Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | [Minor] Assuming that the remaining Google urls can also show esld only | Jose Celestino | 2025-01-23 | 1 | -2/+2 |
| | |||||
* | [Minor] HAS_GOOGLE_REDIR was not working with https://google.com | Jose Celestino | 2025-01-23 | 1 | -1/+1 |
| | |||||
* | [Minor] Move url regexes to regexp/urls.lua | Jose Celestino | 2025-01-23 | 3 | -28/+32 |
| | |||||
* | Dutch | D0LLYNH0 | 2025-01-10 | 1 | -1/+1 |
| | |||||
* | Expand Detection of Fake Reply Subjects Across Multiple Languages | D0LLYNH0 | 2025-01-10 | 1 | -1/+1 |
| | |||||
* | Fix issue with Thunderbird for Android being | Tobias Wolter | 2025-01-02 | 1 | -1/+1 |
| | | | | | marked as `FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN` due to uppercase UUID format for message IDs. | ||||
* | [Minor] Fix optionality | Vsevolod Stakhov | 2024-11-06 | 1 | -1/+1 |
| | |||||
* | [Conf] Add lua.local.d folder | Vsevolod Stakhov | 2024-11-06 | 1 | -0/+4 |
| | |||||
* | [Minor] Make API consistent | Vsevolod Stakhov | 2024-09-27 | 1 | -1/+1 |
| | |||||
* | Merge branch 'master' into vstakhov-utf8-mime | Vsevolod Stakhov | 2024-09-05 | 2 | -19/+87 |
|\ | |||||
| * | [Fix] Preserve the previous behaviour of RDNS_* checks | Vsevolod Stakhov | 2024-08-29 | 1 | -0/+12 |
| | | |||||
| * | [Minor] Reduce priority as settings become broken otherwise | Vsevolod Stakhov | 2024-08-06 | 1 | -1/+2 |
| | | | | | | | | | | For future settings rework: there should be spill of settings checks to allow dependency on symbols that are required for settings conditions. | ||||
| * | [Rework] Resolve rdns in a separate function | Vsevolod Stakhov | 2024-08-06 | 1 | -0/+55 |
| | | | | | | | | | | | | | | Historically, it was done in `once_received` module, however, that check must be done early, even before settings (as they could rely on hostname). Hence, it was discussed to move this code to a separate rule. | ||||
| * | [Conf] Increase scores for strange things in the archives | Vsevolod Stakhov | 2024-07-25 | 1 | -19/+19 |
| | | |||||
* | | [Minor] Simplify condition and add them merely when mime utf is enabled | Vsevolod Stakhov | 2024-07-17 | 1 | -9/+13 |
| | | |||||
* | | [Rules] Fix some old rules | Vsevolod Stakhov | 2024-07-16 | 1 | -7/+10 |
|/ | |||||
* | [Minor] Fix description | Andrew Lewis | 2024-07-08 | 1 | -1/+1 |
| | |||||
* | [Rules] Added rules for detecting likely malware | Andrew Lewis | 2024-05-27 | 2 | -0/+157 |
| | |||||
* | correct headers.lua | ishisora | 2024-05-21 | 1 | -1/+1 |
| | |||||
* | [Minor] Exclude User-Agent: Mozilla Thunderbird from XM_UA_NO_VERSION | gami | 2024-05-14 | 1 | -1/+1 |
| | |||||
* | [Minor] Exclude User-Agent: Mozilla Thunderbird from XM_UA_NO_VERSION | gami | 2024-05-14 | 1 | -2/+3 |
| | |||||
* | [Minor] Constrain Content-Description regexp | twesterhever | 2024-05-01 | 1 | -1/+1 |
| | |||||
* | [Minor] Remove superflous "string.format()" | twesterhever | 2024-05-01 | 1 | -1/+1 |
| | |||||
* | [Enhancement] Catch "Mail message body" Content-Description | twesterhever | 2024-04-28 | 1 | -0/+7 |
| | | | | This header frequently surfaces in spam, mostly advance fee fraud. | ||||
* | [Minor] Add rule for presence of Content-Description header | twesterhever | 2024-04-28 | 1 | -0/+7 |
| | |||||
* | Fix error in headers_checks.lua | Dmitriy Alekseev | 2024-04-19 | 1 | -1/+1 |
| | |||||
* | Merge pull request #4890 from twesterhever/temp-received-localhost | Vsevolod Stakhov | 2024-03-26 | 1 | -0/+7 |
|\ | | | | | [Minor] Add rule for localhost HELOs in Received headers | ||||
