committing changes in /etc made by "-bash"

Package changes:

rspamd/composites.conf

@@ -65,18 +65,16 @@ composites {
     expression = "-R_DKIM_ALLOW & (R_DKIM_TEMPFAIL | R_DKIM_PERMFAIL | R_DKIM_REJECT)"
     policy = "remove_weight";
   }
-  MAIL_RU_MAILER_BASE64 {
-    expression = "MAIL_RU_MAILER & (FROM_EXCESS_BASE64 | MIME_BASE64_TEXT | REPLYTO_EXCESS_BASE64 | SUBJ_EXCESS_BASE64 | TO_EXCESS_BASE64)";
+  APPLE_MAILER_COMMON {
+    description = "Message was sent by 'Apple Mail' and has common symbols in place";
+    expression = "APPLE_MAILER & MV_CASE";
   }
-  YANDEX_RU_MAILER_CTYPE_MIXED_BOGUS {
-    expression = "YANDEX_RU_MAILER & -HAS_ATTACHMENT & CTYPE_MIXED_BOGUS";
-  }
-  MAILER_1C_8_BASE64 {
-    expression = "MAILER_1C_8 & (FROM_EXCESS_BASE64 | MIME_BASE64_TEXT | SUBJ_EXCESS_BASE64 | TO_EXCESS_BASE64)";
-    description = "Message was sent by '1C:Enterprise 8' and uses base64 encoded data";
+  APPLE_IOS_MAILER_COMMON {
+    description = "Message was sent by 'Apple iOS Mail' and has common symbols in place";
+    expression = "APPLE_IOS_MAILER & (MV_CASE | MIME_MA_MISSING_TEXT)";
   }
   HACKED_WP_PHISHING {
-    expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | DBL_PHISH | PHISHED_OPENPHISH | PHISHED_PHISHTANK)";
+    expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | CRACKED_SURBL | PH_SURBL_MULTI | DBL_PHISH | DBL_ABUSE_PHISH | URIBL_BLACK | PHISHED_OPENPHISH | PHISHED_PHISHTANK)";
     description = "Phish message sent by hacked Wordpress instance";
     policy = "leave";
   }
@@ -93,8 +91,8 @@ composites {
     policy = "leave";
   }
   RCVD_UNAUTH_PBL {
-    expression = "RECEIVED_PBL & !RCVD_VIA_SMTP_AUTH";
-    description = "Relayed through Spamhaus PBL IP without sufficient authentication (possible indicating an open relay)";
+    expression = "RECEIVED_SPAMHAUS_PBL & !RCVD_VIA_SMTP_AUTH";
+    description = "Relayed through Spamhaus PBL IP without sufficient authentication (possibly indicating an open relay)";
     score = 2.0;
     policy = "leave";
   }
@@ -159,11 +157,24 @@ composites {
     group = "scams";
   }
   FREEMAIL_AFF {
-    expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & R_UNDISC_RCPT & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)";
+    expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & (TO_DN_RECIPIENTS | R_UNDISC_RCPT) & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)";
     score = 4.0;
     policy = "leave";
     description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";
   }
+  REDIRECTOR_URL_ONLY {
+    expression = "HFILTER_URL_ONLY & REDIRECTOR_URL";
+    score = 1.0;
+    policy = "leave";
+    description = "Message only contains a redirector URL";
+  }
+  THREAD_HIJACKING_FROM_INJECTOR {
+    expression = "FAKE_REPLY & RCVD_VIA_SMTP_AUTH & (!RECEIVED_SPAMHAUS_PBL | RECEIVED_SPAMHAUS_XBL | RECEIVED_SPAMHAUS_SBL)";
+    score = 2.0;
+    policy = "leave";
+    description = "Fake reply exhibiting characteristics of being injected into a compromised mail server, possibly e-mail thread hijacking";
+    group = "compromised_hosts";
+  }
 
   .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
   .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"

rspamd/lang_detection.inc

@@ -0,0 +1,28 @@
+# Language detection configuration
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/lang_detection.inc' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/lang_detection.inc' to strictly override all
+# parameters defined inside this section
+
+# Path to the languages shared data
+# languages = "${RSPAMD_SHAREDIR}/languages"
+
+# Limit in words to treat text as short for language detection
+# short_text_limit = 10
+
+# Enable only specific languages
+# languages_enable = ["en", "de"]
+
+# Disable specific languages
+# languages_disable = ["fr", "es"]
+
+# Use the following fasttext model for language detection (if Fasttext support is compiled in)
+# fasttext_model = "${RSPAMD_SHAREDIR}/languages/fasttext_model.ftz"
+
+# Prefer fasttext over all other methods
+# prefer_fasttext = true;
+

rspamd/modules.d/multimap.conf

@@ -20,6 +20,7 @@ multimap {
     symbol = "REDIRECTOR_URL";
     description = "The presence of a redirector in the mail";
     score = 0.0;
+    one_shot = true;
   }
 
