|
|
|
@ -1,7 +1,94 @@ |
|
|
|
|
|
|
|
# Envelope From in high-spammy-tlds.txt |
|
|
|
high_spammy_tlds_envfrom { |
|
|
|
type = "from"; |
|
|
|
filter = "email:domain:tld"; |
|
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/high-spammy-tlds.txt"; |
|
|
|
symbol = "HIGH_SPAMMY_TLD_ENVFROM"; |
|
|
|
description = "Envelope From is from a high spammy TLD"; |
|
|
|
score = 1.5; |
|
|
|
regexp = true; |
|
|
|
} |
|
|
|
|
|
|
|
# From in high-spammy-tlds.txt |
|
|
|
high_spammy_tlds_from { |
|
|
|
type = "header"; |
|
|
|
header = "from"; |
|
|
|
filter = "email:domain:tld"; |
|
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/high-spammy-tlds.txt"; |
|
|
|
symbol = "HIGH_SPAMMY_TLD_FROM"; |
|
|
|
require_symbols = "!HIGH_SPAMMY_TLD_ENVFROM"; |
|
|
|
description = "From is from a high spammy TLD"; |
|
|
|
score = 1.5; |
|
|
|
regexp = true; |
|
|
|
} |
|
|
|
|
|
|
|
# From in high-spammy-tlds.txt |
|
|
|
spammy_tlds_envfrom { |
|
|
|
type = "from"; |
|
|
|
filter = "email:domain:tld"; |
|
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/spammy-tlds.txt"; |
|
|
|
symbol = "SPAMMY_TLD_ENVFROM"; |
|
|
|
require_symbols = "!HIGH_SPAMMY_TLD_ENVFROM & !HIGH_SPAMMY_TLD_FROM"; |
|
|
|
description = "Envelope From is from a spammy TLD"; |
|
|
|
score = 1.0; |
|
|
|
regexp = true; |
|
|
|
} |
|
|
|
|
|
|
|
# From in spammy-tlds.txt |
|
|
|
spammy_tlds_from { |
|
|
|
type = "header"; |
|
|
|
header = "from"; |
|
|
|
filter = "email:domain:tld"; |
|
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/spammy-tlds.txt"; |
|
|
|
symbol = "SPAMMY_TLD_FROM"; |
|
|
|
require_symbols = "!HIGH_SPAMMY_TLD_ENVFROM & !HIGH_SPAMMY_TLD_FROM & !SPAMMY_TLD_ENVFROM"; |
|
|
|
description = "From is from a spammy TLD"; |
|
|
|
score = 1.0; |
|
|
|
regexp = true; |
|
|
|
} |
|
|
|
|
|
|
|
# Sender address on a spammy domain |
|
|
|
spammy_domains { |
|
|
|
type = "from"; |
|
|
|
filter = "email:domain"; |
|
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/high-spammy-domains.txt"; |
|
|
|
symbol = "SPAMMY_DOMAIN_FROM"; |
|
|
|
description = "sender address is on a spammy domain"; |
|
|
|
score = 2.0; |
|
|
|
regexp = true; |
|
|
|
} |
|
|
|
|
|
|
|
# URL: tld in high-spammy-tlds.txt |
|
|
|
high_spammy_url { |
|
|
|
type = "url"; |
|
|
|
filter = "tld"; |
|
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/high-spammy-tlds.txt"; |
|
|
|
symbol = "HIGH_SPAMMY_URL"; |
|
|
|
description = "Hostname of an URL in the message is in a high spammy TLD"; |
|
|
|
score = 0.25; |
|
|
|
regexp = true; |
|
|
|
} |
|
|
|
|
|
|
|
# Until we can match against the unique list of urls in the message (https://github.com/rspamd/rspamd/issues/3003) |
|
|
|
# the total score is restricted via the spam_links group |
|
|
|
spam_links { |
|
|
|
type = "url"; |
|
|
|
filter = "full"; |
|
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/spam-links.txt"; |
|
|
|
symbol = "SPAM_LINK"; |
|
|
|
description = "Message contains a link pattern commonly used in spam messages"; |
|
|
|
score = 0.4; |
|
|
|
regexp = true; |
|
|
|
group = "spam_links"; |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
spammy_tld_env_from { |
|
|
|
type = "from"; |
|
|
|
filter = "email:domain:tld"; |
|
|
|
map = "https://raw.githubusercontent.com/mxroute/rspamd_rules/master/lists/tlds.txt"; |
|
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/tlds.txt"; |
|
|
|
symbol = "SPAMMY_TLD_ENVFROM"; |
|
|
|
description = "Sending TLD likely spam"; |
|
|
|
score = 1.5; |
|
|
|
@ -12,7 +99,7 @@ spammy_tld_from { |
|
|
|
type = "header"; |
|
|
|
header = "from"; |
|
|
|
filter = "email:domain:tld"; |
|
|
|
map = "https://raw.githubusercontent.com/mxroute/rspamd_rules/master/lists/tlds.txt"; |
|
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/tlds.txt"; |
|
|
|
symbol = "SPAMMY_TLD_FROM"; |
|
|
|
require_symbols = "!SPAMMY_TLD_ENVFROM"; |
|
|
|
description = "Sending TLD likely spam"; |
|
|
|
@ -23,7 +110,7 @@ spammy_tld_from { |
|
|
|
MXROUTE_BODY_SPAM { |
|
|
|
type = "content"; |
|
|
|
filter = "text"; |
|
|
|
map = "https://raw.githubusercontent.com/mxroute/rspamd_rules/master/lists/body-spam.map"; |
|
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/body-spam.map"; |
|
|
|
symbol = "MXROUTE_BODY_SPAM"; |
|
|
|
prefilter = true; |
|
|
|
action = "reject"; |
|
|
|
@ -34,7 +121,7 @@ MXROUTE_BODY_SPAM { |
|
|
|
SPAMMY_SUBJECT { |
|
|
|
type = "header"; |
|
|
|
header = "subject"; |
|
|
|
map = "https://raw.githubusercontent.com/mxroute/rspamd_rules/master/lists/subject-spam.map"; |
|
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/subject-spam.map"; |
|
|
|
symbol = "SPAMMY_SUBJ"; |
|
|
|
prefilter = true; |
|
|
|
action = "reject"; |
|
|
|
@ -43,7 +130,7 @@ SPAMMY_SUBJECT { |
|
|
|
|
|
|
|
SENDER_FROM_BLACKLIST { |
|
|
|
type = "from"; |
|
|
|
map = "https://raw.githubusercontent.com/mxroute/rspamd_rules/master/lists/blacklisted-sender-strings.map"; |
|
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/blacklisted-sender-strings.map"; |
|
|
|
regexp = true; |
|
|
|
description = "Blacklisted sender"; |
|
|
|
prefilter = true; |
|
|
|
@ -55,7 +142,7 @@ SENDER_FROM_BLACKLIST { |
|
|
|
MXROUTE_EXPLORING { |
|
|
|
type = "content"; |
|
|
|
filter = "text"; |
|
|
|
map = "https://raw.githubusercontent.com/mxroute/rspamd_rules/master/lists/exploring.map"; |
|
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/exploring.map"; |
|
|
|
symbol = "MXROUTE_EXPLORING"; |
|
|
|
prefilter = true; |
|
|
|
action = "add_header"; |
|
|
|
|
Lars Chr. Duus Hausmann
4 years ago