/conf/scores.d/headers_group.conf b/conf/scores.d/headers_group.conf index 56a8f7f3d..c9b078c5a 100644 --- a/conf/scores.d/headers_group.conf +++ b/conf/scores.d/headers_group.conf @@ -16,6 +16,7 @@ # See https://rspamd.com/doc/tutorials/writing_rules.html for details description = "Various headers checks"; + max_score = 8.0; symbols = { diff --git a/conf/scores.d/mime_types_group.conf b/conf/scores.d/mime_types_group.conf index 2453ba6f7..268709ee9 100644 --- a/conf/scores.d/mime_types_group.conf +++ b/conf/scores.d/mime_types_group.conf @@ -16,9 +16,8 @@ # See https://rspamd.com/doc/tutorials/writing_rules.html for details description = "Mime attachments rules"; -# Define some limit for this group -max_score = 10.0; +max_score = 10.0; symbols = { "MIME_GOOD" { @@ -76,4 +75,4 @@ symbols = { description = "Filename with known obscured unicode characters"; one_shot = true; } -}
\ No newline at end of file +} diff --git a/conf/scores.d/policies_group.conf b/conf/scores.d/policies_group.conf index ee3d0bbce..4a8bdb6b7 100644 --- a/conf/scores.d/policies_group.conf +++ b/conf/scores.d/policies_group.conf @@ -124,25 +124,21 @@ symbols = { description = "ARC checks success"; groups = ["arc"]; } - "ARC_REJECT" { weight = 1.0; description = "ARC checks failed"; groups = ["arc"]; } - "ARC_INVALID" { weight = 0.5; description = "ARC structure invalid"; groups = ["arc"]; } - "ARC_DNSFAIL" { weight = 0.0; description = "ARC DNS error"; groups = ["arc"]; } - "ARC_NA" { weight = 0.0; description = "ARC signature absent"; diff --git a/conf/scores.d/rbl_group.conf b/conf/scores.d/rbl_group.conf index 653ae8057..e24d7d14c 100644 --- a/conf/scores.d/rbl_group.conf +++ b/conf/scores.d/rbl_group.conf @@ -21,7 +21,7 @@ symbols = { "DNSWL_BLOCKED" { weight = 0.0; - description = "Resolver blocked due to excessive queries"; + description = "https://www.dnswl.org: Resolver blocked due to excessive queries"; groups = ["dnswl", "blocked"]; } "RCVD_IN_DNSWL" { @@ -52,12 +52,12 @@ symbols = { "DWL_DNSWL_BLOCKED" { weight = 0.0; - description = "Resolver blocked due to excessive queries (dwl)"; + description = "https://www.dnswl.org: Resolver blocked due to excessive queries (DWL)"; groups = ["dnswl", "blocked"]; } "DWL_DNSWL" { weight = 0.0; - description = "Unrecognised result from https://www.dnswl.org (dwl)"; + description = "Unrecognised result from https://www.dnswl.org (DWL)"; groups = ["dnswl"]; } "DWL_DNSWL_NONE" { @@ -88,89 +88,85 @@ symbols = { } "RBL_SPAMHAUS_SBL" { weight = 4.0; - description = "From address is listed in ZEN SBL"; + description = "From address is listed in Spamhaus SBL"; groups = ["spamhaus"]; } "RBL_SPAMHAUS_CSS" { weight = 2.0; - description = "From address is listed in ZEN CSS"; + description = "From address is listed in Spamhaus CSS"; groups = ["spamhaus"]; } "RBL_SPAMHAUS_XBL" { weight = 4.0; - description = "From address is listed in ZEN XBL"; - groups = ["spamhaus"]; - } - "RBL_SPAMHAUS_XBL_ANY" { - weight = 4.0; - description = "From or received address is listed in ZEN XBL (any list)"; + description = "From address is listed in Spamhaus XBL"; groups = ["spamhaus"]; } "RBL_SPAMHAUS_PBL" { weight = 2.0; - description = "From address is listed in ZEN PBL (ISP list)"; + description = "From address is listed in Spamhaus PBL"; groups = ["spamhaus"]; } "RBL_SPAMHAUS_DROP" { weight = 7.0; - description = "From address is listed in ZEN DROP BL"; + description = "From address is listed in Spamhaus DROP"; groups = ["spamhaus"]; } "RBL_SPAMHAUS_BLOCKED_OPENRESOLVER" { weight = 0.0; description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; - groups = ["spamhaus"]; + groups = ["spamhaus", "blocked"]; } "RBL_SPAMHAUS_BLOCKED" { weight = 0.0; description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; - groups = ["spamhaus"]; + groups = ["spamhaus", "blocked"]; } "RECEIVED_SPAMHAUS_SBL" { weight = 3.0; - description = "Received address is listed in ZEN SBL"; + description = "Received address is listed in Spamhaus SBL"; groups = ["spamhaus"]; one_shot = true; } "RECEIVED_SPAMHAUS_CSS" { weight = 1.0; - description = "Received address is listed in ZEN CSS"; + description = "Received address is listed in Spamhaus CSS"; groups = ["spamhaus"]; one_shot = true; } "RECEIVED_SPAMHAUS_XBL" { - weight = 3.0; + weight = 1.0; description = "Received address is listed in ZEN XBL"; groups = ["spamhaus"]; one_shot = true; } "RECEIVED_SPAMHAUS_PBL" { weight = 0.0; - description = "Received address is listed in ZEN PBL (ISP list)"; + description = "Received address is listed in Spamhaus PBL"; groups = ["spamhaus"]; one_shot = true; } "RECEIVED_SPAMHAUS_DROP" { weight = 6.0; - description = "Received address is listed in ZEN DROP BL"; + description = "Received address is listed in Spamhaus DROP"; groups = ["spamhaus"]; one_shot = true; } "RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER" { weight = 0.0; description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; - groups = ["spamhaus"]; + groups = ["spamhaus", "blocked"]; } "RECEIVED_SPAMHAUS_BLOCKED" { weight = 0.0; description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; - groups = ["spamhaus"]; + groups = ["spamhaus", "blocked"]; } "RBL_SENDERSCORE" { weight = 2.0; description = "From address is listed in senderscore.com BL"; } + "MAILSPIKE" { weight = 0.0; description = "Unrecognised result from Mailspike"; @@ -183,37 +179,37 @@ symbols = { } "RBL_MAILSPIKE_WORST" { weight = 2.0; - description = "From address is listed in RBL - worst possible reputation"; + description = "From address is listed in Mailspike RBL - worst possible reputation"; groups = ["mailspike"]; } "RBL_MAILSPIKE_VERYBAD" { weight = 1.5; - description = "From address is listed in RBL - very bad reputation"; + description = "From address is listed in Mailspike RBL - very bad reputation"; groups = ["mailspike"]; } "RBL_MAILSPIKE_BAD" { weight = 1.0; - description = "From address is listed in RBL - bad reputation"; + description = "From address is listed in Mailspike RBL - bad reputation"; groups = ["mailspike"]; } "RWL_MAILSPIKE_POSSIBLE" { weight = 0.0; - description = "From address is listed in RWL - possibly legit"; + description = "From address is listed in Mailspike RWL - possibly legit"; groups = ["mailspike"]; } "RWL_MAILSPIKE_GOOD" { weight = -0.1; - description = "From address is listed in RWL - good reputation"; + description = "From address is listed in Mailspike RWL - good reputation"; groups = ["mailspike"]; } "RWL_MAILSPIKE_VERYGOOD" { weight = -0.2; - description = "From address is listed in RWL - very good reputation"; + description = "From address is listed in Mailspike RWL - very good reputation"; groups = ["mailspike"]; } "RWL_MAILSPIKE_EXCELLENT" { weight = -0.4; - description = "From address is listed in RWL - excellent reputation"; + description = "From address is listed in Mailspike RWL - excellent reputation"; groups = ["mailspike"]; } @@ -236,7 +232,7 @@ symbols = { "RBL_NIXSPAM" { weight = 4.0; - description = "From address is listed in NiX Spam (http://www.dnsbl.manitu.net/)"; + description = "From address is listed in NiX Spam (https://www.nixspam.net/)"; } "RBL_BLOCKLISTDE" { diff --git a/conf/scores.d/subject_group.conf b/conf/scores.d/subject_group.conf index 3e47161a2..1cc2e0c4d 100644 --- a/conf/scores.d/subject_group.conf +++ b/conf/scores.d/subject_group.conf @@ -17,7 +17,7 @@ description = "Subject filters"; +max_score = 6.0; + symbols = { } - -max_score = 6.0;
