aboutsummaryrefslogtreecommitdiffstats
path: root/conf
Commit message (Collapse)AuthorAgeFilesLines
* [Project] Add GPT pluginVsevolod Stakhov2024-06-271-0/+43
|
* Exclude MIME_BAD_UNICODE false positive (#5030)Dmitriy Alekseev2024-06-262-2/+14
| | | | | | | | | | | | | | | * Update composites.conf * Update composites.conf * Update composites.conf * Update composites.conf * Update mime_types_group.conf * Update mime_types_group.conf * Update composites.conf
* [Conf] Add missing symbolVsevolod Stakhov2024-06-191-0/+4
|
* [Rules] Added rules for detecting likely malwareAndrew Lewis2024-05-271-0/+15
|
* Update bayes_expiry.confDmitriy Alekseev2024-05-161-7/+0
|
* Create bayes_expiry.confDmitriy Alekseev2024-05-161-0/+25
|
* [Minor] Properly make use of selectors for checking MID RHSs against DNSBLstwesterhever2024-05-061-3/+9
| | | | Related to: https://github.com/rspamd/rspamd/pull/4888
* Merge pull request #4888 from twesterhever/temp-rbl-midVsevolod Stakhov2024-05-021-0/+3
|\ | | | | Implement DNSBL checks for Message-ID RHS
| * [Minor] Query MID RHS FQDNs against popular DNSBL using selectorstwesterhever2024-04-281-0/+3
| | | | | | | | | | See https://github.com/rspamd/rspamd/pull/4888 for the related discussion.
| * Revert "[Enhancement] Check Message-ID RHS against popular DNSBLs by default"twesterhever2024-04-281-3/+3
| | | | | | | | This reverts commit c78c70c76bb7ae8e714ed773037ccce1012dd20f.
| * [Enhancement] Check Message-ID RHS against popular DNSBLs by defaulttwesterhever2024-04-281-3/+3
| |
* | Merge pull request #4915 from twesterhever/temp-freemail-mdnVsevolod Stakhov2024-04-302-1/+28
|\ \ | |/ |/| Add detection for freemail and disposable e-mail usage for message delivery notification
| * [Minor] Fix typo in rule nametwesterhever2024-04-091-1/+1
| |
| * [Minor] Add composite for suspicios free/disposamail MDN usagetwesterhever2024-04-091-0/+7
| |
| * [Minor] Improve FREEMAIL_AFF detectiontwesterhever2024-04-091-1/+1
| |
| * [Enhancement] Detect freemail and disposable e-mail usage for MDNtwesterhever2024-04-091-0/+20
| |
* | Merge pull request #4914 from twesterhever/temp-rework-injector-compositeVsevolod Stakhov2024-04-261-3/+12
|\ \ | | | | | | Rework composites for spam injected into compromised accounts
| * | [Minor] Also respect HAS_XOIP for authenticated messagestwesterhever2024-04-091-1/+1
| | |
| * | [Minor] Add some missing groups to existing composite rulestwesterhever2024-04-091-0/+3
| | |
| * | [Minor] Rework composites for spam injected into compromised accountstwesterhever2024-04-091-3/+9
| |/
* / [Minor] Increase RDNS_NONE score to 2.0twesterhever2024-04-091-1/+1
|/
* Revert "[Fix] Fix history key, as we use `{=` and not `{{` in templates"Vsevolod Stakhov2024-02-211-1/+1
|
* [Fix] Fix history key, as we use `{=` and not `{{` in templatesVsevolod Stakhov2024-02-211-1/+1
|
* [Minor] Add more returnbits to surbl configurationAndrew Lewis2024-01-312-0/+14
|
* [Feature] Allow to add templates to redis history prefixVsevolod Stakhov2024-01-291-1/+1
| | | | | Issue: #4793 Closes: #4793
* [Feature] rbl: support disabling or replacing url_whitelist per RBLAndrew Lewis2023-12-121-0/+2
|
* Merge pull request #4683 from twesterhever/temp-improve-freemail-affVsevolod Stakhov2023-11-031-1/+1
|\ | | | | [Minor] Improve FREEMAIL_AFF capture rates
| * [Minor] Improve FREEMAIL_AFF capture ratestwesterhever2023-11-031-1/+1
| |
* | [Enhancement] Add composite rule for suspicious URLs in suspicious messagestwesterhever2023-11-031-0/+6
|/
* [Conf] Add noteVsevolod Stakhov2023-11-021-1/+1
