[proxmox-spamassassin.git] / sa-updates / 25_dkim.cf

# SpamAssassin - DKIM rules
#
# Please don't modify this file as your changes will be overwritten with
# the next update. Use /etc/mail/spamassassin/local.cf instead.
# See 'perldoc Mail::SpamAssassin::Conf' for details.
#
# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at:
# 
#     http://www.apache.org/licenses/LICENSE-2.0
# 
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# </@LICENSE>
#
###########################################################################

# Requires the Mail::SpamAssassin::Plugin::DKIM plugin be loaded.

ifplugin Mail::SpamAssassin::Plugin::DKIM

# Note: DKIM_SIGNED, DKIM_VALID and DKIM_VALID_AU are mainly informational
# rules, and can serve as a basis for meta rules; it is not difficult for a
# sender to cause hits on them or to prevent them from firing, so their score
# should be kept low.

full     DKIM_SIGNED		eval:check_dkim_signed()
describe DKIM_SIGNED		Message has a DKIM or DK signature, not necessarily valid
tflags   DKIM_SIGNED		net
reuse    DKIM_SIGNED

full     DKIM_VALID		eval:check_dkim_valid()
describe DKIM_VALID		Message has at least one valid DKIM or DK signature
tflags   DKIM_VALID		net nice
reuse    DKIM_VALID

meta     DKIM_INVALID		DKIM_SIGNED && !DKIM_VALID
describe DKIM_INVALID		DKIM or DK signature exists, but is not valid

full     DKIM_VALID_AU		eval:check_dkim_valid_author_sig()
describe DKIM_VALID_AU		Message has a valid DKIM or DK signature from author's domain
tflags   DKIM_VALID_AU		net nice
reuse    DKIM_VALID_AU

if (version >= 3.004002)
full     DKIM_VALID_EF		eval:check_dkim_valid_envelopefrom()
describe DKIM_VALID_EF		Message has a valid DKIM or DK signature from envelope-from domain
tflags   DKIM_VALID_EF		net nice
reuse    DKIM_VALID_EF
endif

full     __DKIM_DEPENDABLE	eval:check_dkim_dependable()
describe __DKIM_DEPENDABLE	A validation failure not attributable to truncation
reuse    __DKIM_DEPENDABLE

header   DKIM_ADSP_NXDOMAIN	eval:check_dkim_adsp('N')
describe DKIM_ADSP_NXDOMAIN	No valid author signature and domain not in DNS
tflags   DKIM_ADSP_NXDOMAIN	net
reuse    DKIM_ADSP_NXDOMAIN

header   DKIM_ADSP_DISCARD	eval:check_dkim_adsp('D')
describe DKIM_ADSP_DISCARD	No valid author signature, domain signs all mail and suggests discarding the rest
tflags   DKIM_ADSP_DISCARD	net
reuse    DKIM_ADSP_DISCARD

header   DKIM_ADSP_ALL		eval:check_dkim_adsp('A')
describe DKIM_ADSP_ALL		No valid author signature, domain signs all mail
tflags   DKIM_ADSP_ALL		net
reuse    DKIM_ADSP_ALL

header   DKIM_ADSP_CUSTOM_LOW	eval:check_dkim_adsp('1')
describe DKIM_ADSP_CUSTOM_LOW	No valid author signature, adsp_override is CUSTOM_LOW
tflags   DKIM_ADSP_CUSTOM_LOW	net userconf
reuse    DKIM_ADSP_CUSTOM_LOW

header   DKIM_ADSP_CUSTOM_MED	eval:check_dkim_adsp('2')
describe DKIM_ADSP_CUSTOM_MED	No valid author signature, adsp_override is CUSTOM_MED
tflags   DKIM_ADSP_CUSTOM_MED	net userconf
reuse    DKIM_ADSP_CUSTOM_MED

header   DKIM_ADSP_CUSTOM_HIGH	eval:check_dkim_adsp('3')
describe DKIM_ADSP_CUSTOM_HIGH	No valid author signature, adsp_override is CUSTOM_HIGH
tflags   DKIM_ADSP_CUSTOM_HIGH	net userconf
reuse    DKIM_ADSP_CUSTOM_HIGH

full     __RESIGNER1     eval:check_dkim_valid('linkedin.com')
tflags   __RESIGNER1     net
reuse    __RESIGNER1
full     __RESIGNER2     eval:check_dkim_valid('googlegroups.com','yahoogroups.com','yahoogroups.de')
tflags   __RESIGNER2     net
reuse    __RESIGNER2
meta     __VIA_RESIGNER  __RESIGNER1 || __RESIGNER2
describe __VIA_RESIGNER  Mail through a popular signing remailer

meta     NML_ADSP_CUSTOM_LOW    DKIM_ADSP_CUSTOM_LOW  && !__VIA_ML && !__VIA_RESIGNER
describe NML_ADSP_CUSTOM_LOW    ADSP custom_low hit, and not from a mailing list

