Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | [Minor] Make API consistent | Vsevolod Stakhov | 2024-09-27 | 1 | -1/+1 |
| | |||||
* | Merge branch 'master' into vstakhov-utf8-mime | Vsevolod Stakhov | 2024-09-05 | 2 | -19/+87 |
|\ | |||||
| * | [Fix] Preserve the previous behaviour of RDNS_* checks | Vsevolod Stakhov | 2024-08-29 | 1 | -0/+12 |
| | | |||||
| * | [Minor] Reduce priority as settings become broken otherwise | Vsevolod Stakhov | 2024-08-06 | 1 | -1/+2 |
| | | | | | | | | | | For future settings rework: there should be spill of settings checks to allow dependency on symbols that are required for settings conditions. | ||||
| * | [Rework] Resolve rdns in a separate function | Vsevolod Stakhov | 2024-08-06 | 1 | -0/+55 |
| | | | | | | | | | | | | | | Historically, it was done in `once_received` module, however, that check must be done early, even before settings (as they could rely on hostname). Hence, it was discussed to move this code to a separate rule. | ||||
| * | [Conf] Increase scores for strange things in the archives | Vsevolod Stakhov | 2024-07-25 | 1 | -19/+19 |
| | | |||||
* | | [Minor] Simplify condition and add them merely when mime utf is enabled | Vsevolod Stakhov | 2024-07-17 | 1 | -9/+13 |
| | | |||||
* | | [Rules] Fix some old rules | Vsevolod Stakhov | 2024-07-16 | 1 | -7/+10 |
|/ | |||||
* | [Minor] Fix description | Andrew Lewis | 2024-07-08 | 1 | -1/+1 |
| | |||||
* | [Rules] Added rules for detecting likely malware | Andrew Lewis | 2024-05-27 | 2 | -0/+157 |
| | |||||
* | correct headers.lua | ishisora | 2024-05-21 | 1 | -1/+1 |
| | |||||
* | [Minor] Exclude User-Agent: Mozilla Thunderbird from XM_UA_NO_VERSION | gami | 2024-05-14 | 1 | -1/+1 |
| | |||||
* | [Minor] Exclude User-Agent: Mozilla Thunderbird from XM_UA_NO_VERSION | gami | 2024-05-14 | 1 | -2/+3 |
| | |||||
* | [Minor] Constrain Content-Description regexp | twesterhever | 2024-05-01 | 1 | -1/+1 |
| | |||||
* | [Minor] Remove superflous "string.format()" | twesterhever | 2024-05-01 | 1 | -1/+1 |
| | |||||
* | [Enhancement] Catch "Mail message body" Content-Description | twesterhever | 2024-04-28 | 1 | -0/+7 |
| | | | | This header frequently surfaces in spam, mostly advance fee fraud. | ||||
* | [Minor] Add rule for presence of Content-Description header | twesterhever | 2024-04-28 | 1 | -0/+7 |
| | |||||
* | Fix error in headers_checks.lua | Dmitriy Alekseev | 2024-04-19 | 1 | -1/+1 |
| | |||||
* | Merge pull request #4890 from twesterhever/temp-received-localhost | Vsevolod Stakhov | 2024-03-26 | 1 | -0/+7 |
|\ | | | | | [Minor] Add rule for localhost HELOs in Received headers | ||||
| * | [Minor] Add rule for localhost HELOs in Received headers | twesterhever | 2024-03-24 | 1 | -0/+7 |
| | | |||||
* | | [Enhancement] Add more symbols for Reply-To header characteristics | twesterhever | 2024-03-24 | 1 | -14/+36 |
|/ | |||||
* | [Minor] Add HAS_FILE_URL rule for messages containing a file:// URL | twesterhever | 2024-02-29 | 1 | -0/+7 |
| | | | | | | | | | These are frequently abused for distributing malware via non-HTTP protocols, such as public Samba servers. file:// URLs may also be abused for including files from the victims' machine in a message. Either way, a legitimate usecase is unlikely. Signed-off-by: twesterhever <40121680+twesterhever@users.noreply.github.com> | ||||
* | [Minor] Add rule for messages missing both X-Mailer and User-Agent header | twesterhever | 2023-11-03 | 1 | -0/+10 |
| | |||||
* | [Rules] Blank spam detection | Andrew Lewis | 2023-10-13 | 4 | -4/+37 |
| | |||||
* | [Fix] MISSING_MIMEOLE: avoid matching messages from Android GMail app (#4561) | Andrew Lewis | 2023-09-14 | 1 | -2/+4 |
| | |||||
* | [Minor] Reformat all Lua code, no functional changes | Vsevolod Stakhov | 2023-08-07 | 19 | -367/+520 |
| | |||||
* | [Minor] Tweak HAS_GOOGLE_REDIR to detect Google AMP URLs as well | twesterhever | 2023-08-02 | 1 | -1/+1 |
| | | | | Rationale: https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/ | ||||
* | Adjust apple_x_mailer regex | Dmitriy Alekseev | 2023-07-12 | 1 | -1/+1 |
| | |||||
* | [Minor] A bit better apple_x_mailer regex | Dmitriy Alekseev | 2023-07-12 | 1 | -1/+1 |
| | |||||
* | Optimize apple_ios_x_mailer regex | Dmitriy Alekseev | 2023-07-12 | 1 | -1/+1 |
