]>
Commit | Line | Data |
---|---|---|
b780ea8d SI |
1 | # SpamAssassin - DKIM rules |
2 | # | |
3 | # Please don't modify this file as your changes will be overwritten with | |
4 | # the next update. Use /etc/mail/spamassassin/local.cf instead. | |
5 | # See 'perldoc Mail::SpamAssassin::Conf' for details. | |
6 | # | |
7 | # <@LICENSE> | |
8 | # Licensed to the Apache Software Foundation (ASF) under one or more | |
9 | # contributor license agreements. See the NOTICE file distributed with | |
10 | # this work for additional information regarding copyright ownership. | |
11 | # The ASF licenses this file to you under the Apache License, Version 2.0 | |
12 | # (the "License"); you may not use this file except in compliance with | |
13 | # the License. You may obtain a copy of the License at: | |
14 | # | |
15 | # http://www.apache.org/licenses/LICENSE-2.0 | |
16 | # | |
17 | # Unless required by applicable law or agreed to in writing, software | |
18 | # distributed under the License is distributed on an "AS IS" BASIS, | |
19 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
20 | # See the License for the specific language governing permissions and | |
21 | # limitations under the License. | |
22 | # </@LICENSE> | |
23 | # | |
24 | ########################################################################### | |
25 | ||
26 | # Requires the Mail::SpamAssassin::Plugin::DKIM plugin be loaded. | |
27 | ||
28 | ifplugin Mail::SpamAssassin::Plugin::DKIM | |
29 | ||
30 | # Note: DKIM_SIGNED, DKIM_VALID and DKIM_VALID_AU are mainly informational | |
31 | # rules, and can serve as a basis for meta rules; it is not difficult for a | |
32 | # sender to cause hits on them or to prevent them from firing, so their score | |
33 | # should be kept low. | |
34 | ||
35 | full DKIM_SIGNED eval:check_dkim_signed() | |
36 | describe DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid | |
37 | tflags DKIM_SIGNED net | |
38 | reuse DKIM_SIGNED | |
39 | ||
40 | full DKIM_VALID eval:check_dkim_valid() | |
41 | describe DKIM_VALID Message has at least one valid DKIM or DK signature | |
42 | tflags DKIM_VALID net nice | |
43 | reuse DKIM_VALID | |
44 | ||
45 | meta DKIM_INVALID DKIM_SIGNED && !DKIM_VALID | |
46 | describe DKIM_INVALID DKIM or DK signature exists, but is not valid | |
47 | ||
48 | full DKIM_VALID_AU eval:check_dkim_valid_author_sig() | |
49 | describe DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain | |
50 | tflags DKIM_VALID_AU net nice | |
51 | reuse DKIM_VALID_AU | |
52 | ||
53 | if (version >= 3.004002) | |
54 | full DKIM_VALID_EF eval:check_dkim_valid_envelopefrom() | |
55 | describe DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain | |
56 | tflags DKIM_VALID_EF net nice | |
57 | reuse DKIM_VALID_EF | |
58 | endif | |
59 | ||
60 | full __DKIM_DEPENDABLE eval:check_dkim_dependable() | |
61 | describe __DKIM_DEPENDABLE A validation failure not attributable to truncation | |
62 | reuse __DKIM_DEPENDABLE | |
63 | ||
64 | header DKIM_ADSP_NXDOMAIN eval:check_dkim_adsp('N') | |
65 | describe DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS | |
66 | tflags DKIM_ADSP_NXDOMAIN net | |
67 | reuse DKIM_ADSP_NXDOMAIN | |
68 | ||
69 | header DKIM_ADSP_DISCARD eval:check_dkim_adsp('D') | |
70 | describe DKIM_ADSP_DISCARD No valid author signature, domain signs all mail and suggests discarding the rest | |
