# Data Loss Prevention (DLP) rules for Rspamd

# IBAN patterns (Italian and international)
/IT[0-9]{2}[A-Z][0-9]{10}[0-9A-Z]{12}/i
/[A-Z]{2}[0-9]{2}[A-Z0-9]{11,30}/i

# Credit card patterns (Visa, Mastercard, Amex, Discover)
/\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|6(?:011|5[0-9]{2})[0-9]{12})\b/

# Italian Tax Code (Codice Fiscale)
/\b[A-Z]{6}[0-9]{2}[A-Z][0-9]{2}[A-Z][0-9]{3}[A-Z]\b/

# Italian VAT (Partita IVA)
/\b[0-9]{11}\b/

# Social Security Numbers (US format)
/\b[0-9]{3}-[0-9]{2}-[0-9]{4}\b/

# Email addresses (potential data leak)
/\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/

# IP addresses (internal network ranges)
/\b(?:10\.|172\.(?:1[6-9]|2[0-9]|3[01])\.|192\.168\.)[0-9]{1,3}\.[0-9]{1,3}\b/

# Passport numbers (various formats)
/\b[A-Z]{1,2}[0-9]{6,9}\b/

# Phone numbers (international format)
/\+[0-9]{1,3}[\s.-]?[0-9]{6,14}\b/

# Database connection strings
/(?:mongodb|mysql|postgresql|mssql):\/\/[^;,\s]+/i
/(?:Server|Data Source|Host)=.+?(?:Database|Initial Catalog)=.+?(?:User|UID|Username)=.+?(?:Password|PWD)=.+?[;\s]/i

# AWS Access Keys
/AKIA[0-9A-Z]{16}/

# Generic API keys and tokens
/(?:api[_-]?key|apikey|access[_-]?token|auth[_-]?token|secret[_-]?key)[\s:=]["']?[A-Za-z0-9_\-]{20,}/i

# Private keys
/-----BEGIN (?:RSA |EC |OPENSSH |DSA )?PRIVATE KEY-----/

# Bearer tokens
/Bearer\s+[A-Za-z0-9\-._~+\/]+=*/i

# Confidential markings
/\b(?:riservato|confidential|classified|secret|top[\s-]?secret|interno|private|restricted)\b/i

# Salary and financial data
/\b(?:salary|stipendio|compenso|retribuzione)[\s:=]+(?:EUR|USD|€|\$)?\s*[0-9]{3,}/i

# Medical/Health data indicators
/\b(?:diagnosis|malattia|patologia|terapia|farmaco|prescrizione|cartella[\s-]?clinica|medical[\s-]?record)\b/i