diff options
Diffstat (limited to 'rules/regexp/headers.lua')
| -rw-r--r-- | rules/regexp/headers.lua | 38 |
1 files changed, 9 insertions, 29 deletions
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index 38bd2a2ba..1b5f55db1 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -69,6 +69,14 @@ if rspamd_config:is_mime_utf8() then end end +reconf['R_HTTP_URL_IN_FROM'] = { + re = [[From=/(^|"|'|\s)[hH][tT][tT][pP][sS]?(:|=3A)\/\/\S/H]], + score = 5.0, + mime_only = true, + description = 'HTTP URL preceded by the start of a line, quote, or whitespace, with normal or URL-encoded colons in From header', + group = 'headers' +} + -- Detects that there is no space in From header (e.g. Some Name<some@host>) reconf['R_NO_SPACE_IN_FROM'] = { re = 'From=/\\S<[-\\w\\.]+\\@[-\\w\\.]+>/X', @@ -644,7 +652,7 @@ reconf['REPTO_QUOTE_YAHOO'] = { } reconf['FAKE_REPLY'] = { - re = [[Subject=/^re:/i{header} & !(header_exists(In-Reply-To) | header_exists(References))]], + re = [[Subject=/^(antw|atb|aw|bls|odp|res?|rif|sv|ynt)[. ]*:/i{header} & !(header_exists(In-Reply-To) | header_exists(References))]], description = 'Fake reply', score = 1.0, group = 'headers' @@ -945,34 +953,6 @@ reconf['HAS_LIST_UNSUB'] = { group = 'headers' } -reconf['HAS_GUC_PROXY_URI'] = { - re = '/\\.googleusercontent\\.com\\/proxy/{url}i', - description = 'Has googleusercontent.com proxy URL', - score = 1.0, - group = 'url' -} - -reconf['HAS_GOOGLE_REDIR'] = { - re = '/\\.google\\.([a-z]{2,3}(|\\.[a-z]{2,3})|info|jobs)\\/(amp\\/s\\/|url\\?)/{url}i', - description = 'Has google.com/url or alike Google redirection URL', - score = 1.0, - group = 'url' -} - -reconf['HAS_GOOGLE_FIREBASE_URL'] = { - re = '/\\.firebasestorage\\.googleapis\\.com\\//{url}i', - description = 'Contains firebasestorage.googleapis.com URL', - score = 2.0, - group = 'url' -} - -reconf['HAS_FILE_URL'] = { - re = '/^file:\\/\\//{url}i', - description = 'Contains file:// URL', - score = 2.0, - group = 'url' -} - reconf['XM_UA_NO_VERSION'] = { re = string.format('(!%s && !%s) && (%s || %s) && !%s', 'X-Mailer=/https?:/H', |