\ No newline at end of file diff --git a/conf/scores.d/surbl_group.conf b/conf/scores.d/surbl_group.conf index 34064a174..de7e2ce7c 100644 --- a/conf/scores.d/surbl_group.conf +++ b/conf/scores.d/surbl_group.conf @@ -22,41 +22,41 @@ max_score = 12.5; symbols = { "SURBL_BLOCKED" { weight = 0.0; - description = "SURBL: blocked by policy/overusage"; + description = "SURBL: query blocked by policy/overusage"; one_shot = true; groups = ["surblorg", "blocked"]; } "PH_SURBL_MULTI" { weight = 5.5; - description = "SURBL: Phishing sites"; + description = "A domain in the message is listed in SURBL as phishing"; one_shot = true; groups = ["surblorg", "phishing"]; } "MW_SURBL_MULTI" { weight = 5.5; - description = "SURBL: Malware sites"; + description = "A domain in the message is listed in SURBL as malware"; one_shot = true; groups = ["surblorg"]; } "ABUSE_SURBL" { weight = 5.5; - description = "SURBL: ABUSE"; + description = "A domain in the message is listed in SURBL as abused"; one_shot = true; groups = ["surblorg"]; } "CRACKED_SURBL" { weight = 4.0; - description = "SURBL: cracked site"; + description = "A domain in the message is listed in as SURBL cracked"; one_shot = true; groups = ["surblorg"]; } + "RSPAMD_URIBL" { weight = 4.5; description = "Rspamd uribl, bl.rspamd.com"; one_shot = true; groups = ["rspamdbl"]; } - "RSPAMD_EMAILBL" { weight = 2.5; description = "Rspamd emailbl, bl.rspamd.com"; @@ -66,101 +66,101 @@ symbols = { "MSBL_EBL" { weight = 7.5; - description = "MSBL emailbl"; + description = "MSBL emailbl (https://www.msbl.org/)"; one_shot = true; groups = ["ebl"]; } "MSBL_EBL_GREY" { weight = 0.5; # TODO: test it - description = "MSBL emailbl grey list"; + description = "MSBL emailbl grey list (https://www.msbl.org/)"; one_shot = true; groups = ["ebl"]; } "SEM_URIBL_UNKNOWN" { weight = 0.0; - description = "Spameatingmonkey uribl: unknown result"; + description = "Unrecognised result from Spameatingmonkey URIBL"; one_shot = true; groups = ["sem"]; } "SEM_URIBL" { weight = 3.5; - description = "Spameatingmonkey uribl"; + description = "A domain in the message is listed in Spameatingmonkey URIBL"; one_shot = true; groups = ["sem"]; } "SEM_URIBL_FRESH15_UNKNOWN" { weight = 0.0; - description = "Spameatingmonkey Fresh15 uribl: unknown result"; + description = "Unrecognised result from Spameatingmonkey Fresh15 URIBL"; one_shot = true; groups = ["sem"]; } "SEM_URIBL_FRESH15" { weight = 3.0; - description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)"; + description = "A domain in the message is listed in Spameatingmonkey Fresh15 URIBL (registered in the past 15 days, .AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US only)"; one_shot = true; groups = ["sem"]; } "DBL" { weight = 0.0; - description = "DBL unknown result"; + description = "Unrecognised result from Spamhaus DBL"; one_shot = true; groups = ["spamhaus"]; } "DBL_SPAM" { weight = 6.5; - description = "DBL uribl spam"; + description = "A domain in the message is listed in Spamhaus DBL as spam"; one_shot = true; groups = ["spamhaus"]; } "DBL_PHISH" { weight = 6.5; - description = "DBL uribl phishing"; + description = "A domain in the message is listed in Spamhaus DBL as phishing"; one_shot = true; groups = ["spamhaus"]; } "DBL_MALWARE" { weight = 6.5; - description = "DBL uribl malware"; + description = "A domain in the message is listed in Spamhaus DBL as malware"; one_shot = true; groups = ["spamhaus"]; } "DBL_BOTNET" { weight = 5.5; - description = "DBL uribl botnet C&C domain"; + description = "A domain in the message is listed in Spamhaus DBL as botnet C&C"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE" { weight = 6.5; - description = "DBL uribl abused legit spam"; + description = "A domain in the message is listed in Spamhaus DBL as abused legit spam"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_REDIR" { weight = 1.5; - description = "DBL uribl abused spammed redirector domain"; + description = "A domain in the message is listed in Spamhaus DBL as spammed redirector domain"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_PHISH" { weight = 7.5; - description = "DBL uribl abused legit phish"; + description = "A domain in the message is listed in Spamhaus DBL as abused legit phish"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_MALWARE" { weight = 7.5; - description = "DBL uribl abused legit malware"; + description = "A domain in the message is listed in Spamhaus DBL as abused legit malware"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_BOTNET" { weight = 5.5; - description = "DBL uribl abused legit botnet C&C"; + description = "A domain in the message is listed in Spamhaus DBL as abused legit botnet C&C"; one_shot = true; groups = ["spamhaus"]; } @@ -174,48 +174,50 @@ symbols = { weight = 0.0; description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; one_shot = true; - groups = ["spamhaus"]; + groups = ["spamhaus", "blocked"]; } "DBL_BLOCKED" { weight = 0.0; description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; one_shot = true; - groups = ["spamhaus"]; + groups = ["spamhaus", "blocked"]; } + "URIBL_MULTI" { weight = 0.0; - description = "uribl.com: unrecognised result"; + description = "Unrecognised result from URIBL.com"; one_shot = true; groups = ["uribl"]; } "URIBL_BLOCKED" { weight = 0.0; - description = "uribl.com: query refused"; + description = "URIBL.com: query refused, likely due to policy/overusage"; one_shot = true; groups = ["uribl", "blocked"]; } "URIBL_BLACK" { weight = 7.5; - description = "uribl.com black url"; + description = "A domain in the message is listed in URIBL.com black"; one_shot = true; groups = ["uribl"]; } "URIBL_RED" { weight = 3.5; - description = "uribl.com red url"; + description = "A domain in the message is listed in URIBL.com red"; one_shot = true; groups = ["uribl"]; } "URIBL_GREY" { weight = 1.5; - description = "uribl.com grey url"; + description = "A domain in the message is listed in URIBL.com grey"; one_shot = true; groups = ["uribl"]; } + "SPAMHAUS_ZEN_URIBL" { ignore = true; weight = 0.0; - description = "Spamhaus ZEN URIBL: Filtered result"; + description = "Unrecognised result from Spamhaus ZEN URIBL"; one_shot = true; groups = ["spamhaus"]; } @@ -229,7 +231,7 @@ symbols = { "URIBL_SBL_CSS" { ignore = true; weight = 6.5; - description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS"; + description = "A domain in the message body resolves to an IP listed in Spamhaus CSS"; one_shot = true; groups = ["spamhaus"]; } @@ -254,9 +256,4 @@ symbols = { one_shot = true; groups = ["spamhaus"]; } - #"RBL_SARBL_BAD" { - # weight = 2.5; - # description = "A domain in the message body is blacklisted in SARBL"; - # one_shot = true; - #} } diff --git a/conf/worker-proxy.inc b/conf/worker-proxy.inc index 1959670fe..7f6723854 100644 --- a/conf/worker-proxy.inc +++ b/conf/worker-proxy.inc @@ -20,7 +20,7 @@ milter = yes; # Enable milter mode # true for self-scan mode). # If this behaviour is not desired, then it is recommended to reduce and adjust this # value accordingly -timeout = 120s; +timeout = 60s; upstream "local" { default = yes; |