|
|
@@ -21,6 +21,10 @@ FREEMAIL_TO_UNDISC_RCPT {
|
|
|
SOGO_CONTACT_EXCLUDE {
|
|
|
expression = "(-WHITELISTED_FWD_HOST | -g+:policies) & ^SOGO_CONTACT & !DMARC_POLICY_ALLOW";
|
|
|
}
|
|
|
+# Remove MAILCOW_WHITE symbol for senders with broken policy recieved not from fwd hosts
|
|
|
+MAILCOW_WHITE_EXCLUDE {
|
|
|
+ expression = "^MAILCOW_WHITE & (-DMARC_POLICY_REJECT | -DMARC_POLICY_QUARANTINE | -R_SPF_PERMFAIL) & !WHITELISTED_FWD_HOST";
|
|
|
+}
|
|
|
# Spoofed header from and broken policy (excluding sieve host, rspamd host, whitelisted senders, authenticated senders and forward hosts)
|
|
|
SPOOFED_UNAUTH {
|
|
|
expression = "!MAILCOW_AUTH & !MAILCOW_WHITE & !RSPAMD_HOST & !SIEVE_HOST & MAILCOW_DOMAIN_HEADER_FROM & !WHITELISTED_FWD_HOST & -g+:policies";
|
|
|
@@ -103,4 +107,4 @@ CLAMD_JS_MALWARE {
|
|
|
expression = "CLAM_SECI_JS & !MAILCOW_WHITE";
|
|
|
description = "JS malware found, Securite JS malware Flag set through ClamAV";
|
|
|
score = 8;
|
|
|
-}
|
|
|
+}
|
Niklas Meyer