summaryrefslogtreecommitdiffstats
path: root/conf/scores.d/surbl_group.conf
diff options
context:
space:
mode:
Diffstat (limited to 'conf/scores.d/surbl_group.conf')
-rw-r--r--conf/scores.d/surbl_group.conf259
1 files changed, 259 insertions, 0 deletions
diff --git a/conf/scores.d/surbl_group.conf b/conf/scores.d/surbl_group.conf
new file mode 100644
index 0000000..25e8ed7
--- /dev/null
+++ b/conf/scores.d/surbl_group.conf
@@ -0,0 +1,259 @@
+# URIBL rules scores
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+description = "URL DNS lists";
+
+max_score = 12.5;
+
+symbols = {
+ "SURBL_BLOCKED" {
+ weight = 0.0;
+ description = "SURBL: query blocked by policy/overusage";
+ one_shot = true;
+ groups = ["surblorg", "blocked"];
+ }
+ "PH_SURBL_MULTI" {
+ weight = 7.5;
+ description = "A domain in the message is listed in SURBL as phishing";
+ one_shot = true;
+ groups = ["surblorg", "phishing"];
+ }
+ "MW_SURBL_MULTI" {
+ weight = 7.5;
+ description = "A domain in the message is listed in SURBL as malware";
+ one_shot = true;
+ groups = ["surblorg"];
+ }
+ "ABUSE_SURBL" {
+ weight = 5.0;
+ description = "A domain in the message is listed in SURBL as abused";
+ one_shot = true;
+ groups = ["surblorg"];
+ }
+ "CRACKED_SURBL" {
+ weight = 5.0;
+ description = "A domain in the message is listed in SURBL as cracked";
+ one_shot = true;
+ groups = ["surblorg"];
+ }
+
+ "RSPAMD_URIBL" {
+ weight = 4.5;
+ description = "Rspamd uribl, bl.rspamd.com";
+ one_shot = true;
+ groups = ["rspamdbl"];
+ }
+ "RSPAMD_EMAILBL" {
+ weight = 2.5;
+ description = "Rspamd emailbl, bl.rspamd.com";
+ one_shot = true;
+ groups = ["rspamdbl"];
+ }
+
+ "MSBL_EBL" {
+ weight = 7.5;
+ description = "MSBL emailbl (https://www.msbl.org/)";
+ one_shot = true;
+ groups = ["ebl"];
+ }
+
+ "MSBL_EBL_GREY" {
+ weight = 0.5; # TODO: test it
+ description = "MSBL emailbl grey list (https://www.msbl.org/)";
+ one_shot = true;
+ groups = ["ebl"];
+ }
+
+ "SEM_URIBL_UNKNOWN" {
+ weight = 0.0;
+ description = "Unrecognised result from Spameatingmonkey URIBL";
+ one_shot = true;
+ groups = ["sem"];
+ }
+ "SEM_URIBL" {
+ weight = 3.5;
+ description = "A domain in the message is listed in Spameatingmonkey URIBL";
+ one_shot = true;
+ groups = ["sem"];
+ }
+
+ "SEM_URIBL_FRESH15_UNKNOWN" {
+ weight = 0.0;
+ description = "Unrecognised result from Spameatingmonkey Fresh15 URIBL";
+ one_shot = true;
+ groups = ["sem"];
+ }
+ "SEM_URIBL_FRESH15" {
+ weight = 3.0;
+ description = "A domain in the message is listed in Spameatingmonkey Fresh15 URIBL (registered in the past 15 days, .AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US only)";
+ one_shot = true;
+ groups = ["sem"];
+ }
+
+ "DBL" {
+ weight = 0.0;
+ description = "Unrecognised result from Spamhaus DBL";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "DBL_SPAM" {
+ weight = 6.5;
+ description = "A domain in the message is listed in Spamhaus DBL as spam";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "DBL_PHISH" {
+ weight = 7.5;
+ description = "A domain in the message is listed in Spamhaus DBL as phishing";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "DBL_MALWARE" {
+ weight = 7.5;
+ description = "A domain in the message is listed in Spamhaus DBL as malware";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "DBL_BOTNET" {
+ weight = 7.5;
+ description = "A domain in the message is listed in Spamhaus DBL as botnet C&C";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "DBL_ABUSE" {
+ weight = 5.0;
+ description = "A domain in the message is listed in Spamhaus DBL as abused legit spam";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "DBL_ABUSE_REDIR" {
+ weight = 5.0;
+ description = "A domain in the message is listed in Spamhaus DBL as spammed redirector domain";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "DBL_ABUSE_PHISH" {
+ weight = 6.5;
+ description = "A domain in the message is listed in Spamhaus DBL as abused legit phish";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "DBL_ABUSE_MALWARE" {
+ weight = 6.5;
+ description = "A domain in the message is listed in Spamhaus DBL as abused legit malware";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "DBL_ABUSE_BOTNET" {
+ weight = 6.5;
+ description = "A domain in the message is listed in Spamhaus DBL as abused legit botnet C&C";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "DBL_PROHIBIT" {
+ weight = 0.0;
+ description = "DBL uribl IP queries prohibited!";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "DBL_BLOCKED_OPENRESOLVER" {
+ weight = 0.0;
+ description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
+ one_shot = true;
+ groups = ["spamhaus", "blocked"];
+ }
+ "DBL_BLOCKED" {
+ weight = 0.0;
+ description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
+ one_shot = true;
+ groups = ["spamhaus", "blocked"];
+ }
+
+ "URIBL_MULTI" {
+ weight = 0.0;
+ description = "Unrecognised result from URIBL.com";
+ one_shot = true;
+ groups = ["uribl"];
+ }
+ "URIBL_BLOCKED" {
+ weight = 0.0;
+ description = "URIBL.com: query refused, likely due to policy/overusage";
+ one_shot = true;
+ groups = ["uribl", "blocked"];
+ }
+ "URIBL_BLACK" {
+ weight = 7.5;
+ description = "A domain in the message is listed in URIBL.com black";
+ one_shot = true;
+ groups = ["uribl"];
+ }
+ "URIBL_RED" {
+ weight = 3.5;
+ description = "A domain in the message is listed in URIBL.com red";
+ one_shot = true;
+ groups = ["uribl"];
+ }
+ "URIBL_GREY" {
+ weight = 1.5;
+ description = "A domain in the message is listed in URIBL.com grey";
+ one_shot = true;
+ groups = ["uribl"];
+ }
+
+ "SPAMHAUS_ZEN_URIBL" {
+ ignore = true;
+ weight = 0.0;
+ description = "Unrecognised result from Spamhaus ZEN URIBL";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "URIBL_SBL" {
+ ignore = true;
+ weight = 6.5;
+ description = "A domain in the message body resolves to an IP listed in Spamhaus SBL";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "URIBL_SBL_CSS" {
+ ignore = true;
+ weight = 5.0;
+ description = "A domain in the message body resolves to an IP listed in Spamhaus CSS";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "URIBL_XBL" {
+ ignore = true;
+ weight = 3.0;
+ description = "A domain in the message body resolves to an IP listed in Spamhaus XBL";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "URIBL_PBL" {
+ ignore = true;
+ weight = 0.01;
+ description = "A domain in the message body resolves to an IP listed in Spamhaus PBL";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+ "URIBL_DROP" {
+ ignore = true;
+ weight = 5.0;
+ description = "A domain in the message body resolves to an IP listed in Spamhaus DROP";
+ one_shot = true;
+ groups = ["spamhaus"];
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-17 07:43:51 +0000