   # Freemail Addresses
@@ -39,6 +40,7 @@ multimap {
     symbol = "FREEMAIL_ENVRCPT";
     description = "Envelope Recipient is a Freemail address";
     score = 0.0;
+    one_shot = true;
   }
 
   freemail_from {
@@ -59,6 +61,7 @@ multimap {
     symbol = "FREEMAIL_TO";
     description = "To is a Freemail address";
     score = 0.0;
+    one_shot = true;
   }
 
   freemail_cc {
@@ -69,6 +72,7 @@ multimap {
     symbol = "FREEMAIL_CC";
     description = "To is a Freemail address";
     score = 0.0;
+    one_shot = true;
   }
 
   freemail_replyto {
@@ -98,6 +102,7 @@ multimap {
     symbol = "DISPOSABLE_ENVRCPT";
     description = "Envelope Recipient is a Disposable e-mail address";
     score = 0.0;
+    one_shot = true;
   }
 
   disposable_from {
@@ -118,6 +123,7 @@ multimap {
     symbol = "DISPOSABLE_TO";
     description = "To a disposable e-mail address";
     score = 0.0;
+    one_shot = true;
   }
 
   disposable_cc {
@@ -128,6 +134,7 @@ multimap {
     symbol = "DISPOSABLE_CC";
     description = "To a disposable e-mail address";
     score = 0.0;
+    one_shot = true;
   }
 
   disposable_replyto {

rspamd/rspamd.conf.rpmnew

@@ -0,0 +1,73 @@
+# System V init adopted top level configuration
+
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+.include "$CONFDIR/common.conf"
+
+options {
+    pidfile = "$RUNDIR/rspamd.pid";
+    .include "$CONFDIR/options.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/options.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/options.inc"
+}
+
+lang_detection {
+    .include "$CONFDIR/lang_detection.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/lang_detection.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/lang_detection.inc"
+}
+
+.include(try=true; duplicate=merge) "$CONFDIR/cgp.inc"
+.include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/cgp.inc"
+
+logging {
+    type = "file";
+    filename = "$LOGDIR/rspamd.log";
+    .include "$CONFDIR/logging.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/logging.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/logging.inc"
+}
+
+worker "normal" {
+    bind_socket = "localhost:11333";
+    .include "$CONFDIR/worker-normal.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-normal.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-normal.inc"
+}
+
+worker "controller" {
+    bind_socket = "localhost:11334";
+    .include "$CONFDIR/worker-controller.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-controller.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-controller.inc"
+}
+
+worker "rspamd_proxy" {
+    bind_socket = "localhost:11332";
+    .include "$CONFDIR/worker-proxy.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-proxy.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-proxy.inc"
+}
+
+# Local fuzzy storage is disabled by default
+
+worker "fuzzy" {
+    bind_socket = "localhost:11335";
+    count = -1; # Disable by default
+    .include "$CONFDIR/worker-fuzzy.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-fuzzy.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-fuzzy.inc"
+}

rspamd/scores.d/phishing_group.conf

@@ -35,14 +35,19 @@ symbols = {
     }
     HACKED_WP_PHISHING {
         weight = 4.5;
-        description = "Phishing message from hacked wordpress";
+        description = "Phish message sent by hacked Wordpress instance";
     }
     REDIRECTOR_FALSE {
         weight = 0.0;
         description = "Phishing exclusion symbol for known redirectors";
     }
+    URL_REDIRECTOR_NESTED {
+        weight = 1.0;
+        description = "URL redirector nested limit has been reached";
+        one_shot = true;
+    }
     PHISHED_WHITELISTED {
         weight = 0.0;
         description = "Phishing exclusion symbol for known exceptions";
     }
-}
+}

rspamd/scores.d/rbl_group.conf

@@ -135,7 +135,7 @@ symbols = {
     }
     "RECEIVED_SPAMHAUS_XBL" {
         weight = 1.0;
-        description = "Received address is listed in ZEN XBL";
+        description = "Received address is listed in Spamhaus XBL";
         groups = ["spamhaus"];
         one_shot = true;
     }

rspamd/scores.d/surbl_group.conf

@@ -46,7 +46,7 @@ symbols = {
     }
     "CRACKED_SURBL" {
         weight = 4.0;
-        description = "A domain in the message is listed in as SURBL cracked";
+        description = "A domain in the message is listed in SURBL as cracked";
         one_shot = true;
         groups = ["surblorg"];
     }