search

friedPotat0 / Spam-Scores

Thunderbird add-on to display spam scores according to mail headers. Supports spam/ham score headers of Rspamd and SpamAssassin. The add-on adds a column with the overall spam score to the mail list view and shows details of any matched spam/ham rule.
https://addons.thunderbird.net/de/thunderbird/addon/spam-scores/
Other
42 stars 6 forks source link

Support for Sophos PureMessage Headers (X-PMX-Spam) #57

Open MaxEtMoritz opened 1 year ago

MaxEtMoritz commented 1 year ago

Is your feature request related to a problem? Please describe. My University uses Sophos PureMessage to scan E-Mails for spam (https://www.sophos.com/de-de/products/puremessage.aspx/). These Headers are currently not supported by SpamScores. Some examples:

X-PMX-Version: 6.4.9.2830568, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2023.4.12.44816, AntiVirus-Engine: 5.97.0, AntiVirus-Data: 2023.2.17.5970002
X-PMX-Spam: Gauge=IIIIIIII, Probability=8%, Report='
 HTML_50_70 0.1, MIME_LOWER_CASE 0.05, BODYTEXTH_SIZE_10000_LESS 0, BODYTEXTH_SIZE_3000_MORE 0, BODY_SIZE_10000_PLUS 0, BULK_EMAIL_SENDER 0, CTYPE_MULTIPART_NO_QUOTE 0, DKIM_ALIGNS 0, DKIM_SIGNATURE 0, FONT_STYLE_0PT 0, HREF_LABEL_TEXT_NO_URI 0, HREF_LABEL_TEXT_ONLY 0, HTML_BAD_EXTRAS 0, LEGITIMATE_SIGNS 0, LIST_HEADER 0, NO_FUR_HEADER 0, OBFUSCATION 0, PRECEDENCE_HEADER 0, SENDER_NO_AUTH 0, SXL_IP_TFX_ESP 0, URI_WITH_PATH_ONLY 0, WEBMAIL_SOURCE 0, __ANY_URI 0, __BODY_NO_MAILTO 0, __BODY_TEXT_X4 0, __CANPHARM_UNSUB_LINK 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_ALT 0, __DATING_PHRASE 0, __DC_PHRASE 0, __DKIM_ALIGNS_1 0, __DKIM_ALIGNS_2 0, __FRAUD_COMMON 0, __FRAUD_JOB_HOURS 0, __FRAUD_MONEY_CURRENCY 0, __FRAUD_MONEY_CURRENCY_DOLLAR 0, __FRAUD_PARTNERSHIP 0, __FRAUD_REPLY 0, __FRAUD_URGENCY 0, __FROM_NAME_NOT_IN_BODY 0, __FUR_RDNS_SENDGRID 0, __HAS_FROM 0,
 __HAS_HTML 0, __HAS_LIST_HEADER 0, __HAS_LIST_UNSUBSCRIBE 0, __HAS_MSGID 0, __HIDDEN_HTML_CONTENT 0, __HIGHBIT_ASCII_MIX 0, __HREF_LABEL_TEXT 0, __HTML_AHREF_TAG 0, __HTML_BAD_END 0, __HTML_BAD_START 0, __HTML_BOLD 0, __HTML_HREF_TAG_X2 0, __HTML_TAG_DIV 0, __HTML_TAG_TABLE 0, __HTTPS_URI 0, __HTTP_IMAGE_TAG 0, __IMG_THEN_TEXT 0, __LEGIT_LIST_HEADER 0, __MIME_HTML 0, __MIME_TEXT_H 0, __MIME_TEXT_H1 0, __MIME_TEXT_H2 0, __MIME_TEXT_P 0, __MIME_TEXT_P1 0, __MIME_TEXT_P2 0, __MIME_VERSION 0, __MSGID_HEX_844412 0, __MULTIPLE_URI_HTML 0, __MULTIPLE_URI_TEXT 0, __PHISH_SPEAR_HTTP_RECEIVED 0, __PRECEDENCE_BULK 