You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by mm...@apache.org on 2009/06/29 18:38:37 UTC
svn commit: r789382 - in /spamassassin/trunk/rules: 25_dkim.cf 50_scores.cf
Author: mmartinec
Date: Mon Jun 29 16:38:32 2009
New Revision: 789382
URL: http://svn.apache.org/viewvc?rev=789382&view=rev
Log:
rules/25_dkim.cf, rules/50_scores.cf:
- remove DomainKeys rules (Bug 6098);
- drop scores of ENV_AND_HDR_DKIM_MATCH
and ENV_AND_HDR_SPF_MATCH as a great goldmine
for spammers;
- added new rules DKIM_VALID, DKIM_VALID_AU,
DKIM_ADSP_*, __DKIM_DEPENDABLE;
- dropped scores to 0 for old rules
DKIM_VERIFIED, DKIM_POLICY_*, while keeping them
for compatibility with existing uses .cf files
Modified:
spamassassin/trunk/rules/25_dkim.cf
spamassassin/trunk/rules/50_scores.cf
Modified: spamassassin/trunk/rules/25_dkim.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rules/25_dkim.cf?rev=789382&r1=789381&r2=789382&view=diff
==============================================================================
--- spamassassin/trunk/rules/25_dkim.cf (original)
+++ spamassassin/trunk/rules/25_dkim.cf Mon Jun 29 16:38:32 2009
@@ -27,24 +27,60 @@
ifplugin Mail::SpamAssassin::Plugin::DKIM
-header DKIM_SIGNED eval:check_dkim_signed()
-header DKIM_VERIFIED eval:check_dkim_verified()
+full DKIM_SIGNED eval:check_dkim_signed()
+full DKIM_VALID eval:check_dkim_valid()
+full DKIM_VALID_AU eval:check_dkim_valid_author_sig()
+full __DKIM_DEPENDABLE eval:check_dkim_dependable()
+
+header DKIM_ADSP_NXDOMAIN eval:check_dkim_adsp('N')
+header DKIM_ADSP_DISCARD eval:check_dkim_adsp('D')
+header DKIM_ADSP_ALL eval:check_dkim_adsp('A')
+header DKIM_ADSP_CUSTOM_LOW eval:check_dkim_adsp('1')
+header DKIM_ADSP_CUSTOM_MED eval:check_dkim_adsp('2')
+header DKIM_ADSP_CUSTOM_HIGH eval:check_dkim_adsp('3')
+
+tflags DKIM_SIGNED net
+tflags DKIM_VALID net nice
+tflags DKIM_VALID_AU net nice
+tflags __DKIM_DEPENDABLE net nice
+tflags DKIM_ADSP_NXDOMAIN net
+tflags DKIM_ADSP_DISCARD net
+tflags DKIM_ADSP_ALL net
+tflags DKIM_ADSP_CUSTOM_LOW net
+tflags DKIM_ADSP_CUSTOM_MED net
+tflags DKIM_ADSP_CUSTOM_HIGH net
+
+describe DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
+describe DKIM_VALID Message has at least one valid DKIM or DK signature
+describe DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain
+describe __DKIM_DEPENDABLE A validation failure not attributable to truncation
+
+describe DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS
+describe DKIM_ADSP_DISCARD No valid author signature, domain signs all mail and suggests discarding the rest
+describe DKIM_ADSP_ALL No valid author signature, domain signs all mail
+describe DKIM_ADSP_CUSTOM_LOW No valid author signature, adsp_override is CUSTOM_LOW
+describe DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED
+describe DKIM_ADSP_CUSTOM_HIGH No valid author signature, adsp_override is CUSTOM_HIGH
+
+
+# old, declared for compatibility with pre-3.3, should have scores 0
