local.cf.j2 9.21 KB
Newer Older
1
2
3
4
#
# {{ ansible_managed }}
#

5
6
7
8
9
10
11
12
13
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################

14
dns_server 127.0.0.1
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

#   Add *****SPAM***** to the Subject header of spam e-mails
#
# rewrite_header Subject *****SPAM*****


#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
#
# report_safe 1


#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
#
# trusted_networks 212.17.35.


#   Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock


#   Set the threshold at which a message is considered spam (default: 5.0)
#
40
required_score 5.0
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60


#   Use Bayesian classifier (default: 1)
#
# use_bayes 1


#   Bayesian classifier auto-learning (default: 1)
#
# bayes_auto_learn 1


#   Set headers which may provide inappropriate cues to the Bayesian
#   classifier
#
# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status

#whitelist_to postmaster@*
61
62
63
64
#   Whether to decode non- UTF-8 and non-ASCII textual parts and recode
#   them to UTF-8 before the text is given over to rules processing.
#
# normalize_charset 1
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

#   Some shortcircuiting, if the plugin is enabled
# 
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
#   default: strongly-whitelisted mails are *really* whitelisted now, if the
#   shortcircuiting plugin is active, causing early exit to save CPU load.
#   Uncomment to turn this on
#
 #shortcircuit USER_IN_WHITELIST       ham
 #shortcircuit USER_IN_WHITELIST_TO    ham
# shortcircuit USER_IN_DEF_WHITELIST   on
# shortcircuit USER_IN_ALL_SPAM_TO     on
# shortcircuit SUBJECT_IN_WHITELIST    on

#   the opposite; blacklisted mails can also save CPU
#
 #shortcircuit USER_IN_BLACKLIST       on
 #shortcircuit USER_IN_BLACKLIST_TO    on
# shortcircuit SUBJECT_IN_BLACKLIST    on

#   if you have taken the time to correctly specify your "trusted_networks",
#   this is another good way to save CPU
#
# shortcircuit ALL_TRUSTED             on

#   and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99                spam
# shortcircuit BAYES_00                ham

endif # Mail::SpamAssassin::Plugin::Shortcircuit

Florian Pritz's avatar
Florian Pritz committed
98
99
loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody

100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTSSCORES_ autolearn=_AUTOLEARN_ version=_VERSION_

# enable SPF plugin
loadplugin Mail::SpamAssassin::Plugin::SPF

# disable suspicious IADB stuff (they whitelisted some spam mails)
score __RCVD_IN_IADB 0

# reduce the positive weight of returnpath CERTIFIED/SAFE results
score RCVD_IN_RP_CERTIFIED -0.01 # default -3
score RCVD_IN_RP_SAFE -0.001      # default -2

# increase scores of some rules
score RCVD_IN_BL_SPAMCOP_NET 3.5
score RCVD_IN_SBL 3.5
score RCVD_IN_XBL 3.5
score URIBL_SBL 3.5
score RCVD_IN_SORBS_SPAM 3.5
score RCVD_IN_BRBL_LASTEXT 2.0

score RDNS_NONE 3.5
score RDNS_DYNAMIC 1.6
score HELO_MISC_IP 0.2
score UNPARSEABLE_RELAY 1.0
score FREEMAIL_FORGED_REPLYTO 2.0

score BAYES_00 -1.0
score BAYES_05 -0.5
score BAYES_20 0
score BAYES_40 1.0

score BAYES_50 1.25
#score BAYES_60 3.0
#score BAYES_80 3.5
#score BAYES_90 4.0
#score BAYES_95 4.9
#score BAYES_99 5.0

score MISSING_HEADERS 1.3
score LOTS_OF_MONEY 0.5
score FREEMAIL_FROM 0.5
score T_DKIM_INVALID 1.0

score MONEY_FRAUD_3 0.5
score MONEY_FRAUD_5 0.8
score MONEY_FRAUD_8 1.0

score UPPERCASE_50_75 2.0
score UPPERCASE_75_100 2.5

# NIX
header    RCVD_IN_NIX_SPAM  eval:check_rbl('nix-spam-lastexternal','ix.dnsbl.manitu.net.')
describe  RCVD_IN_NIX_SPAM  Listed in NIX-SPAM DNSBL (www.dnsbl.manitu.net)
tflags    RCVD_IN_NIX_SPAM  net
score     RCVD_IN_NIX_SPAM  3.5