| | | | Issue: #4677
* [Minor] Reiterate on the previous changesAndrew Lewis2023-10-261-3/+3
| | | | | - Demote message to info level - Name it returncodes_matcher for better specificity
* [Minor] rbl: support use of different matchers for return codesAndrew Lewis2023-10-241-0/+3
|
* [Minor] RSPAMD_SHAREDIR is called SHAREDIR in configurationAndrew Lewis2023-10-171-2/+2
|
* [Rules] Blank spam detectionAndrew Lewis2023-10-131-0/+6
|
* [Fix] Prevent DNSWL sabotageMarc Dierksen2023-10-051-10/+10
| | | | | | | | | | | | | | | | When exceeding the query limit for DNSWL it can happen that instead of the returncode 127.0.0.255, that according to documentation (https://www.dnswl.org/?page_id=15) indicates a block, the returncode 127.0.10.3 is returned for all queries. According to documentation (https://www.dnswl.org/?page_id=15) the 127.0.10.3 returncode indicates the highest level of trustworthiness that should never be blocked and a category of 'some special cases'. As it turns out that documentation is a lie and that 127.0.10.3 returncode is used by DNSWL to intentionally sabotage email security by marking all sending servers as highly trustworthy (https://www.dnswl.org/?p=120).
* [Minor] Move configuration to proper locationAndrew Lewis2023-10-021-0/+0
|
* [Minor] Fix copypasta (#4469)Andrew Lewis2023-10-021-3/+3
|
* [Conf] Add new plugin default configurationVsevolod Stakhov2023-09-241-0/+31
|
* Merge pull request #4575 from dragoangel/feat/add-phishing-feed-exclusionsVsevolod Stakhov2023-08-222-0/+10
|\ | | | | [Feature] Support feed exclusions in phishing module
| * Update phishing_group.confDmitriy Alekseev2023-08-161-0/+4
| |
| * Update phishing.confDmitriy Alekseev2023-08-161-0/+6
| |
* | Added support for Redis 6 ACL (username/password)laodc2023-08-211-0/+1
| |
* | [Minor] Align scores of Spamhaus DBL, SURBL, URIBL DNSBL symbolstwesterhever2023-08-021-12/+12
| | | | | | | | | | | | | | | | | | | | Given that they have about the same false positive rate, it makes sense to treat them equal in terms of scoring: - Particular threats (phishing, malware) are scored a bit higher than mere spam domain listings - "Abused legitimate" listings are scored lower for some DNSBLs already, this has now been aligned. - For SURBL, cracked and abused sites are treated with the same score.
* | [Minor] Increase score of URIBL_XBLtwesterhever2023-08-021-1/+1
| | | | | | | | | | This aids with detecting FQDNs hosted on hacked machines, such as used in Fast Flux-style botnet spam.
* | [Minor] Reduce score of URIBL_SBL_CSStwesterhever2023-08-021-1/+1
|/ | | | | | | Given that CSS is an automated component of SBL, this should not receive the same scoring as manually conducted SBL listings. Particularly for shared hosting environments, CSS hits on IP addresses derived from FQDNs sometimes were found to be scored a bit too high.
* Merge pull request #4556 from twesterhever/temp-improve-freemail-affVsevolod Stakhov2023-08-021-1/+1
|\ | | | | [Minor] Improve catch rates of FREEMAIL_AFF
| * [Minor] Improve catch rates of FREEMAIL_AFFtwesterhever2023-08-021-1/+1
| |
* | Add composites exclusions for known Apple Mail bad symbolsDmitriy Alekseev2023-07-111-0/+8
|/
* Merge pull request #4507 from ↵Vsevolod Stakhov2023-06-031-2/+9
|\ | | | | | | | | twesterhever/temp-composites-thread-hijacking-injector [Rules] Add thread hijacking composite rule
| * [Minor] Fix RCVD_UNAUTH_PBLtwesterhever2023-06-021-2/+2
| |
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-11 14:03:45 +0000