]> git.proxmox.com Git - proxmox-spamassassin.git/blob - sa-updates/25_dkim.cf
bump version to 4.0.1-1
[proxmox-spamassassin.git] / sa-updates / 25_dkim.cf
1 # SpamAssassin - DKIM rules
2 #
3 # Please don't modify this file as your changes will be overwritten with
4 # the next update. Use /etc/mail/spamassassin/local.cf instead.
5 # See 'perldoc Mail::SpamAssassin::Conf' for details.
6 #
7 # <@LICENSE>
8 # Licensed to the Apache Software Foundation (ASF) under one or more
9 # contributor license agreements. See the NOTICE file distributed with
10 # this work for additional information regarding copyright ownership.
11 # The ASF licenses this file to you under the Apache License, Version 2.0
12 # (the "License"); you may not use this file except in compliance with
13 # the License. You may obtain a copy of the License at:
14 #
15 # http://www.apache.org/licenses/LICENSE-2.0
16 #
17 # Unless required by applicable law or agreed to in writing, software
18 # distributed under the License is distributed on an "AS IS" BASIS,
19 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 # See the License for the specific language governing permissions and
21 # limitations under the License.
22 # </@LICENSE>
23 #
24 ###########################################################################
25
26 # Requires the Mail::SpamAssassin::Plugin::DKIM plugin be loaded.
27
28 ifplugin Mail::SpamAssassin::Plugin::DKIM
29
30 # Note: DKIM_SIGNED, DKIM_VALID and DKIM_VALID_AU are mainly informational
31 # rules, and can serve as a basis for meta rules; it is not difficult for a
32 # sender to cause hits on them or to prevent them from firing, so their score
33 # should be kept low.
34
35 full DKIM_SIGNED eval:check_dkim_signed()
36 describe DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
37 tflags DKIM_SIGNED net
38 reuse DKIM_SIGNED
39
40 full DKIM_VALID eval:check_dkim_valid()
41 describe DKIM_VALID Message has at least one valid DKIM or DK signature
42 tflags DKIM_VALID net nice
43 reuse DKIM_VALID
44
45 meta DKIM_INVALID DKIM_SIGNED && !DKIM_VALID
46 describe DKIM_INVALID DKIM or DK signature exists, but is not valid
47
48 full DKIM_VALID_AU eval:check_dkim_valid_author_sig()
49 describe DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain
50 tflags DKIM_VALID_AU net nice
51 reuse DKIM_VALID_AU
52
53 if (version >= 3.004002)
54 full DKIM_VALID_EF eval:check_dkim_valid_envelopefrom()
55 describe DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain
56 tflags DKIM_VALID_EF net nice
57 reuse DKIM_VALID_EF
58 endif
59
60 full __DKIM_DEPENDABLE eval:check_dkim_dependable()
61 describe __DKIM_DEPENDABLE A validation failure not attributable to truncation
62 reuse __DKIM_DEPENDABLE
63
64 header DKIM_ADSP_NXDOMAIN eval:check_dkim_adsp('N')
65 describe DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS
66 tflags DKIM_ADSP_NXDOMAIN net
67 reuse DKIM_ADSP_NXDOMAIN
68
69 header DKIM_ADSP_DISCARD eval:check_dkim_adsp('D')
70 describe DKIM_ADSP_DISCARD No valid author signature, domain signs all mail and suggests discarding the rest
71 tflags DKIM_ADSP_DISCARD net
72 reuse DKIM_ADSP_DISCARD
73
74 header DKIM_ADSP_ALL eval:check_dkim_adsp('A')
75 describe DKIM_ADSP_ALL No valid author signature, domain signs all mail
76 tflags DKIM_ADSP_ALL net
77 reuse DKIM_ADSP_ALL
78
79 header DKIM_ADSP_CUSTOM_LOW eval:check_dkim_adsp('1')
80 describe DKIM_ADSP_CUSTOM_LOW No valid author signature, adsp_override is CUSTOM_LOW
81 tflags DKIM_ADSP_CUSTOM_LOW net userconf
82 reuse DKIM_ADSP_CUSTOM_LOW
83
84 header DKIM_ADSP_CUSTOM_MED eval:check_dkim_adsp('2')
85 describe DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED
86 tflags DKIM_ADSP_CUSTOM_MED net userconf
87 reuse DKIM_ADSP_CUSTOM_MED
88
89 header DKIM_ADSP_CUSTOM_HIGH eval:check_dkim_adsp('3')
90 describe DKIM_ADSP_CUSTOM_HIGH No valid author signature, adsp_override is CUSTOM_HIGH
91 tflags DKIM_ADSP_CUSTOM_HIGH net userconf
92 reuse DKIM_ADSP_CUSTOM_HIGH
93
94 full __RESIGNER1 eval:check_dkim_valid('linkedin.com')
95 tflags __RESIGNER1 net
96 reuse __RESIGNER1
97 full __RESIGNER2 eval:check_dkim_valid('googlegroups.com','yahoogroups.com','yahoogroups.de')
98 tflags __RESIGNER2 net
99 reuse __RESIGNER2
100 meta __VIA_RESIGNER __RESIGNER1 || __RESIGNER2
101 describe __VIA_RESIGNER Mail through a popular signing remailer
102
103 meta NML_ADSP_CUSTOM_LOW DKIM_ADSP_CUSTOM_LOW && !__VIA_ML && !__VIA_RESIGNER
104 describe NML_ADSP_CUSTOM_LOW ADSP custom_low hit, and not from a mailing list
105
106 meta NML_ADSP_CUSTOM_MED DKIM_ADSP_CUSTOM_MED && !__VIA_ML && !__VIA_RESIGNER
107 describe NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
108
109 meta NML_ADSP_CUSTOM_HIGH DKIM_ADSP_CUSTOM_HIGH && !__VIA_ML && !__VIA_RESIGNER
110 describe NML_ADSP_CUSTOM_HIGH ADSP custom_high hit, and not from a mailing list
111
112 if can(Mail::SpamAssassin::Plugin::DKIM::has_arc)
113 full ARC_SIGNED eval:check_arc_signed()
114 describe ARC_SIGNED Message has a ARC signature
115 tflags ARC_SIGNED net
116 reuse ARC_SIGNED
117
118 full ARC_VALID eval:check_arc_valid()
119 describe ARC_VALID Message has a valid ARC signature
120 tflags ARC_VALID net nice
121 reuse ARC_VALID
122
123 meta ARC_INVALID ARC_SIGNED && !ARC_VALID
124 describe ARC_INVALID ARC signature exists, but is not valid
125 endif
126
127 #
128 # old, declared for compatibility with pre-3.3, should have scores 0
129 #
130
131 full DKIM_VERIFIED eval:check_dkim_valid()
132 tflags DKIM_VERIFIED net nice
133 reuse DKIM_VERIFIED
134
135 header DKIM_POLICY_TESTING eval:check_dkim_testing()
136 tflags DKIM_POLICY_TESTING net nice
137 reuse DKIM_POLICY_TESTING
138
139 header DKIM_POLICY_SIGNSOME eval:check_dkim_signsome()
140 tflags DKIM_POLICY_SIGNSOME net nice
141 reuse DKIM_POLICY_SIGNSOME
142
143 header DKIM_POLICY_SIGNALL eval:check_dkim_signall()
144 tflags DKIM_POLICY_SIGNALL net nice
145 reuse DKIM_POLICY_SIGNALL
146
147 endif # Mail::SpamAssassin::Plugin::DKIM