CONFIGURE_FILE(config.h.in src/config.h)
CONFIGURE_FILE(contrib/exim/local_scan.c.in contrib/exim/local_scan_rspamd.c @ONLY)
-CONFIGURE_FILE(rspamd.xml.sample conf/rspamd.xml.sample @ONLY)
+CONFIGURE_FILE(conf/rspamd-basic.xml.in conf/rspamd.xml.sample @ONLY)
######################### LINK SECTION ###############################
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<rspamd>
+<!-- Global section -->
+<lua src="@ETC_PREFIX@/rspamd/lua/rspamd.lua" />
+
+<!-- Options -->
+<options>
+ <!-- Temporary directory -->
+ <tempdir>/tmp</tempdir>
+ <!-- Path to pid file -->
+ <pidfile>/var/run/rspamd/rspamd.pid</pidfile>
+ <!-- Turned on C filters -->
+ <filters>regexp,surbl,chartable,fuzzy_check,spf</filters>
+ <!-- Maximum size of statistics mapped in memory -->
+ <statfile_pool_size>250M</statfile_pool_size>
+ <!-- Raw mode is non-utf mode. In utf mode all messages are converted to utf8 (if possible) -->
+ <raw_mode>no</raw_mode>
+ <!-- Check text attachements as ordinary text parts -->
+ <check_attachements>no</check_attachements>
+ <!-- If a rule has been met several times do not add additional score -->
+ <one_shot>yes</one_shot>
+ <!-- DNS requests global timeout -->
+ <dns_timeout>1s</dns_timeout>
+ <!-- DNS retransmits count -->
+ <dns_retransmits>5</dns_retransmits>
+ <!-- File for saving settings of symbols cache -->
+ <cache_file>/var/run/rspamd/symbols.cache</cache_file>
+</options>
+<!-- End of options section -->
+
+<!-- Logging section -->
+<logging>
+ <level>info</level>
+ <log_urls>yes</log_urls>
+ <type>console</type>
+<!-- Other types
+ <type filename="/var/log/rspamd/rspamd.log">file</type>
+ <type facility="local7">syslog</type>
+-->
+<!-- Selective debug
+ <debug_ip>127.0.0.1</debug_ip>
+ <debug_symbols>SYMBOL1,SYMBOL2</debug_symbols>
+-->
+</logging>
+<!-- End of logging section -->
+
+
+<!-- Metrics section -->
+<metric>
+ <name>default</name>
+
+ <required_score>14.0</required_score>
+ <!-- Sample actions -->
+ <action>reject</action>
+ <action>greylist:4</action>
+ <action>add_header:8</action>
+
+ <!-- Weights for symbols -->
+
+ <!-- Subject is missing inside message -->
+ <symbol weight="2.00" description="Subject is missing inside message">MISSING_SUBJECT</symbol>
+ <!-- Message pretends to be send from Outlook but has 'strange' tags -->
+ <symbol weight="2.10" description="Message pretends to be send from Outlook but has 'strange' tags ">FORGED_OUTLOOK_TAGS</symbol>
+ <!-- Sender is forged (different From: header and smtp MAIL FROM: addresses) -->
+ <symbol weight="5.00" description="Sender is forged (different From: header and smtp MAIL FROM: addresses)">FORGED_SENDER</symbol>
+ <!-- Recipients seems to be autogenerated (works if recipients count is more than 5) -->
+ <symbol weight="3.50" description="Recipients seems to be autogenerated (works if recipients count is more than 5)">SUSPICIOUS_RECIPS</symbol>
+ <!-- Fake reply (has RE in subject, but has not References header) -->
+ <symbol weight="6.00" description="Fake reply (has RE in subject, but has not References header)">FAKE_REPLY_C</symbol>
+ <!-- Messages that have only HTML part -->
+ <symbol weight="1.00" description="Messages that have only HTML part">MIME_HTML_ONLY</symbol>
+ <!-- Forged yahoo msgid -->
+ <symbol weight="2.00" description="Forged yahoo msgid">FORGED_MSGID_YAHOO</symbol>
+ <!-- Forged The Bat! MUA headers -->
+ <symbol weight="2.00" description="Forged The Bat! MUA headers">FORGED_MUA_THEBAT_BOUN</symbol>
+ <!-- Charset is missing in a message -->
+ <symbol weight="5.00" description="Charset is missing in a message">R_MISSING_CHARSET</symbol>
+ <!-- Two received headers with ip addresses -->
+ <symbol weight="2.00" description="Two received headers with ip addresses">RCVD_DOUBLE_IP_SPAM</symbol>
+ <!-- Forged outlook HTML signature -->
+ <symbol weight="5.00" description="Forged outlook HTML signature">FORGED_OUTLOOK_HTML</symbol>
+ <!-- Recipients are absent or undisclosed -->
+ <symbol weight="5.00" description="Recipients are absent or undisclosed">R_UNDISC_RCPT</symbol>
+ <!-- White color on white background in HTML messages -->
+ <symbol weight="9.00" description="White color on white background in HTML messages">R_WHITE_ON_WHITE</symbol>
+ <!-- Short html part with a link to an image -->
+ <symbol weight="3.00" description="Short html part with a link to an image">HTML_SHORT_LINK_IMG_2</symbol>
+ <!-- Forged outlook MUA -->
+ <symbol weight="3.00" description="Forged outlook MUA">FORGED_MUA_OUTLOOK</symbol>
+ <!-- Forged outlook MUA, but from maillist -->
+ <symbol weight="0.00" description="Forged outlook MUA, but from maillist">FORGED_MUA_OUTLOOK_MAILLIST</symbol>
+
+ <!-- Suspicious boundary in header Content-Type -->
+ <symbol weight="5.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY</symbol>
+ <!-- Suspicious boundary in header Content-Type -->
+ <symbol weight="4.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY2</symbol>
+ <!-- Suspicious boundary in header Content-Type -->
+ <symbol weight="3.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY3</symbol>
+ <!-- Suspicious boundary in header Content-Type -->
+ <symbol weight="4.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY4</symbol>
+
+ <!-- Message pretends to be send from The Bat! but has forged Message-ID -->
+ <symbol weight="4.00" description="Message pretends to be send from The Bat! but has forged Message-ID">FORGED_MUA_THEBAT_MSGID</symbol>
+ <!-- Message pretends to be send from The Bat! but has forged Message-ID -->
+ <symbol weight="3.00" description="Message pretends to be send from The Bat! but has forged Message-ID">FORGED_MUA_THEBAT_MSGID_UNKNOWN</symbol>
+
+ <!-- Message pretends to be send from KMail but has forged Message-ID -->
+ <symbol weight="3.00" description="Message pretends to be send from KMail but has forged Message-ID">FORGED_MUA_KMAIL_MSGID</symbol>
+ <!-- Message pretends to be send from KMail but has forged Message-ID -->
+ <symbol weight="2.50" description="Message pretends to be send from KMail but has forged Message-ID">FORGED_MUA_KMAIL_MSGID_UNKNOWN</symbol>
+
+ <!-- Message pretends to be send from Opera Mail but has forged Message-ID -->
