bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

committing changes in /etc made by "-bash"

Browse Source 
Package changes:
This commit is contained in:
Bogdan Stoica
2023-03-26 20:38:37 +03:00
parent cc404f64a0
commit 9a0e53350d
29 changed files with 316 additions and 327 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
rspamd/scores.d/content_group.conf
View File

@@ -35,18 +35,17 @@ symbols = {
}
"PDF_LONG_TRAILER" {
weight = 0.2;
description = "There is an PDF with a long trailer";
description = "There is an PDF with a long trailer in the message";
one_shot = true;
}
"PDF_MANY_OBJECTS" {
weight = 0;
description = "There is a PDF file with too many objects";
description = "There is a PDF with too many objects in the message";
one_shot = true;
}
"PDF_TIMEOUT" {
weight = 0;
description = "There is a PDF file that caused timeout in processing";
description = "There is a PDF in the message that caused timeout in processing";
one_shot = true;
}
}

1
rspamd/scores.d/headers_group.conf
View File

@@ -16,6 +16,7 @@
# See https://rspamd.com/doc/tutorials/writing_rules.html for details
description = "Various headers checks";
max_score = 8.0;
symbols = {

5
rspamd/scores.d/mime_types_group.conf
View File

@@ -16,9 +16,8 @@
# See https://rspamd.com/doc/tutorials/writing_rules.html for details
description = "Mime attachments rules";
# Define some limit for this group
max_score = 10.0;
max_score = 10.0;
symbols = {
"MIME_GOOD" {
@@ -76,4 +75,4 @@ symbols = {
description = "Filename with known obscured unicode characters";
one_shot = true;
}
}
}

4
rspamd/scores.d/policies_group.conf
View File

@@ -124,25 +124,21 @@ symbols = {
description = "ARC checks success";
groups = ["arc"];
}
"ARC_REJECT" {
weight = 1.0;
description = "ARC checks failed";
groups = ["arc"];
}
"ARC_INVALID" {
weight = 0.5;
description = "ARC structure invalid";
groups = ["arc"];
}
"ARC_DNSFAIL" {
weight = 0.0;
description = "ARC DNS error";
groups = ["arc"];
}
"ARC_NA" {
weight = 0.0;
description = "ARC signature absent";