meta     NML_ADSP_CUSTOM_MED    DKIM_ADSP_CUSTOM_MED  && !__VIA_ML && !__VIA_RESIGNER
describe NML_ADSP_CUSTOM_MED    ADSP custom_med hit, and not from a mailing list

meta     NML_ADSP_CUSTOM_HIGH   DKIM_ADSP_CUSTOM_HIGH && !__VIA_ML && !__VIA_RESIGNER
describe NML_ADSP_CUSTOM_HIGH   ADSP custom_high hit, and not from a mailing list

if can(Mail::SpamAssassin::Plugin::DKIM::has_arc)
  full     ARC_SIGNED		eval:check_arc_signed()
  describe ARC_SIGNED		Message has a ARC signature
  tflags   ARC_SIGNED		net
  reuse    ARC_SIGNED

  full     ARC_VALID		eval:check_arc_valid()
  describe ARC_VALID		Message has a valid ARC signature
  tflags   ARC_VALID		net nice
  reuse    ARC_VALID

  meta     ARC_INVALID		ARC_SIGNED && !ARC_VALID
  describe ARC_INVALID		ARC signature exists, but is not valid
endif

#
# old, declared for compatibility with pre-3.3, should have scores 0
#

full   DKIM_VERIFIED		eval:check_dkim_valid()
tflags DKIM_VERIFIED		net nice
reuse  DKIM_VERIFIED

header DKIM_POLICY_TESTING	eval:check_dkim_testing()
tflags DKIM_POLICY_TESTING	net nice
reuse  DKIM_POLICY_TESTING

header DKIM_POLICY_SIGNSOME	eval:check_dkim_signsome()
tflags DKIM_POLICY_SIGNSOME	net nice
reuse  DKIM_POLICY_SIGNSOME

header DKIM_POLICY_SIGNALL	eval:check_dkim_signall()
tflags DKIM_POLICY_SIGNALL	net nice
reuse  DKIM_POLICY_SIGNALL

