260 lines
7.7 KiB
Plaintext
260 lines
7.7 KiB
Plaintext
# URIBL rules scores
|
|
#
|
|
# Please don't modify this file as your changes might be overwritten with
|
|
# the next update.
|
|
#
|
|
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
|
|
# parameters defined on the top level
|
|
#
|
|
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
|
|
# parameters defined on the top level
|
|
#
|
|
# For specific modules or configuration you can also modify
|
|
# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
|
|
# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
|
|
#
|
|
# See https://rspamd.com/doc/tutorials/writing_rules.html for details
|
|
|
|
description = "URL DNS lists";
|
|
|
|
max_score = 12.5;
|
|
|
|
symbols = {
|
|
"SURBL_BLOCKED" {
|
|
weight = 0.0;
|
|
description = "SURBL: query blocked by policy/overusage";
|
|
one_shot = true;
|
|
groups = ["surblorg", "blocked"];
|
|
}
|
|
"PH_SURBL_MULTI" {
|
|
weight = 5.5;
|
|
description = "A domain in the message is listed in SURBL as phishing";
|
|
one_shot = true;
|
|
groups = ["surblorg", "phishing"];
|
|
}
|
|
"MW_SURBL_MULTI" {
|
|
weight = 5.5;
|
|
description = "A domain in the message is listed in SURBL as malware";
|
|
one_shot = true;
|
|
groups = ["surblorg"];
|
|
}
|
|
"ABUSE_SURBL" {
|
|
weight = 5.5;
|
|
description = "A domain in the message is listed in SURBL as abused";
|
|
one_shot = true;
|
|
groups = ["surblorg"];
|
|
}
|
|
"CRACKED_SURBL" {
|
|
weight = 4.0;
|
|
description = "A domain in the message is listed in as SURBL cracked";
|
|
one_shot = true;
|
|
groups = ["surblorg"];
|
|
}
|
|
|
|
"RSPAMD_URIBL" {
|
|
weight = 4.5;
|
|
description = "Rspamd uribl, bl.rspamd.com";
|
|
one_shot = true;
|
|
groups = ["rspamdbl"];
|
|
}
|
|
"RSPAMD_EMAILBL" {
|
|
weight = 2.5;
|
|
description = "Rspamd emailbl, bl.rspamd.com";
|
|
one_shot = true;
|
|
groups = ["rspamdbl"];
|
|
}
|
|
|
|
"MSBL_EBL" {
|
|
weight = 7.5;
|
|
description = "MSBL emailbl (https://www.msbl.org/)";
|
|
one_shot = true;
|
|
groups = ["ebl"];
|
|
}
|
|
|
|
"MSBL_EBL_GREY" {
|
|
weight = 0.5; # TODO: test it
|
|
description = "MSBL emailbl grey list (https://www.msbl.org/)";
|
|
one_shot = true;
|
|
groups = ["ebl"];
|
|
}
|
|
|
|
"SEM_URIBL_UNKNOWN" {
|
|
weight = 0.0;
|
|
description = "Unrecognised result from Spameatingmonkey URIBL";
|
|
one_shot = true;
|
|
groups = ["sem"];
|
|
}
|
|
"SEM_URIBL" {
|
|
weight = 3.5;
|
|
description = "A domain in the message is listed in Spameatingmonkey URIBL";
|
|
one_shot = true;
|
|
groups = ["sem"];
|
|
}
|
|
|
|
"SEM_URIBL_FRESH15_UNKNOWN" {
|
|
weight = 0.0;
|
|
description = "Unrecognised result from Spameatingmonkey Fresh15 URIBL";
|
|
one_shot = true;
|
|
groups = ["sem"];
|
|
}
|
|
"SEM_URIBL_FRESH15" {
|
|
weight = 3.0;
|
|
description = "A domain in the message is listed in Spameatingmonkey Fresh15 URIBL (registered in the past 15 days, .AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US only)";
|
|
one_shot = true;
|
|
groups = ["sem"];
|
|
}
|
|
|
|
"DBL" {
|
|
weight = 0.0;
|
|
description = "Unrecognised result from Spamhaus DBL";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"DBL_SPAM" {
|
|
weight = 6.5;
|
|
description = "A domain in the message is listed in Spamhaus DBL as spam";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"DBL_PHISH" {
|
|
weight = 6.5;
|
|
description = "A domain in the message is listed in Spamhaus DBL as phishing";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"DBL_MALWARE" {
|
|
weight = 6.5;
|
|
description = "A domain in the message is listed in Spamhaus DBL as malware";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"DBL_BOTNET" {
