INitial commit

README.md

@@ -0,0 +1,25 @@
+# rspamd_rules
+
+Inspired by:  https://github.com/mxroute/rspamd_rules.git 
+
+When making edits to lists (maps), please follow the current syntax used, and avoid additional regex. The current method of capturing strings for each map is being taken and converted to SpamAssassin rules for our older servers automatically. This relies on continued consistency, for now. Adding new maps, however, may be appropriate if regex or more complex strings are needed.
+
+/lists/  
+body-spam.map = Text identified in email body that is known to be spam  
+subject-spam.map = Text identified in email subject that is known to be spam  
+tlds.txt = TLDs with high probability of being spam  
+blacklisted-sender-strings.map = Strings in "From" header that should have zero false positives  
+mxcheck_exclude.inc = Whitelisted domains that do not require MX records to pass our spam filter (their business domain and sending domain likely do not match)
+
+/local.d/  
+force_actions.conf = Override actions  
+multimap.conf = Definitions for maps we use (See maps: https://rspamd.com/doc/modules/multimap.html )  
+mx_check.conf = Checking if sender has valid MX records  
+neural.conf = Enabling rspamd neural learning  
+redis.conf = Defining location of redis server
+
+/override.d/  
+actions.conf = Default actions  
+metrics.conf = Defining or overriding scores. If we make our own rules we define their scores here. If we find a rule needs to have it's score increased or decreased, we re-define it here.
+
+These rspamd rules have no license because we do not consider it to in any way be intellectual property. Everything in this project is publicly available to anyone, it is merely lists of domains and phrases, none of which we can claim any ownership of.