+ <symbol weight="4.00" description="Message pretends to be send from Opera Mail but has forged Message-ID">FORGED_MUA_OPERA_MSGID</symbol>
+ <!-- Message pretends to be send from suspicious Opera Mail/10.x (Windows) but has forged Message-ID, apparently from KMail -->
+ <symbol weight="4.00" description="Message pretends to be send from suspicious Opera Mail/10.x (Windows) but has forged Message-ID, apparently from KMail">SUSPICIOUS_OPERA_10W_MSGID</symbol>
+
+ <!-- Message pretends to be send from Mozilla Mail but has forged Message-ID -->
+ <symbol weight="4.00" description="Message pretends to be send from Mozilla Mail but has forged Message-ID">FORGED_MUA_MOZILLA_MAIL_MSGID</symbol>
+ <!-- Message pretends to be send from Mozilla Mail but has forged Message-ID -->
+ <symbol weight="2.50" description="Message pretends to be send from Mozilla Mail but has forged Message-ID">FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN</symbol>
+ <!-- Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID -->
+ <symbol weight="4.00" description="Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID">FORGED_MUA_THUNDERBIRD_MSGID</symbol>
+ <!-- Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID -->
+ <symbol weight="2.50" description="Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID">FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN</symbol>
+ <!-- Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID -->
+ <symbol weight="4.00" description="Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID">FORGED_MUA_SEAMONKEY_MSGID</symbol>
+ <!-- Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID -->
+ <symbol weight="2.50" description="Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID">FORGED_MUA_SEAMONKEY_MSGID_UNKNOWN</symbol>
+
+ <!-- Fake helo for verizon provider -->
+ <symbol weight="2.00" description="Fake helo for verizon provider">FM_FAKE_HELO_VERIZON</symbol>
+ <!--Quoted reply-to from yahoo (seems to be forged) -->
+ <symbol weight="2.00" description="Quoted reply-to from yahoo (seems to be forged)">REPTO_QUOTE_YAHOO</symbol>
+ <!-- Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange) -->
+ <symbol weight="5.00" description="Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange)">MISSING_MIMEOLE</symbol>
+ <!-- To header is missing -->
+ <symbol weight="2.00" description="To header is missing">MISSING_TO</symbol>
+
+ <!-- From that contains encoded characters while base 64 is not needed as all symbols are 7bit -->
+ <symbol weight="1.5" description="From that contains encoded characters while base 64 is not needed as all symbols are 7bit">FROM_EXCESS_BASE64</symbol>
+ <!-- From that contains encoded characters while quoted-printable is not needed as all symbols are 7bit -->
+ <symbol weight="1.2" description="From that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">FROM_EXCESS_QP</symbol>
+ <!-- To that contains encoded characters while base 64 is not needed as all symbols are 7bit -->
+ <symbol weight="1.5" description="To that contains encoded characters while base 64 is not needed as all symbols are 7bit">TO_EXCESS_BASE64</symbol>
+ <!-- To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit -->
+ <symbol weight="1.2" description="To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">TO_EXCESS_QP</symbol>
+ <!-- Reply-To that contains encoded characters while base 64 is not needed as all symbols are 7bit -->
+ <symbol weight="1.5" description="Reply-To that contains encoded characters while base 64 is not needed as all symbols are 7bit">REPLYTO_EXCESS_BASE64</symbol>
+ <!-- Reply-To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit -->
+ <symbol weight="1.2" description="Reply-To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">REPLYTO_EXCESS_QP</symbol>
+ <!-- Cc that contains encoded characters while base 64 is not needed as all symbols are 7bit -->
+ <symbol weight="1.5" description="Cc that contains encoded characters while base 64 is not needed as all symbols are 7bit">CC_EXCESS_BASE64</symbol>
+ <!-- Cc that contains encoded characters while quoted-printable is not needed as all symbols are 7bit -->
+ <symbol weight="1.2" description="Cc that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">CC_EXCESS_QP</symbol>
+
+ <!-- Mixed characters in a message -->
+ <symbol weight="5.00" description="Mixed characters in a message">R_MIXED_CHARSET</symbol>
+ <!-- Recipients list seems to be sorted -->
+ <symbol weight="3.50" description="Recipients list seems to be sorted">SORTED_RECIPS</symbol>
+ <!-- Spambots signatures in received headers -->
+ <symbol weight="3.00" description="Spambots signatures in received headers">R_RCVD_SPAMBOTS</symbol>
+ <!-- To header seems to be autogenerated -->
+ <symbol weight="2.00" description="To header seems to be autogenerated">R_TO_SEEMS_AUTO</symbol>
+ <!-- Subject needs encoding -->
+ <symbol weight="1.00" description="Subject needs encoding">SUBJECT_NEEDS_ENCODING</symbol>
+ <!-- Spam string at the end of message to make statistics faults 0-->
+ <symbol weight="3.84" description="Spam string at the end of message to make statistics faults 0">TRACKER_ID</symbol>
+ <!-- No space in from header -->
+ <symbol weight="1.00" description="No space in from header">R_NO_SPACE_IN_FROM</symbol>
+ <!-- Subject seems to be spam -->
+ <symbol weight="8.00" description="Subject seems to be spam">R_SAJDING</symbol>
+ <!-- Detects bad content-transfer-encoding for text parts -->
+ <symbol weight="3.00" description="Detects bad content-transfer-encoding for text parts">R_BAD_CTE_7BIT</symbol>
+ <!-- Flash redirect on imageshack.us -->
+ <symbol weight="10.00" description="Flash redirect on imageshack.us">R_FLASH_REDIR_IMGSHACK</symbol>
+ <!-- Message id is incorrect -->
+ <symbol weight="5.00" description="Message id is incorrect">INVALID_MSGID</symbol>
+ <!-- Message id is missing -->
+ <symbol weight="3.00" description="Message id is missing ">MISSING_MID</symbol>
+ <!-- Recipients are not the same as RCPT TO: mail command -->
+ <symbol weight="3.00" description="Recipients are not the same as RCPT TO: mail command">FORGED_RECIPIENTS</symbol>