0, __RCVD_FROM_SUSP_HOSTNAME 0, __SANE_MSGID 0, __SENDGRID_RCVD 0, __STOCK_PHRASE_7 0, __STYLE_RATWARE_NEG 0, __STYLE_TAG 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0, __URI_ENDS_IN_SLASH 0, __URI_HAS_HYPHEN_USC 0, __URI_IN_BODY 0, __URI_IN_BODY_HTTP_X10 0, __URI_MAILTO 0, __URI_NOT_IMG 0,
 __URI_NS , __URI_REDIR 0, __URI_WITH_PATH 0'
X-PMX-Version: 6.4.9.2830568, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2021.4.7.110315, AntiVirus-Engine: 5.80.0, AntiVirus-Data: 2021.2.20.5800001
X-PMX-Spam: Gauge=IIIIIIIII, Probability=9%, Report='
 HTML_70_90 0.1, HTML_NO_HTTP 0.1, SUPERLONG_LINE 0.05, BODYTEXTH_SIZE_3000_MORE 0, BODYTEXTP_SIZE_3000_LESS 0, BODYTEXTP_SIZE_400_LESS 0, BODY_SIZE_10000_PLUS 0, BOUNCE_AUTORESP 0, BOUNCE_ENVELOPE 0, BOUNCE_GENERIC 0, BOUNCE_NDR 0, DKIM_ALIGNS 0, DKIM_SIGNATURE 0, IN_REP_TO 0, KNOWN_MTA_TFX 0, LEGITIMATE_SIGNS 0, LINK_TO_IMAGE 0, MSG_THREAD 0, NO_REAL_NAME 0, REFERENCES 0, SXL_IP_TFX_WM 0, URI_WITH_PATH_ONLY 0, WEBMAIL_SOURCE 0, __ANY_URI 0, __ARCAUTH_DKIM_PASSED 0, __ARCAUTH_DMARC_PASSED 0, __ARCAUTH_PASSED 0, __ARC_SEAL_MICROSOFT 0, __ARC_SIGNATURE_MICROSOFT 0, __ATTACHMENT_SIZE_0_10K 0, __BITCOIN_ADDRESS_OBFU 0, __BODY_NO_MAILTO 0, __BOUNCE_HDR_AUTOSUBMITTED 0, __BOUNCE_NDR_BODY_HIGH 0, __BOUNCE_NDR_CT_REPORT 0, __CP_URI_IN_BODY 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __DKIM_ALIGNS_1 0, __DKIM_ALIGNS_2 0, __DQ_NEG_HEUR 0, __DQ_NEG_IP 0, __FRAUD_CONTACT_ADDY 0,
 __FRAUD_MONEY 0, __FRAUD_MONEY_BIG_COIN 0, __FRAUD_MONEY_BIG_COIN_DIG 0, __FRAUD_MONEY_CURRENCY 0, __FRAUD_MONEY_CURRENCY_EURO 0, __FRAUD_MONEY_VALUE 0, __FRAUD_REFNUM 0, __FROM_NAME_NOT_IN_ADDR 0, __FROM_NAME_NOT_IN_BODY 0, __FROM_NO_NAME 0, __FUR_RDNS_OUTLOOK 0, __HAS_ATTACHMENT 0, __HAS_ATTACHMENT2 0, __HAS_FROM 0, __HAS_HTML 0, __HAS_MSGID 0, __HAS_REFERENCES 0, __HTML_BAD_END 0, __HTML_TAG_TABLE 0, __HTTPS_URI 0, __IN_REP_TO 0, __LINES_OF_YELLING 0, __MAIL_CHAIN 0, __MIME_BOUND_MANY_HEX 0, __MIME_HTML 0, __MIME_TEXT_H 0, __MIME_TEXT_H1 0, __MIME_TEXT_H2 0, __MIME_TEXT_P 0, __MIME_TEXT_P1 0, __MIME_TEXT_P2 0, __MIME_VERSION 0, __MSGID_DOMAIN_NOT_IN_HDRS 0, __MULTIPLE_URI_TEXT 0, __RDNS_WEBMAIL 0, __REFERENCES 0, __RFC822_ATTACH 0, __RUS_HASHBUSTER_1251 0, __SANE_MSGID 0, __STOCK_PHRASE_24 0, __SUBJ_ALPHA_END 0, __TAG_EXISTS_HTML 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0,
 __URI_HAS_HYPHEN_USC 0, __URI_IN_BODY 0, __URI_MAILTO 0, __URI_NOT_IMG 0, __URI_NO_WWW 0, __URI_NS , __URI_WITH_PATH 0'
X-PMX-Version: 6.4.9.2830568, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2023.4.25.124816, AntiVirus-Engine: 5.97.0, AntiVirus-Data: 2023.2.17.5970002