lists/body-spam.map

@@ -0,0 +1,107 @@
+/(4dese\.r\.ag\.d\.sendibm3|talla100\.com|sufism\.org|maxims\-shop|x6nv\.mj\.am|macuisinepro|x465k\.mjt\.lu|AmazonTribesProducts)/i
+/(9wyt\.mjt\.lu|x465k\.mjt\.lu|iz6\.mj\.am|maisonlener|xblitz\.pl|tunescoot|Leads 2022 for your sales|alyamamahpressportal)/i
+/(romancerelax|cuisine\-des\-pros|smaaart\.fr|u23964805|Dataproviderpro|Technographics is the next|mkt\.lvm\.pt|af8edcfced246b280fe6a49dfc7afd9b|x465k\.mjt\.lu|9wyt\.mjt\.lu|61su\.mjt\.lu)/i
+/(soccertime79729|beverly\.es|mkt\.serviremseguranca\.pt|email\.arraydevelopers\.com|grouponcdn\.com|soundestlink\.com|yogasearcher\.com|fitstore\.es|linkware\.it|legal\.libromar\.cl|go\.themuse\.com|wapalli\.com|asiakas\.jsmailer\.fi|abcled\.ee|email\.julesb\.com| MDM3JmM9ZjByNSZlPTAmYj03ODAwNTkyMDQmZD1nNXAzcTZh\.y6MunuqwSGwGkzGDfCxahJ5q|jpost\.lt\.acemlnc\.com|click\.enews\.pcmag\.com|carillohome\.com|salesmanago\.pl|xux78\.mjt\.lu|3tpz1mx3pvz4nh5|email\.searchman\.com|mails\.antinfortunisticagrilca\.com|streetammo17413|comunicacion\.tiendapatriciamiller\.com)/i
+/(x35qs\.mjt\.lu|cupidonlingerie|mercedesdemiguel|agsenglo\.com|x6nv\.mj\.am|chatdanslaiguille|ninzio\.us3|tactac\.us7|cyeshop|runningzgz|amaofertas|ubitennis|wegett\.cz)/i
+/(agrifournitures|5pll\.mj\.am|hylton\.fr|recursosdeautoayuda|recetin\.com|madreshoy\.com|x9wy7\.mjt\.lu|Grupo ByPeppas|guiaswow\.com|desdelinux\.net|tatuantes\.com|madreshoy\.com)/i
+/(ekuep\.lt\.acemlnc\.com|britani\.ro|ofer\.club|agsenglo\.com|u23621635|how I can improve for your business|interested to submit some content|naelleshop)/i
+/(nanetes\.lt\.acemlnc\.com|6pg0i\.r\.ag\.d\.sendibm3|5pk8r\.r\.ag\.d\.sendibm3|power-supply\.lt\.acemlnc\.com|ewine\.lt\.acemlnc\.com|shuttlecloud\.com|4cwor\.r\.ag\.d\.sendibm3|7c7kq\.r\.ah\.d\.sendibm4|blite\.lt\.acemlnb\.com|bypeppas\.acblnk\.com|rhonephilatelie\.sendib|silumen\.com|portaporteseshop\.lt\.acemlnc\.com|consultorweb\.acblnk\.com)/i
+/(5z0ar\.r\.ag\.d\.sendibm3|KO7JTcqlSy0fNa0zEFBBtA|jzin\.mjt\.lu|lacasadelascarcasas|rhonephilatelie|Poppers Aromas|bulletindescommunes|lecomptoirdemathilde|29vd6\.r\.ag\.d\.sendibm3|formula12\.it|jzin\.mjt\.lu)/i
+/(dosejuice\.com|vgs2\.mjt\.lu|b9da6504c1ace25f0e579f517a2d8278|t9uw\.mjt\.lu|4th34\.r\.ag\.d\.sendibm3|parfumerie-en-ligne|Krilloil\.ro)/i
+/(bypeppas\.acblnk\.com|homepiscine|QN4E9GtOPsQwfRiHISWceQ|0w0oz\.mjt\.lu|n9g1\.mjt\.lu|dreambike|xx483\.mjt\.lu|x9inn\.mjt\.lu|guiaswow|9wyt\.mjt\.lu|recursosdeautoayuda|madreshoy|recetin\.com|x465k\.mjt\.lu)/i
+/(kellyrobinsonlpc|seasonsconceptstore|seasons-store|hexagona|zmescience|minishoes|hairshop\.lu|zrenjaninski|send360|puravidaclothes|britannica)/i
+/(creatingbags|ipln\.fr|krasnal\.sklep\.pl|eogallery1|vilaboral\.trckacbm\.com|x6nv\.mj\.am|detectorshop|uphairs\.com)/i
+/(vilaboral\.trckacbm\.com|creatingbags|x6nv\.mj\.am|sanper\.pt|sptr\.eomail8\.com)/i
+/(kirikkaleaslanbesyo\.com|Click Below to Secure your Files|yhello\.co|btcteam|doxbin|deinuniversum|deadline\.com|John Sartoris)/i
+/(footwearnews\.com|ndearenas\.com|promo-optique\.com|modelinggroup|Mobile App Development|puyricard|guideposts\.org|cacher\.emails|5hcus\.r|cyeshop\.com|trucco\.es|beverlyeurope|abbacino\.es|Klaudia Zelek|agsenglo\.com|arrydevelopers\.com|lebigdata\.fr|bleuforet\.fr|kiosclub|fursource|starsamstickers|italiaspezie|ys41\.mjt\.lu|aatise\.us14)/i
+/(tech\.us6|xux78\.mjt\.lu|mineralevivo|napoli\.esclick|golfchannel|linio\.com|kuikmeal\.us12|customer13364|Tutto Sport|opted in through Textbooks|franceinter\.fr|volantinoit|thesdelapagode|enreal\.it|yogasearcher|nietomartin|prettyballerinas|shopguideposts)/i
+/(mkt6346\.com|mail\.monday\.com|internations\.org|fizzy\.fr|mineralevivo|kuikmeal\.com|u1342593|enreal\.it|nietomartin|essenzaltro|sweetpoison|salesmanago\.pl|VIANDAS STORES|prospektde)/i
