1
0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2024-12-14 10:52:49 +02:00
mailcow-dockerized/data/conf/rspamd/local.d/composites.conf

57 lines
1.7 KiB
Plaintext

MX_IMPLICIT {
expression = "MX_GOOD & MX_MISSING";
score = -0.01;
}
VIRUS_FOUND {
expression = "CLAM_VIRUS & !MAILCOW_WHITE";
score = 2000;
}
SPF_FAIL_NO_DKIM {
expression = "R_SPF_FAIL & R_DKIM_NA & !MAILCOW_WHITE & !ARC_ALLOW";
score = 10;
}
SOGO_CONTACT_EXCLUDE_FWD_HOST {
expression = "-WHITELISTED_FWD_HOST & ~SOGO_CONTACT";
}
SOGO_CONTACT_SPOOFED {
expression = "(R_SPF_PERMFAIL | R_SPF_SOFTFAIL | R_SPF_FAIL) & ~SOGO_CONTACT";
}
# SPF checks against envelope, so we do not exclude SPF valid mail
SPOOFED_UNAUTH {
expression = "!MAILCOW_AUTH & !MAILCOW_WHITE & !RSPAMD_HOST & !SIEVE_HOST & MAILCOW_DOMAIN_HEADER_FROM & !WHITELISTED_FWD_HOST";
score = 5.0;
}
# Only apply to inbound unauthed and not whitelisted
OLEFY_MACRO {
expression = "!MAILCOW_AUTH & !MAILCOW_WHITE & OLETOOLS";
score = 20.0;
policy = "remove_weight";
}
BAD_WORD_BAD_TLD {
expression = "FISHY_TLD & ( BAD_WORDS | BAD_WORDS_DE )"
score = 10.0;
}
FORGED_W_BAD_POLICY {
expression = "( ~g+:policies | ~R_SPF_NA) & ( ~FROM_NEQ_ENVFROM & ~FORGED_SENDER ) & !WHITELISTED_FWD_HOST"
score = 3.0;
}
RBL_EXCLUDE_FWD_HOST {
expression = "-WHITELISTED_FWD_HOST & ^g:rbl"
}
SPF_EXCLUDE_FWD_HOST {
expression = "-WHITELISTED_FWD_HOST & (^R_SPF_PERMFAIL | ^R_SPF_SOFTFAIL | ^R_SPF_FAIL)"
}
HFILTER_EXCLUDE_FWD_HOST {
expression = "-WHITELISTED_FWD_HOST & ^g:hfilter"
}
NEURAL_EXCLUDE_FWD_HOST {
expression = "-WHITELISTED_FWD_HOST & ^g:neural"
}
UPSTREAM_CHECKS_EXCLUDE_FWD_HOST {
expression = "(-SIEVE_HOST | -WHITELISTED_FWD_HOST) & (^UNITEDINTERNET_SPAM | ^SPAM_FLAG | ^KLMS_SPAM | ^AOL_SPAM | ^MICROSOFT_SPAM)"
}
SPOOFED_UNAUTH_POLICY_FAILURE {
expression = "-SPOOFED_UNAUTH & -R_SPF_FAIL";
score = 50.0;
}