endif   # Mail::SpamAssassin::Plugin::DKIM
Commit	Line	Data
b780ea8d SI	1	# SpamAssassin - DKIM rules
	2	#
	3	# Please don't modify this file as your changes will be overwritten with
	4	# the next update. Use /etc/mail/spamassassin/local.cf instead.
	5	# See 'perldoc Mail::SpamAssassin::Conf' for details.
	6	#
	7	# <@LICENSE>
	8	# Licensed to the Apache Software Foundation (ASF) under one or more
	9	# contributor license agreements. See the NOTICE file distributed with
	10	# this work for additional information regarding copyright ownership.
	11	# The ASF licenses this file to you under the Apache License, Version 2.0
	12	# (the "License"); you may not use this file except in compliance with
	13	# the License. You may obtain a copy of the License at:
	14	#
	15	# http://www.apache.org/licenses/LICENSE-2.0
	16	#
	17	# Unless required by applicable law or agreed to in writing, software
	18	# distributed under the License is distributed on an "AS IS" BASIS,
	19	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	20	# See the License for the specific language governing permissions and
	21	# limitations under the License.
	22	# </@LICENSE>
	23	#
	24	###########################################################################
	25
	26	# Requires the Mail::SpamAssassin::Plugin::DKIM plugin be loaded.
	27
	28	ifplugin Mail::SpamAssassin::Plugin::DKIM
	29
	30	# Note: DKIM_SIGNED, DKIM_VALID and DKIM_VALID_AU are mainly informational
	31	# rules, and can serve as a basis for meta rules; it is not difficult for a
	32	# sender to cause hits on them or to prevent them from firing, so their score
	33	# should be kept low.
	34
	35	full DKIM_SIGNED eval:check_dkim_signed()
	36	describe DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
	37	tflags DKIM_SIGNED net
	38	reuse DKIM_SIGNED
	39
	40	full DKIM_VALID eval:check_dkim_valid()
	41	describe DKIM_VALID Message has at least one valid DKIM or DK signature
	42	tflags DKIM_VALID net nice
	43	reuse DKIM_VALID
	44
	45	meta DKIM_INVALID DKIM_SIGNED && !DKIM_VALID
	46	describe DKIM_INVALID DKIM or DK signature exists, but is not valid
	47
	48	full DKIM_VALID_AU eval:check_dkim_valid_author_sig()
	49	describe DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain
	50	tflags DKIM_VALID_AU net nice
	51	reuse DKIM_VALID_AU
	52
	53	if (version >= 3.004002)
	54	full DKIM_VALID_EF eval:check_dkim_valid_envelopefrom()
	55	describe DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain
	56	tflags DKIM_VALID_EF net nice
	57	reuse DKIM_VALID_EF
	58	endif
	59
	60	full __DKIM_DEPENDABLE eval:check_dkim_dependable()
	61	describe __DKIM_DEPENDABLE A validation failure not attributable to truncation
	62	reuse __DKIM_DEPENDABLE
	63
	64	header DKIM_ADSP_NXDOMAIN eval:check_dkim_adsp('N')
65	describe DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS
66	tflags DKIM_ADSP_NXDOMAIN net
67	reuse DKIM_ADSP_NXDOMAIN
68
69	header DKIM_ADSP_DISCARD eval:check_dkim_adsp('D')
70	describe DKIM_ADSP_DISCARD No valid author signature, domain signs all mail and suggests discarding the rest
71	tflags DKIM_ADSP_DISCARD net
72	reuse DKIM_ADSP_DISCARD
73
74	header DKIM_ADSP_ALL eval:check_dkim_adsp('A')
75	describe DKIM_ADSP_ALL No valid author signature, domain signs all mail
76	tflags DKIM_ADSP_ALL net
77	reuse DKIM_ADSP_ALL
78
79	header DKIM_ADSP_CUSTOM_LOW eval:check_dkim_adsp('1')
80	describe DKIM_ADSP_CUSTOM_LOW No valid author signature, adsp_override is CUSTOM_LOW
81	tflags DKIM_ADSP_CUSTOM_LOW net userconf
82	reuse DKIM_ADSP_CUSTOM_LOW
83
84	header DKIM_ADSP_CUSTOM_MED eval:check_dkim_adsp('2')
85	describe DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED
86	tflags DKIM_ADSP_CUSTOM_MED net userconf
87	reuse DKIM_ADSP_CUSTOM_MED
88
89	header DKIM_ADSP_CUSTOM_HIGH eval:check_dkim_adsp('3')
90	describe DKIM_ADSP_CUSTOM_HIGH No valid author signature, adsp_override is CUSTOM_HIGH
91	tflags DKIM_ADSP_CUSTOM_HIGH net userconf
92	reuse DKIM_ADSP_CUSTOM_HIGH
93
94	full __RESIGNER1 eval:check_dkim_valid('linkedin.com')
95	tflags __RESIGNER1 net
96	reuse __RESIGNER1
97	full __RESIGNER2 eval:check_dkim_valid('googlegroups.com','yahoogroups.com','yahoogroups.de')
98	tflags __RESIGNER2 net
99	reuse __RESIGNER2
100	meta __VIA_RESIGNER __RESIGNER1 \|\| __RESIGNER2
101	describe __VIA_RESIGNER Mail through a popular signing remailer
102
103	meta NML_ADSP_CUSTOM_LOW DKIM_ADSP_CUSTOM_LOW && !__VIA_ML && !__VIA_RESIGNER
104	describe NML_ADSP_CUSTOM_LOW ADSP custom_low hit, and not from a mailing list
105
106	meta NML_ADSP_CUSTOM_MED DKIM_ADSP_CUSTOM_MED && !__VIA_ML && !__VIA_RESIGNER
107	describe NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
108
109	meta NML_ADSP_CUSTOM_HIGH DKIM_ADSP_CUSTOM_HIGH && !__VIA_ML && !__VIA_RESIGNER
110	describe NML_ADSP_CUSTOM_HIGH ADSP custom_high hit, and not from a mailing list
111
dfdd1e08 SI	112	if can(Mail::SpamAssassin::Plugin::DKIM::has_arc)
	113	full ARC_SIGNED eval:check_arc_signed()
	114	describe ARC_SIGNED Message has a ARC signature
	115	tflags ARC_SIGNED net
	116	reuse ARC_SIGNED
	117
	118	full ARC_VALID eval:check_arc_valid()
	119	describe ARC_VALID Message has a valid ARC signature
21dcadbf	120	tflags ARC_VALID net nice
dfdd1e08 SI	121	reuse ARC_VALID
	122
	123	meta ARC_INVALID ARC_SIGNED && !ARC_VALID
	124	describe ARC_INVALID ARC signature exists, but is not valid
	125	endif
	126
b780ea8d SI	127	#
	128	# old, declared for compatibility with pre-3.3, should have scores 0
	129	#
	130
	131	full DKIM_VERIFIED eval:check_dkim_valid()
	132	tflags DKIM_VERIFIED net nice
	133	reuse DKIM_VERIFIED
	134
	135	header DKIM_POLICY_TESTING eval:check_dkim_testing()
	136	tflags DKIM_POLICY_TESTING net nice
	137	reuse DKIM_POLICY_TESTING
	138
	139	header DKIM_POLICY_SIGNSOME eval:check_dkim_signsome()
	140	tflags DKIM_POLICY_SIGNSOME net nice
	141	reuse DKIM_POLICY_SIGNSOME
	142
	143	header DKIM_POLICY_SIGNALL eval:check_dkim_signall()
	144	tflags DKIM_POLICY_SIGNALL net nice
	145	reuse DKIM_POLICY_SIGNALL
	146
	147	endif # Mail::SpamAssassin::Plugin::DKIM