+/(toutaumaroc|xqmmg\.mjt\.lu|brooksbrothers|dziennikwschodni|VRPornSites|m=0013Sl_UJyLf4fgkKwRznRHSQ|zaful\.com|labconnections|origen\.com\.br|go\.si\.edu|pixologic|Fluent in 3 Months|allsectech|teasevr\.com|discountpassoffer|bigos\.us18)/i
+/(ponyfoo\.com|pinlap\.com|the-house\.com|biidfjc\.r|best JavaScript newsletter|kieskeurig\.nl|zagg\.com|rseq\.org|maxforlive\.com|xmail\.square-enix\.com|insper\.edu\.br|golearnportal|picoworkers|db4free|businessoffers|u-tec\.com|champshow|Thanks for creating a Tubi account|eduhero\.net|cacher\.io|cejagge\.r|twotails\.fr|quizlet\.com|Your free monday\.com trial|Before we can start building your snippet library|trustexchange\.com|iversity\.org|question\.com|proxyrack\.com|orbea\.com|windscribe\.com|iiita\.ac\.in|intermedia\.ru|Chiara Consiglia|povar\.ru|mail-oyli\.ru|Daily Nickel|dailynickel|mentorthis|theverge\.com|email-telekom\.de|springernature|mscdirect|latribune\.fr|free-ebooks\.net|oxfordlanes)/i
+/(Healthcare Professional Email list|Native Mobile App Development|Smart Growth on Autopilot|DealClosers|OLMp78iZuJzuNqi2s2KtPw)/i
+/(prhge-mail|casualmode\.fr|arkadium\.com|bridge-eshop\.com|themuse\.com|dracotienda|norwayshop|parenthesebordeaux|plisson1808|s3s-es1\.net|kids-world\.dk|bookyara\.com|outlet-pc|mariejeanne|agsenglo\.com|42014\.r|Training Schemes SL|ymlpsend4\.net|Exceljet|exceljet\.net)/i
+/(somosfruta|mangosdelcielo|GhuGhooti|agsenglo\.com|trucco\.es|hexagona|enews\.pcmag\.com|chicshoes|5jtd7\.r|Koffie Loods|x6nv\.mj\.am|3rv9s\.r|lepaturon\.com|prettyballerinas\.com|renato-shop\.fr|tecnosistec\.cl|claires\.com|Krebs on Security has received a request|newsletter\.2k\.com|arkadium\.com|changes to your Small Business Administration|Welcome to SBA|getformio|sentry\.io|drawspace\.com|u3302489|Your Agora verification code|toggl\.com|answeo\.com|Les Raffineurs|iiita\.ac\.in)/i
+/(Harrison Sarai|anything related to app design|We have helped more than|animationtaxi\.com)/i
+/(convio\.net|iiita\.ac\.in|tryapollo\.io|techopedia|NearlyFreeSpeech\.NET membership|sav\.com|onlinenic\.com|arkadium\.com|remind\.com|searchman\.com|answeo\.com|10times\.com|u715246|IndiaMART|orbea\.com|agora\.io|ttag\.ir)/i
+/(Quality Backlinks|Professional Web Development|armoniabio)/i
+/(ctvnews\.ca|truccos\.com|bypeppas\.acblnk\.com|5jf9g\.r\.ag\.d\.sendibm3|chateauversailles|2jtgk\.r\.ag\.d\.sendibm3|mollylac\.com|perfumedigital|caganer\.com|misspadel\.lt\.acemlna\.com|bypeppas\.acblnk\.com|rescuetime)/i
+/(redartgames\.com|biked\.com|artesacrashop\.com|saveurs-cbd\.fr|ys41\.mjt\.lu|cadeau-maestro\.com|nikyshoes\.com|4m1eu\.r|mapoesie\.fr|cress-sport\.com|tecnosistec\.cl|Euronews|cahayapengharapan|cuckoldfart\.com|boutiquenirvana\.com)/i
+/(tirol\.at|wegoboard\.com|star-name-registry\.com|ename\.ro|Daniel Toma)/i
+/governorsballmusicfestival\.com/i
+/(startupmatcher\.com|ayoa\.com|api\.tunnelbear\.com|newsletter\.2k\.com|Francisco Diaz|clockify\.me|toggl\.com|u3302489|lessons\.drawspace\.com|tawktotawk|orbea\.com|sans\.org|emails\.jotform\.com|connect\.liblynx\.com|merriam-webster\.com|ownpage\.fr|email\.military\.com|mademoiselle-bio\.com|app\.getform\.io|ttag\.ir|dailynickel\.com|ghughooti\.com|mentorthis\.com|xqmmg\.mjt\.lu|6rpyo\.r|oxkick\.com|justineclenquet|soundestlink\.com|mooblimaja\.ee|u=3Dae85baebfd37facd480056537|luciapanimondo|babymarkt\.se|igropar\.us10|u=3D10d6941f61256a2b80f0812eb|thedrinksbusiness|u=3D3a810e360cebff52a22ed83ea|misskits\.com|masfactory\.musvc6|kickkick\.us18|u=3De6787e679ecf6a19b4e31efba|sertalyagida\.com\.tr|grupogen\.com\.br|todoist\.com|29chat\.com|authorbangla\.com|kghsian\.com|wiwonder\.com|cungcap\.net|eduyear\.com|ecoustics\.com|revolus\.com|esbpl\.ru|connerconnect\.net|allshooterstactical\.com|africconnect\.com|yoibu\.com|gpb\.convio\.net|cjjdhad\.r|Otaku Balkan|disanmientrung\.vn|cgcjgja\.r|Need2Biz|quimiweb\.com|biztime\.com)/i
