From: heraklit256 <37872459+heraklit256@users.noreply.github.com#>
Date: Thu, 31 May 2018 12:54:40 +0000 (+0200)
Subject: add rule for rogue "strongmail" MTA
X-Git-Tag: 1.7.6~73^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2271%2Fhead;p=thirdparty%2Frspamd.git

add rule for rogue "strongmail" MTA
---

diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index 5658608fb4..a7300e2b87 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -589,11 +589,19 @@ reconf['YANDEX_RU_MAILER'] = {
 -- Detect 1C v8.2 and v8.3 mailers
 reconf['MAILER_1C_8'] = {
     re = 'X-Mailer=/^1C:Enterprise 8\\.[23]$/H',
-    score = 0,
+    score = 0.0,
     description = 'Sent with 1C:Enterprise 8',
     group = 'header'
 }
 
+-- Detect rogue 'strongmail' MTA with IPv4 and '(-)' in Received line
+reconf['STRONGMAIL'] = {
+    re = [[Received=/^from\s+strongmail\s+\(\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\) by \S+ \(-\); /mH]],
+    score = 6.0,
+    description = 'Sent via rogue "strongmail" MTA',
+    group = 'header'
+}
+
 -- Two received headers with ip addresses
 local double_ip_spam_1 = 'Received=/from \\[\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\] by \\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3} with/H'
 local double_ip_spam_2 = 'Received=/from\\s+\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\s+by\\s+\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3};/H'