+
+full DKIM_VERIFIED eval:check_dkim_valid()
header DKIM_POLICY_TESTING eval:check_dkim_testing()
header DKIM_POLICY_SIGNSOME eval:check_dkim_signsome()
header DKIM_POLICY_SIGNALL eval:check_dkim_signall()
-tflags DKIM_SIGNED net nice
tflags DKIM_VERIFIED net nice
tflags DKIM_POLICY_SIGNSOME net nice
tflags DKIM_POLICY_SIGNALL net nice
tflags DKIM_POLICY_TESTING net nice
-describe DKIM_SIGNED Domain Keys Identified Mail: message has a signature
-describe DKIM_VERIFIED Domain Keys Identified Mail: signature passes verification
+describe DKIM_VERIFIED Message has at least one valid DKIM or DK signature
describe DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain signs some mails
describe DKIM_POLICY_SIGNALL Domain Keys Identified Mail: policy says domain signs all mails
describe DKIM_POLICY_TESTING Domain Keys Identified Mail: policy says domain is testing DK
+
# TODO: whitelist based on DKIM_VERIFIED results
endif # Mail::SpamAssassin::Plugin::DKIM
Modified: spamassassin/trunk/rules/50_scores.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rules/50_scores.cf?rev=789382&r1=789381&r2=789382&view=diff
==============================================================================
--- spamassassin/trunk/rules/50_scores.cf (original)
+++ spamassassin/trunk/rules/50_scores.cf Mon Jun 29 16:38:32 2009
@@ -868,39 +868,32 @@
ifplugin Mail::SpamAssassin::Plugin::DKIM
score USER_IN_DKIM_WHITELIST -100.000
score USER_IN_DEF_DKIM_WL -7.500
-score ENV_AND_HDR_DKIM_MATCH -7.500
+score ENV_AND_HDR_DKIM_MATCH -0.1
endif # Mail::SpamAssassin::Plugin::DKIM
-ifplugin Mail::SpamAssassin::Plugin::DomainKeys
-score USER_IN_DK_WHITELIST -100.000
-score USER_IN_DEF_DK_WL -7.500
-score ENV_AND_HDR_DK_MATCH -7.500
-endif # Mail::SpamAssassin::Plugin::DomainKeys
-
ifplugin Mail::SpamAssassin::Plugin::SPF
score USER_IN_SPF_WHITELIST -100.000
score USER_IN_DEF_SPF_WL -7.500
-score ENV_AND_HDR_SPF_MATCH -7.500
+score ENV_AND_HDR_SPF_MATCH -0.5
endif # Mail::SpamAssassin::Plugin::SPF
# DKIM
ifplugin Mail::SpamAssassin::Plugin::DKIM
-score DKIM_POLICY_SIGNALL 0.001
-score DKIM_POLICY_SIGNSOME 0.001
-score DKIM_POLICY_TESTING 0.001
score DKIM_SIGNED 0.001
-score DKIM_VERIFIED -0.001
+score DKIM_VALID -0.001
+score DKIM_VALID_AU -0.005
+score DKIM_ADSP_NXDOMAIN 0.001
+score DKIM_ADSP_DISCARD 2.5
+score DKIM_ADSP_ALL 1.5
+score DKIM_ADSP_CUSTOM_LOW 0.001
+score DKIM_ADSP_CUSTOM_MED 0.001
+score DKIM_ADSP_CUSTOM_HIGH 0.001
+score DKIM_VERIFIED 0
+score DKIM_POLICY_SIGNALL 0
+score DKIM_POLICY_SIGNSOME 0
+score DKIM_POLICY_TESTING 0
endif # Mail::SpamAssassin::Plugin::DKIM
-# DomainKeys
-ifplugin Mail::SpamAssassin::Plugin::DomainKeys
-score DK_POLICY_SIGNALL 0.001
-score DK_POLICY_SIGNSOME 0.001
-score DK_POLICY_TESTING 0.001
-score DK_SIGNED 0.001
-score DK_VERIFIED -0.001
-endif # Mail::SpamAssassin::Plugin::DomainKeys
-
# Hashcash
ifplugin Mail::SpamAssassin::Plugin::Hashcash
score HASHCASH_20 -0.500