diff options
Diffstat (limited to 'rules/regexp')
-rw-r--r-- | rules/regexp/compromised_hosts.lua | 1 | ||||
-rw-r--r-- | rules/regexp/headers.lua | 15 | ||||
-rw-r--r-- | rules/regexp/misc.lua | 2 |
3 files changed, 12 insertions, 6 deletions
diff --git a/rules/regexp/compromised_hosts.lua b/rules/regexp/compromised_hosts.lua index 0a9a9f0aa..cfd560bc2 100644 --- a/rules/regexp/compromised_hosts.lua +++ b/rules/regexp/compromised_hosts.lua @@ -211,4 +211,3 @@ reconf['WWW_DOT_DOMAIN'] = { score = 0.5, group = "compromised_hosts" } - diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index e493a663e..a2b95c2c7 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -439,7 +439,7 @@ reconf['FORGED_MUA_OPERA_MSGID'] = { -- Detect forged Mozilla Mail/Thunderbird/Seamonkey/Postbox headers -- Mozilla based X-Mailer local user_agent_mozilla5 = 'User-Agent=/^\\s*Mozilla\\/5\\.0/H' -local user_agent_thunderbird = 'User-Agent=/^\\s*(Thunderbird|Mozilla Thunderbird|Mozilla\\/.*Gecko\\/.*(Thunderbird|Icedove)\\/)/H' +local user_agent_thunderbird = 'User-Agent=/^\\s*(Thunderbird|Mozilla Thunderbird|Mozilla\\/.*Gecko\\/.*(Thunderbird|Betterbird|Icedove)\\/)/H' local user_agent_seamonkey = 'User-Agent=/^\\s*Mozilla\\/5\\.0\\s.+\\sSeaMonkey\\/\\d+\\.\\d+/H' local user_agent_postbox = [[User-Agent=/^\s*Mozilla\/5\.0\s\([^)]+\)\sGecko\/\d+\sPostboxApp\/\d+(?:\.\d+){2,3}$/H]] local user_agent_mozilla = string.format('(%s) & !(%s) & !(%s) & !(%s)', user_agent_mozilla5, user_agent_thunderbird, user_agent_seamonkey, user_agent_postbox) @@ -908,14 +908,21 @@ reconf['HAS_LIST_UNSUB'] = { reconf['HAS_GUC_PROXY_URI'] = { re = '/\\.googleusercontent\\.com\\/proxy/{url}i', - description = 'Has googleusercontent.com proxy URI', - score = 0.01, - group = 'experimental' + description = 'Has googleusercontent.com proxy URL', + score = 1.0, + group = 'url' } reconf['HAS_GOOGLE_REDIR'] = { re = '/\\.google\\.com\\/url\\?/{url}i', description = 'Has google.com/url redirection', + score = 1.0, + group = 'url' +} + +reconf['HAS_GOOGLE_FIREBASE_URL'] = { + re = '/\\.firebasestorage\\.googleapis\\.com\\//{url}i', + description = 'Contains firebasestorage.googleapis.com URL', score = 0.01, group = 'experimental' } diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua index a5e5cfc44..0e660e358 100644 --- a/rules/regexp/misc.lua +++ b/rules/regexp/misc.lua @@ -99,4 +99,4 @@ reconf['LEAKED_PASSWORD_SCAM_RE'] = { group = 'scams' } -rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR')
\ No newline at end of file +rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR') |