Merge pull request #4644 from fatalbanana/blankspam

[Rules] Blank spam detection
rspamd · Oct 13, 2023 · e529fac · e529fac
2 parents 79edca0 + c17ffcd
commit e529fac
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 4 deletions.
diff --git a/conf/composites.conf b/conf/composites.conf
@@ -16,6 +16,12 @@
 
 composites {
 
+  SHORT_PART_BAD_HEADERS {
+    expression = "MISSING_ESSENTIAL_HEADERS & SINGLE_SHORT_PART";
+    group = "blankspam";
+    policy = "leave";
+    score = 7.0;
+  }
   FORGED_RECIPIENTS_MAILLIST {
     expression = "FORGED_RECIPIENTS & -MAILLIST";
   }

diff --git a/rules/headers_checks.lua b/rules/headers_checks.lua
@@ -547,14 +547,17 @@ local headers_unique = {
   ['Subject'] = 0.7
 }
 
-rspamd_config.MULTIPLE_UNIQUE_HEADERS = {
+local multiple_unique_headers_id = rspamd_config:register_symbol {
+  name = 'MULTIPLE_UNIQUE_HEADERS',
   callback = function(task)
     local res = 0
     local max_mult = 0.0
     local res_tbl = {}
+    local found = 0
 
     for hdr, mult in pairs(headers_unique) do
       local hc = task:get_header_count(hdr)
+      found = found + hc
 
       if hc > 1 then
         res = res + 1
@@ -566,10 +569,10 @@ rspamd_config.MULTIPLE_UNIQUE_HEADERS = {
     end
 
     if res > 0 then
-      return true, max_mult, table.concat(res_tbl, ',')
+      task:insert_result('MULTIPLE_UNIQUE_HEADERS', max_mult, table.concat(res_tbl, ','))
+    elseif found == 0 then
+      task:insert_result('MISSING_ESSENTIAL_HEADERS', 1.0)
     end
-
-    return false
   end,
 
   score = 7.0,
@@ -578,6 +581,15 @@ rspamd_config.MULTIPLE_UNIQUE_HEADERS = {
   description = 'Repeated unique headers'
 }
 
+rspamd_config:register_symbol {
+  name = 'MISSING_ESSENTIAL_HEADERS',
+  score = 7.0,
+  group = 'blankspam',
+  parent = multiple_unique_headers_id,
+  type = 'virtual',
+  description = 'Common headers were entirely absent',
+}
+
 rspamd_config.MISSING_FROM = {
   callback = function(task)
     local from = task:get_header('From')

diff --git a/rules/misc.lua b/rules/misc.lua
@@ -853,3 +853,12 @@ rspamd_config:register_symbol {
   score = -2.0,
   one_shot = true
 }
+
+rspamd_config.COMPLETELY_EMPTY = {
+  callback = function(task)
+    return (task:get_size() == 0)
+  end,
+  flags = 'empty',
+  group = 'blankspam',
+  score = 15
+}
diff --git a/rules/parts.lua b/rules/parts.lua
@@ -0,0 +1,11 @@
+rspamd_config.SINGLE_SHORT_PART = {
+  callback = function(task)
+    local parts = task:get_parts()
+    if #parts ~= 1 then return end
+    local text = parts[1]:get_text()
+    if not text then return end
+    if text:get_length() >= 64 then return end
+    return true
+  end,
+  score = 0.0,
+}
diff --git a/rules/rspamd.lua b/rules/rspamd.lua
@@ -35,6 +35,7 @@ dofile(local_rules .. '/subject_checks.lua')
 dofile(local_rules .. '/misc.lua')
 dofile(local_rules .. '/forwarding.lua')
 dofile(local_rules .. '/mid.lua')
+dofile(local_rules .. '/parts.lua')
 dofile(local_rules .. '/bitcoin.lua')
 dofile(local_rules .. '/bounce.lua')
 dofile(local_rules .. '/content.lua')