Add hfilter module and tweak scores to be more aggressive where it makes sense

config/rspamd/APKBUILD

@@ -3,7 +3,7 @@
 
 . ../APKBUILD-config.template
 
-pkgver=2021.06.02.02
+pkgver=2021.06.13.01
 pkgrel=0
 _baseconf="
 	rspamd.conf
@@ -23,6 +23,7 @@ _modules="
 	dmarc
 	fuzzy_check
 	greylist
+	hfilter
 	maillist
 	milter_headers
 	mx_check
@@ -62,6 +63,7 @@ a753d136a21206cdc28a1554a38f51ad55e2eec842a31dbe1d151198bb8d9bb090e0f49b6b50cbc4
 47907ec7d9d9d2775d7feeef448d53940e3e21b0e5cc17e40663e2cbac42e4e8a29eb53a956ffbca3f425c3b4673192354b3be2e575a0b8e8014efdd5b957e6d  mx_check.conf
 985c0796cd3adaf5ddd8cb8854e06deff7527730efd60e91bb8ef9ca1504601ba2677b2265fa4acc86dec1f8a2732c32d0f2d790611c52e50b361bd852a68ce2  milter_headers.conf
 08966d0a3c077a12a1113f774e11d51d3c7d04bb45914e295324e8aa51c3d75b55395c256a905c6d9ae1e98a004a9e6b3b37d36fce810a426dd5d90408331c0a  maillist.conf
+8dc0e553cdb92517b22767cbef085afb35d67389d5225bec791b0239452b69f9adbc12edfa6319670099de82ba09d9a4b1d54d90c5534e28f1008b391e1bdb12  hfilter.conf
 8660fd01589476bbc01bbe75bed392faa55f55fa9b6fea77be79f339cefb43ddbacdbe193ad136c42da91d4ef7f1e1ec40fc5f8f4f398d04bcebf51d5a59ad1f  greylist.conf
 17fec11d41106909dfb7bd790ff12b4f546d2b1e6c06205ea48ecf2b82ce028710fd6ca636f414c0fe35dda99257c20eaed4d4ff90cdcc0a86d552f98cb26d15  fuzzy_check.conf
 e14c3683b48dde5584cbcd0bd5811f6111a201635dd7400d7703003b4c98255d10be9b64ee81784c1fe1df50159e12d6777086c5a18ee9b14be852d233cf6dc5  dmarc.conf
@@ -70,7 +72,7 @@ dcec5c53bd29c345ed5c47727af9a8d11328cc8f69ae61064ba3b053ee306baa79b747067097b235
 eacbbe96fdfea9112b633bdf5471fcf8b2c297513685397759d588ad47905cf225dae3e4262dacb14477a2f52e6d3bf93b57abaf205719481f11a9ec8552fe07  arc.conf
 56ef651ee9d1e1db1bd07b9bb704bded84a7348f20c9c26ed3c558134aae7b1ba19d6df156dd1ec6fe32e4bfc09a69a2c87c152a8da326e770eb0c1e9aa6ae7e  rspamd.conf
 13b794a6eb95e672345b260e6a46d9ec95efd11159279af86c3ab3a9fea33e02807d67afad0d006597bf9b913927e6bff0cfc6d2cf6a5bd0bc993560cafb0951  composites.conf
-91cdd4f25cd29b7524827683caa79efd37e1ef78698f7f0ce8c185773bd0e1fdf624215838b26165cb52151fe435b41a76714c9f0aa0ee341a473b468d4f5436  groups.conf
+9c5a0331e0ddf91f4ad7d7f1651820a4aa8688ab2606758521a943e33a228c69743fd1a6247a1696b65a576ce91bbd17972e72497b9b06638423fd2cb3e45905  groups.conf
 78df39cbc6e09cdc5e01d27e123d82aa677a70a6f5d59ba0be8d0ce6af012c5311e4a2527e4fbc586f9cdd8da033e9f05e2371970fa23db60eaa8c16c8e85f05  logging.conf
 d5b99a03a86f35cb5b25cf0a1cf8be25a5a9158bc7f3a6362b35d6dc8e799613d03ade65b2673378fb1e2b5de67d48eb5e64a956551be9ef39c5d5d2ab2a3b36  statistic.conf
 301315c98f2816a9542a410352bf3eb7f025a57f8ccc37666f51a3371580cba06344197c2f2a4049d402472ba7c9a542a21e6938ac022030e95a472e8bba33b6  workers.conf

config/rspamd/groups.conf

@@ -1,7 +1,7 @@
 group "headers" {
 	symbols = {
 		"FORGED_SENDER" {
-			weight = 1.0;
+			weight = 4.0;
 			description = "Sender is forged (different From: header and smtp MAIL FROM: addresses)";
 		}
 		"R_MIXED_CHARSET" {
@@ -15,7 +15,7 @@ group "headers" {
 			one_shot = true;
 		}
 		"FORGED_RECIPIENTS" {
-			weight = 3.0;
+			weight = 8.0;
 			description = "Recipients are not the same as RCPT TO: mail command";
 		}
 		"FORGED_RECIPIENTS_MAILLIST" {
@@ -51,7 +51,6 @@ group "headers" {
 