|
|
weight = 5.5;
|
|
description = "A domain in the message is listed in Spamhaus DBL as botnet C&C";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"DBL_ABUSE" {
|
|
weight = 6.5;
|
|
description = "A domain in the message is listed in Spamhaus DBL as abused legit spam";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"DBL_ABUSE_REDIR" {
|
|
weight = 1.5;
|
|
description = "A domain in the message is listed in Spamhaus DBL as spammed redirector domain";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"DBL_ABUSE_PHISH" {
|
|
weight = 7.5;
|
|
description = "A domain in the message is listed in Spamhaus DBL as abused legit phish";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"DBL_ABUSE_MALWARE" {
|
|
weight = 7.5;
|
|
description = "A domain in the message is listed in Spamhaus DBL as abused legit malware";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"DBL_ABUSE_BOTNET" {
|
|
weight = 5.5;
|
|
description = "A domain in the message is listed in Spamhaus DBL as abused legit botnet C&C";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"DBL_PROHIBIT" {
|
|
weight = 0.0;
|
|
description = "DBL uribl IP queries prohibited!";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"DBL_BLOCKED_OPENRESOLVER" {
|
|
weight = 0.0;
|
|
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
|
|
one_shot = true;
|
|
groups = ["spamhaus", "blocked"];
|
|
}
|
|
"DBL_BLOCKED" {
|
|
weight = 0.0;
|
|
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
|
|
one_shot = true;
|
|
groups = ["spamhaus", "blocked"];
|
|
}
|
|
|
|
"URIBL_MULTI" {
|
|
weight = 0.0;
|
|
description = "Unrecognised result from URIBL.com";
|
|
one_shot = true;
|
|
groups = ["uribl"];
|
|
}
|
|
"URIBL_BLOCKED" {
|
|
weight = 0.0;
|
|
description = "URIBL.com: query refused, likely due to policy/overusage";
|
|
one_shot = true;
|
|
groups = ["uribl", "blocked"];
|
|
}
|
|
"URIBL_BLACK" {
|
|
weight = 7.5;
|
|
description = "A domain in the message is listed in URIBL.com black";
|
|
one_shot = true;
|
|
groups = ["uribl"];
|
|
}
|
|
"URIBL_RED" {
|
|
weight = 3.5;
|
|
description = "A domain in the message is listed in URIBL.com red";
|
|
one_shot = true;
|
|
groups = ["uribl"];
|
|
}
|
|
"URIBL_GREY" {
|
|
weight = 1.5;
|
|
description = "A domain in the message is listed in URIBL.com grey";
|
|
one_shot = true;
|
|
groups = ["uribl"];
|
|
}
|
|
|
|
"SPAMHAUS_ZEN_URIBL" {
|
|
ignore = true;
|
|
weight = 0.0;
|
|
description = "Unrecognised result from Spamhaus ZEN URIBL";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"URIBL_SBL" {
|
|
ignore = true;
|
|
weight = 6.5;
|
|
description = "A domain in the message body resolves to an IP listed in Spamhaus SBL";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"URIBL_SBL_CSS" {
|
|
ignore = true;
|
|
weight = 6.5;
|
|
description = "A domain in the message body resolves to an IP listed in Spamhaus CSS";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"URIBL_XBL" {
|
|
ignore = true;
|
|
weight = 1.5;
|
|
description = "A domain in the message body resolves to an IP listed in Spamhaus XBL";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"URIBL_PBL" {
|
|
ignore = true;
|
|
weight = 0.01;
|
|
description = "A domain in the message body resolves to an IP listed in Spamhaus PBL";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
"URIBL_DROP" {
|
|
ignore = true;
|
|
weight = 5.0;
|
|
description = "A domain in the message body resolves to an IP listed in Spamhaus DROP";
|
|
one_shot = true;
|
|
groups = ["spamhaus"];
|
|
}
|
|
}
|