aboutsummaryrefslogtreecommitdiffstats
path: root/rules
Commit message (Collapse)AuthorAgeFilesLines
* [Rules] Make bitcoin expression to use explicit flagsVsevolod Stakhov2025-07-151-1/+2
|
* [Minor] Add /plugins/fuzzy/storages endpointAlexander Moisseev2025-06-251-1/+21
| | | | | Allows retrieving the list of configured fuzzy storages via HTTP API, including associated flags, read_only status, and server addresses.
* Merge branch 'master' into patch-10Dmitriy Alekseev2025-03-281-0/+8
|\
| * Update rules/regexp/headers.luaDmitriy Alekseev2025-03-261-1/+1
| | | | | | Co-authored-by: Vsevolod Stakhov <vsevolod@rspamd.com>
| * Update headers.luaDmitriy Alekseev2025-03-241-1/+1
| |
| * Update headers.luaDmitriy Alekseev2025-03-241-1/+1
| |
| * Update headers.luaDmitriy Alekseev2025-03-241-1/+1
| |
| * Update headers.luaDmitriy Alekseev2025-03-241-1/+1
| |
| * Add R_HTTP_URL_IN_FROMDmitriy Alekseev2025-03-241-0/+8
| |
* | Update forwarding.luaDmitriy Alekseev2025-03-251-4/+2
| |
* | Add Sieve and cPanel forwarding symbolsDmitriy Alekseev2025-03-251-0/+47
|/
* [Minor] Assuming that the remaining Google urls can also show esld onlyJose Celestino2025-01-231-2/+2
|
* [Minor] HAS_GOOGLE_REDIR was not working with https://google.comJose Celestino2025-01-231-1/+1
|
* [Minor] Move url regexes to regexp/urls.luaJose Celestino2025-01-233-28/+32
|
* DutchD0LLYNH02025-01-101-1/+1
|
* Expand Detection of Fake Reply Subjects Across Multiple LanguagesD0LLYNH02025-01-101-1/+1
|
* Fix issue with Thunderbird for Android beingTobias Wolter2025-01-021-1/+1
| | | | | marked as `FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN` due to uppercase UUID format for message IDs.
* [Minor] Fix optionalityVsevolod Stakhov2024-11-061-1/+1
|
* [Conf] Add lua.local.d folderVsevolod Stakhov2024-11-061-0/+4
|
* [Minor] Make API consistentVsevolod Stakhov2024-09-271-1/+1
|
* Merge branch 'master' into vstakhov-utf8-mimeVsevolod Stakhov2024-09-052-19/+87
|\
| * [Fix] Preserve the previous behaviour of RDNS_* checksVsevolod Stakhov2024-08-291-0/+12
| |
| * [Minor] Reduce priority as settings become broken otherwiseVsevolod Stakhov2024-08-061-1/+2
| | | | | | | | | | For future settings rework: there should be spill of settings checks to allow dependency on symbols that are required for settings conditions.
| * [Rework] Resolve rdns in a separate functionVsevolod Stakhov2024-08-061-0/+55
| | | | | | | | | | | | | | Historically, it was done in `once_received` module, however, that check must be done early, even before settings (as they could rely on hostname). Hence, it was discussed to move this code to a separate rule.
| * [Conf] Increase scores for strange things in the archivesVsevolod Stakhov2024-07-251-19/+19
| |
* | [Minor] Simplify condition and add them merely when mime utf is enabledVsevolod Stakhov2024-07-171-9/+13
| |
* | [Rules] Fix some old rulesVsevolod Stakhov2024-07-161-7/+10
|/
* [Minor] Fix descriptionAndrew Lewis2024-07-081-1/+1
|
* [Rules] Added rules for detecting likely malwareAndrew Lewis2024-05-272-0/+157
|
* correct headers.luaishisora2024-05-211-1/+1
|
* [Minor] Exclude User-Agent: Mozilla Thunderbird from XM_UA_NO_VERSIONgami2024-05-141-1/+1
|
* [Minor] Exclude User-Agent: Mozilla Thunderbird from XM_UA_NO_VERSIONgami2024-05-141-2/+3
|
* [Minor] Constrain Content-Description regexptwesterhever2024-05-011-1/+1
|
* [Minor] Remove superflous "string.format()"twesterhever2024-05-011-1/+1
|
* [Enhancement] Catch "Mail message body" Content-Descriptiontwesterhever2024-04-281-0/+7
| | | | This header frequently surfaces in spam, mostly advance fee fraud.
* [Minor] Add rule for presence of Content-Description headertwesterhever2024-04-281-0/+7
|
* Fix error in headers_checks.luaDmitriy Alekseev2024-04-191-1/+1
|
* Merge pull request #4890 from twesterhever/temp-received-localhostVsevolod Stakhov2024-03-261-0/+7
|\ | | | | [Minor] Add rule for localhost HELOs in Received headers
| * [Minor] Add rule for localhost HELOs in Received headerstwesterhever2024-03-241-0/+7
| |
* | [Enhancement] Add more symbols for Reply-To header characteristicstwesterhever2024-03-241-14/+36
|/
* [Minor] Add HAS_FILE_URL rule for messages containing a file:// URLtwesterhever2024-02-291-0/+7
| | | | | | | | | These are frequently abused for distributing malware via non-HTTP protocols, such as public Samba servers. file:// URLs may also be abused for including files from the victims' machine in a message. Either way, a legitimate usecase is unlikely. Signed-off-by: twesterhever <40121680+twesterhever@users.noreply.github.com>
* [Minor] Add rule for messages missing both X-Mailer and User-Agent headertwesterhever2023-11-031-0/+10
|
* [Rules] Blank spam detectionAndrew Lewis2023-10-134-4/+37
|
* [Fix] MISSING_MIMEOLE: avoid matching messages from Android GMail app (#4561)Andrew Lewis2023-09-141-2/+4
|
* [Minor] Reformat all Lua code, no functional changesVsevolod Stakhov2023-08-0719-367/+520
|
* [Minor] Tweak HAS_GOOGLE_REDIR to detect Google AMP URLs as welltwesterhever2023-08-021-1/+1
| | | | Rationale: https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
* Adjust apple_x_mailer regexDmitriy Alekseev2023-07-121-1/+1
|
* [Minor] A bit better apple_x_mailer regexDmitriy Alekseev2023-07-121-1/+1
|
* Optimize apple_ios_x_mailer regexDmitriy Alekseev2023-07-121-1/+1
|
* Support regex rules to detect Apple MailDmitriy Alekseev2023-07-111-3/+20
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-05 13:08:12 +0000