mirror of
https://github.com/rspamd/rspamd.git
synced 2024-09-13 15:45:47 +02:00
392 lines
8.8 KiB
Plaintext
392 lines
8.8 KiB
Plaintext
antivirus {
|
|
clam {
|
|
attachments_only = false;
|
|
symbol = "CLAM_VIRUS";
|
|
type = "clamav";
|
|
servers = "127.0.0.1:{= env.PORT_CLAM =}";
|
|
}
|
|
fprot {
|
|
attachments_only = false;
|
|
symbol = "FPROT_VIRUS";
|
|
type = "fprot";
|
|
servers = "127.0.0.1:{= env.PORT_FPROT =}";
|
|
patterns {
|
|
FPROT_EICAR = "^EICAR_Test_File$";
|
|
}
|
|
}
|
|
fprot_duplicate {
|
|
prefix = "fp_dupe";
|
|
attachments_only = false;
|
|
symbol = "FPROT2_VIRUS_DUPLICATE_DEFAULT";
|
|
type = "fprot";
|
|
servers = "127.0.0.1:{= env.PORT_FPROT2_DUPLICATE =}";
|
|
patterns = [
|
|
{FPROT2_VIRUS_DUPLICATE_PATTERN = "^E"},
|
|
{FPROT2_VIRUS_DUPLICATE_NOPE1 = "^EI",
|
|
FPROT2_VIRUS_DUPLICATE_NOPE2 = "^EIC",
|
|
FPROT2_VIRUS_DUPLICATE_NOPE3 = "^EICA",
|
|
FPROT2_VIRUS_DUPLICATE_NOPE4 = "^EICAR",
|
|
FPROT2_VIRUS_DUPLICATE_NOPE5 = "^EICAR_"}
|
|
];
|
|
}
|
|
avast {
|
|
attachments_only = false;
|
|
symbol = "AVAST_VIRUS";
|
|
type = "avast";
|
|
servers = "127.0.0.1:{= env.PORT_AVAST =}";
|
|
}
|
|
}
|
|
|
|
multimap {
|
|
DNSBL_MAP {
|
|
type = "dnsbl";
|
|
map = "rspamd.com";
|
|
}
|
|
IP_MAP {
|
|
type = "ip";
|
|
map = "{= env.TESTDIR =}/configs/maps/ip.list";
|
|
}
|
|
FROM_MAP {
|
|
type = "from";
|
|
filter = "email:domain";
|
|
map = "{= env.TESTDIR =}/configs/maps/domains.list";
|
|
}
|
|
FREEMAIL_CC {
|
|
type = "header";
|
|
header = "Cc";
|
|
filter = "email:domain";
|
|
map = "{= env.TESTDIR =}/configs/maps/domains.list.2";
|
|
score = 1.0;
|
|
}
|
|
REGEXP_MAP {
|
|
type = "from";
|
|
filter = "email:addr";
|
|
regexp = true;
|
|
map = "{= env.TESTDIR =}/configs/maps/regexp.list";
|
|
}
|
|
DEPS_MAP {
|
|
type = "from";
|
|
filter = "email:addr";
|
|
regexp = true;
|
|
map = "{= env.TESTDIR =}/configs/maps/regexp.list";
|
|
require_symbols = "(R_SPF_ALLOW|R_SPF_DNSFAIL) & REGEXP_MAP & !FROM_MAP";
|
|
}
|
|
RCPT_DOMAIN {
|
|
type = "rcpt";
|
|
filter = "email:domain";
|
|
map = "{= env.TESTDIR =}/configs/maps/domains.list";
|
|
}
|
|
RCPT_USER {
|
|
type = "rcpt";
|
|
filter = "email:user";
|
|
map = "{= env.TESTDIR =}/configs/maps/users.list";
|
|
}
|
|
RCPT_MAP {
|
|
type = "rcpt";
|
|
filter = "email:addr";
|
|
symbols = ["SYM1"];
|
|
map = "{= env.TESTDIR =}/configs/maps/multiple.list";
|
|
score = 1.0;
|
|
}
|
|
RCPT_MAP_NOMULTISYM {
|
|
type = "rcpt";
|
|
filter = "email:addr";
|
|
disable_multisymbol = true;
|
|
map = "{= env.TESTDIR =}/configs/maps/multiple.list";
|
|
score = 1.0;
|
|
}
|
|
HEADER_MAP {
|
|
type = "header";
|
|
header = "To";
