1
0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-01-12 04:23:24 +02:00
mailcow-dockerized/data/conf/rspamd/local.d/composites.conf

65 lines
2.4 KiB
Plaintext
Raw Normal View History

2017-09-19 09:19:22 +02:00
MX_IMPLICIT {
expression = "MX_GOOD & MX_MISSING";
score = -0.01;
}
VIRUS_FOUND {
expression = "CLAM_VIRUS & !MAILCOW_WHITE";
score = 2000.0;
2017-09-19 09:19:22 +02:00
}
# Bad policy from free mail providers
FREEMAIL_POLICY_FAILURE {
expression = "-g+:policies & !DMARC_POLICY_ALLOW & !MAILLIST & ( FREEMAIL_ENVFROM | FREEMAIL_FROM ) & !WHITELISTED_FWD_HOST";
score = 16.0;
}
# Applies to freemail with undisclosed recipients
FREEMAIL_TO_UNDISC_RCPT {
expression = "FREEMAIL_FROM & ( MISSING_TO | R_UNDISC_RCPT | TO_EQ_FROM )";
score = 5.0;
}
# Bad policy from non-whitelisted senders
# Remove SOGO_CONTACT symbol for fwd hosts and senders with broken policy
SOGO_CONTACT_EXCLUDE {
2020-11-11 15:34:24 +02:00
expression = "(-WHITELISTED_FWD_HOST | -g+:policies) & ^SOGO_CONTACT & !DMARC_POLICY_ALLOW";
}
# Spoofed header from and broken policy (excluding sieve host, rspamd host, whitelisted senders, authenticated senders and forward hosts)
2019-04-14 20:37:38 +02:00
SPOOFED_UNAUTH {
expression = "!MAILCOW_AUTH & !MAILCOW_WHITE & !RSPAMD_HOST & !SIEVE_HOST & MAILCOW_DOMAIN_HEADER_FROM & !WHITELISTED_FWD_HOST & -g+:policies";
score = 50.0;
2019-04-14 20:37:38 +02:00
}
# Only apply to inbound unauthed and not whitelisted
2019-06-16 17:35:24 +02:00
OLEFY_MACRO {
expression = "!MAILCOW_AUTH & !MAILCOW_WHITE & OLETOOLS";
2019-06-20 10:18:43 +02:00
score = 20.0;
2019-06-16 17:35:24 +02:00
policy = "remove_weight";
}
# Applies to a content filter map
BAD_WORD_BAD_TLD {
expression = "FISHY_TLD & ( BAD_WORDS | BAD_WORDS_DE )"
score = 10.0;
}
# Forged with bad policies and not fwd host, keep bad policy symbols
2019-11-24 17:08:58 +02:00
FORGED_W_BAD_POLICY {
2020-11-11 15:34:24 +02:00
expression = "( -g+:policies | -R_SPF_NA) & ( ~FROM_NEQ_ENVFROM | ~FORGED_SENDER ) & !WHITELISTED_FWD_HOST & !DMARC_POLICY_ALLOW"
2019-11-24 17:08:58 +02:00
score = 3.0;
}
# Keep negative (good) scores for rbl, policies and hfilter, disable neural group
WL_FWD_HOST {
expression = "-WHITELISTED_FWD_HOST & (^g+:rbl | ^g+:policies | ^g+:hfilter | ^g:neural)"
}
# Exclude X-Spam like flags from scoring from fwd and sieve hosts
UPSTREAM_CHECKS_EXCLUDE_FWD_HOST {
expression = "(-SIEVE_HOST | -WHITELISTED_FWD_HOST) & (^UNITEDINTERNET_SPAM | ^SPAM_FLAG | ^KLMS_SPAM | ^AOL_SPAM | ^MICROSOFT_SPAM)"
}
# Remove fuzzy group from bounces
BOUNCE_FUZZY {
expression = "-BOUNCE & ^g+:fuzzy";
}
# Remove bayes ham if fuzzy denied
FUZZY_HAM_MISMATCH {
expression = "( -FUZZY_DENIED | -MAILCOW_FUZZY_DENIED | -LOCAL_FUZZY_DENIED ) & ( ^BAYES_HAM | ^NEURAL_HAM_LONG | ^NEURAL_HAM_SHORT )"
}
# Remove bayes spam if local fuzzy white
FUZZY_SPAM_MISMATCH {
expression = "( -LOCAL_FUZZY_WHITE ) & ( ^BAYES_SPAM | ^NEURAL_SPAM_LONG | ^NEURAL_SPAM_SHORT )"
}