 group "subject" {
 	symbols = {}
-	max_score = 6.0;
 }
 
 group "mua" {
@@ -205,17 +204,17 @@ group "rbl" {
 			groups = ["mailspike"];
 		}
 		"RBL_MAILSPIKE_WORST" {
-			weight = 4.0;
+			weight = 6.0;
 			description = "From address is listed in RBL - worst possible reputation";
 			groups = ["mailspike"];
 		}
 		"RBL_MAILSPIKE_VERYBAD" {
-			weight = 3.0;
+			weight = 5.0;
 			description = "From address is listed in RBL - very bad reputation";
 			groups = ["mailspike"];
 		}
 		"RBL_MAILSPIKE_BAD" {
-			weight = 2.0;
+			weight = 3.0;
 			description = "From address is listed in RBL - bad reputation";
 			groups = ["mailspike"];
 		}
@@ -225,17 +224,17 @@ group "rbl" {
 			groups = ["mailspike"];
 		}
 		"RWL_MAILSPIKE_GOOD" {
-			weight = 1.0;
+			weight = -1.0;
 			description = "From address is listed in RWL - good reputation";
 			groups = ["mailspike"];
 		}
 		"RWL_MAILSPIKE_VERYGOOD" {
-			weight = 2.0;
+			weight = -2.0;
 			description = "From address is listed in RWL - very good reputation";
 			groups = ["mailspike"];
 		}
 		"RWL_MAILSPIKE_EXCELLENT" {
-			weight = 4.0;
+			weight = -4.0;
 			description = "From address is listed in RWL - excellent reputation";
 			groups = ["mailspike"];
 		}
@@ -291,7 +290,7 @@ group "fuzzy" {
 			description = "Generic fuzzy hash match, bl.rspamd.com";
 		}
 		"RSPAMDCOM_FUZZY_DENIED" {
-			weight = 12.0;
+			weight = 10.0;
 			description = "Denied fuzzy hash, bl.rspamd.com";
 		}
 		"RSPAMDCOM_FUZZY_PROB" {
@@ -324,7 +323,7 @@ group "fuzzy" {
 group "policies" {
 	symbols = {
 		"R_SPF_FAIL" {
-			weight = 4.0;
+			weight = 5.0;
 			description = "SPF verification failed";
 			groups = ["spf"];
 		}
@@ -349,7 +348,7 @@ group "policies" {
 			groups = ["spf"];
 		}
 		"R_DKIM_REJECT" {
-			weight = 4.0;
+			weight = 5.0;
 			description = "DKIM verification failed";
 			one_shot = true;
 			groups = ["dkim"];
@@ -376,7 +375,7 @@ group "policies" {
 			groups = ["dmarc"];
 		}
 		"DMARC_POLICY_REJECT" {
-			weight = 4.0;
+			weight = 5.0;
 			description = "DMARC reject policy";
 			groups = ["dmarc"];
 		}
@@ -419,7 +418,6 @@ group "policies" {
 }
 
 group "whitelist" {
-	max_score = 10.0;
 	symbols = {
 		"WHITELIST_SPF" {
 			weight = -1.0;
@@ -457,7 +455,6 @@ group "whitelist" {
 }
 
 group "surbl" {
-	max_score = 12.5;
 	symbols = {
 		"SURBL_BLOCKED" {
 			weight = 0.0;
@@ -503,7 +500,7 @@ group "surbl" {
 			groups = ["ebl"];
 		}
 		"MSBL_EBL_GREY" {
-			weight = 0.5; # TODO: test it
+			weight = 0.5;
 			description = "MSBL emailbl grey list";
 			one_shot = true;
 			groups = ["ebl"];
@@ -652,7 +649,6 @@ group "surbl" {
 }
 
 group "phishing" {
-	max_score = 10.0;
 	symbols = {
 		"PHISHING" {
 			weight = 5.0;
@@ -677,11 +673,11 @@ group "phishing" {
 group "hfilter" {
 	symbols = {
 		"HFILTER_HELO_BAREIP" {
-			weight = 3.0;
+			weight = 4.0;
 			description = "Helo host is bare ip";
 		}
 		"HFILTER_HELO_BADIP" {
-			weight = 4.5;
+			weight = 6;
 			description = "Helo host is very bad ip";
 		}
 		"HFILTER_HELO_1" {
@@ -725,11 +721,11 @@ group "hfilter" {
 			description = "Hostname checks (very hard)";
 		}
 		"HFILTER_HELO_NORESOLVE_MX" {
-			weight = 1.0;
+			weight = 3.0;
 			description = "MX found in Helo and no resolve";
 		}
 		"HFILTER_HELO_NORES_A_OR_MX" {
-			weight = 2.0;
+			weight = 4.0;
 			description = "Helo no resolve to A or MX";
 		}
 		"HFILTER_HELO_IP_A" {
@@ -741,11 +737,11 @@ group "hfilter" {
 			description = "Helo not FQDN";
 		}
 		"HFILTER_FROMHOST_NORESOLVE_MX" {
-			weight = 1.5;
+			weight = 3.0;
 			description = "MX found in FROM host and no resolve";
 		}
 		"HFILTER_FROMHOST_NORES_A_OR_MX" {
-			weight = 2.5;
+			weight = 5.0;
 			description = "FROM host no resolve to A or MX";
 		}
 		"HFILTER_FROMHOST_NOT_FQDN" {

config/rspamd/modules/hfilter.conf

@@ -0,0 +1,8 @@
+hfilter {
+	helo_enabled = true;
+	hostname_enabled = true;
+	url_enabled = true;
+	from_enabled = true;
+	rcpt_enabled = true;
+	mid_enabled = false;
+}