+ <!-- Recipients are not the same as RCPT TO: mail command, but from maillist -->
+ <symbol weight="0.00" description="Recipients are not the same as RCPT TO: mail command, but from maillist">FORGED_RECIPIENTS_MAILLIST</symbol>
+ <!-- Forged Exchange messages -->
+ <symbol weight="2.00" description="Forged Exchange messages ">RATWARE_MS_HASH</symbol>
+ <!-- Reply-type in content-type -->
+ <symbol weight="1.00" description="Reply-type in content-type">STOX_REPLY_TYPE</symbol>
+ <!-- IP in received headers is in PBL -->
+ <symbol weight="3.00" description="IP in received headers is in PBL">R_IP_PBL</symbol>
+ <!-- One received header in a message -->
+ <symbol weight="1.00" description="One received header in a message ">ONCE_RECEIVED</symbol>
+ <!-- One received header with 'bad' patterns inside -->
+ <symbol weight="4.00" description="One received header with 'bad' patterns inside">ONCE_RECEIVED_STRICT</symbol>
+ <!-- Received headers contains addresses from RBL -->
+ <symbol weight="1.00" description="Received headers contains addresses from RBL">RECEIVED_RBL</symbol>
+ <!-- Text and HTML parts differ -->
+ <symbol weight="3.00" description="Text and HTML parts differ">R_PARTS_DIFFER</symbol>
+ <!-- Only Content-Type header without other MIME headers -->
+ <symbol weight="2.00" description="Only Content-Type header without other MIME headers">MIME_HEADER_CTYPE_ONLY</symbol>
+ <!-- Message contains empty parts and image -->
+ <symbol weight="2.00" description="Message contains empty parts and image ">R_EMPTY_IMAGE</symbol>
+
+ <!-- Drugs patterns inside message -->
+ <symbol weight="2.00" description="Drugs patterns inside message">DRUGS_MANYKINDS</symbol>
+ <!-- Specific drugs signatures -->
+ <symbol weight="2.00" description="">DRUGS_ANXIETY</symbol>
+ <symbol weight="2.00" description="">DRUGS_MUSCLE</symbol>
+ <symbol weight="2.00" description="">DRUGS_ANXIETY_EREC</symbol>
+ <symbol weight="2.00" description="">DRUGS_DIET</symbol>
+ <symbol weight="2.00" description="">DRUGS_ERECTILE</symbol>
+
+ <!-- 2 or 3 'advance fee' patterns in a message -->
+ <symbol weight="3.30" description="2 'advance fee' patterns in a message">ADVANCE_FEE_2</symbol>
+ <symbol weight="2.12" description="3 'advance fee' patterns in a message">ADVANCE_FEE_3</symbol>
+
+ <!-- Lotto signatures -->
+ <symbol weight="8.00" description="Lotto signatures">R_LOTTO</symbol>
+
+ <!-- Statistics -->
+ <symbol weight="3.00" description="Message probably spam, probability: ">BAYES_SPAM</symbol>
+ <symbol weight="-3.00" description="Message probably ham, probability: ">BAYES_HAM</symbol>
+
+ <!-- Fuzzy lists example -->
+ <symbol weight="1.00" description="">R_FUZZY</symbol>
+ <symbol weight="1.00" description="">R_FUZZY1</symbol>
+ <symbol weight="1.00" description="">R_FUZZY2</symbol>
+ <symbol weight="1.00" description="">R_FUZZY3</symbol>
+
+ <!-- SPF rules -->
+ <symbol weight="3.00" description="SPF verification failed">R_SPF_FAIL</symbol>
+ <symbol weight="1.00" description="SPF verification soft-failed">R_SPF_SOFTFAIL</symbol>
+ <symbol weight="-3.00" description="SPF verification alowed">R_SPF_ALLOW</symbol>
+
+ <!-- Message seems to be from maillist -->
+ <symbol weight="-2.00" description="Message seems to be from maillist">MAILLIST</symbol>
+
+ <!-- multi.surbl.org lists (more details at http://www.surbl.org) -->
+ <!-- Phishing and malware sites -->
+ <symbol weight="10.50" description="Phishing and malware sites">PH_SURBL_MULTI</symbol>
+ <!-- Outblaze URI Blacklist -->
+ <symbol weight="10.50" description="Outblaze URI Blacklist">OB_SURBL_MULTI</symbol>
+ <!-- AbuseButler web sites -->
+ <symbol weight="10.50" description="AbuseButler web sites">AB_SURBL_MULTI</symbol>
+ <!-- SpamCop web sites -->
+ <symbol weight="10.50" description="SpamCop web sites">SC_SURBL_MULTI</symbol>
+ <!-- jwSpamSpy + Prolocation sites -->
+ <symbol weight="10.50" description="jwSpamSpy + Prolocation sites">JP_SURBL_MULTI</symbol>
+ <!-- sa-blacklist web sites -->
+ <symbol weight="10.50" description="sa-blacklist web sites ">WS_SURBL_MULTI</symbol>
+
+ <!-- rambler.ru uribl -->
+ <symbol weight="12.50" description="rambler.ru uribl">RAMBLER_URIBL</symbol>
+
+ <!-- DBL uribl -->
+ <symbol weight="11.50" description="dbl.spamhaus.org uribl">DBL</symbol>
+
+ <!-- rambler.ru emailbl -->
+ <symbol weight="9.50" description="rambler.ru emailbl">RAMBLER_EMAILBL</symbol>
+
+ <!-- Phished mail -->
+ <symbol weight="5.0" description="Phished mail">PHISHING</symbol>
+
+ <!-- Tabs as delimiters between header names and header values -->
+ <symbol weight="1.0" description="Header From begins with tab">HEADER_FROM_DELIMITER_TAB</symbol>
+ <symbol weight="1.0" description="Header To begins with tab">HEADER_TO_DELIMITER_TAB</symbol>
+ <symbol weight="1.0" description="Header Cc begins with tab">HEADER_CC_DELIMITER_TAB</symbol>
+ <symbol weight="1.0" description="Header Reply-To begins with tab">HEADER_REPLYTO_DELIMITER_TAB</symbol>
+ <symbol weight="1.0" description="Header Date begins with tab">HEADER_DATE_DELIMITER_TAB</symbol>
+
+ <!-- Empty delimiters between header names and header values -->
+ <symbol weight="1.0" description="Header From has no delimiter between header name and header value">HEADER_FROM_EMPTY_DELIMITER</symbol>
+ <symbol weight="1.0" description="Header To has no delimiter between header name and header value">HEADER_TO_EMPTY_DELIMITER</symbol>
+ <symbol weight="1.0" description="Header Cc has no delimiter between header name and header value">HEADER_CC_EMPTY_DELIMITER</symbol>
+ <symbol weight="1.0" description="Header Reply-To has no delimiter between header name and header value">HEADER_REPLYTO_EMPTY_DELIMITER</symbol>
+ <symbol weight="1.0" description="Header Date has no delimiter between header name and header value">HEADER_DATE_EMPTY_DELIMITER</symbol>
+
+ <!-- Received headers -->
+ <symbol weight="4.0" description="Header Received has raw illegal character">RCVD_ILLEGAL_CHARS</symbol>
+ <symbol weight="4.0" description="Fake helo mail.ru in header Received from non mail.ru sender address">FAKE_RECEIVED_mail_ru</symbol>
+ <symbol weight="4.0" description="Fake smtp.yandex.ru Received">FAKE_RECEIVED_smtp_yandex_ru</symbol>