X-PMX-Spam: Gauge=XIIIIII, Probability=16%, Report='
 CTYPE_JUST_HTML 0.848, HTML_MIME_NO_HTML_TAG 0.8, HTML_70_90 0.1, BODYTEXTH_SIZE_10000_LESS 0, BODYTEXTH_SIZE_3000_MORE 0, BODY_SIZE_3000_3999 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, BULK_EMAIL_SENDER 0, CTE_QUOTED_PRINTABLE 0, DKIM_ALIGNS 0, DKIM_SIGNATURE 0, DQ_S_H 0, FROM_NAME_PHRASE 0, HREF_LABEL_TEXT_NO_URI 0, HREF_LABEL_TEXT_ONLY 0, HTML_BAD_EXTRAS 0, KNOWN_MTA_TFX 0, LEGITIMATE_SIGNS 0, LINK_TO_IMAGE 0, NO_FUR_HEADER 0, OBFUSCATION 0, SENDER_NO_AUTH 0, SXL_IP_TFX_ESP 0, SXL_IP_TFX_WM 0, URI_WITH_PATH_ONLY 0, WEBMAIL_SOURCE 0, WEBMAIL_XMAILER 0, __AMAZON_DKIM 0, __AMAZON_MSGID 0, __ANY_URI 0, __BANNER_TRUSTED_SENDER 0, __BODY_NO_MAILTO 0, __BODY_TEXT_X4 0, __CANPHARM_UNSUB_HREF 0, __CT 0, __CTE 0, __CTYPE_HTML 0, __CTYPE_IS_HTML 0, __DKIM_ALIGNS_1 0, __DKIM_ALIGNS_2 0, __DQ_IP_FSO_LARGE 0, __DQ_IP_HIST 0, __DQ_NEG_DOMAIN 0, __DQ_NEG_HEUR 0, __DQ_NEG_IP 0,
 __DQ_S_HIST_1 0, __DQ_S_IP_100K 0, __DQ_S_IP_10K 0, __DQ_S_IP_1K 0, __DQ_S_IP_1MO 0, __DQ_S_IP_2D 0, __DQ_S_IP_RE_100_P 0, __DQ_S_IP_SP_0_P 0, __FROM_NAME_NOT_IN_BODY 0, __FROM_NOREPLY 0, __FUR_IP_AMAZON 0, __HAS_FROM 0, __HAS_HTML 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __HEADER_ORDER_FROM 0, __HIDDEN_HTML_CONTENT 0, __HIGHBIT_ASCII_MIX 0, __HREF_LABEL_PHISH 0, __HREF_LABEL_TEXT 0, __HTML_AHREF_TAG 0, __HTML_BAD_END 0, __HTML_BAD_START 0, __HTML_HREF_TAG_X2 0, __HTML_TAG_CENTER 0, __HTML_TAG_DIV 0, __HTML_TAG_IMG_X2 0, __HTML_TAG_TABLE 0, __HTTPS_URI 0, __HTTP_IMAGE_TAG 0, __IMG_THEN_TEXT 0, __MIME_BOUND_CHARSET 0, __MIME_HTML 0, __MIME_HTML_ONLY 0, __MIME_TEXT_H 0, __MIME_TEXT_H1 0, __MIME_VERSION 0, __MULTIPLE_URI_HTML 0, __MULTIPLE_URI_TEXT 0, __PHISH_SPEAR_SUBJ_PREDICATE 0, __SANE_MSGID 0, __SPEAR_FROM_NAME 0, __SUBJ_ALPHA_END 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0,
 __URI_ENDS_IN_SLASH 0, __URI_HAS_HYPHEN_USC 0, __URI_IN_BODY 0, __URI_NOT_IMG 0, __URI_NO_MAILTO 0, __URI_NO_WWW 0, __URI_NS , __URI_WITH_PATH 0, __X_MAILER_PHPMAILER 0'
X-PMX-Version: 6.4.9.2830568, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2023.4.10.172716, AntiVirus-Engine: 5.98.0, AntiVirus-Data: 2023.4.10.5980001
X-PMX-Spam: Gauge=IIIIIIII, Probability=8%, Report='
