From: heraklit256 <37872459+heraklit256@users.noreply.github.com#>
Date: Tue, 7 Aug 2018 14:34:30 +0000 (+0200)
Subject: add negative weight to DNSWL entries
X-Git-Tag: 1.8.0~275^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1ecd691570fcdbb3d093948d78dbacd33f8d3ea3;p=thirdparty%2Frspamd.git

add negative weight to DNSWL entries

However, a message must be correctly DKIM signed to get some more
negative weight in case an received IP is listed with medium or
high trust at DNSWL.

This supersedes a first patch without the DKIM condition.
---

diff --git a/conf/composites.conf b/conf/composites.conf
index a07b7020fa..9d204344ce 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -83,9 +83,18 @@ composites {
     }
     RCVD_UNAUTH_PBL {
         expression = "RECEIVED_PBL & -RCVD_VIA_SMTP_AUTH";
-        description = "Relayed through ZEN PBL IP without sufficient authentication";
+        description = "Relayed through ZEN PBL IP without sufficient authentication (possible indicating an open relay)";
         score = 2.0;
-        policy = "leave";
+    }
+    RCVD_DKIM_DNSWL_MED {
+        expression = "R_DKIM_ALLOW & RCVD_IN_DNSWL_MED";
+        description = "Sufficiently DKIM signed and received from IP with medium trust at DNSWL";
+        score = -1.5;
+    }
+    RCVD_DKIM_DNSWL_HI {
+        expression = "R_DKIM_ALLOW & RCVD_IN_DNSWL_HI";
+        description = "Sufficiently DKIM signed and received from IP with high trust at DNSWL";
+        score = -3.5;
     }
 
     .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
diff --git a/conf/scores.d/rbl_group.conf b/conf/scores.d/rbl_group.conf
index 6c48cf3bb5..2b9d9483c4 100644
--- a/conf/scores.d/rbl_group.conf
+++ b/conf/scores.d/rbl_group.conf
@@ -29,15 +29,15 @@ symbols = {
         description = "Sender listed at https://www.dnswl.org, no trust";
     }
     "RCVD_IN_DNSWL_LOW" {
-        weight = 0.0;
+        weight = -0.5;
         description = "Sender listed at https://www.dnswl.org, low trust";
     }
     "RCVD_IN_DNSWL_MED" {
-        weight = 0.0;
+        weight = -0.5;
         description = "Sender listed at https://www.dnswl.org, medium trust";
     }
     "RCVD_IN_DNSWL_HI" {
-        weight = 0.0;
+        weight = -0.5;
         description = "Sender listed at https://www.dnswl.org, high trust";
     }