+/(altrostile\.bio|mc_cid=3D7f9d351130|reschimica|thedrinksbusiness\.com|goyart\.com|Le Beau Masque|lebeaumasque|cubjeans\.com|star-name-registry\.com|sottosconto|gualaclosures\.com|muebleslufe|chaussureslepacha|creation\.com|farmaciaimperial\.es|malongo\.com|naftie\.de|labelleiloise\.com|tirol\.at|m-moustache\.com|kajgana\.us1|u=3Dda70320561ba84c956ed62a02|mobiprix\.com|bookmarkwebs\.com|calzadoinfantilmayka|lpbwoman|proforstore\.pt|armyobchod\.cz|calzaheymo\.es|matkasport\.ee|hayatist\.com|xj4mh\.mjt\.lu|polytrucks\.fr|u=3DQEFlP|chakaame\.com|pkgfood\.fr|cyeshop\.com|dbaahie\.r|dbccebi\.r|giordijewels|andoleto\.com|zooexpert|cejagge\.r|dejdhid\.r|mad\.es|benwick-sports\.co\.uk|cartouche\.com|mojasocjologia\.pl|biidfjc\.r|u8319727|redsocialtejidos|yh34\.mjt\.lu|poloplus10|bitsum\.com|insper\.edu\.br|cgjabdc\.r|hassanjameel\.com\.sa|view\.e\.claires\.com|35\.221\.143\.78|softselectshop|chiaraconsiglia|asesvalencia\.com|agora\.io)/i
+/(domidom\.fr|my-mooc\.us11|clessidrajewels|vaposeleccion|simply-adult\.com|u=3DyNur4|gualaclosures\.com|jemangefrancais\.com|u=3DSy68r|imakr\.us4|dungeonmarvels|kosmart\.eu|u=3Dc5f6039|rafenlinea\.com|zmescience\.com|frontier\.us18|u=3Ddd8b3b4a14196c46219acb6ae|chiaracolombini\.com|sagacosmetics\.com|esenzzia\.com|naturlich\.ro|u=3Dbec7ba6351ef5ed3901c88bc0|domidom\.fr|nutriandco\.com|mybodygenius\.com|europaband\.fr|bleuforet\.fr|FriendsToChat|u=3Dc546ffdc4bbb36c1f14f9c8f1|ctmirror\.us5|mes-deux-chaussettes\.fr|tecnosistec\.cl|electrodelivery\.ma|luzeco\.us19|u=c5f6039e370e6db725aaca784|cyeshop\.com|vinotecacollado\.com|theoutfit\.me|serviremseguranca\.pt|cntct_id=3DCGIcdkZ2|agsenglo\.com)/i
+/(leonfargues|pcdoctors\.net)/i
+/(amocrm\.com|orcatrend\.com|carillohome\.com|ActualidadViajes|actualidadviajes\.com|82\.123\.107\.208|tramasmas\.pt|trucco\.es|androidsis\.com|s=3DBGxqDDD)/i
+/(u23272263|This message was auto generated by Email delivery software|sb\.am|evenkon\.com|recruitstart|thinkdevstudios)/i
+/(freshmail\.mx|halalpointer\.com|chiaraconsiglia\.it|crtv\.cm|inia\.cl|centrocot\.it|sztafeta\.pl|editions-metailie\.com|u1342593|acambaz\.com|getform\.io|innocoders\.com|CatchAllBoxes\.com|vpngids\.nl|beachcoders\.com|performics\.de|u12770201|dailynickel\.com|mentorthis\.com|ghughooti\.com|xqmmg\.mjt\.lu|soziarium\.su|koinonia\.social|platinorum\.com|bfacer\.com|exceljet\.net|masonicglobal\.com|u1534206|naturarvet\.se|thenewsletterplugin\.com|agroinformacion\.com|wekinfolk\.com|myraidbox\.de|gruposolder\.com\.mx|typdemexico\.com\.mx|quimiweb\.com|manpowergroup\.be|birdinflight\.com|u5781579|ghughooti\.com|itwilldone\.com|soziarium\.su|u15826622|jovensconectados\.org\.br|girls-chubby\.com|hypersuggest\.com|heartbest\.co|u2029192|industrialcontainer\.com|grupogen\.com\.br|milanoweekend\.it|omeca\.it|29chat\.com|lawyerslaw\.org|blogin\.online|wiwonder\.com|cungcap\.net|sectoresproductivozch\.com|midiasocial\.tech|rpmrush24\.com|politikon\.hu|esencialnatura\.com|motoscroll\.com|camexstore\.com|wanaly\.com|revolus\.com|suaopiniao1\.com\.br|performaca\.com|cursosrecomendados\.com|speekur\.com|find-360\.com|luxlounge\.org|clickgrape\.com|africconnect\.com|talksbook\.com|faithbudy\.com|petarkadas\.com|superbaker\.ru|davezdesignz\.com|echipro\.ro|fishcomb\.com|disanmientrung\.vn|chemport\.ru|didora\.org\.ua|cin237\.com|disanmientrung\.vn|blogin\.online)/i