| | |||||
* | Support regex rules to detect Apple Mail | Dmitriy Alekseev | 2023-07-11 | 1 | -3/+20 |
| | |||||
* | Merge pull request #4497 from twesterhever/temp-improve-has-google-redir | Vsevolod Stakhov | 2023-06-22 | 1 | -2/+2 |
|\ | | | | | [Enhancement] Improve detection of Google redirection URLs | ||||
| * | [Minor] Remove superfluous '|' in regular expression | twesterhever | 2023-06-22 | 1 | -1/+1 |
| | | |||||
| * | [Minor] Simplify regular expression for HAS_GOOGLE_REDIR | twesterhever | 2023-06-22 | 1 | -1/+1 |
| | | | | | | | | https://github.com/rspamd/rspamd/pull/4497#issuecomment-1586265815 | ||||
| * | [Enhancement] Improve detection of Google redirection URLs | twesterhever | 2023-05-26 | 1 | -2/+2 |
| | | | | | | | | | | The list is derived from Firefox' static HPKP entires, retrieved from: https://searchfox.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.h | ||||
* | | Merge pull request #4494 from twesterhever/temp-arm-google-firebase | Vsevolod Stakhov | 2023-06-11 | 1 | -2/+2 |
|\ \ | | | | | | | [Rules] Make Google Firebase rule productive | ||||
| * | | [Enhancement] Make Google Firebase rule productive | twesterhever | 2023-05-26 | 1 | -2/+2 |
| |/ | |||||
* | | Merge pull request #4495 from twesterhever/temp-onoin-url | Vsevolod Stakhov | 2023-06-04 | 1 | -1/+1 |
|\ \ | | | | | | | [Minor] Move HAS_ONION_URI from "experimental" to "url" group | ||||
| * | | [Minor] Move HAS_ONION_URI from "experimental" to "url" group | twesterhever | 2023-05-26 | 1 | -1/+1 |
| |/ | |||||
* | | Apply suggestions from code review | Vsevolod Stakhov | 2023-06-03 | 2 | -3/+3 |
| | | |||||
* | | [Minor] Fix description of MIME_HTML_ONLY | twesterhever | 2023-06-02 | 1 | -1/+1 |
| | | | | | | | | Thanks, @moisseev! | ||||
* | | [Minor] Improve various rule descriptions | twesterhever | 2023-05-26 | 5 | -75/+71 |
|/ | |||||
* | [Feature] Add controller endpoint to get fuzzy hashes from messages | Vsevolod Stakhov | 2023-05-20 | 2 | -0/+47 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Sample usage: ``` curl -XPOST 'http://localhost:11334/plugins/fuzzy/hashes?flag=1' --data-binary '@-' < file ``` Sample output: ```json { "hashes": { "local": [ "24b6e7de2f489778d828c827079c48bacb086f816d0a7acabbe42e8d0da703b89b913176ad67eefaf5b54fa59f5e0ecfc7015846c4043fcfb0c7a4ed7a235025", "72789777cbec926f4143de4c08c87acc3fbf3b909b5c39f1edcf82ed12e2d8bc2f56be8d68ee681feccf44ca04e3eca5b8ec039cb84a0d40e22258c370a10cbb" ], "rspamd.com": [ "24b6e7de2f489778d828c827079c48bacb086f816d0a7acabbe42e8d0da703b89b913176ad67eefaf5b54fa59f5e0ecfc7015846c4043fcfb0c7a4ed7a235025", "72789777cbec926f4143de4c08c87acc3fbf3b909b5c39f1edcf82ed12e2d8bc2f56be8d68ee681feccf44ca04e3eca5b8ec039cb84a0d40e22258c370a10cbb" ], }, "success": true } ``` Issue: #4489 | ||||
* | [Minor] Account for one more undisclosed-recipients address variant | Anton Yuzhaninov | 2023-02-25 | 1 | -1/+2 |
| | |||||
* | Merge branch 'master' into temp-add-ipfs-heuristics | Vsevolod Stakhov | 2023-02-20 | 9 | -12/+37 |
|\ | |||||
| * | add Betterbird to `user_agent_thunderbird` | georglauterbach | 2023-02-19 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | See https://github.com/Betterbird/thunderbird-patches/issues/125 for reference. This way, Rspamd will not add `FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN` to mails sent perfectly find with Betterbird. Betterbird (<https://www.betterbird.eu/>) is an adjusted version of Thunderbird, fixing many bugs and adding long-wanted features. It is a common and well-known alternative to Thunderbird, so I think the addition is justified. | ||||
| * | Merge pull request #4397 from twesterhever/temp-misc-cleanups-and-housekeeping | Vsevolod Stakhov | 2023-02-17 | 6 | -6/+3 |
| |\ | | | | | | | [Minor] Assorted cleanup and housekeeping of configuration files | ||||
| | * | [Minor] Fix some whitespace issues | twesterhever | 2023-02-17 | 6 | -6/+3 |
| | | | |||||
| * | | Merge pull request #4401 from twesterhever/temp-google-firebase | Vsevolod Stakhov | 2023-02-17 | 1 | -0/+7 |
| |\ \ | | | | | | | | | [Enhancement] Add rule to detect Google Firebase URLs | ||||
| | * | | [Enhancement] Add rule to detect Google Firebase URLs | twesterhever | 2023-02-17 | 1 | -0/+7 |
| | |/ |