+ <symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED</symbol>
+ <symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED2</symbol>
+ <symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED3</symbol>
+ <symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED4</symbol>
+ <symbol weight="4.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED5</symbol>
+ <symbol weight="3.0" description="Invalid Postfix Received">INVALID_POSTFIX_RECEIVED</symbol>
+ <symbol weight="5.0" description="Invalid Exim Received">INVALID_EXIM_RECEIVED</symbol>
+ <symbol weight="3.0" description="Invalid Exim Received">INVALID_EXIM_RECEIVED2</symbol>
+
+ <!-- Date checks -->
+ <symbol weight="1.5" description="Message date is in future">DATE_IN_FUTURE</symbol>
+ <symbol weight="1.0" description="Message date is in past">DATE_IN_PAST</symbol>
+</metric>
+<!-- End of metrics section -->
+
+<!-- Composites section -->
+<composite name="FORGED_RECIPIENTS_MAILLIST">FORGED_RECIPIENTS & -MAILLIST</composite>
+<composite name="FORGED_MUA_OUTLOOK_MAILLIST">FORGED_MUA_OUTLOOK & -MAILLIST</composite>
+<!-- End of composites section -->
+
+<!-- Workers section -->
+<worker>
+ <type>fuzzy</type>
+ <bind_socket>localhost:11335</bind_socket>
+ <count>1</count>
+ <maxfiles>2048</maxfiles>
+ <maxcore>0</maxcore>
+<!-- Other params -->
+ <hashfile>/var/run/rspamd/fuzzy.db</hashfile>
+ <use_judy>yes</use_judy>
+</worker>
+<worker>
+ <type>controller</type>
+ <bind_socket>localhost:11334</bind_socket>
+ <count>1</count>
+ <maxfiles>2048</maxfiles>
+ <maxcore>0</maxcore>
+<!-- Other params -->
+ <password>q1</password>
+</worker>
+<worker>
+ <type>normal</type>
+ <bind_socket>*:11333</bind_socket>
+ <count>1</count>
+ <maxfiles>2048</maxfiles>
+ <maxcore>0</maxcore>
+<!-- Other params -->
+</worker>
+<!-- End of workers section -->
+
+<!-- Modules section -->
+<!-- fuzzy_check -->
+<module name="fuzzy_check">
+ <servers>localhost:11335</servers>
+ <symbol>R_FUZZY</symbol>
+ <min_bytes>300</min_bytes>
+ <max_score>10</max_score>
+ <mime_types>application/pdf</mime_types>
+ <fuzzy_map>1:R_FUZZY1:10,2:R_FUZZY2:5,3:R_FUZZY3:-2.1</fuzzy_map>
+</module>
+
+
+<!-- forged_recipients -->
+<module name="forged_recipients">
+ <symbol_sender>FORGED_SENDER</symbol_sender>
+ <symbol_rcpt>FORGED_RECIPIENTS</symbol_rcpt>
+</module>
+
+<!-- maillist -->
+<module name="maillist">
+ <symbol>MAILLIST</symbol>
+</module>
+
+<!-- surbl -->
+<module name="surbl">
+ <whitelist>file://@ETC_PREFIX@/rspamd/surbl-whitelist.inc</whitelist>
+ <exceptions>file://@ETC_PREFIX@/rspamd/2tld.inc</exceptions>
+ <bit_64>JP</bit_64>
+ <bit_32>AB</bit_32>
+ <bit_16>OB</bit_16>
+ <bit_8>PH</bit_8>
+ <bit_4>WS</bit_4>
+ <bit_2>SC</bit_2>
+ <suffix_RAMBLER_URIBL>uribl.rambler.ru</suffix_RAMBLER_URIBL>
+ <option name="suffix_%b_SURBL_MULTI">multi.surbl.org</option>
+ <suffix_DBL>dbl.spamhaus.org</suffix_DBL>
+ <options_DBL>noip</options_DBL>
+<!-- Redirector sample setup -->
+<!--
+ <redirector_read_timeout>10s</redirector_read_timeout>
+ <redirector_connect_timeout>1s</redirector_connect_timeout>
+ <redirector>localhost:8080</redirector>
+ -->
+</module>
+
+<!-- received_rbl -->
+<module name="received_rbl">
+ <symbol>RECEIVED_RBL</symbol>
+ <rbl>pbl.spamhaus.org</rbl>
+ <rbl>xbl.spamhaus.org</rbl>
+ <rbl>insecure-bl.rambler.ru</rbl>
+</module>
+
+<!-- whitelist -->
+<!-- Example of using HTTP maps for whitelisting
+<module name="whitelist">
+ <ip_whitelist>http://cebka.pp.ru/stuff/grey_whitelist.conf</ip_whitelist>
+ <symbol_ip>WHITELIST_IP</symbol_ip>
+</module>
+-->
+
+<!-- chartable -->
+<module name="chartable">
+ <threshold>0.1</threshold>
+ <symbol>R_MIXED_CHARSET</symbol>
+</module>
+
+<!-- once_received -->
+<module name="once_received">
+ <good_host>mail</good_host>
+ <bad_host>static</bad_host>
+ <bad_host>dynamic</bad_host>
+ <symbol_strict>ONCE_RECEIVED_STRICT</symbol_strict>
+ <symbol>ONCE_RECEIVED</symbol>
+</module>
+
+<!-- multimap -->
+<module name="multimap">
+<!--
+ <rule>type = header, header = To, pattern = @(.+)>?$, map = file://@ETC_PREFIX@/rspamd/rcpt_test, symbol = R_RCPT_WHITELIST</rule>
+ <rule>type = ip, map = file://@ETC_PREFIX@/rspamd/ip_test, symbol = R_IP_WHITELIST</rule>
+-->
+ <rule>type = dnsbl, map = pbl.spamhaus.org, symbol = R_IP_PBL</rule>
+</module>
+
+<!-- phishing -->
+<module name="phishing">
+ <symbol>PHISHING</symbol>
+ <!-- <domains>file://path/to/domains</domains> -->
+</module>
+
+<!-- Trie module -->
+<!--
+<module name="trie">
+ <option name="rule">TRIE1:bad pattern</option>
+</module>
+-->
+
+<!-- Emails blacklist -->
+<module name="emails">
+ <rule>symbol = RAMBLER_EMAILBL, dnsbl = email-bl.rambler.ru, domain_only = false</rule>
+</module>
+
+<!-- SPF module setup -->
+<module name="spf">
+ <spf_cache_size>2048</spf_cache_size>
+ <spf_cache_expire>1d</spf_cache_expire>
+</module>
+
+
+<!-- End of modules section -->
+
+<!-- Classifiers section -->
+<!--
+<classifier type="winnow">
+ <tokenizer>osb-text</tokenizer>
+ <metric>default</metric>
+ <min_tokens>20</min_tokens>
+ <statfile>
+ <symbol>WINNOW_HAM</symbol>
+ <size>100M</size>
+ <path>/var/run/rspamd/data.ham</path>
+ </statfile>
+ <statfile>
+ <symbol>WINNOW_SPAM</symbol>
+ <size>100M</size>
+ <path>/var/run/rspamd/data.spam</path>
+ </statfile>
+</classifier>
+-->
+<!-- Example of slave
+<classifier type="bayes">
+ <tokenizer>osb-text</tokenizer>
+ <metric>default</metric>
+ <min_tokens>10</min_tokens>
+ <learn_threshold>0.2</learn_threshold>
+ <statfile>
+ <symbol>BAYES_HAM</symbol>
+ <size>10M</size>
+ <path>/var/run/rspamd/bayes_slave.ham</path>
+ <binlog_master>localhost:11334</binlog_master>
+ <binlog>slave</binlog>
+ </statfile>
+ <statfile>
+ <symbol>BAYES_SPAM</symbol>
+ <size>10M</size>
+ <path>/var/run/rspamd/bayes_slave.spam</path>
+ <binlog>slave</binlog>
+ <binlog_master>localhost:11334</binlog_master>
+ </statfile>
+</classifier>
+
+-->
+<classifier type="bayes">
+ <tokenizer>osb-text</tokenizer>
+ <metric>default</metric>
+ <min_tokens>10</min_tokens>
+ <statfile>
+ <symbol>BAYES_HAM</symbol>
+ <size>10M</size>
+ <path>/var/run/rspamd/bayes.ham</path>
+ </statfile>
+ <statfile>
+ <symbol>BAYES_SPAM</symbol>
+ <size>10M</size>