56
rspamd/scores.d/rbl_group.conf
View File

@@ -21,7 +21,7 @@ symbols = {
"DNSWL_BLOCKED" {
weight = 0.0;
description = "Resolver blocked due to excessive queries";
description = "https://www.dnswl.org: Resolver blocked due to excessive queries";
groups = ["dnswl", "blocked"];
}
"RCVD_IN_DNSWL" {
@@ -52,12 +52,12 @@ symbols = {
"DWL_DNSWL_BLOCKED" {
weight = 0.0;
description = "Resolver blocked due to excessive queries (dwl)";
description = "https://www.dnswl.org: Resolver blocked due to excessive queries (DWL)";
groups = ["dnswl", "blocked"];
}
"DWL_DNSWL" {
weight = 0.0;
description = "Unrecognised result from https://www.dnswl.org (dwl)";
description = "Unrecognised result from https://www.dnswl.org (DWL)";
groups = ["dnswl"];
}
"DWL_DNSWL_NONE" {
@@ -88,89 +88,85 @@ symbols = {
}
"RBL_SPAMHAUS_SBL" {
weight = 4.0;
description = "From address is listed in ZEN SBL";
description = "From address is listed in Spamhaus SBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_CSS" {
weight = 2.0;
description = "From address is listed in ZEN CSS";
description = "From address is listed in Spamhaus CSS";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_XBL" {
weight = 4.0;
description = "From address is listed in ZEN XBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_XBL_ANY" {
weight = 4.0;
description = "From or received address is listed in ZEN XBL (any list)";
description = "From address is listed in Spamhaus XBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_PBL" {
weight = 2.0;
description = "From address is listed in ZEN PBL (ISP list)";
description = "From address is listed in Spamhaus PBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_DROP" {
weight = 7.0;
description = "From address is listed in ZEN DROP BL";
description = "From address is listed in Spamhaus DROP";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_BLOCKED_OPENRESOLVER" {
weight = 0.0;
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
groups = ["spamhaus"];
groups = ["spamhaus", "blocked"];
}
"RBL_SPAMHAUS_BLOCKED" {
weight = 0.0;
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
groups = ["spamhaus"];
groups = ["spamhaus", "blocked"];
}
"RECEIVED_SPAMHAUS_SBL" {
weight = 3.0;
description = "Received address is listed in ZEN SBL";
description = "Received address is listed in Spamhaus SBL";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_CSS" {
weight = 1.0;
description = "Received address is listed in ZEN CSS";
description = "Received address is listed in Spamhaus CSS";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_XBL" {
weight = 3.0;
weight = 1.0;
description = "Received address is listed in ZEN XBL";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_PBL" {
weight = 0.0;
description = "Received address is listed in ZEN PBL (ISP list)";
description = "Received address is listed in Spamhaus PBL";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_DROP" {
weight = 6.0;
description = "Received address is listed in ZEN DROP BL";
description = "Received address is listed in Spamhaus DROP";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER" {
weight = 0.0;
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
groups = ["spamhaus"];
groups = ["spamhaus", "blocked"];
}
"RECEIVED_SPAMHAUS_BLOCKED" {
weight = 0.0;
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
groups = ["spamhaus"];
groups = ["spamhaus", "blocked"];
}
"RBL_SENDERSCORE" {
weight = 2.0;
description = "From address is listed in senderscore.com BL";
}
"MAILSPIKE" {
weight = 0.0;
description = "Unrecognised result from Mailspike";
@@ -183,37 +179,37 @@ symbols = {
}
"RBL_MAILSPIKE_WORST" {
weight = 2.0;
description = "From address is listed in RBL - worst possible reputation";
description = "From address is listed in Mailspike RBL - worst possible reputation";
groups = ["mailspike"];
}
"RBL_MAILSPIKE_VERYBAD" {
weight = 1.5;
description = "From address is listed in RBL - very bad reputation";
description = "From address is listed in Mailspike RBL - very bad reputation";
groups = ["mailspike"];
}
"RBL_MAILSPIKE_BAD" {
weight = 1.0;
description = "From address is listed in RBL - bad reputation";
description = "From address is listed in Mailspike RBL - bad reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_POSSIBLE" {
weight = 0.0;
description = "From address is listed in RWL - possibly legit";
description = "From address is listed in Mailspike RWL - possibly legit";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_GOOD" {
weight = -0.1;
description = "From address is listed in RWL - good reputation";
description = "From address is listed in Mailspike RWL - good reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_VERYGOOD" {
weight = -0.2;
description = "From address is listed in RWL - very good reputation";
description = "From address is listed in Mailspike RWL - very good reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_EXCELLENT" {
weight = -0.4;
description = "From address is listed in RWL - excellent reputation";
description = "From address is listed in Mailspike RWL - excellent reputation";
groups = ["mailspike"];
}
@@ -236,7 +232,7 @@ symbols = {
"RBL_NIXSPAM" {
weight = 4.0;
description = "From address is listed in NiX Spam (http://www.dnsbl.manitu.net/)";
description = "From address is listed in NiX Spam (https://www.nixspam.net/)";
}
"RBL_BLOCKLISTDE" {

4
rspamd/scores.d/subject_group.conf
View File

@@ -17,7 +17,7 @@
description = "Subject filters";
max_score = 6.0;
symbols = {
}
max_score = 6.0;

