aboutsummaryrefslogtreecommitdiffstats
path: root/conf/composites.conf
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #5209 from twesterhever/temp-auth-origin-helo-userVsevolod Stakhov2024-11-051-1/+1
|\ | | | | [Minor] Add "User" HELO in Received headers to ABUSE_FROM_INJECTOR
| * [Minor] Add "User" HELO in Received headers to ABUSE_FROM_INJECTORtwesterhever2024-11-041-1/+1
| | | | | | | | | | | | This pattern often surfaces in spam (frequently advance fee fraud) disseminated via compromised accounts, adding it to ABUSE_FROM_INJECTOR to increase the likelihood of such spam getting rejected.
* | [Minor] Improve FREEMAIL_AFF catch ratetwesterhever2024-11-041-1/+1
|/ | | | | This "Mail message body" Content-Description header appears to be a common quirk of advance fee fraud e-mails leveraging freemail services.
* Exclude MIME_BAD_UNICODE false positive (#5030)Dmitriy Alekseev2024-06-261-0/+12
| | | | | | | | | | | | | | | * Update composites.conf * Update composites.conf * Update composites.conf * Update composites.conf * Update mime_types_group.conf * Update mime_types_group.conf * Update composites.conf
* Merge pull request #4915 from twesterhever/temp-freemail-mdnVsevolod Stakhov2024-04-301-1/+8
|\ | | | | Add detection for freemail and disposable e-mail usage for message delivery notification
| * [Minor] Fix typo in rule nametwesterhever2024-04-091-1/+1
| |
| * [Minor] Add composite for suspicios free/disposamail MDN usagetwesterhever2024-04-091-0/+7
| |
| * [Minor] Improve FREEMAIL_AFF detectiontwesterhever2024-04-091-1/+1
| |
* | [Minor] Also respect HAS_XOIP for authenticated messagestwesterhever2024-04-091-1/+1
| |
* | [Minor] Add some missing groups to existing composite rulestwesterhever2024-04-091-0/+3
| |
* | [Minor] Rework composites for spam injected into compromised accountstwesterhever2024-04-091-3/+9
|/
* Merge pull request #4683 from twesterhever/temp-improve-freemail-affVsevolod Stakhov2023-11-031-1/+1
|\ | | | | [Minor] Improve FREEMAIL_AFF capture rates
| * [Minor] Improve FREEMAIL_AFF capture ratestwesterhever2023-11-031-1/+1
| |
* | [Enhancement] Add composite rule for suspicious URLs in suspicious messagestwesterhever2023-11-031-0/+6
|/
* [Rules] Blank spam detectionAndrew Lewis2023-10-131-0/+6
|
* Merge pull request #4556 from twesterhever/temp-improve-freemail-affVsevolod Stakhov2023-08-021-1/+1
|\ | | | | [Minor] Improve catch rates of FREEMAIL_AFF
| * [Minor] Improve catch rates of FREEMAIL_AFFtwesterhever2023-08-021-1/+1
| |
* | Add composites exclusions for known Apple Mail bad symbolsDmitriy Alekseev2023-07-111-0/+8
|/
* Merge pull request #4507 from ↵Vsevolod Stakhov2023-06-031-2/+9
|\ | | | | | | | | twesterhever/temp-composites-thread-hijacking-injector [Rules] Add thread hijacking composite rule
| * [Minor] Fix RCVD_UNAUTH_PBLtwesterhever2023-06-021-2/+2
| |
| * [Rules] Add thread hijacking composite ruletwesterhever2023-06-021-0/+7
| |
* | [Minor] Improve HACKED_WP_PHISHING coveragetwesterhever2023-06-021-1/+1
|/
* [Enhancement] Add composite rule for messages only containing a redirector URLtwesterhever2023-05-261-0/+6
|
* [Conf] Remove outdated composite rulesVsevolod Stakhov2023-05-091-10/+0
|
* Merge branch 'master' into temp-propose-alternative-solution-to-xbl-any-hackVsevolod Stakhov2023-02-191-9/+6
|\
| * [Minor] Improve readability of composites rule configurationtwesterhever2023-02-171-9/+6
| |
* | [Minor] Replace "Spamhaus XBL any" hack with a more clear solutiontwesterhever2023-02-171-4/+0
|/
* Merge pull request #4308 from frederikbosch/patch-1Vsevolod Stakhov2022-10-191-1/+11
|\ | | | | [Rules] Penalize bounce spam
| * Update composites.confFrederik Bosch2022-10-171-1/+1
| |
| * Composites should not be recursiveFrederik Bosch2022-10-121-1/+1
| |
| * Protect against bounce spamFrederik Bosch2022-10-121-1/+11
| |
* | [Enhancement] Add composite rule against AFF involving freemailerstwesterhever2022-10-091-0/+7
|/
* [Fix] BAD_REP_POLICIES did not trigger when message was classified as spam ↵Player7012022-08-191-1/+1
| | | | by Bayes
* [Rules] Fix symbol for DKIM temporary failureAnton Yuzhaninov2022-02-151-1/+1
| | | | There is no R_DKIM_DNSFAIL symbol (in default config), but there is R_DKIM_TEMPFAIL.
* [Conf] Clarify documentation in the config filesVsevolod Stakhov2019-10-111-7/+6
|
* [Conf] Make LEAKED_PASSWORD_SCAM a composite rule againVsevolod Stakhov2019-09-191-1/+7
|
* [Rework] Migrate from ip_score to reputationVsevolod Stakhov2019-07-171-1/+1
|
* [Conf] Add BROKEN_HEADERS_MAILLIST compositeVsevolod Stakhov2019-07-171-0/+7
|
* [Rules] Rework LEAKED_PASSWORD_SCAM rule one more timeVsevolod Stakhov2019-06-181-7/+0
|
* [Conf] Add IP_SCORE_FREEMAIL composite ruleVsevolod Stakhov2019-04-291-0/+7
|
* Add a reference to the doc of composite rulesEdmond2019-04-081-1/+2
|
* [Feature] Validate BTC addresses in LEAKED_PASSWORD_SCAMVsevolod Stakhov2019-03-191-0/+7
|
* fix typo in RCVD_UNAUTH_PBLheraklit2562019-02-131-1/+1
|
* [Rules] Add VIOLATED_DIRECT_SPF compositeVsevolod Stakhov2019-01-151-113/+120
|
* Merge pull request #2566 from heraklit256/composites-leaveVsevolod Stakhov2018-10-181-5/+10
|\ | | | | Minor Composite rule cleanup
| * lower score for PHISH_EMOTION to 1.0heraklit2562018-10-171-1/+1
| |
| * lower score for HAS_ANON_DOMAIN to 0.1heraklit2562018-10-171-1/+1
| |
| * Include ARC into AUTH_NA ruleheraklit2562018-10-041-2/+2
| |
| * Composite rules: Minor cleanupsheraklit2562018-10-041-1/+3
| | | | | | | | Added descriptions to some rules and unified AND operator.
| * leave original symbols for composite rulesheraklit2562018-10-041-0/+3
| | | | | | | | | | Removing original symbols if a composite rule triggers is kind of confusing and makes debugging harder.
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-09 01:14:40 +0000