+ <path>/var/run/rspamd/bayes.spam</path>
+ </statfile>
+</classifier>
+
+<!-- End of classifiers section -->
+
+<!-- Modules section -->
+<modules>
+ <path>@ETC_PREFIX@/rspamd/plugins/lua/</path>
+</modules>
+<!-- End of modules section -->
+
+</rspamd>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<rspamd>
-<!-- Global section -->
-<lua src="@ETC_PREFIX@/rspamd/lua/rspamd.lua" />
-
-<!-- Options -->
-<options>
- <!-- Temporary directory -->
- <tempdir>/tmp</tempdir>
- <!-- Path to pid file -->
- <pidfile>/var/run/rspamd/rspamd.pid</pidfile>
- <!-- Turned on C filters -->
- <filters>regexp,surbl,chartable,fuzzy_check,spf</filters>
- <!-- Maximum size of statistics mapped in memory -->
- <statfile_pool_size>250M</statfile_pool_size>
- <!-- Raw mode is non-utf mode. In utf mode all messages are converted to utf8 (if possible) -->
- <raw_mode>yes</raw_mode>
- <!-- Check text attachements as ordinary text parts -->
- <check_attachements>no</check_attachements>
- <!-- If a rule has been met several times do not add additional score -->
- <one_shot>no</one_shot>
- <!-- DNS requests global timeout -->
- <dns_timeout>1s</dns_timeout>
- <!-- DNS retransmits count -->
- <dns_retransmits>5</dns_retransmits>
- <!-- File for saving settings of symbols cache -->
- <cache_file>/var/run/rspamd/symbols.cache</cache_file>
-</options>
-<!-- End of options section -->
-
-<!-- Logging section -->
-<logging>
- <level>info</level>
- <log_urls>yes</log_urls>
- <type>console</type>
-<!-- Other types
- <type filename="/var/log/rspamd/rspamd.log">file</type>
- <type facility="local7">syslog</type>
--->
-<!-- Selective debug
- <debug_ip>127.0.0.1</debug_ip>
- <debug_symbols>SYMBOL1,SYMBOL2</debug_symbols>
--->
-</logging>
-<!-- End of logging section -->
-
-
-<!-- Metrics section -->
-<metric>
- <name>default</name>
- <required_score>10.0</required_score>
- <!-- Sample actions -->
- <action>reject</action>
- <action>greylist:5</action>
- <action>add_header:5</action>
-
- <!-- Weights for symbols -->
-
- <!-- Subject is missing inside message -->
- <symbol weight="2.00" description="Subject is missing inside message">MISSING_SUBJECT</symbol>
- <!-- Message pretends to be send from Outlook but has 'strange' tags -->
- <symbol weight="2.10" description="Message pretends to be send from Outlook but has 'strange' tags ">FORGED_OUTLOOK_TAGS</symbol>
- <!-- Sender is forged (different From: header and smtp MAIL FROM: addresses) -->
- <symbol weight="5.00" description="Sender is forged (different From: header and smtp MAIL FROM: addresses)">FORGED_SENDER</symbol>
- <!-- Recipients seems to be autogenerated (works if recipients count is more than 5) -->
- <symbol weight="3.50" description="Recipients seems to be autogenerated (works if recipients count is more than 5)">SUSPICIOUS_RECIPS</symbol>
- <!-- Fake reply (has RE in subject, but has not References header) -->
- <symbol weight="6.00" description="Fake reply (has RE in subject, but has not References header)">FAKE_REPLY_C</symbol>
- <!-- Messages that have only HTML part -->
- <symbol weight="1.00" description="Messages that have only HTML part">MIME_HTML_ONLY</symbol>
- <!-- Forged yahoo msgid -->
- <symbol weight="2.00" description="Forged yahoo msgid">FORGED_MSGID_YAHOO</symbol>
- <!-- Forged The Bat! MUA headers -->
- <symbol weight="2.00" description="Forged The Bat! MUA headers">FORGED_MUA_THEBAT_BOUN</symbol>
- <!-- Charset is missing in a message -->
- <symbol weight="5.00" description="Charset is missing in a message">R_MISSING_CHARSET</symbol>
- <!-- Two received headers with ip addresses -->
- <symbol weight="2.00" description="Two received headers with ip addresses">RCVD_DOUBLE_IP_SPAM</symbol>
- <!-- Forged outlook HTML signature -->
- <symbol weight="5.00" description="Forged outlook HTML signature">FORGED_OUTLOOK_HTML</symbol>
- <!-- Recipients are absent or undisclosed -->
- <symbol weight="5.00" description="Recipients are absent or undisclosed">R_UNDISC_RCPT</symbol>
- <!-- White color on white background in HTML messages -->
- <symbol weight="9.00" description="White color on white background in HTML messages">R_WHITE_ON_WHITE</symbol>
- <!-- Short html part with a link to an image -->
- <symbol weight="3.00" description="Short html part with a link to an image">HTML_SHORT_LINK_IMG_2</symbol>
- <!-- Forged outlook MUA -->
- <symbol weight="3.00" description="Forged outlook MUA">FORGED_MUA_OUTLOOK</symbol>
- <!-- Forged outlook MUA, but from maillist -->
- <symbol weight="0.00" description="Forged outlook MUA, but from maillist">FORGED_MUA_OUTLOOK_MAILLIST</symbol>
-
- <!-- Suspicious boundary in header Content-Type -->
- <symbol weight="5.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY</symbol>
- <!-- Suspicious boundary in header Content-Type -->
- <symbol weight="4.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY2</symbol>
- <!-- Suspicious boundary in header Content-Type -->
- <symbol weight="3.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY3</symbol>
- <!-- Suspicious boundary in header Content-Type -->
- <symbol weight="4.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY4</symbol>
-
- <!-- Message pretends to be send from The Bat! but has forged Message-ID -->
- <symbol weight="4.00" description="Message pretends to be send from The Bat! but has forged Message-ID">FORGED_MUA_THEBAT_MSGID</symbol>
- <!-- Message pretends to be send from The Bat! but has forged Message-ID -->
- <symbol weight="3.00" description="Message pretends to be send from The Bat! but has forged Message-ID">FORGED_MUA_THEBAT_MSGID_UNKNOWN</symbol>
-
- <!-- Message pretends to be send from KMail but has forged Message-ID -->
- <symbol weight="3.00" description="Message pretends to be send from KMail but has forged Message-ID">FORGED_MUA_KMAIL_MSGID</symbol>
- <!-- Message pretends to be send from KMail but has forged Message-ID -->
- <symbol weight="2.50" description="Message pretends to be send from KMail but has forged Message-ID">FORGED_MUA_KMAIL_MSGID_UNKNOWN</symbol>
-
- <!-- Message pretends to be send from Opera Mail but has forged Message-ID -->
- <symbol weight="4.00" description="Message pretends to be send from Opera Mail but has forged Message-ID">FORGED_MUA_OPERA_MSGID</symbol>
