From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Mon, 8 Oct 2018 15:22:43 +0000 (+0100)
Subject: Merge pull request #2543 from heraklit256/extended-dnswl-scores
X-Git-Tag: 1.8.1~71
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7b1dd5c1a0e3fdcfba31453731fb46361d637bf6;p=thirdparty%2Frspamd.git

Merge pull request #2543 from heraklit256/extended-dnswl-scores

leaving original symbols if DNSWL composite rules are triggered
---

7b1dd5c1a0e3fdcfba31453731fb46361d637bf6
diff --cc conf/composites.conf
index 7197adc8ff,0328a53125..0de2ee2a01
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@@ -88,32 -85,20 +88,35 @@@ composites 
          expression = "RECEIVED_PBL & -RCVD_VIA_SMTP_AUTH";
          description = "Relayed through ZEN PBL IP without sufficient authentication (possible indicating an open relay)";
          score = 2.0;
+         policy = "leave";
      }
      RCVD_DKIM_ARC_DNSWL_MED {
 -        expression = "(R_DKIM_ALLOW | ARC_ALLOW ) & RCVD_IN_DNSWL_MED";
 +        expression = "(R_DKIM_ALLOW | ARC_ALLOW) & RCVD_IN_DNSWL_MED";
          description = "Sufficiently DKIM/ARC signed and received from IP with medium trust at DNSWL";
-         score = -1.5;
+         score = -0.5;
+         policy = "leave";
      }
      RCVD_DKIM_ARC_DNSWL_HI {
 -        expression = "(R_DKIM_ALLOW | ARC_ALLOW ) & RCVD_IN_DNSWL_HI";
 +        expression = "(R_DKIM_ALLOW | ARC_ALLOW) & RCVD_IN_DNSWL_HI";
          description = "Sufficiently DKIM/ARC signed and received from IP with high trust at DNSWL";
-         score = -3.5;
+         score = -1.0;
+         policy = "leave";
      }
 +    AUTOGEN_PHP_SPAMMY {
 +        expression = "(HAS_X_POS | HAS_PHPMAILER_SIG | HAS_X_PHP_SCRIPT) & (SUBJECT_ENDS_QUESTION | SUBJECT_ENDS_EXCLAIM | MANY_INVISIBLE_PARTS)";
 +        description = "Message was generated by PHP script and contains some spam indicators";
 +        score = 1.0;
 +    }
 +    PHISH_EMOTION {
 +        expression = "(PHISHING | DBL_PHISH | PHISHED_OPENPHISH | PHISHED_PHISHTANK) & (SUBJECT_ENDS_QUESTION | SUBJECT_ENDS_EXCLAIM)";
 +        description = "Phish message with subject trying to address users emotion";
 +        score = 2.0;
 +    }
 +    HAS_ANON_DOMAIN {
 +        expression = "HAS_GUC_PROXY_URI | URIBL_RED | DBL_ABUSE_REDIR";
 +        description = "Contains one or more domains trying to disguise owner/destination";
 +        score = 0.5;
 +    }
  
      .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
      .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"