Domů Procházet Nápověda
Přihlásit se
mirrors
/
mailcow-dockerized
zrcadlo https://github.com/mailcow/mailcow-dockerized
2
0
Rozštěpit 0
Soubory Úkoly 0 Wiki
Větev: feat/python-bootstrapper
Větve Značky
mailcow-dockeri...
/
data
/
conf
/
rspamd
/
local.d
/
composites.conf

composites.conf 3.8 KB
Trvalý odkaz Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110 
  1. MX_IMPLICIT {
    2. 

  2.   expression = "MX_GOOD & MX_MISSING";
    3. 

  3.   score = -0.01;
    4. 

  4. }
    5. 

  5. VIRUS_FOUND {
    6. 

  6.   expression = "CLAM_VIRUS & !MAILCOW_WHITE";
    7. 

  7.   score = 2000.0;
    8. 

  8. }
    9. 

  9. # Bad policy from free mail providers
    10. 

  10. FREEMAIL_POLICY_FAILURE {
    11. 

  11.   expression = "FREEMAIL_FROM & !DMARC_POLICY_ALLOW & !MAILLIST & !WHITELISTED_FWD_HOST & -g+:policies";
    12. 

  12.   score = 16.0;
    13. 

  13. }
    14. 

  14. # Applies to freemail with undisclosed recipients
    15. 

  15. FREEMAIL_TO_UNDISC_RCPT {
    16. 

  16.   expression = "FREEMAIL_FROM & ( MISSING_TO | R_UNDISC_RCPT | TO_EQ_FROM )";
    17. 

  17.   score = 5.0;
    18. 

  18. }
    19. 

  19. # Bad policy from non-whitelisted senders
    20. 

  20. # Remove SOGO_CONTACT symbol for fwd hosts and senders with broken policy
    21. 

  21. SOGO_CONTACT_EXCLUDE {
    22. 

  22.   expression = "(-WHITELISTED_FWD_HOST | -g+:policies) & ^SOGO_CONTACT & !DMARC_POLICY_ALLOW";
    23. 

  23. }
    24. 

  24. # Remove MAILCOW_WHITE symbol for senders with broken policy recieved not from fwd hosts
    25. 

  25. MAILCOW_WHITE_EXCLUDE {
    26. 

  26.   expression = "^MAILCOW_WHITE & (-DMARC_POLICY_REJECT | -DMARC_POLICY_QUARANTINE | -R_SPF_PERMFAIL) & !WHITELISTED_FWD_HOST";
    27. 

  27. }
    28. 

  28. # Spoofed header from and broken policy (excluding sieve host, rspamd host, whitelisted senders, authenticated senders and forward hosts)
    29. 

  29. SPOOFED_UNAUTH {
    30. 

  30.   expression = "!MAILCOW_AUTH & !MAILCOW_WHITE & !RSPAMD_HOST & !SIEVE_HOST & MAILCOW_DOMAIN_HEADER_FROM & !WHITELISTED_FWD_HOST & -g+:policies";
    31. 

  31.   score = 50.0;
    32. 

  32. }
    33. 

  33. # Only apply to inbound unauthed and not whitelisted
    34. 

  34. OLEFY_MACRO {
    35. 

  35.   expression = "!MAILCOW_AUTH & !MAILCOW_WHITE & OLETOOLS";
    36. 

  36.   score = 20.0;
    37. 

  37.   policy = "remove_weight";
    38. 

  38. }
    39. 

  39. # Applies to a content filter map
    40. 

  40. BAD_WORD_BAD_TLD {
    41. 

  41.   expression = "FISHY_TLD & ( BAD_WORDS | BAD_WORDS_DE )";
    42. 

  42.   score = 10.0;
    43. 

  43. }
    44. 

  44. # Forged with bad policies and not fwd host, keep bad policy symbols
    45. 

  45. FORGED_W_BAD_POLICY {
    46. 

  46.   expression = "( -g+:policies | -R_SPF_NA) & ( ~FROM_NEQ_ENVFROM | ~FORGED_SENDER ) & !WHITELISTED_FWD_HOST & !DMARC_POLICY_ALLOW";
    47. 

  47.   score = 3.0;
    48. 

  48. }
    49. 

  49. # Keep negative (good) scores for rbl, policies and hfilter, disable neural group
    50. 