| * | [Minor] Add rule for localhost HELOs in Received headers | twesterhever | 2024-03-24 | 1 | -0/+7 |
| | | |||||
* | | [Enhancement] Add more symbols for Reply-To header characteristics | twesterhever | 2024-03-24 | 1 | -14/+36 |
|/ | |||||
* | [Minor] Add HAS_FILE_URL rule for messages containing a file:// URL | twesterhever | 2024-02-29 | 1 | -0/+7 |
| | | | | | | | | | These are frequently abused for distributing malware via non-HTTP protocols, such as public Samba servers. file:// URLs may also be abused for including files from the victims' machine in a message. Either way, a legitimate usecase is unlikely. Signed-off-by: twesterhever <40121680+twesterhever@users.noreply.github.com> | ||||
* | [Minor] Add rule for messages missing both X-Mailer and User-Agent header | twesterhever | 2023-11-03 | 1 | -0/+10 |
| | |||||
* | [Rules] Blank spam detection | Andrew Lewis | 2023-10-13 | 4 | -4/+37 |
| | |||||
* | [Fix] MISSING_MIMEOLE: avoid matching messages from Android GMail app (#4561) | Andrew Lewis | 2023-09-14 | 1 | -2/+4 |
| | |||||
* | [Minor] Reformat all Lua code, no functional changes | Vsevolod Stakhov | 2023-08-07 | 19 | -367/+520 |
| | |||||
* | [Minor] Tweak HAS_GOOGLE_REDIR to detect Google AMP URLs as well | twesterhever | 2023-08-02 | 1 | -1/+1 |
| | | | | Rationale: https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/ | ||||
* | Adjust apple_x_mailer regex | Dmitriy Alekseev | 2023-07-12 | 1 | -1/+1 |
| | |||||
* | [Minor] A bit better apple_x_mailer regex | Dmitriy Alekseev | 2023-07-12 | 1 | -1/+1 |
| | |||||
* | Optimize apple_ios_x_mailer regex | Dmitriy Alekseev | 2023-07-12 | 1 | -1/+1 |
| | |||||
* | Support regex rules to detect Apple Mail | Dmitriy Alekseev | 2023-07-11 | 1 | -3/+20 |
| | |||||
* | Merge pull request #4497 from twesterhever/temp-improve-has-google-redir | Vsevolod Stakhov | 2023-06-22 | 1 | -2/+2 |
|\ | | | | | [Enhancement] Improve detection of Google redirection URLs | ||||
| * | [Minor] Remove superfluous '|' in regular expression | twesterhever | 2023-06-22 | 1 | -1/+1 |
| | | |||||
| * | [Minor] Simplify regular expression for HAS_GOOGLE_REDIR | twesterhever | 2023-06-22 | 1 | -1/+1 |
| | | | | | | | | https://github.com/rspamd/rspamd/pull/4497#issuecomment-1586265815 | ||||
| * | [Enhancement] Improve detection of Google redirection URLs | twesterhever | 2023-05-26 | 1 | -2/+2 |
| | | | | | | | | | | The list is derived from Firefox' static HPKP entires, retrieved from: https://searchfox.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.h | ||||
* | | Merge pull request #4494 from twesterhever/temp-arm-google-firebase | Vsevolod Stakhov | 2023-06-11 | 1 | -2/+2 |
|\ \ | | | | | | | [Rules] Make Google Firebase rule productive | ||||
| * | | [Enhancement] Make Google Firebase rule productive | twesterhever | 2023-05-26 | 1 | -2/+2 |
| |/ | |||||
* | | Merge pull request #4495 from twesterhever/temp-onoin-url | Vsevolod Stakhov | 2023-06-04 | 1 | -1/+1 |
|\ \ | | | | | | | [Minor] Move HAS_ONION_URI from "experimental" to "url" group | ||||
| * | | [Minor] Move HAS_ONION_URI from "experimental" to "url" group | twesterhever | 2023-05-26 | 1 | -1/+1 |
| |/ | |||||
* | | Apply suggestions from code review | Vsevolod Stakhov | 2023-06-03 | 2 | -3/+3 |
| | | |||||
* | | [Minor] Fix description of MIME_HTML_ONLY | twesterhever | 2023-06-02 | 1 | -1/+1 |
| | | | | | | | | Thanks, @moisseev! | ||||
* | | [Minor] Improve various rule descriptions | twesterhever | 2023-05-26 | 5 | -75/+71 |
|/ |