# YANDEX
# also matches valid amazon emails
# TODO: need to fix!
#header LOCAL_YANDEX X-Mailer-RecptId =~ /[0-9]+/
#score LOCAL_YANDEX 5


# recent spam with weird URLs in List-Unsubscribe header
header   LOCAL_WEIRD_UNSUBSCRIBE List-Unsubscribe =~ /(tarif|sicher|sieger|wechseln|stepstone|angebot|versicherung)/i
describe LOCAL_WEIRD_UNSUBSCRIBE Contains weird HTTP URLs in List-Unsubscribe header
score    LOCAL_WEIRD_UNSUBSCRIBE 5.0

# cancer stuff
header   __LOCAL_DISEASE_SUBJ Subject =~ /\b(cancer|ill|doctor|survive|disease|illness|admitted|hospital)\b/i
body     __LOCAL_DISEASE_BODY /\b(cancer|ill|doctor|survive|disease|illness|admitted|hospital)\b/i
meta     LOCAL_DISEASE ((__LOCAL_DISEASE_SUBJ + __LOCAL_DISEASE_BODY) > 0)
describe LOCAL_DISEASE Contains disease keywords in body and/or subject
score    LOCAL_DISEASE 1.5

# charity stuff
header   __LOCAL_CHARITY_SUBJ Subject =~ /\b(charity|donation|donate|humanity|orphan|orphanage|widow)\b/i
body     __LOCAL_CHARITY_BODY /\b(charity|donation|donate|humanity|orphan|orphanage|widow)\b/i
meta     LOCAL_CHARITY ((__LOCAL_CHARITY_SUBJ + __LOCAL_CHARITY_BODY) > 0)
describe LOCAL_CHARITY Contains charity or donate keywords in body and/or subject
score    LOCAL_CHARITY 1.5

# credit stuff
header   __LOCAL_CREDIT_SUBJ Subject =~ /\b(darlehen|kredit|schufa)\b/i
body     __LOCAL_CREDIT_BODY /\b(darlehen|kredit|schufa)\b/i
meta     LOCAL_CREDIT ((__LOCAL_CREDIT_SUBJ + __LOCAL_CREDIT_BODY) > 0)
describe LOCAL_CREDIT Contains credit keywords in body and/or subject
score    LOCAL_CREDIT 1.5

header LOCAL_CREDITOFFER Subject =~ /\bDarlehensangebot\b/i
score LOCAL_CREDITOFFER 1

# extremely long subjects
header   LOCAL_LONG_SUBJECT_250 Subject =~ /^.{250,}/
describe LOCAL_LONG_SUBJECT_250 Subject field is extremely large (>250)
score    LOCAL_LONG_SUBJECT_250 5

header   LOCAL_LONG_SUBJECT_500 Subject =~ /^.{500,}/
describe LOCAL_LONG_SUBJECT_500 Subject field is extremely large (>500)
score    LOCAL_LONG_SUBJECT_500 2.1

# delivery notifications
202
header LOCAL_ITEM_DELIVERY Subject =~ /Item Delivery Notification/
203
204
205
206
score  LOCAL_ITEM_DELIVERY 2.5

header __LOCAL_PARCEL Subject =~ /\b[Pp]arcel\b/
header __LOCAL_DELIVERY Subject =~ /\bdelivery?\b/
207
meta LOCAL_PARCEL_DELIVERY ((__LOCAL_PARCEL + __LOCAL_DELIVERY) > 1)
208
209
describe LOCAL_PARCEL_DELIVERY Subject contains words delivery? and parcel
score LOCAL_PARCEL_DELIVERY 2.5
210
211
212
213

header LOCAL_PACKAGE_DELIVERY Subject =~ /Package Delivery Notification/
score LOCAL_PACKAGE_DELIVERY 2.5