71 | tflags DKIM_ADSP_DISCARD net | |
72 | reuse DKIM_ADSP_DISCARD | |
73 | ||
74 | header DKIM_ADSP_ALL eval:check_dkim_adsp('A') | |
75 | describe DKIM_ADSP_ALL No valid author signature, domain signs all mail | |
76 | tflags DKIM_ADSP_ALL net | |
77 | reuse DKIM_ADSP_ALL | |
78 | ||
79 | header DKIM_ADSP_CUSTOM_LOW eval:check_dkim_adsp('1') | |
80 | describe DKIM_ADSP_CUSTOM_LOW No valid author signature, adsp_override is CUSTOM_LOW | |
81 | tflags DKIM_ADSP_CUSTOM_LOW net userconf | |
82 | reuse DKIM_ADSP_CUSTOM_LOW | |
83 | ||
84 | header DKIM_ADSP_CUSTOM_MED eval:check_dkim_adsp('2') | |
85 | describe DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED | |
86 | tflags DKIM_ADSP_CUSTOM_MED net userconf | |
87 | reuse DKIM_ADSP_CUSTOM_MED | |
88 | ||
89 | header DKIM_ADSP_CUSTOM_HIGH eval:check_dkim_adsp('3') | |
90 | describe DKIM_ADSP_CUSTOM_HIGH No valid author signature, adsp_override is CUSTOM_HIGH | |
91 | tflags DKIM_ADSP_CUSTOM_HIGH net userconf | |
92 | reuse DKIM_ADSP_CUSTOM_HIGH | |
93 | ||
94 | full __RESIGNER1 eval:check_dkim_valid('linkedin.com') | |
95 | tflags __RESIGNER1 net | |
96 | reuse __RESIGNER1 | |
97 | full __RESIGNER2 eval:check_dkim_valid('googlegroups.com','yahoogroups.com','yahoogroups.de') | |
98 | tflags __RESIGNER2 net | |
99 | reuse __RESIGNER2 | |
100 | meta __VIA_RESIGNER __RESIGNER1 || __RESIGNER2 | |
101 | describe __VIA_RESIGNER Mail through a popular signing remailer | |
102 | ||
103 | meta NML_ADSP_CUSTOM_LOW DKIM_ADSP_CUSTOM_LOW && !__VIA_ML && !__VIA_RESIGNER | |
104 | describe NML_ADSP_CUSTOM_LOW ADSP custom_low hit, and not from a mailing list | |
105 | ||
106 | meta NML_ADSP_CUSTOM_MED DKIM_ADSP_CUSTOM_MED && !__VIA_ML && !__VIA_RESIGNER | |
107 | describe NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list | |
108 | ||
109 | meta NML_ADSP_CUSTOM_HIGH DKIM_ADSP_CUSTOM_HIGH && !__VIA_ML && !__VIA_RESIGNER | |
110 | describe NML_ADSP_CUSTOM_HIGH ADSP custom_high hit, and not from a mailing list | |
111 | ||
dfdd1e08 SI |
112 | if can(Mail::SpamAssassin::Plugin::DKIM::has_arc) |
113 | full ARC_SIGNED eval:check_arc_signed() | |
114 | describe ARC_SIGNED Message has a ARC signature | |
115 | tflags ARC_SIGNED net | |
116 | reuse ARC_SIGNED | |
117 | ||
118 | full ARC_VALID eval:check_arc_valid() | |
119 | describe ARC_VALID Message has a valid ARC signature | |
21dcadbf | 120 | tflags ARC_VALID net nice |
dfdd1e08 SI |
121 | reuse ARC_VALID |
122 | ||
123 | meta ARC_INVALID ARC_SIGNED && !ARC_VALID | |
124 | describe ARC_INVALID ARC signature exists, but is not valid | |
125 | endif | |
126 | ||
b780ea8d SI |
127 | # |
128 | # old, declared for compatibility with pre-3.3, should have scores 0 | |
129 | # | |
130 | ||
131 | full DKIM_VERIFIED eval:check_dkim_valid() | |
132 | tflags DKIM_VERIFIED net nice | |
133 | reuse DKIM_VERIFIED | |
134 | ||
135 | header DKIM_POLICY_TESTING eval:check_dkim_testing() | |
136 | tflags DKIM_POLICY_TESTING net nice | |
137 | reuse DKIM_POLICY_TESTING | |
138 | ||
139 | header DKIM_POLICY_SIGNSOME eval:check_dkim_signsome() | |
140 | tflags DKIM_POLICY_SIGNSOME net nice | |
141 | reuse DKIM_POLICY_SIGNSOME | |
142 | ||
143 | header DKIM_POLICY_SIGNALL eval:check_dkim_signall() | |
144 | tflags DKIM_POLICY_SIGNALL net nice | |
145 | reuse DKIM_POLICY_SIGNALL | |
146 | ||
147 | endif # Mail::SpamAssassin::Plugin::DKIM |