69
rspamd/scores.d/surbl_group.conf
View File

@@ -22,41 +22,41 @@ max_score = 12.5;
symbols = {
"SURBL_BLOCKED" {
weight = 0.0;
description = "SURBL: blocked by policy/overusage";
description = "SURBL: query blocked by policy/overusage";
one_shot = true;
groups = ["surblorg", "blocked"];
}
"PH_SURBL_MULTI" {
weight = 5.5;
description = "SURBL: Phishing sites";
description = "A domain in the message is listed in SURBL as phishing";
one_shot = true;
groups = ["surblorg", "phishing"];
}
"MW_SURBL_MULTI" {
weight = 5.5;
description = "SURBL: Malware sites";
description = "A domain in the message is listed in SURBL as malware";
one_shot = true;
groups = ["surblorg"];
}
"ABUSE_SURBL" {
weight = 5.5;
description = "SURBL: ABUSE";
description = "A domain in the message is listed in SURBL as abused";
one_shot = true;
groups = ["surblorg"];
}
"CRACKED_SURBL" {
weight = 4.0;
description = "SURBL: cracked site";
description = "A domain in the message is listed in as SURBL cracked";
one_shot = true;
groups = ["surblorg"];
}
"RSPAMD_URIBL" {
weight = 4.5;
description = "Rspamd uribl, bl.rspamd.com";
one_shot = true;
groups = ["rspamdbl"];
}
"RSPAMD_EMAILBL" {
weight = 2.5;
description = "Rspamd emailbl, bl.rspamd.com";
@@ -66,101 +66,101 @@ symbols = {
"MSBL_EBL" {
weight = 7.5;
description = "MSBL emailbl";
description = "MSBL emailbl (https://www.msbl.org/)";
one_shot = true;
groups = ["ebl"];
}
"MSBL_EBL_GREY" {
weight = 0.5; # TODO: test it
description = "MSBL emailbl grey list";
description = "MSBL emailbl grey list (https://www.msbl.org/)";
one_shot = true;
groups = ["ebl"];
}
"SEM_URIBL_UNKNOWN" {
weight = 0.0;
description = "Spameatingmonkey uribl: unknown result";
description = "Unrecognised result from Spameatingmonkey URIBL";
one_shot = true;
groups = ["sem"];
}
"SEM_URIBL" {
weight = 3.5;
description = "Spameatingmonkey uribl";
description = "A domain in the message is listed in Spameatingmonkey URIBL";
one_shot = true;
groups = ["sem"];
}
"SEM_URIBL_FRESH15_UNKNOWN" {
weight = 0.0;
description = "Spameatingmonkey Fresh15 uribl: unknown result";
description = "Unrecognised result from Spameatingmonkey Fresh15 URIBL";
one_shot = true;
groups = ["sem"];
}
"SEM_URIBL_FRESH15" {
weight = 3.0;
description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)";
description = "A domain in the message is listed in Spameatingmonkey Fresh15 URIBL (registered in the past 15 days, .AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US only)";
one_shot = true;
groups = ["sem"];
}
"DBL" {
weight = 0.0;
description = "DBL unknown result";
description = "Unrecognised result from Spamhaus DBL";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_SPAM" {
weight = 6.5;
description = "DBL uribl spam";
description = "A domain in the message is listed in Spamhaus DBL as spam";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_PHISH" {
weight = 6.5;
description = "DBL uribl phishing";
description = "A domain in the message is listed in Spamhaus DBL as phishing";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_MALWARE" {
weight = 6.5;
description = "DBL uribl malware";
description = "A domain in the message is listed in Spamhaus DBL as malware";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_BOTNET" {
weight = 5.5;
description = "DBL uribl botnet C&C domain";
description = "A domain in the message is listed in Spamhaus DBL as botnet C&C";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE" {
weight = 6.5;
description = "DBL uribl abused legit spam";
description = "A domain in the message is listed in Spamhaus DBL as abused legit spam";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_REDIR" {
weight = 1.5;
description = "DBL uribl abused spammed redirector domain";
description = "A domain in the message is listed in Spamhaus DBL as spammed redirector domain";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_PHISH" {
weight = 7.5;
description = "DBL uribl abused legit phish";
description = "A domain in the message is listed in Spamhaus DBL as abused legit phish";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_MALWARE" {
weight = 7.5;
description = "DBL uribl abused legit malware";
description = "A domain in the message is listed in Spamhaus DBL as abused legit malware";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_BOTNET" {
weight = 5.5;
description = "DBL uribl abused legit botnet C&C";
description = "A domain in the message is listed in Spamhaus DBL as abused legit botnet C&C";
one_shot = true;
groups = ["spamhaus"];
}
@@ -174,48 +174,50 @@ symbols = {
weight = 0.0;
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
one_shot = true;
groups = ["spamhaus"];
groups = ["spamhaus", "blocked"];
}
"DBL_BLOCKED" {
weight = 0.0;
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
one_shot = true;
groups = ["spamhaus"];
groups = ["spamhaus", "blocked"];
}
"URIBL_MULTI" {
weight = 0.0;
description = "uribl.com: unrecognised result";
description = "Unrecognised result from URIBL.com";
one_shot = true;
groups = ["uribl"];
}
"URIBL_BLOCKED" {
weight = 0.0;
description = "uribl.com: query refused";
description = "URIBL.com: query refused, likely due to policy/overusage";
one_shot = true;
groups = ["uribl", "blocked"];
}
"URIBL_BLACK" {
weight = 7.5;
description = "uribl.com black url";
description = "A domain in the message is listed in URIBL.com black";
one_shot = true;
groups = ["uribl"];
}
"URIBL_RED" {
weight = 3.5;
description = "uribl.com red url";
description = "A domain in the message is listed in URIBL.com red";
one_shot = true;
groups = ["uribl"];
}
"URIBL_GREY" {
weight = 1.5;
description = "uribl.com grey url";
description = "A domain in the message is listed in URIBL.com grey";
one_shot = true;
groups = ["uribl"];
}
"SPAMHAUS_ZEN_URIBL" {
ignore = true;
weight = 0.0;
description = "Spamhaus ZEN URIBL: Filtered result";
description = "Unrecognised result from Spamhaus ZEN URIBL";
one_shot = true;
groups = ["spamhaus"];
}
@@ -229,7 +231,7 @@ symbols = {
"URIBL_SBL_CSS" {
ignore = true;
weight = 6.5;
description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS";
description = "A domain in the message body resolves to an IP listed in Spamhaus CSS";
one_shot = true;
groups = ["spamhaus"];
}
@@ -254,9 +256,4 @@ symbols = {
one_shot = true;
groups = ["spamhaus"];
}
#"RBL_SARBL_BAD" {
# weight = 2.5;
# description = "A domain in the message body is blacklisted in SARBL";
# one_shot = true;
#}
}