- <!-- Message pretends to be send from suspicious Opera Mail/10.x (Windows) but has forged Message-ID, apparently from KMail -->
- <symbol weight="4.00" description="Message pretends to be send from suspicious Opera Mail/10.x (Windows) but has forged Message-ID, apparently from KMail">SUSPICIOUS_OPERA_10W_MSGID</symbol>
-
- <!-- Message pretends to be send from Mozilla Mail but has forged Message-ID -->
- <symbol weight="4.00" description="Message pretends to be send from Mozilla Mail but has forged Message-ID">FORGED_MUA_MOZILLA_MAIL_MSGID</symbol>
- <!-- Message pretends to be send from Mozilla Mail but has forged Message-ID -->
- <symbol weight="2.50" description="Message pretends to be send from Mozilla Mail but has forged Message-ID">FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN</symbol>
- <!-- Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID -->
- <symbol weight="4.00" description="Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID">FORGED_MUA_THUNDERBIRD_MSGID</symbol>
- <!-- Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID -->
- <symbol weight="2.50" description="Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID">FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN</symbol>
- <!-- Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID -->
- <symbol weight="4.00" description="Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID">FORGED_MUA_SEAMONKEY_MSGID</symbol>
- <!-- Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID -->
- <symbol weight="2.50" description="Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID">FORGED_MUA_SEAMONKEY_MSGID_UNKNOWN</symbol>
-
- <!-- Fake helo for verizon provider -->
- <symbol weight="2.00" description="Fake helo for verizon provider">FM_FAKE_HELO_VERIZON</symbol>
- <!--Quoted reply-to from yahoo (seems to be forged) -->
- <symbol weight="2.00" description="Quoted reply-to from yahoo (seems to be forged)">REPTO_QUOTE_YAHOO</symbol>
- <!-- Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange) -->
- <symbol weight="5.00" description="Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange)">MISSING_MIMEOLE</symbol>
- <!-- To header is missing -->
- <symbol weight="2.00" description="To header is missing">MISSING_TO</symbol>
-
- <!-- From that contains encoded characters while base 64 is not needed as all symbols are 7bit -->
- <symbol weight="1.5" description="From that contains encoded characters while base 64 is not needed as all symbols are 7bit">FROM_EXCESS_BASE64</symbol>
- <!-- From that contains encoded characters while quoted-printable is not needed as all symbols are 7bit -->
- <symbol weight="1.2" description="From that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">FROM_EXCESS_QP</symbol>
- <!-- To that contains encoded characters while base 64 is not needed as all symbols are 7bit -->
- <symbol weight="1.5" description="To that contains encoded characters while base 64 is not needed as all symbols are 7bit">TO_EXCESS_BASE64</symbol>
- <!-- To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit -->
- <symbol weight="1.2" description="To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">TO_EXCESS_QP</symbol>
- <!-- Reply-To that contains encoded characters while base 64 is not needed as all symbols are 7bit -->
- <symbol weight="1.5" description="Reply-To that contains encoded characters while base 64 is not needed as all symbols are 7bit">REPLYTO_EXCESS_BASE64</symbol>
- <!-- Reply-To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit -->
- <symbol weight="1.2" description="Reply-To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">REPLYTO_EXCESS_QP</symbol>
- <!-- Cc that contains encoded characters while base 64 is not needed as all symbols are 7bit -->
- <symbol weight="1.5" description="Cc that contains encoded characters while base 64 is not needed as all symbols are 7bit">CC_EXCESS_BASE64</symbol>
- <!-- Cc that contains encoded characters while quoted-printable is not needed as all symbols are 7bit -->
- <symbol weight="1.2" description="Cc that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">CC_EXCESS_QP</symbol>
-
- <!-- Mixed characters in a message -->
- <symbol weight="5.00" description="Mixed characters in a message">R_MIXED_CHARSET</symbol>
- <!-- Recipients list seems to be sorted -->
- <symbol weight="3.50" description="Recipients list seems to be sorted">SORTED_RECIPS</symbol>
- <!-- Spambots signatures in received headers -->
- <symbol weight="3.00" description="Spambots signatures in received headers">R_RCVD_SPAMBOTS</symbol>
- <!-- To header seems to be autogenerated -->
- <symbol weight="2.00" description="To header seems to be autogenerated">R_TO_SEEMS_AUTO</symbol>
- <!-- Subject needs encoding -->
- <symbol weight="1.00" description="Subject needs encoding">SUBJECT_NEEDS_ENCODING</symbol>
- <!-- Spam string at the end of message to make statistics faults 0-->
- <symbol weight="3.84" description="Spam string at the end of message to make statistics faults 0">TRACKER_ID</symbol>
- <!-- No space in from header -->
- <symbol weight="1.00" description="No space in from header">R_NO_SPACE_IN_FROM</symbol>
- <!-- Subject seems to be spam -->
- <symbol weight="8.00" description="Subject seems to be spam">R_SAJDING</symbol>
- <!-- Detects bad content-transfer-encoding for text parts -->
- <symbol weight="3.00" description="Detects bad content-transfer-encoding for text parts">R_BAD_CTE_7BIT</symbol>
- <!-- Flash redirect on imageshack.us -->
- <symbol weight="10.00" description="Flash redirect on imageshack.us">R_FLASH_REDIR_IMGSHACK</symbol>
- <!-- Message id is incorrect -->
- <symbol weight="5.00" description="Message id is incorrect">INVALID_MSGID</symbol>
- <!-- Message id is missing -->
- <symbol weight="3.00" description="Message id is missing ">MISSING_MID</symbol>
- <!-- Recipients are not the same as RCPT TO: mail command -->
- <symbol weight="3.00" description="Recipients are not the same as RCPT TO: mail command">FORGED_RECIPIENTS</symbol>
- <!-- Recipients are not the same as RCPT TO: mail command, but from maillist -->
