diff options
Diffstat (limited to 'rules')
| -rw-r--r-- | rules/bitcoin.lua | 3 | ||||
| -rw-r--r-- | rules/controller/fuzzy.lua | 22 | ||||
| -rw-r--r-- | rules/forwarding.lua | 45 | ||||
| -rw-r--r-- | rules/regexp/headers.lua | 38 | ||||
| -rw-r--r-- | rules/regexp/urls.lua | 31 | ||||
| -rw-r--r-- | rules/rspamd.lua | 1 |
6 files changed, 109 insertions, 31 deletions
diff --git a/rules/bitcoin.lua b/rules/bitcoin.lua index 6a70721f8..bc8c65805 100644 --- a/rules/bitcoin.lua +++ b/rules/bitcoin.lua @@ -183,8 +183,9 @@ local btc_bleach_re = [[/\b(?:(?:[a-zA-Z]\w+:)|(?:bc1))?[qpzry9x8gf2tvdw0s3jn54k config.regexp['BITCOIN_ADDR'] = { description = 'Message has a valid bitcoin wallet address', - -- Use + operator to ensure that each expression is always evaluated re = string.format('(%s) + (%s) > 0', normal_wallet_re, btc_bleach_re), + -- Disable optimizations for this expression to get all addresses + expression_flags = { 'noopt' }, re_conditions = { [normal_wallet_re] = function(task, txt, s, e) local len = e - s diff --git a/rules/controller/fuzzy.lua b/rules/controller/fuzzy.lua index 193e6fd4c..06f5d43d9 100644 --- a/rules/controller/fuzzy.lua +++ b/rules/controller/fuzzy.lua @@ -37,10 +37,30 @@ local function handle_gen_fuzzy(task, conn, req_params) end end +local function handle_fuzzy_storages(_task, conn) + if type(rspamd_plugins.fuzzy_check) == 'table' + and type(rspamd_plugins.fuzzy_check.list_storages) == 'function' then + local ok, result = pcall(rspamd_plugins.fuzzy_check.list_storages, rspamd_config) + + if ok then + conn:send_ucl({ success = true, storages = result }) + else + conn:send_error(500, 'cannot list fuzzy storages') + end + else + conn:send_error(404, 'fuzzy_check is not enabled') + end +end + return { hashes = { handler = handle_gen_fuzzy, need_task = true, enable = false }, -}
\ No newline at end of file + storages = { + handler = handle_fuzzy_storages, + need_task = false, + enable = false + }, +} diff --git a/rules/forwarding.lua b/rules/forwarding.lua index a008c587d..f8218e1cb 100644 --- a/rules/forwarding.lua +++ b/rules/forwarding.lua @@ -107,6 +107,51 @@ rspamd_config.FWD_SRS = { group = "forwarding" } +rspamd_config.FWD_SIEVE = { + callback = function(task) + if not (task:has_from(1) and task:has_recipients(1)) then + return false + end + local envfrom = task:get_from(1) + local envrcpts = task:get_recipients(1) + -- Forwarding is only to a single recipient + if #envrcpts > 1 then + return false + end + if envfrom[1].user:lower():find('^srs[01]=') then + return task:has_header('X-Sieve-Redirected-From') + end + return false + end, + score = 0.0, + description = "Message was forwarded using Sieve", + group = "forwarding" +} + +rspamd_config.FWD_CPANEL = { + callback = function(task) + if not (task:has_from(1) and task:has_recipients(1)) then + return false + end + local envfrom = task:get_from(1) + local envrcpts = task:get_recipients(1) + -- Forwarding is only to a single recipient + if #envrcpts > 1 then + return false + end + if envfrom[1].user:lower():find('^srs[01]=') then + local rewrite_hdr = task:get_header('From-Rewrite') + if rewrite_hdr and rewrite_hdr:find('forwarded message') then + return true + end + end + return false + end, + score = 0.0, + description = "Message was forwarded using cPanel", + group = "forwarding" +} + rspamd_config.FORWARDED = { callback = function(task) local function normalize_addr(addr) diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index 38bd2a2ba..1b5f55db1 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -69,6 +69,14 @@ if rspamd_config:is_mime_utf8() then end end +reconf['R_HTTP_URL_IN_FROM'] = { + re = [[From=/(^|"|'|\s)[hH][tT][tT][pP][sS]?