Xyved Spamrules
https://git.xyved.dk/Xyved/spamrules/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
159 lines
4.8 KiB
159 lines
4.8 KiB
KNOWN_SPAM_STRING {
|
|
type = "content";
|
|
filter = "full";
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/known_spam.txt";
|
|
prefilter = true;
|
|
action = "reject";
|
|
regexp = true;
|
|
}
|
|
|
|
# Envelope From in high-spammy-tlds.txt
|
|
high_spammy_tlds_envfrom {
|
|
type = "from";
|
|
filter = "email:domain:tld";
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/high-spammy-tlds.txt";
|
|
symbol = "HIGH_SPAMMY_TLD_ENVFROM";
|
|
description = "Envelope From is from a high spammy TLD";
|
|
score = 1.5;
|
|
regexp = true;
|
|
}
|
|
|
|
# From in high-spammy-tlds.txt
|
|
high_spammy_tlds_from {
|
|
type = "header";
|
|
header = "from";
|
|
filter = "email:domain:tld";
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/high-spammy-tlds.txt";
|
|
symbol = "HIGH_SPAMMY_TLD_FROM";
|
|
require_symbols = "!HIGH_SPAMMY_TLD_ENVFROM";
|
|
description = "From is from a high spammy TLD";
|
|
score = 1.5;
|
|
regexp = true;
|
|
}
|
|
|
|
# From in high-spammy-tlds.txt
|
|
spammy_tlds_envfrom {
|
|
type = "from";
|
|
filter = "email:domain:tld";
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/spammy-tlds.txt";
|
|
symbol = "SPAMMY_TLD_ENVFROM";
|
|
require_symbols = "!HIGH_SPAMMY_TLD_ENVFROM & !HIGH_SPAMMY_TLD_FROM";
|
|
description = "Envelope From is from a spammy TLD";
|
|
score = 1.0;
|
|
regexp = true;
|
|
}
|
|
|
|
# From in spammy-tlds.txt
|
|
spammy_tlds_from {
|
|
type = "header";
|
|
header = "from";
|
|
filter = "email:domain:tld";
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/spammy-tlds.txt";
|
|
symbol = "SPAMMY_TLD_FROM";
|
|
require_symbols = "!HIGH_SPAMMY_TLD_ENVFROM & !HIGH_SPAMMY_TLD_FROM & !SPAMMY_TLD_ENVFROM";
|
|
description = "From is from a spammy TLD";
|
|
score = 1.0;
|
|
regexp = true;
|
|
}
|
|
|
|
# Sender address on a spammy domain
|
|
spammy_domains {
|
|
type = "from";
|
|
filter = "email:domain";
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/high-spammy-domains.txt";
|
|
symbol = "SPAMMY_DOMAIN_FROM";
|
|
description = "sender address is on a spammy domain";
|
|
score = 2.0;
|
|
regexp = true;
|
|
}
|
|
|
|
# URL: tld in high-spammy-tlds.txt
|
|
high_spammy_url {
|
|
type = "url";
|
|
filter = "tld";
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/high-spammy-tlds.txt";
|
|
symbol = "HIGH_SPAMMY_URL";
|
|
description = "Hostname of an URL in the message is in a high spammy TLD";
|
|
score = 0.25;
|
|
regexp = true;
|
|
}
|
|
|
|
# Until we can match against the unique list of urls in the message (https://github.com/rspamd/rspamd/issues/3003)
|
|
# the total score is restricted via the spam_links group
|
|
spam_links {
|
|
type = "url";
|
|
filter = "full";
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/spam-links.txt";
|
|
symbol = "SPAM_LINK";
|
|
description = "Message contains a link pattern commonly used in spam messages";
|
|
score = 0.4;
|
|
regexp = true;
|
|
group = "spam_links";
|
|
}
|
|
|
|
|
|
|
|
spammy_tld_env_from {
|
|
type = "from";
|
|
filter = "email:domain:tld";
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/tlds.txt";
|
|
symbol = "SPAMMY_TLD_ENVFROM";
|
|
description = "Sending TLD likely spam";
|
|
score = 1.5;
|
|
regexp = true;
|
|
}
|
|
|
|
spammy_tld_from {
|
|
type = "header";
|
|
header = "from";
|
|
filter = "email:domain:tld";
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/tlds.txt";
|
|
symbol = "SPAMMY_TLD_FROM";
|
|
require_symbols = "!SPAMMY_TLD_ENVFROM";
|
|
description = "Sending TLD likely spam";
|
|
score = 1.5;
|
|
regexp = true;
|
|
}
|
|
|
|
MXROUTE_BODY_SPAM {
|
|
type = "content";
|
|
filter = "text";
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/body-spam.map";
|
|
symbol = "MXROUTE_BODY_SPAM";
|
|
prefilter = true;
|
|
action = "reject";
|
|
regexp = true;
|
|
message = "The text of this email contained a string that we identified to be spam.";
|
|
}
|
|
|
|
SPAMMY_SUBJECT {
|
|
type = "header";
|
|
header = "subject";
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/subject-spam.map";
|
|
symbol = "SPAMMY_SUBJ";
|
|
prefilter = true;
|
|
action = "reject";
|
|
regexp = true;
|
|
}
|
|
|
|
SENDER_FROM_BLACKLIST {
|
|
type = "from";
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/blacklisted-sender-strings.map";
|
|
regexp = true;
|
|
description = "Blacklisted sender";
|
|
prefilter = true;
|
|
filter = "email:addr"
|
|
action = "reject";
|
|
message = "This sender has been blocked for matching a known spam trend";
|
|
}
|
|
|
|
MXROUTE_EXPLORING {
|
|
type = "content";
|
|
filter = "text";
|
|
map = "https://git.xyved.dk/Xyved/spamrules/raw/branch/master/lists/exploring.map";
|
|
symbol = "MXROUTE_EXPLORING";
|
|
prefilter = true;
|
|
action = "add_header";
|
|
regexp = true;
|
|
message = "We are observing this data to see how many and what kind of data it returns.";
|
|
}
|
|
|