+/(cyeshop\.com|lojadosbrindes\.pt|dostoptik\.com\.tr|Vous venez de vous inscrire|shopon\.hu|lalvolin\.com|u9530803|2fquzhleygh3ehlem5bfp918|u2698224|compagnie-coloniale\.com|u1620594|intermaco\.pt|banglalive\.com|bimboinviaggio\.com|godanserwis\.pl|foodmarket\.com\.ua|herbad\.hu|citydebate\.com|rosebrooks\.org|softrade\.it|ijert\.org|iotslam\.com|agnieszkamaciag\.pl|euroislam\.pl|shutterevolve\.com|yh34\.mjt\.lu|editingcorp\.com|adecco\.gr|matteogracis\.it|oxkick\.com|promorapid\.com|snapigram\.com|worlegram\.com|loginbangladesh\.com|lrlz\.mj\.am|netzwerkrecherche\.org|digitsbook\.com|insper\.edu\.br|militant-blog\.org|buvidi\.com|socialkeko\.com|socialagora\.xyz|meridosti\.com|nabalada\.online|no1friend\.com|ampiaw\.com|jovanto\.com|santorini\.net|globalwomanclub\.com|iswift\.org|lifesspace\.com|kothabook|haurizon\.com|wspot\.com\.br|dostally\.com|facethai\.net|aljania\.com|cliqafriq\.com|digitsbook\.com|lostlane\.ie|u7996786|eduyear\.com|u17552157|gasape\.com|connerconnect\.net|buvidi\.com|bbseguros\.com\.br|ventanaskline\.com|womanity\.social|wekinfolk\.com|u21365624|nakupledky\.cz|tvbgone\.com|dealjumbo\.com|bocanewsnow\.com|friendstochat\.com|independentsentinel\.com)/i
+/(mondialrelay\.fr|warmcook\.com|xsnlu\.mjt\.lu|dakonda\.com)/i
+/(mlsend\.com|Bonus Monster|usa_ndbn|birdinflight\.com|infosdroits\.fr|amocrm\.com|Core77|domainiq\.com|e-payouts\.com|awardspace\.net)/i
+/(mindbox\.ru|newsletter\.globalnews\.ca|newsletter\.advrider\.com|bellmedia-ctv|shifstore\.lt|email\.britannica\.com|sendibm1\.com|findbride\.email)/i
+/(Malware on your network|us inside of your systems|We are watching your network)/i
+/(u2477392|mail-list\.abc\.net\.au|recursosdeautoayuda|cleantalk\.org|encyclopaediabritannica|email\.cbsnews\.com|warc\.com|e-clicks\.guns\.com|timeinpixels\.com|birdinflight\.com)/i
+/(111\.225\.9\.122|sheknows\.com|serranojoyeros\.es|bezzia\.com|beverlyeurope\.com|canyougetmeltd\.com)/i
+/(salesmanago\.pl|deadline\.com|email\.rollingstone\.com|email\.variety\.com|App Development Manager|any app for your business|freshmail\.direct|shopimind\.com|pardot\.com|kosmart\.eu)/i
+/(I want to donate a huge amount of money|R Guzman from America)/i
+/techsaga/i
+/farooqparacha/i
+/overseasjobz/i
+/divorcemistakes/i
+/12pckages/i
+/Please sign this invoice/i
+/Help us secure your GitHub account/i
+/githubverification/i
+/fishalumaice/i
+/alumaice/i
+/website audit report/i
+/argue a charge in the sum/i
+/very confidential business proposition/i
+/If you want to continue using your email address/i
+/email is to inform you that we will close your account/i
+/not ranking on any of the search engines/i
+/bc1qyg3srjs0gz9l97xdp00vms4sgxa3ymj7aw7vae/i
+/covoco/i
+/(Dear Business Person|bulkmailmarketer|Mike Sevort|trrr\.life|sevortmike|Jesse Nickles|hucksters\.net|littlebizzy)/i
+/(very suitable for your company sell and capture market|bestfactory|nickel hardware|canvas hardware|zinc alloy nickel plated)/i
+/(Looking for a Web Development Company)/i
+/This is to inform you of a debt to our company/i
+/emailserver-[0-9][a-z][0-9][0-9][0-9]\\.appspot\\.com/i
+/(FaceAPI|hirak\.cc)/i
+/8020prosperity/i
+/pot-profiteer\.com/i
+/email-expiry\.web\.app/i
+/bestseosolution/i
+/135-3336-4568/i
+/(Deltrol Corp|Chris Mohr|your company latest catalog)/i
+/I have a suggestion for the site owner/i
+/seoppcworld/i
+/8pay\.network/i
+/sending this message to argue a debit in the amount/i
+/(mold manufacturing|injection plastic molding|CNC machining|plastic injection molds)/i
+/SMMGiants/i
+/help you to build own new mobile/i
+/anything you can imagine at very affordable prices/i
+/position in search result/i
+/(frantech\.xyz|We recently got a login request that used your password)/i
+/(Giovanni Caporaso Gottlieb|OPM CORPORATION)/i
+/(China Registry|registration and solution center in China|internet keyword and China|this name conflict with your company|company is your distributor in China)/i
+/(Syed Hussain Abidi|wide range of project finance packages|meff\.inc|most appropriate option or combination of options)/i
+/your refusal of email security update/i
+/(We recently installed new security features for all the|You will not be able to use your account if this process|We require our customers to check and update|Account will be  automatically deleted)/i
