Explorar o código

[Rspamd] Improve spoofing detection

andryyy %!s(int64=6) %!d(string=hai) anos
pai
achega
9f00d956f1

+ 4 - 0
data/conf/rspamd/local.d/composites.conf

@@ -16,3 +16,7 @@ SOGO_CONTACT_EXCLUDE_FWD_HOST {
 SOGO_CONTACT_SPOOFED {
   expression = "(R_SPF_PERMFAIL | R_SPF_SOFTFAIL | R_SPF_FAIL) & ~SOGO_CONTACT";
 }
+SPOOFED_UNAUTH {
+  expression = "UNAUTH_MAILCOW_DOMAIN & !MAILCOW_WHITE & !R_SPF_ALLOW";
+  score = 5.0;
+}

+ 8 - 0
data/conf/rspamd/local.d/multimap.conf

@@ -83,3 +83,11 @@ GLOBAL_RCPT_BL {
   prefilter = true;
   action = "reject";
 }
+
+UNAUTH_MAILCOW_DOMAIN {
+  type = "header";
+  header = "from";
+  filter = "email:domain";
+  nflags = ["authenticated"];
+  map = "redis://DOMAIN_MAP";
+}