214
# company documents
215
header LOCAL_COMPANY_DOC Subject =~ /Company Documents/
216
217
218
219
score  LOCAL_COMPANY_DOC 2.5

header LOCAL_XEROX_1 Subject =~ /Scanned Image from a Xerox WorkCentre/
score LOCAL_XEROX_1 5
220
221
222
223
224


header LOCAL_SPAM1 Subject =~ /Reclame sus facturas impagadas/
score LOCAL_SPAM1 2.5

225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
body __LOCAL_VERTRIEB /\bvertrieb/i
body __LOCAL_VERKAUF /\b(ab)?verkauf\b/i
body __LOCAL_ANGEBOT /\bAngebot\b/i
body __LOCAL_REGAL_BODY /\b(lager|schwer(last)?|stahl)regale?\b/i
meta LOCAL_REGAL ((__LOCAL_VERKAUF || __LOCAL_ANGEBOT || __LOCAL_VERTRIEB) && __LOCAL_REGAL_BODY)
describe LOCAL_REGAL Body contains sales pitch for some type of shelf
score LOCAL_REGAL 1

body LOCAL_ZION_GALIANO /\bZion-Galiano-Vertrieb\b/i
score LOCAL_ZION_GALIANO 3

header LOCAL_LOTTERY Subject =~ /\bLottery\b/i
score LOCAL_LOTTERY 0.2

header LOCAL_WINNER Subject =~ /\bWinner\b/i
score LOCAL_WINNER 0.2

meta LOCAL_LOTTERY_WINNER (LOCAL_LOTTERY && LOCAL_WINNER)
score LOCAL_LOTTERY_WINNER 1.2

header LOCAL_CREDIT Subject =~ /\bKredit\b/i
score LOCAL_CREDIT 0.1

header LOCAL_OFFER Subject =~ /\bAngebot\b/i
score LOCAL_OFFER 0.1

meta LOCAL_CREDIT_OFFER (LOCAL_OFFER && LOCAL_CREDIT)
score LOCAL_CREDIT_OFFER 0.8

254
255
256
257
258
259
header __LOCAL_ARABIC_STUDENT From =~ /student.*1\./
header __LOCAL_ARABIC_STUDENT_MAILER X-Mailer =~ /^MBM 7\.9-US$/
meta LOCAL_ARABIC_STUDENT (__LOCAL_ARABIC_STUDENT && __LOCAL_ARABIC_STUDENT_MAILER)
score LOCAL_ARABIC_STUDENT 2


260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
# Attachments
loadplugin Mail::SpamAssassin::Plugin::MIMEHeader

mimeheader ZIP_ATTACHED Content-Type =~ /zip/i
describe ZIP_ATTACHED email contains a zip attachment
score ZIP_ATTACHED 1.0

mimeheader MSWORD_ATTACHED Content-Type =~ /ms-?word/i
describe MSWORD_ATTACHED email contains a msword attachment
score MSWORD_ATTACHED 1.0

##################################################
# from: https://forum.hetzner.de/thread/24022-spamassassin-filterregel/?postID=243392#post243392
add_header all BL-Results "_RBL_"
### Senderbase Reputation checks (rf.senderbase.org)
header __R_SB_FR eval:check_rbl_txt('rf.senderbase.org-lastexternal','rf.senderbase.org')
describe __R_SB_FR IP reputation of the sender at SenderBase
tflags __R_SB_FR net
reuse __R_SB_FR


header R_SB_R_NEG3 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^-[3-9]\.')
describe R_SB_R_NEG3 SenderBase Reputation is -3 to -10
score R_SB_R_NEG3 5
reuse R_SB_R_NEG3


header R_SB_R_NEU0 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^-[0-2]\.')
describe R_SB_R_NEU0 SenderBase Reputation is 0 to -2.9
score R_SB_R_NEU0 2
reuse R_SB_R_NEU0


header R_SB_R_POS1 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^[0-3]\.')
describe R_SB_R_POS1 SenderBase Reputation is 0 - 2.9
score R_SB_R_POS1 0.1
reuse R_SB_R_POS1

298

299
300
301
302
303
header R_SB_FR_POS3 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^[3-9]\.')
describe R_SB_FR_POS3 SenderBase Reputation is 3.0 - 9.9
score R_SB_FR_POS3 -0.5
reuse R_SB_FR_POS3
###################################################