|
|
@@ -9,7 +9,7 @@ VIRUS_FOUND {
|
|
|
# Bad policy from non-whitelisted senders
|
|
|
# Remove SOGO_CONTACT symbol for fwd hosts and senders with broken policy
|
|
|
SOGO_CONTACT_EXCLUDE {
|
|
|
- expression = "(-WHITELISTED_FWD_HOST | -g+:policies) & ^SOGO_CONTACT";
|
|
|
+ expression = "(-WHITELISTED_FWD_HOST | -g+:policies) & ^SOGO_CONTACT & !DMARC_POLICY_ALLOW";
|
|
|
}
|
|
|
# Spoofed header from and broken policy (excluding sieve host, rspamd host, whitelisted senders, authenticated senders and forward hosts)
|
|
|
SPOOFED_UNAUTH {
|
|
|
@@ -29,7 +29,7 @@ BAD_WORD_BAD_TLD {
|
|
|
}
|
|
|
# Forged with bad policies and not fwd host, keep bad policy symbols
|
|
|
FORGED_W_BAD_POLICY {
|
|
|
- expression = "( -g+:policies | -R_SPF_NA) & ( ~FROM_NEQ_ENVFROM & ~FORGED_SENDER ) & !WHITELISTED_FWD_HOST"
|
|
|
+ expression = "( -g+:policies | -R_SPF_NA) & ( ~FROM_NEQ_ENVFROM | ~FORGED_SENDER ) & !WHITELISTED_FWD_HOST & !DMARC_POLICY_ALLOW"
|
|
|
score = 3.0;
|
|
|
}
|
|
|
# Keep negative (good) scores for rbl, policies and hfilter, disable neural group
|
andryyy