- <symbol weight="0.00" description="Recipients are not the same as RCPT TO: mail command, but from maillist">FORGED_RECIPIENTS_MAILLIST</symbol>
- <!-- Forged Exchange messages -->
- <symbol weight="2.00" description="Forged Exchange messages ">RATWARE_MS_HASH</symbol>
- <!-- Reply-type in content-type -->
- <symbol weight="1.00" description="Reply-type in content-type">STOX_REPLY_TYPE</symbol>
- <!-- IP in received headers is in PBL -->
- <symbol weight="3.00" description="IP in received headers is in PBL">R_IP_PBL</symbol>
- <!-- One received header in a message -->
- <symbol weight="1.00" description="One received header in a message ">ONCE_RECEIVED</symbol>
- <!-- One received header with 'bad' patterns inside -->
- <symbol weight="4.00" description="One received header with 'bad' patterns inside">ONCE_RECEIVED_STRICT</symbol>
- <!-- Received headers contains addresses from RBL -->
- <symbol weight="1.00" description="Received headers contains addresses from RBL">RECEIVED_RBL</symbol>
- <!-- Text and HTML parts differ -->
- <symbol weight="3.00" description="Text and HTML parts differ">R_PARTS_DIFFER</symbol>
- <!-- Only Content-Type header without other MIME headers -->
- <symbol weight="2.00" description="Only Content-Type header without other MIME headers">MIME_HEADER_CTYPE_ONLY</symbol>
- <!-- Message contains empty parts and image -->
- <symbol weight="2.00" description="Message contains empty parts and image ">R_EMPTY_IMAGE</symbol>
-
- <!-- Drugs patterns inside message -->
- <symbol weight="2.00" description="Drugs patterns inside message">DRUGS_MANYKINDS</symbol>
- <!-- Specific drugs signatures -->
- <symbol weight="2.00" description="">DRUGS_ANXIETY</symbol>
- <symbol weight="2.00" description="">DRUGS_MUSCLE</symbol>
- <symbol weight="2.00" description="">DRUGS_ANXIETY_EREC</symbol>
- <symbol weight="2.00" description="">DRUGS_DIET</symbol>
- <symbol weight="2.00" description="">DRUGS_ERECTILE</symbol>
-
- <!-- 2 or 3 'advance fee' patterns in a message -->
- <symbol weight="3.30" description="2 'advance fee' patterns in a message">ADVANCE_FEE_2</symbol>
- <symbol weight="2.12" description="3 'advance fee' patterns in a message">ADVANCE_FEE_3</symbol>
-
- <!-- Lotto signatures -->
- <symbol weight="8.00" description="Lotto signatures">R_LOTTO</symbol>
-
- <!-- Statistics -->
- <symbol weight="3.00" description="Message probably spam, probability: ">BAYES_SPAM</symbol>
- <symbol weight="-3.00" description="Message probably ham, probability: ">BAYES_HAM</symbol>
-
- <!-- Fuzzy lists example -->
- <symbol weight="1.00" description="">R_FUZZY</symbol>
- <symbol weight="1.00" description="">R_FUZZY1</symbol>
- <symbol weight="1.00" description="">R_FUZZY2</symbol>
- <symbol weight="1.00" description="">R_FUZZY3</symbol>
-
- <!-- SPF rules -->
- <symbol weight="3.00" description="SPF verification failed">R_SPF_FAIL</symbol>
- <symbol weight="1.00" description="SPF verification soft-failed">R_SPF_SOFTFAIL</symbol>
- <symbol weight="-3.00" description="SPF verification alowed">R_SPF_ALLOW</symbol>
-
- <!-- Message seems to be from maillist -->
- <symbol weight="-2.00" description="Message seems to be from maillist">MAILLIST</symbol>
-
- <!-- multi.surbl.org lists (more details at http://www.surbl.org) -->
- <!-- Phishing and malware sites -->
- <symbol weight="5.50" description="Phishing and malware sites">PH_SURBL_MULTI</symbol>
- <!-- Outblaze URI Blacklist -->
- <symbol weight="5.50" description="Outblaze URI Blacklist">OB_SURBL_MULTI</symbol>
- <!-- AbuseButler web sites -->
- <symbol weight="5.50" description="AbuseButler web sites">AB_SURBL_MULTI</symbol>
- <!-- SpamCop web sites -->
- <symbol weight="5.50" description="SpamCop web sites">SC_SURBL_MULTI</symbol>
- <!-- jwSpamSpy + Prolocation sites -->
- <symbol weight="5.50" description="jwSpamSpy + Prolocation sites">JP_SURBL_MULTI</symbol>
- <!-- sa-blacklist web sites -->
- <symbol weight="5.50" description="sa-blacklist web sites ">WS_SURBL_MULTI</symbol>
-
- <!-- rambler.ru uribl -->
- <symbol weight="9.50" description="rambler.ru uribl">RAMBLER_URIBL</symbol>
-
- <!-- rambler.ru emailbl -->
- <symbol weight="9.50" description="rambler.ru emailbl">RAMBLER_EMAILBL</symbol>
-
- <!-- Phished mail -->
- <symbol weight="5.0" description="Phished mail">PHISHING</symbol>
-
- <!-- Tabs as delimiters between header names and header values -->
- <symbol weight="1.0" description="Header From begins with tab">HEADER_FROM_DELIMITER_TAB</symbol>
- <symbol weight="1.0" description="Header To begins with tab">HEADER_TO_DELIMITER_TAB</symbol>
- <symbol weight="1.0" description="Header Cc begins with tab">HEADER_CC_DELIMITER_TAB</symbol>
- <symbol weight="1.0" description="Header Reply-To begins with tab">HEADER_REPLYTO_DELIMITER_TAB</symbol>
- <symbol weight="1.0" description="Header Date begins with tab">HEADER_DATE_DELIMITER_TAB</symbol>
-
- <!-- Empty delimiters between header names and header values -->
- <symbol weight="1.0" description="Header From has no delimiter between header name and header value">HEADER_FROM_EMPTY_DELIMITER</symbol>
- <symbol weight="1.0" description="Header To has no delimiter between header name and header value">HEADER_TO_EMPTY_DELIMITER</symbol>
- <symbol weight="1.0" description="Header Cc has no delimiter between header name and header value">HEADER_CC_EMPTY_DELIMITER</symbol>
- <symbol weight="1.0" description="Header Reply-To has no delimiter between header name and header value">HEADER_REPLYTO_EMPTY_DELIMITER</symbol>
- <symbol weight="1.0" description="Header Date has no delimiter between header name and header value">HEADER_DATE_EMPTY_DELIMITER</symbol>
-
- <!-- Received headers -->
- <symbol weight="4.0" description="Header Received has raw illegal character">RCVD_ILLEGAL_CHARS</symbol>
- <symbol weight="4.0" description="Fake helo mail.ru in header Received from non mail.ru sender address">FAKE_RECEIVED_mail_ru</symbol>
- <symbol weight="4.0" description="Fake smtp.yandex.ru Received">FAKE_RECEIVED_smtp_yandex_ru</symbol>
- <symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED</symbol>
- <symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED2</symbol>
- <symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED3</symbol>