(:|=3A)\/\/\S/H]], + score = 5.0, + mime_only = true, + description = 'HTTP URL preceded by the start of a line, quote, or whitespace, with normal or URL-encoded colons in From header', + group = 'headers' +} + -- Detects that there is no space in From header (e.g. Some Name<some@host>) reconf['R_NO_SPACE_IN_FROM'] = { re = 'From=/\\S<[-\\w\\.]+\\@[-\\w\\.]+>/X', @@ -644,7 +652,7 @@ reconf['REPTO_QUOTE_YAHOO'] = { } reconf['FAKE_REPLY'] = { - re = [[Subject=/^re:/i{header} & !(header_exists(In-Reply-To) | header_exists(References))]], + re = [[Subject=/^(antw|atb|aw|bls|odp|res?|rif|sv|ynt)[. ]*:/i{header} & !(header_exists(In-Reply-To) | header_exists(References))]], description = 'Fake reply', score = 1.0, group = 'headers' @@ -945,34 +953,6 @@ reconf['HAS_LIST_UNSUB'] = { group = 'headers' } -reconf['HAS_GUC_PROXY_URI'] = { - re = '/\\.googleusercontent\\.com\\/proxy/{url}i', - description = 'Has googleusercontent.com proxy URL', - score = 1.0, - group = 'url' -} - -reconf['HAS_GOOGLE_REDIR'] = { - re = '/\\.google\\.([a-z]{2,3}(|\\.[a-z]{2,3})|info|jobs)\\/(amp\\/s\\/|url\\?)/{url}i', - description = 'Has google.com/url or alike Google redirection URL', - score = 1.0, - group = 'url' -} - -reconf['HAS_GOOGLE_FIREBASE_URL'] = { - re = '/\\.firebasestorage\\.googleapis\\.com\\//{url}i', - description = 'Contains firebasestorage.googleapis.com URL', - score = 2.0, - group = 'url' -} - -reconf['HAS_FILE_URL'] = { - re = '/^file:\\/\\//{url}i', - description = 'Contains file:// URL', - score = 2.0, - group = 'url' -} - reconf['XM_UA_NO_VERSION'] = { re = string.format('(!%s && !%s) && (%s || %s) && !%s', 'X-Mailer=/https?:/H', diff --git a/rules/regexp/urls.lua b/rules/regexp/urls.lua new file mode 100644 index 000000000..6dc99f008 --- /dev/null +++ b/rules/regexp/urls.lua @@ -0,0 +1,31 @@ + +local reconf = config['regexp'] + +reconf['HAS_GUC_PROXY_URI'] = { + re = '/[\\.\\/]googleusercontent\\.com\\/proxy/{url}i', + description = 'Has googleusercontent.com proxy URL', + score = 1.0, + group = 'url' +} + +reconf['HAS_GOOGLE_REDIR'] = { + re = '/[\\.\\/]google\\.([a-z]{2,3}(|\\.[a-z]{2,3})|info|jobs)\\/(amp\\/s\\/|url\\?)/{url}i', + description = 'Has google.com/url or alike Google redirection URL', + score = 1.0, + group = 'url' +} + +reconf['HAS_GOOGLE_FIREBASE_URL'] = { + re = '/[\\.\\/]firebasestorage\\.googleapis\\.com\\//{url}i', + description = 'Contains firebasestorage.googleapis.com URL', + score = 2.0, + group = 'url' +} + +reconf['HAS_FILE_URL'] = { + re = '/^file:\\/\\//{url}i', + description = 'Contains file:// URL', + score = 2.0, + group = 'url' +} + diff --git a/rules/rspamd.lua b/rules/rspamd.lua index e41a946cb..3fc2d1797 100644 --- a/rules/rspamd.lua +++ b/rules/rspamd.lua @@ -30,6 +30,7 @@ dofile(local_rules .. '/regexp/headers.lua') dofile(local_rules .. '/regexp/misc.lua') dofile(local_rules .. '/regexp/upstream_spam_filters.lua') dofile(local_rules .. '/regexp/compromised_hosts.lua') +dofile(local_rules .. '/regexp/urls.lua') dofile(local_rules .. '/html.lua') dofile(local_rules .. '/headers_checks.lua') dofile(local_rules .. '/subject_checks.lua') |