Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / 7b2a3a1c374b0a853b379f41561dcf2796c55986 / . / mailcow / src / mailcow-dockerized / data / conf / rspamd / local.d / composites.conf
blob: 337a2eb1089e0d7f2761c8e8b2f6a63e8a971e0a [file] [log] [blame]
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]1MX_IMPLICIT {
2 expression = "MX_GOOD & MX_MISSING";
3 score = -0.01;
4}
5VIRUS_FOUND {
6 expression = "CLAM_VIRUS & !MAILCOW_WHITE";
7 score = 2000.0;
8}
9# Bad policy from free mail providers
10FREEMAIL_POLICY_FAILURE {
11 expression = "-g+:policies & !DMARC_POLICY_ALLOW & !MAILLIST & ( FREEMAIL_ENVFROM | FREEMAIL_FROM ) & !WHITELISTED_FWD_HOST";
12 score = 16.0;
13}
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]14# Applies to freemail with undisclosed recipients
15FREEMAIL_TO_UNDISC_RCPT {
16 expression = "FREEMAIL_FROM & ( MISSING_TO | R_UNDISC_RCPT | TO_EQ_FROM )";
17 score = 5.0;
18}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]19# Bad policy from non-whitelisted senders
20# Remove SOGO_CONTACT symbol for fwd hosts and senders with broken policy
21SOGO_CONTACT_EXCLUDE {
22 expression = "(-WHITELISTED_FWD_HOST | -g+:policies) & ^SOGO_CONTACT & !DMARC_POLICY_ALLOW";
23}
24# Spoofed header from and broken policy (excluding sieve host, rspamd host, whitelisted senders, authenticated senders and forward hosts)
25SPOOFED_UNAUTH {
26 expression = "!MAILCOW_AUTH & !MAILCOW_WHITE & !RSPAMD_HOST & !SIEVE_HOST & MAILCOW_DOMAIN_HEADER_FROM & !WHITELISTED_FWD_HOST & -g+:policies";
27 score = 50.0;
28}
29# Only apply to inbound unauthed and not whitelisted
30OLEFY_MACRO {
31 expression = "!MAILCOW_AUTH & !MAILCOW_WHITE & OLETOOLS";
32 score = 20.0;
33 policy = "remove_weight";
34}
35# Applies to a content filter map
36BAD_WORD_BAD_TLD {
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]37 expression = "FISHY_TLD & ( BAD_WORDS | BAD_WORDS_DE )";
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]38 score = 10.0;
39}
40# Forged with bad policies and not fwd host, keep bad policy symbols
41FORGED_W_BAD_POLICY {
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]42 expression = "( -g+:policies | -R_SPF_NA) & ( ~FROM_NEQ_ENVFROM | ~FORGED_SENDER ) & !WHITELISTED_FWD_HOST & !DMARC_POLICY_ALLOW";
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]43 score = 3.0;
44}
45# Keep negative (good) scores for rbl, policies and hfilter, disable neural group
46WL_FWD_HOST {
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]47 expression = "-WHITELISTED_FWD_HOST & (^g+:rbl | ^g+:policies | ^g+:hfilter | ^g:neural)";
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]48}
49# Exclude X-Spam like flags from scoring from fwd and sieve hosts
50UPSTREAM_CHECKS_EXCLUDE_FWD_HOST {
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]51 expression = "(-SIEVE_HOST | -WHITELISTED_FWD_HOST) & (^UNITEDINTERNET_SPAM | ^SPAM_FLAG | ^KLMS_SPAM | ^AOL_SPAM | ^MICROSOFT_SPAM)";
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]52}
53# Remove fuzzy group from bounces
54BOUNCE_FUZZY {
55 expression = "-BOUNCE & ^g+:fuzzy";
56}
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]57# Remove bayes ham if fuzzy denied
58FUZZY_HAM_MISMATCH {
59 expression = "( -FUZZY_DENIED | -MAILCOW_FUZZY_DENIED | -LOCAL_FUZZY_DENIED ) & ( ^BAYES_HAM | ^NEURAL_HAM_LONG | ^NEURAL_HAM_SHORT )";
60}
61# Remove bayes spam if local fuzzy white
62FUZZY_SPAM_MISMATCH {
63 expression = "( -LOCAL_FUZZY_WHITE ) & ( ^BAYES_SPAM | ^NEURAL_SPAM_LONG | ^NEURAL_SPAM_SHORT )";
64}
65WL_FWD_HOST {
66 expression = "-WHITELISTED_FWD_HOST & (^g+:rbl | ^g+:policies | ^g+:hfilter | ^g:neural)";
67}
68ENCRYPTED_CHAT {
69 expression = "CHAT_VERSION_HEADER & ENCRYPTED_PGP";
70}