- <symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED4</symbol>
- <symbol weight="4.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED5</symbol>
- <symbol weight="3.0" description="Invalid Postfix Received">INVALID_POSTFIX_RECEIVED</symbol>
- <symbol weight="5.0" description="Invalid Exim Received">INVALID_EXIM_RECEIVED</symbol>
- <symbol weight="3.0" description="Invalid Exim Received">INVALID_EXIM_RECEIVED2</symbol>
-
- <!-- Date checks -->
- <symbol weight="1.5" description="Message date is in future">DATE_IN_FUTURE</symbol>
- <symbol weight="1.0" description="Message date is in past">DATE_IN_PAST</symbol>
-</metric>
-<!-- End of metrics section -->
-
-<!-- Composites section -->
-<composite name="FORGED_RECIPIENTS_MAILLIST">FORGED_RECIPIENTS & -MAILLIST</composite>
-<composite name="FORGED_MUA_OUTLOOK_MAILLIST">FORGED_MUA_OUTLOOK & -MAILLIST</composite>
-<!-- End of composites section -->
-
-<!-- Workers section -->
-<worker>
- <type>fuzzy</type>
- <bind_socket>localhost:11335</bind_socket>
- <count>1</count>
- <maxfiles>2048</maxfiles>
- <maxcore>0</maxcore>
-<!-- Other params -->
- <hashfile>/tmp/fuzzy.db</hashfile>
- <use_judy>yes</use_judy>
-</worker>
-<worker>
- <type>controller</type>
- <bind_socket>localhost:11334</bind_socket>
- <count>1</count>
- <maxfiles>2048</maxfiles>
- <maxcore>0</maxcore>
-<!-- Other params -->
- <password>q1</password>
-</worker>
-<worker>
- <type>normal</type>
- <bind_socket>*:11333</bind_socket>
- <count>1</count>
- <maxfiles>2048</maxfiles>
- <maxcore>0</maxcore>
-<!-- Other params -->
-</worker>
-<!-- End of workers section -->
-
-<!-- Modules section -->
-<!-- fuzzy_check -->
-<module name="fuzzy_check">
- <servers>localhost:11335</servers>
- <symbol>R_FUZZY</symbol>
- <min_bytes>300</min_bytes>
- <max_score>10</max_score>
- <mime_types>application/pdf</mime_types>
- <fuzzy_map>1:R_FUZZY1:10,2:R_FUZZY2:5,3:R_FUZZY3:-2.1</fuzzy_map>
-</module>
-
-
-<!-- forged_recipients -->
-<module name="forged_recipients">
- <symbol_sender>FORGED_SENDER</symbol_sender>
- <symbol_rcpt>FORGED_RECIPIENTS</symbol_rcpt>
-</module>
-
-<!-- maillist -->
-<module name="maillist">
- <symbol>MAILLIST</symbol>
-</module>
-
-<!-- surbl -->
-<module name="surbl">
- <whitelist>file://@ETC_PREFIX@/rspamd/surbl-whitelist.inc</whitelist>
- <exceptions>file://@ETC_PREFIX@/rspamd/2tld.inc</exceptions>
- <bit_64>JP</bit_64>
- <bit_32>AB</bit_32>
- <bit_16>OB</bit_16>
- <bit_8>PH</bit_8>
- <bit_4>WS</bit_4>
- <bit_2>SC</bit_2>
- <suffix_RAMBLER_URIBL>uribl.rambler.ru</suffix_RAMBLER_URIBL>
- <option name="suffix_%b_SURBL_MULTI">multi.surbl.org</option>
- <redirector_read_timeout>10s</redirector_read_timeout>
- <redirector_connect_timeout>1s</redirector_connect_timeout>
- <redirector>localhost:8080</redirector>
-</module>
-
-<!-- received_rbl -->
-<module name="received_rbl">
- <symbol>RECEIVED_RBL</symbol>
- <rbl>pbl.spamhaus.org</rbl>
- <rbl>xbl.spamhaus.org</rbl>
- <rbl>insecure-bl.rambler.ru</rbl>
-</module>
-
-<!-- whitelist -->
-<!-- Example of using HTTP maps for whitelisting
-<module name="whitelist">
- <ip_whitelist>http://cebka.pp.ru/stuff/grey_whitelist.conf</ip_whitelist>
- <symbol_ip>WHITELIST_IP</symbol_ip>
-</module>
--->
-
-<!-- chartable -->
-<module name="chartable">
- <threshold>0.1</threshold>
- <symbol>R_MIXED_CHARSET</symbol>
-</module>
-
-<!-- once_received -->
-<module name="once_received">
- <good_host>mail</good_host>
- <bad_host>static</bad_host>
- <bad_host>dynamic</bad_host>
- <symbol_strict>ONCE_RECEIVED_STRICT</symbol_strict>
- <symbol>ONCE_RECEIVED</symbol>
-</module>
-
-<!-- multimap -->
-<module name="multimap">
-<!--
- <rule>type = header, header = To, pattern = @(.+)>?$, map = file://@ETC_PREFIX@/rspamd/rcpt_test, symbol = R_RCPT_WHITELIST</rule>
- <rule>type = ip, map = file://@ETC_PREFIX@/rspamd/ip_test, symbol = R_IP_WHITELIST</rule>
--->
- <rule>type = dnsbl, map = pbl.spamhaus.org, symbol = R_IP_PBL</rule>
-</module>
-
-<!-- phishing -->
-<module name="phishing">
- <symbol>PHISHING</symbol>
- <!-- <domains>file://path/to/domains</domains> -->
-</module>
-
-<!-- Trie module -->
-<!--
-<module name="trie">
- <option name="rule">TRIE1:bad pattern</option>
-</module>
--->
-
-<!-- Emails blacklist -->
-<module name="emails">
- <option name="rule">symbol = RAMBLER_EMAILBL, dnsbl = email-bl.rambler.ru, domain_only = false</option>
- <!--
- <option name="rule">symbol = R_BAD_EMAIL1, map = file:///tmp/emails.list, domain_only = true</option>
- -->
-</module>
-
-
-<!-- End of modules section -->
-
-<!-- Classifiers section -->
-<!--
-<classifier type="winnow">
- <tokenizer>osb-text</tokenizer>
- <metric>default</metric>
- <min_tokens>20</min_tokens>
- <statfile>
- <symbol>WINNOW_HAM</symbol>
- <size>100M</size>
- <path>/var/run/rspamd/data.ham</path>
- </statfile>
- <statfile>
- <symbol>WINNOW_SPAM</symbol>
- <size>100M</size>
- <path>/var/run/rspamd/data.spam</path>
- </statfile>
-</classifier>
--->
-<!-- Example of slave
-<classifier type="bayes">
- <tokenizer>osb-text</tokenizer>
- <metric>default</metric>
- <min_tokens>10</min_tokens>
- <learn_threshold>0.2</learn_threshold>
- <statfile>
- <symbol>BAYES_HAM</symbol>
- <size>10M</size>
- <path>/var/run/rspamd/bayes_slave.ham</path>
- <binlog_master>localhost:11334</binlog_master>
- <binlog>slave</binlog>
- </statfile>
- <statfile>
- <symbol>BAYES_SPAM</symbol>
- <size>10M</size>
- <path>/var/run/rspamd/bayes_slave.spam</path>
- <binlog>slave</binlog>
- <binlog_master>localhost:11334</binlog_master>
- </statfile>
-</classifier>
-
--->
-<classifier type="bayes">
- <tokenizer>osb-text</tokenizer>
- <metric>default</metric>
- <min_tokens>10</min_tokens>
- <statfile>
- <symbol>BAYES_HAM</symbol>
- <size>10M</size>
- <path>/var/run/rspamd/bayes.ham</path>
- <binlog>master</binlog>
- </statfile>
- <statfile>
- <symbol>BAYES_SPAM</symbol>
- <size>10M</size>
- <path>/var/run/rspamd/bayes.spam</path>
- <binlog>master</binlog>
- </statfile>
-</classifier>
-
-<!-- End of classifiers section -->
-
-<!-- Modules section -->
-<modules>
- <path>@ETC_PREFIX@/rspamd/plugins/lua/</path>
-</modules>
-<!-- End of modules section -->
-
-</rspamd>
projects / rspamd.git / commitdiff