+/attached is the paperwork that needs your signature/i
+/Please see attached for list of pending emails/i
+/(beautiful website for your organization|We have a new version for your mailbox)/i
+/(blassflustered|Your email account is currently undergoing an annual upgrade|To avoid account shut down Please verify your email)/i
+/(We are an IT company offering|web developer who builds amazing looking|Please find the company forms for change)/i
+/(We recently detected an unusual activity|not the only one here who's not married)/i
+/(which type web  you need|if you are interested in any of these services|amoCRM|prestashop\.com)/i
+/(laboratoriumpanidomu\.pl|cartsguru|physique57|maisonstandards|Pura Vida Clothes|puravidaclothes)/i
+/(heise\.de|dnevnik\.hr|eporner\.com|Newegg Canada|thegradcafe\.com|tnaflix|edx\.org|sussex\.ac\.uk|chatwork\.com|receive Groupon communications|speedyessay\.co\.uk|pyimagesearch\.com|unabodaoriginal\.es|birdinflight\.com|infosdroits\.fr|sendy\.private\.com|falllinemedialtd|bestdroidplayer\.com|link\.vox\.com|rasamalaysia\.com|leam\.com|tchibo-content\.de|tchibo\.de|identity-mag\.com|warc\.com|alawar\.es|splcenter\.org|ezinemart\.com|aikiweb\.com|britannica\.com|promo\.newegg\.com|ledauphine\.com|estrepublicain\.fr|Blaze Media LLC|findbridemailing\.com|emailsp\.com|italotreno|National Skill Development Corporation|link\.vox\.com|exceljet\.net|karinejeff\.fr|memecosmetics\.fr)/i
+/(mascaro\.com|Audley Shoes|ONLINECOSMETICOS|lastijerasmagicas\.com|Hairshop\.lu|lesciseauxmagiques|force-mobility\.fr|Bigben Connected|mydplr\.com|Time2Padel|particolari|bleuforet\.fr|nifeislife\.com|Zephyr Paris|TanExpert|BeauxArts|therealnews|Ginormous Content|Project Camelot|RostrumLegal|ACRON d\.o\.o\.|Papier Tigre|Terres de Café|oxkick\.com|actualidadliteratura\.com)/i
+/(Thank you for creating a customer account at|Iti multumim ca ti-ai creat cont la|Merci d'avoir créé votre compte client sur|VIELEN DANK FÜR DIE ERÖFFNUNG IHRES KUNDENKONTOS BEI|Regarding your newsletter subscription|En remerciement pour votre inscription|GRACIAS POR CREAR UNA CUENTA DE|Dziękujemy za utworzenie konta klienta na)/i
+/(This message confirms your subscription|Merci pour l'inscription|Benvenuto nel nostro mondo|Thanks for your interest in our mailing list|Esta mensagem confirma sua assinatura|ĎAKUJEME ZA VAŠU REGISTRÁCIU|Su cuenta en LG ya está casi lista|Da ora ti informeremo su tutte le|Merci de vous êtes abonné à notre newsletter|adesso fai parte del team|Bedankt voor het aanmaken van uw klantaccount)/i
+/(Merci d'avoir créé ton compte|I dati di accesso del tuo account|I dati di accesso del tuo account|THANK YOU FOR REGISTER AN ACCOUNT AT|Thank you for creating an account)/i
+/(Thank you for opening your account|thrilled to have you as part of our loyalty program|livealgae\.co\.uk|Takk for at du har meldt|liste ou si vous ne savez pas|Grazie per aver creato il tuo account|Vielen Dank für die Eröffnung Ihres|VIELEN DANK FÜR DIE ERÖFFNUNG|shopon\.hu|kad susikūrėte kliento paskyrą|Gracias por suscribirte|PLEASE CLICK THE ACTIVATION LINK BELOW TO ACTIVATE YOUR ACCOUNT|combishop\.dk|Veuillez cliquer sur le lien suivant pour terminer votre inscription|Vielen Dank für Ihre Anmeldung beim führenden)/i
+/(alinderi\.com\.tr|MERCI D'AVOIR CRÉÉ VOTRE COMPTE|Votre compte client sur|Thank you for creating your customer account|Thank you for placing your trust in us|Twoje zamówienie nie zostało zrealizowane|Thank you for subscribing to our Newsletter|thank you for subscribing to our email list|Do you want to receive newsletters from|ponieważ twój adres został zapisany|VAŠA EMAIL ADRESA ZA PRIJAVU NA|BENVENUTO IN PARTICOLARI|We're so happy you found us|gintarobaldai\.lt)/i
+/(cliquez sur le lien Connexion en haut de chaque page|Thank you for creating a customer account|confirma tu suscripción|The Nib)/i

