From 2d3826fa4004a594fe59b42ae3fedbafdee27238 Mon Sep 17 00:00:00 2001
From: heraklit256 <37872459+heraklit256@users.noreply.github.com#>
Date: Thu, 31 May 2018 14:54:40 +0200
Subject: [PATCH] add rule for rogue "strongmail" MTA

---
 rules/regexp/headers.lua | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index 5658608fb4..a7300e2b87 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -589,11 +589,19 @@ reconf['YANDEX_RU_MAILER'] = {
 -- Detect 1C v8.2 and v8.3 mailers
 reconf['MAILER_1C_8'] = {
     re = 'X-Mailer=/^1C:Enterprise 8\\.[23]$/H',
-    score = 0,
+    score = 0.0,
     description = 'Sent with 1C:Enterprise 8',
     group = 'header'
 }
 
+-- Detect rogue 'strongmail' MTA with IPv4 and '(-)' in Received line
+reconf['STRONGMAIL'] = {
+    re = [[Received=/^from\s+strongmail\s+\(\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\) by \S+ \(-\); /mH]],
+    score = 6.0,
+    description = 'Sent via rogue "strongmail" MTA',
+    group = 'header'
+}
+
 -- Two received headers with ip addresses
 local double_ip_spam_1 = 'Received=/from \\[\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\] by \\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3} with/H'
 local double_ip_spam_2 = 'Received=/from\\s+\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\s+by\\s+\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3};/H'
-- 
2.47.3