 BODYTEXTH_SIZE_10000_LESS 0, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_2000_2999 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, DATE_TZ_NA 0, DKIM_ALIGNS 0, DKIM_SIGNATURE 0, DQ_S_H 0, ECARD_WORD 0, FROM_NAME_PHRASE 0, HEX28_LC_NOT_GOOGLE 0, HREF_LABEL_TEXT_ONLY 0, HTML_BAD_EXTRAS 0, LIST_HEADER 0, NO_FUR_HEADER 0, SENDER_NO_AUTH 0, SINGLE_HREF_URI_IN_BODY 0, SINGLE_URI_IN_BODY 0, SUSPECTED 0, SUSP_IP_HIST 0, TEXT_DIRECTION 0, TEXT_DIR_LTR_ONLY 0, URI_WITH_PATH_ONLY 0, __AMAZON_PHRASE 0, __ANY_URI 0, __BODY_NO_MAILTO 0, __BODY_TEXT_X4 0, __CP_URI_IN_BODY 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_ALT 0, __DC_PHRASE 0, __DKIM_ALIGNS_1 0, __DKIM_ALIGNS_2 0, __DQ_IP_FSO_LARGE 0, __DQ_S_HIST_1 0, __DQ_S_IP_100K 0, __DQ_S_IP_10K 0, __DQ_S_IP_1MO 0, __DQ_S_IP_2D 0, __DQ_S_IP_MC_1 0, __DQ_S_IP_MC_1_P 0, __DQ_S_IP_RE_100_P 0, __DQ_S_IP_SC_1_P 0,
 __DQ_S_IP_SC_1_P_SP_50_P 0, __DQ_S_IP_SP_10_P 0, __DQ_S_IP_SP_25_P 0, __DQ_S_IP_SP_50_P 0, __DQ_S_IP_SP_5_P 0, __DQ_S_IP_SP_75_P 0, __FRAUD_MONEY_CURRENCY 0, __FRAUD_MONEY_CURRENCY_DOLLAR 0, __FRAUD_PARTNERSHIP 0, __FRAUD_URGENCY 0, __FROM_DOMAIN_NOT_IN_BODY 0, __FROM_NAME_NOT_IN_BODY 0, __GMAIL_HTTPREST 0, __HAS_FROM 0, __HAS_HTML 0, __HAS_MSGID 0, __HAS_SENDER 0, __HEX28_LC_BOUNDARY 0, __HIGHBIT_ASCII_MIX 0, __HREF_LABEL_TEXT 0, __HREF_LABEL_URI 0, __HTML_AHREF_TAG 0, __HTML_ATTR_DIR 0, __HTML_BAD_END 0, __HTML_BAD_START 0, __HTML_DIR_LTR 0, __HTML_TAG_DIV 0, __HTTPS_URI 0, __MIME_HTML 0, __MIME_TEXT_H 0, __MIME_TEXT_H1 0, __MIME_TEXT_H2 0, __MIME_TEXT_P 0, __MIME_TEXT_P1 0, __MIME_TEXT_P2 0, __MIME_VERSION 0, __MSGID_DOMAIN_NOT_IN_HDRS 0, __MULTIPLE_URI_TEXT 0, __OEM_PRICE 0, __RCVD_FROM_SUSP_HOSTNAME 0, __RCVD_GOOGLE_GMAILAPI 0, __RCVD_GOOGLE_IPV6 0, __SANE_MSGID 0,
 __SINGLE_URI_MPART_BOTH 0, __STOCK_PHRASE_7 0, __SUBJ_ALPHA_END 0, __TEXT_DIR_LTR 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0, __URI_IN_BODY 0, __URI_NOT_IMG 0, __URI_NO_MAILTO 0, __URI_NS , __URI_WITH_PATH 0, __X_GM_MESSAGE_STATE 0, __X_GOOGLE_DKIM_SIGNATURE 0, __X_GOOGLE_SMTP_SOURCE 0, __YOUTUBE_RCVD 0'

Describe the solution you'd like The Spam Score being shown

Describe alternatives you've considered Not supporting the header

Additional context Have not yet found a good documentation on what the report numbers mean and how/if the spam probability can be directly calculated from the report...

As one can see, the overall probability score is different than the current score of RSpamD / SpamAssassin etc., it's a percentage probability.