lists/exploring.map

@@ -0,0 +1 @@
+/detects-torpedo/i

lists/mxcheck_exclude.inc

@@ -0,0 +1,11 @@
+wgfwd1.registrar-servers.com
+wgfwd2.registrar-servers.com
+campfirecollective.kinstamailservice.com
+tickets.icelandair.com
+mail.helcim.com
+mail.webbie.aty-group.com
+www.perfectcompliance.com
+fwd.regery.net
+auction.kenic.or.ke
+ecciewww4.amsnl.webair.com
+sg.campachim.com

lists/tlds.txt

@@ -0,0 +1,35 @@
+# TLDs known to have a high probability of being spammers
+
+/\.bid$/i
+/\.club$/i
+/\.date$/i
+/\.download$/i
+/\.faith$/i
+/\.fun$/i
+/\.host$/i
+/\.icu$/i
+/\.kim$/i
+/\.loan$/i
+/\.monster$/i
+/\.online$/i
+/\.pet$/i
+/\.pro$/i
+/\.red$/i
+/\.review$/i
+/\.site$/i
+/\.space$/i
+/\.stream$/i
+/\.top$/i
+/\.trade$/i
+/\.vip$/i
+/\.website$/i
+/\.win$/i
+/\.world$/i
+/\.xyz$/i
+/\.casa$/i
+/\.cam$/i
+/\.cyou$/i
+/\.today$/i
+/\.digital$/i
+/\.work$/i
+/\.bar$/i

local.d/force_actions.conf

@@ -0,0 +1,7 @@
+rules {
+ NOMX {
+   action = "reject";
+   expression = "MX_MISSING";
+   message = "Sending domain has no MX record";
+ }
+}

local.d/multimap.conf

@@ -0,0 +1,64 @@
+spammy_tld_env_from {
+    type = "from";
+    filter = "email:domain:tld";
+    map = "https://raw.githubusercontent.com/mxroute/rspamd_rules/master/lists/tlds.txt";
+    symbol = "SPAMMY_TLD_ENVFROM";
+    description = "Sending TLD likely spam";
+    score = 1.5;
+    regexp = true;
+}
+
+spammy_tld_from {
+    type = "header";
+    header = "from";
+    filter = "email:domain:tld";
+    map = "https://raw.githubusercontent.com/mxroute/rspamd_rules/master/lists/tlds.txt";
+    symbol = "SPAMMY_TLD_FROM";
+    require_symbols = "!SPAMMY_TLD_ENVFROM";
+    description = "Sending TLD likely spam";
+    score = 1.5;
+    regexp = true;
+}
+
+MXROUTE_BODY_SPAM {
+    type = "content";
+    filter = "text";
+    map = "https://raw.githubusercontent.com/mxroute/rspamd_rules/master/lists/body-spam.map";
+    symbol = "MXROUTE_BODY_SPAM";
+    prefilter = true;
+    action = "reject";
+    regexp = true;
+    message = "The text of this email contained a string that we identified to be spam.";
+}
+
+SPAMMY_SUBJECT {
+    type = "header";
+    header = "subject";
+    map = "https://raw.githubusercontent.com/mxroute/rspamd_rules/master/lists/subject-spam.map";
+    symbol = "SPAMMY_SUBJ";
+    prefilter = true;
+    action = "reject";
+    regexp = true;
+}
+
+SENDER_FROM_BLACKLIST {
+    type = "from";
+    map = "https://raw.githubusercontent.com/mxroute/rspamd_rules/master/lists/blacklisted-sender-strings.map";
+    regexp = true;
+    description = "Blacklisted sender";
+    prefilter = true;
+    filter = "email:addr"
+    action = "reject";
+    message = "This sender has been blocked for matching a known spam trend";
+}
+
+MXROUTE_EXPLORING {
+    type = "content";
+    filter = "text";
+    map = "https://raw.githubusercontent.com/mxroute/rspamd_rules/master/lists/exploring.map";
+    symbol = "MXROUTE_EXPLORING";
+    prefilter = true;
+    action = "add_header";
+    regexp = true;
+    message = "We are observing this data to see how many and what kind of data it returns.";
+}