|
|
filter = "email:name";
|
|
map = "{= env.TESTDIR =}/configs/maps/utf.list";
|
|
regexp = true;
|
|
}
|
|
HOSTNAME_MAP {
|
|
type = "hostname";
|
|
map = "{= env.TESTDIR =}/configs/maps/domains.list";
|
|
}
|
|
HOSTNAME_TOP_MAP {
|
|
type = "hostname";
|
|
filter = "top";
|
|
map = "{= env.TESTDIR =}/configs/maps/top.list";
|
|
}
|
|
CDB_HOSTNAME {
|
|
type = "hostname";
|
|
map = "cdb://{= env.TESTDIR =}/configs/maps/domains.cdb";
|
|
}
|
|
REDIS_HOSTNAME {
|
|
type = "hostname";
|
|
map = "redis://hostname";
|
|
}
|
|
REDIS_HOSTNAME_EXPANSION {
|
|
type = "hostname";
|
|
map = "redis://${ip}.${principal_recipient_domain}";
|
|
}
|
|
REDIS_IPADDR {
|
|
type = "ip";
|
|
map = "redis://ipaddr";
|
|
}
|
|
REDIS_FROMADDR {
|
|
type = "from";
|
|
filter = "email:addr";
|
|
map = "redis://emailaddr";
|
|
}
|
|
REDIS_URL_TLD {
|
|
type = "url";
|
|
map = "redis://hostname";
|
|
filter = "tld";
|
|
}
|
|
REDIS_URL_RE_FULL {
|
|
type = "url";
|
|
map = "redis://fullurlre";
|
|
filter = "full:regexp:/(html)$/";
|
|
}
|
|
REDIS_URL_FULL {
|
|
type = "url";
|
|
map = "redis://fullurl";
|
|
filter = "full";
|
|
}
|
|
REDIS_URL_PHISHED {
|
|
type = "url";
|
|
map = "redis://phishedurl";
|
|
filter = "is_phished";
|
|
}
|
|
REDIS_URL_RE_TLD {
|
|
type = "url";
|
|
map = "redis://tldre";
|
|
filter = "tld:regexp:/(net)$/";
|
|
}
|
|
REDIS_URL_RE_PLAIN {
|
|
type = "url";
|
|
map = "redis://urlre";
|
|
filter = "regexp:/^(www)/";
|
|
}
|
|
REDIS_URL_NOFILTER {
|
|
type = "url";
|
|
map = "redis://urlnofilter";
|
|
}
|
|
REDIS_COUNTRY {
|
|
type = "country";
|
|
map = "redis://cc";
|
|
}
|
|
REDIS_ASN {
|
|
type = "asn";
|
|
map = "redis://asn";
|
|
}
|
|
REDIS_ASN_FILTERED {
|
|
type = "mempool";
|
|
variable = "asn";
|
|
map = "redis://asn";
|
|
filter = "regexp:/^([0-9]).*/";
|
|
}
|
|
RCVD_TEST_01 {
|
|
type = "received";
|
|
max_pos = 1;
|
|
map = "{= env.TESTDIR =}/configs/maps/rcvd.list";
|
|
}
|
|
RCVD_TEST_02 {
|
|
type = "received";
|
|
min_pos = -1;
|
|
map = "{= env.TESTDIR =}/configs/maps/rcvd.list";
|
|
}
|
|
RCVD_TEST_REDIS_01 {
|
|
type = "received";
|
|
map = "redis://RCVD_TEST";
|
|
}
|
|
RCVD_AUTHED_ONE {
|
|
type = "received";
|
|
map = "{= env.TESTDIR =}/configs/maps/rcvd2.list";
|
|
flags = ["authenticated"];
|
|
nflags = ["ssl"];
|
|
}
|
|
RCVD_AUTHED_TWO {
|
|
type = "received";
|
|
map = "{= env.TESTDIR =}/configs/maps/rcvd2.list";
|
|
flags = ["authenticated", "ssl"];
|
|
}
|
|
COMBINED_MAP_AND {
|
|
type = "combined";
|
|
rules {
|
|
ip = {
|
|
type = "radix";
|
|
map = "{= env.TESTDIR =}/configs/maps/ip.list";
|
|
selector = "ip";
|
|
}
|
|
from {
|
|