  50. WL_FWD_HOST {
    51. 

  51.   expression = "-WHITELISTED_FWD_HOST & (^g+:rbl | ^g+:policies | ^g+:hfilter | ^g:neural)";
    52. 

  52. }
    53. 

  53. # Exclude X-Spam like flags from scoring from fwd and sieve hosts
    54. 

  54. UPSTREAM_CHECKS_EXCLUDE_FWD_HOST {
    55. 

  55.   expression = "(-SIEVE_HOST | -WHITELISTED_FWD_HOST) & (^UNITEDINTERNET_SPAM | ^SPAM_FLAG | ^KLMS_SPAM | ^AOL_SPAM | ^MICROSOFT_SPAM)";
    56. 

  56. }
    57. 

  57. # Remove fuzzy group from bounces
    58. 

  58. BOUNCE_FUZZY {
    59. 

  59.   expression = "-BOUNCE & ^g+:fuzzy";
    60. 

  60. }
    61. 

  61. # Remove bayes ham if fuzzy denied
    62. 

  62. FUZZY_HAM_MISMATCH {
    63. 

  63.   expression = "( -FUZZY_DENIED | -MAILCOW_FUZZY_DENIED | -LOCAL_FUZZY_DENIED ) & ( ^BAYES_HAM | ^NEURAL_HAM_LONG | ^NEURAL_HAM_SHORT )";
    64. 

  64. }
    65. 

  65. # Remove bayes spam if local fuzzy white
    66. 

  66. FUZZY_SPAM_MISMATCH {
    67. 

  67.   expression = "( -LOCAL_FUZZY_WHITE ) & ( ^BAYES_SPAM | ^NEURAL_SPAM_LONG | ^NEURAL_SPAM_SHORT )";
    68. 

  68. }
    69. 

  69. WL_FWD_HOST {
    70. 

  70.   expression = "-WHITELISTED_FWD_HOST & (^g+:rbl | ^g+:policies | ^g+:hfilter | ^g:neural)";
    71. 

  71. }
    72. 

  72. ENCRYPTED_CHAT {
    73. 

  73.   expression = "CHAT_VERSION_HEADER & ENCRYPTED_PGP";
    74. 

  74. }
    75. 

  75. 

  76. CLAMD_SPAM_FOUND {
    77. 

  77.   expression = "CLAM_SECI_SPAM & !MAILCOW_WHITE";
    78. 

  78.   description = "Probably Spam, Securite Spam Flag set through ClamAV";
    79. 

  79.   score = 5;
    80. 

  80. }
    81. 

  81. 

  82. CLAMD_BAD_PDF {
    83. 

  83.   expression = "CLAM_SECI_PDF & !MAILCOW_WHITE";
    84. 

  84.   description = "Bad PDF Found, Securite bad PDF Flag set through ClamAV";
    85. 

  85.   score = 8;
    86. 

  86. }
    87. 

  87. 

  88. CLAMD_BAD_JPG {
    89. 

  89.   expression = "CLAM_SECI_JPG & !MAILCOW_WHITE";
    90. 

  90.   description = "Bad JPG Found, Securite bad JPG Flag set through ClamAV";
    91. 

  91.   score = 8;
    92. 

  92. }
    93. 

  93. 

  94. CLAMD_ASCII_MALWARE {
    95. 

  95.   expression = "CLAM_SECI_ASCII & !MAILCOW_WHITE";
    96. 

  96.   description = "ASCII malware found, Securite ASCII malware Flag set through ClamAV";
    97. 

  97.   score = 8;
    98. 

  98. }
    99. 

  99. 

  100. CLAMD_HTML_MALWARE {
    101. 

  101.   expression = "CLAM_SECI_HTML & !MAILCOW_WHITE";
    102. 

  102.   description = "HTML malware found, Securite HTML malware Flag set through ClamAV";
    103. 

  103.   score = 8;
    104. 

  104. }
    105. 

  105. 

  106. CLAMD_JS_MALWARE {
    107. 

  107.   expression = "CLAM_SECI_JS & !MAILCOW_WHITE";
    108. 

  108.   description = "JS malware found, Securite JS malware Flag set through ClamAV";
    109. 

  109.   score = 8;
    110. 

  110. }
    111.