local.d/mx_check.conf

@@ -0,0 +1,11 @@
+  timeout = 5.0;
+  symbol_bad_mx = "MX_INVALID";
+  symbol_no_mx = "MX_MISSING";
+  symbol_good_mx = "MX_GOOD";
+  expire = 86400;
+  key_prefix = "rmx";
+  enabled = true;
+  greylist_invalid = false;
+exclude_domains = [
+    "https://raw.githubusercontent.com/mxroute/rspamd_rules/master/lists/mxcheck_exclude.inc",
+];

local.d/neural.conf

@@ -0,0 +1,12 @@
+  servers = 127.0.0.1:6379; # Redis server to store learning data and ANN
+
+  train {
+    max_train = 1k; # Number of trains per epoch
+    max_usages = 20; # Number of learn iterations while ANN data is valid
+    spam_score = 8; # Score to learn spam
+    ham_score = -2; # Score to learn ham
+    learning_rate = 0.01; # Rate of learning (Torch only)
+    max_iterations = 25; # Maximum iterations of learning (Torch only)
+  }
+
+  timeout = 20; # Increase redis timeout

local.d/redis.conf

@@ -0,0 +1,2 @@
+servers = "127.0.0.1";
+write_servers = "127.0.0.1";

override.d/actions.conf

@@ -0,0 +1,3 @@
+reject = 15;
+add_header = 8;
+greylist = 40;

override.d/metrics.conf

@@ -0,0 +1,114 @@
+symbol "MIME_BASE64_TEXT_BOGUS" {
+  weight = 3;
+  description = "Has text part encoded in base64 that does not contain any 8bit characters";
+}
+
+symbol "DMARC_POLICY_REJECT" {
+  weight = 100;
+  description = "Domain owner requested this be rejected by DMARC";
+}
+
+symbol "MXROUTE_BODY_SPAM" {
+  weight = 100;
+  description = "Message identified by us as likely spam";
+}
+
+symbol "ONCE_RECEIVED_STRICT" {
+  weight = 0;
+  description = "Lets kill this rule";
+}
+
+symbol "DBL_ABUSE" {
+  weight = 100;
+  description = "Email mentions domain listed at Spamhaus DBL";
+}
+
+symbol "NO_BOUNCE" {
+  weight = 100;
+  description = "No bounce loops";
+}
+
+symbol "FREEMAIL_TO" {
+  weight = 0.0;
+  description "Freemail recipients";
+}
+
+symbol "SPAMMY_SUBJ" {
+  weight = 100;
+  description = "Email subject matches spam trend";
+}
+
+symbol "IP_SCORE" {
+  weight = 0.0;
+  description = "IP reputation";
+}
+
+symbol "FROM_NEQ_DISPLAY_NAME" {
+  weight = 0.0;
+  description = "Display name contains an email address different to the From address";
+}
+
+symbol "R_SUSPICIOUS_URL" {
+  weight = 3.0;
+  description = "Suspicious URL";
+}
+
+symbol "FORGED_SENDER" {
+  weight = 1.5;
+  description = "From address has been spoofed";
+}
+
+symbol "FREEMAIL_FROM" {
+  weight = 3.0;
+  description = "From address has been spoofed";
+}
+
+symbol "R_RATELIMIT" {
+  weight = 9;
+  description = "Rate limited";
+}
+
+symbol "BROKEN_HEADERS" {
+  weight = 0;
+  description = "Header check";
+}
+
+symbol "FORGED_RECIPIENTS" {
+  weight = 0;
+  description = "Recipient check";
+}
+
+symbol "HAS_PHPMAILER_SIG" {
+  weight = 2;
+  description = "PHP Mailer header"
+}
+
+symbol "SPAM_FLAG" {
+  weight = 7;
+  description = "Identified as spam by previous server"
+}
+
+symbol "MIME_BAD_ATTACHMENT" {
+  weight = 0;
+  description = "Bad attachment"
+}
+
+symbol "BLACKLIST_DMARC" {
+  weight = 0;
+  description = "Mail comes from the whitelisted domain and has valid failed DMARC and DKIM policies";
+}
+
+symbol "MX_INVALID" {
+  weight = 0;
+  description = "From domain has no valid MX records or this rule sucks";
+}
+
+symbol "DBL_SPAM" {
+  weight = 15;
+  description = "Contains reference domain listed at SpamHaus";
+}
+
+symbol "SPOOF_REPLYTO" {
+  weight = 0;
+  description = "Spoofing reply-to has valid use cases so setting score to 0";
+}