From e39879962f3a6bb35b57094e1f899c5714307d24 Mon Sep 17 00:00:00 2001 From: twesterhever <40121680+twesterhever@users.noreply.github.com> Date: Fri, 17 Feb 2023 15:11:31 +0000 Subject: [Minor] Fix some whitespace issues --- rules/content.lua | 2 +- rules/forwarding.lua | 1 - rules/mid.lua | 1 - rules/regexp/compromised_hosts.lua | 1 - rules/regexp/misc.lua | 2 +- rules/subject_checks.lua | 2 +- 6 files changed, 3 insertions(+), 6 deletions(-) (limited to 'rules') diff --git a/rules/content.lua b/rules/content.lua index 038d4f63a..0936f5898 100644 --- a/rules/content.lua +++ b/rules/content.lua @@ -113,4 +113,4 @@ rspamd_config:register_symbol{ name = 'PDF_TIMEOUT', parent = id, groups = {"content", "pdf"}, -} \ No newline at end of file +} diff --git a/rules/forwarding.lua b/rules/forwarding.lua index f88c767ab..7d79a0c31 100644 --- a/rules/forwarding.lua +++ b/rules/forwarding.lua @@ -153,4 +153,3 @@ rspamd_config.FORWARDED = { description = "Message was forwarded", group = "forwarding" } - diff --git a/rules/mid.lua b/rules/mid.lua index 2076debb0..14c701cf6 100644 --- a/rules/mid.lua +++ b/rules/mid.lua @@ -125,4 +125,3 @@ rspamd_config:register_symbol { end end } - diff --git a/rules/regexp/compromised_hosts.lua b/rules/regexp/compromised_hosts.lua index 0a9a9f0aa..cfd560bc2 100644 --- a/rules/regexp/compromised_hosts.lua +++ b/rules/regexp/compromised_hosts.lua @@ -211,4 +211,3 @@ reconf['WWW_DOT_DOMAIN'] = { score = 0.5, group = "compromised_hosts" } - diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua index a5e5cfc44..0e660e358 100644 --- a/rules/regexp/misc.lua +++ b/rules/regexp/misc.lua @@ -99,4 +99,4 @@ reconf['LEAKED_PASSWORD_SCAM_RE'] = { group = 'scams' } -rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR') \ No newline at end of file +rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR') diff --git a/rules/subject_checks.lua b/rules/subject_checks.lua index d0a41d920..27f435729 100644 --- a/rules/subject_checks.lua +++ b/rules/subject_checks.lua @@ -67,4 +67,4 @@ rspamd_config.LONG_SUBJ = { group = 'subject', type = 'mime', description = 'Subject is too long' -} \ No newline at end of file +} -- cgit v1.2.3 From fd6ebc9f80e1d7495664b1f0df95928bb6d10128 Mon Sep 17 00:00:00 2001 From: twesterhever <40121680+twesterhever@users.noreply.github.com> Date: Fri, 17 Feb 2023 15:48:47 +0000 Subject: [Enhancement] Make Google URL redirection rules productive --- rules/regexp/headers.lua | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'rules') diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index e493a663e..c95561163 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -908,16 +908,16 @@ reconf['HAS_LIST_UNSUB'] = { reconf['HAS_GUC_PROXY_URI'] = { re = '/\\.googleusercontent\\.com\\/proxy/{url}i', - description = 'Has googleusercontent.com proxy URI', - score = 0.01, - group = 'experimental' + description = 'Has googleusercontent.com proxy URL', + score = 1.0, + group = 'url' } reconf['HAS_GOOGLE_REDIR'] = { re = '/\\.google\\.com\\/url\\?/{url}i', description = 'Has google.com/url redirection', - score = 0.01, - group = 'experimental' + score = 1.0, + group = 'url' } reconf['XM_UA_NO_VERSION'] = { -- cgit v1.2.3 From 08ce184740b768372e4751db7dc08d2c153a63db Mon Sep 17 00:00:00 2001 From: twesterhever <40121680+twesterhever@users.noreply.github.com> Date: Fri, 17 Feb 2023 16:01:16 +0000 Subject: [Enhancement] Add rule to detect Google Firebase URLs --- rules/regexp/headers.lua | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'rules') diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index e493a663e..5cc107ab8 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -920,6 +920,13 @@ reconf['HAS_GOOGLE_REDIR'] = { group = 'experimental' } +reconf['HAS_GOOGLE_FIREBASE_URL'] = { + re = '/\\.firebasestorage\\.googleapis\\.com\\//{url}i', + description = 'Contains firebasestorage.googleapis.com URL', + score = 0.01, + group = 'experimental' +} + reconf['XM_UA_NO_VERSION'] = { re = string.format('(!%s && !%s) && (%s || %s)', 'X-Mailer=/https?:/H', -- cgit v1.2.3 From c18f0561bffa769e7fd5eb418adf399173a8db22 Mon Sep 17 00:00:00 2001 From: georglauterbach <44545919+georglauterbach@users.noreply.github.com> Date: Sun, 19 Feb 2023 19:05:58 +0100 Subject: add Betterbird to `user_agent_thunderbird` See https://github.com/Betterbird/thunderbird-patches/issues/125 for reference. This way, Rspamd will not add `FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN` to mails sent perfectly find with Betterbird. Betterbird () is an adjusted version of Thunderbird, fixing many bugs and adding long-wanted features. It is a common and well-known alternative to Thunderbird, so I think the addition is justified. --- rules/regexp/headers.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'rules') diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index 8734c8cb4..a2b95c2c7 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -439,7 +439,7 @@ reconf['FORGED_MUA_OPERA_MSGID'] = { -- Detect forged Mozilla Mail/Thunderbird/Seamonkey/Postbox headers -- Mozilla based X-Mailer local user_agent_mozilla5 = 'User-Agent=/^\\s*Mozilla\\/5\\.0/H' -local user_agent_thunderbird = 'User-Agent=/^\\s*(Thunderbird|Mozilla Thunderbird|Mozilla\\/.*Gecko\\/.*(Thunderbird|Icedove)\\/)/H' +local user_agent_thunderbird = 'User-Agent=/^\\s*(Thunderbird|Mozilla Thunderbird|Mozilla\\/.*Gecko\\/.*(Thunderbird|Betterbird|Icedove)\\/)/H' local user_agent_seamonkey = 'User-Agent=/^\\s*Mozilla\\/5\\.0\\s.+\\sSeaMonkey\\/\\d+\\.\\d+/H' local user_agent_postbox = [[User-Agent=/^\s*Mozilla\/5\.0\s\([^)]+\)\sGecko\/\d+\sPostboxApp\/\d+(?:\.\d+){2,3}$/H]] local user_agent_mozilla = string.format('(%s) & !(%s) & !(%s) & !(%s)', user_agent_mozilla5, user_agent_thunderbird, user_agent_seamonkey, user_agent_postbox) -- cgit v1.2.3