From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Fri, 22 Jan 2016 18:28:11 +0000 (+0000)
Subject: Add support for forged confirmation headers
X-Git-Tag: 1.1.2~66
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=be5ef60eed2e78298b82ce61fe70004a72f9839d;p=thirdparty%2Frspamd.git

Add support for forged confirmation headers

Issue: #480
Reported by: @AdUser
Patch by: @AdUser
---

diff --git a/rules/misc.lua b/rules/misc.lua
index 8d801809ce..50b857c069 100644
--- a/rules/misc.lua
+++ b/rules/misc.lua
@@ -145,4 +145,43 @@ rspamd_config.BROKEN_HEADERS = {
   score = 1.0,
   group = 'headers',
   description = 'Headers structure is likely broken'
-}
\ No newline at end of file
+}
+
+rspamd_config.HEADER_RCONFIRM_MISMATCH = {
+  callback = function (task)
+    local header_from  = task:get_header('From')
+    local header_cread = task:get_header('X-Confirm-Reading-To')
+
+    if header_from and header_cread then
+      if not string.find(header_from, header_cread) then
+        return true
+      end
+    end
+
+    return false
+  end,
+
+  score = 2.0,
+  group = 'headers',
+  description = 'Read confirmation address is different to from address'
+}
+
+rspamd_config.HEADER_FORGED_MDN = {
+  callback = function (task)
+    local header_mdn = task:get_header('Disposition-Notification-To')
+    local header_rp  = task:get_header('Return-Path')
+
+    if header_mdn and not header_rp  then return true end
+    if header_rp  and not header_mdn then return true end
+
+    if header_mdn ~= header_rp then
+      return true
+    end
+
+    return false
+  end,
+
+  score = 2.0,
+  group = 'headers',
+  description = 'Read confirmation address is different to return path'
+}