map = "{= env.TESTDIR =}/configs/maps/domains.list";
|
|
selector = "from:domain";
|
|
}
|
|
}
|
|
expression = "from & ip";
|
|
score = 10;
|
|
prefilter = true;
|
|
}
|
|
COMBINED_MAP_OR {
|
|
type = "combined";
|
|
rules {
|
|
ip = {
|
|
type = "radix";
|
|
map = "{= env.TESTDIR =}/configs/maps/ip.list";
|
|
selector = "ip";
|
|
}
|
|
from {
|
|
map = "{= env.TESTDIR =}/configs/maps/domains.list";
|
|
selector = "from:domain";
|
|
}
|
|
}
|
|
expression = "from || ip"
|
|
}
|
|
}
|
|
|
|
rbl {
|
|
rbls {
|
|
fake {
|
|
from = true;
|
|
ipv4 = true;
|
|
ipv6 = true;
|
|
rbl = "fake.rbl";
|
|
symbol = "FAKE_RBL_UNKNOWN";
|
|
received = true;
|
|
symbols_prefixes = {
|
|
received = 'FAKE_RECEIVED_RBL',
|
|
from = 'FAKE_RBL',
|
|
}
|
|
unknown = true;
|
|
returncodes = {
|
|
"CODE_2" = "127.0.0.2";
|
|
"CODE_3" = "127.0.0.3";
|
|
}
|
|
}
|
|
fake_whitelist {
|
|
from = true;
|
|
ipv4 = true;
|
|
ipv6 = true;
|
|
received = true;
|
|
is_whitelist = true;
|
|
rbl = "fake.wl";
|
|
symbol = "FAKE_WL_RBL_UNKNOWN";
|
|
unknown = true;
|
|
returncodes = {
|
|
"FAKE_WL_RBL_CODE_2" = "127.0.0.2";
|
|
"FAKE_WL_RBL_CODE_3" = "127.0.0.3";
|
|
}
|
|
}
|
|
RSPAMD_EMAILBL {
|
|
rbl = "test8.uribl";
|
|
url_compose_map = "{= env.TESTDIR =}/configs/maps/url_compose_map_for_mails.list";
|
|
ignore_defaults = true;
|
|
emails = true;
|
|
emails_domainonly = true
|
|
returncodes = {
|
|
RSPAMD_EMAILBL = "127.0.0.2";
|
|
}
|
|
}
|
|
URIBL_NOCONTENT {
|
|
rbl = "test9.uribl";
|
|
ignore_defaults = true;
|
|
urls = true;
|
|
}
|
|
URIBL_WITHCONTENT {
|
|
rbl = "test9.uribl";
|
|
ignore_defaults = true;
|
|
urls = true;
|
|
content_urls = true;
|
|
}
|
|
URIBL_CONTENTONLY {
|
|
rbl = "test9.uribl";
|
|
ignore_defaults = true;
|
|
content_urls = true;
|
|
no_ip = true;
|
|
}
|
|
RBL_SELECTOR_SINGLE {
|
|
rbl = "test9.uribl";
|
|
ignore_defaults = true;
|
|
selector = "helo()";
|
|
}
|
|
RBL_SELECTOR_MULTIPLE {
|
|
rbl = "test9.uribl";
|
|
ignore_defaults = true;
|
|
selector = {
|
|
sel_from = "from('smtp'):domain";
|
|
sel_helo = "helo()";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
surbl {
|
|
"whitelist" = [
|
|
"rspamd-test.com"
|
|
];
|
|
rules {
|
|
"RSPAMD_URIBL" {
|
|
suffix = "test.uribl";
|
|
check_dkim = true;
|
|
check_emails = true;
|
|
images = false;
|
|
process_script =<<EOD
|
|
function(url, suffix)
|
|
local cr = require "rspamd_cryptobox_hash"
|
|
local h = cr.create(url):base32():sub(1, 32)
|
|
return string.format("%s.%s", h, suffix)
|
|
end
|
|
EOD;
|
|
}
|
|
"DBL" {
|
|
suffix = "test2.uribl";
|
|
no_ip = true;
|
|
check_emails = true;
|
|
check_dkim = true;
|
|
ips = {
|
|
# spam domain
|
|
DBL_SPAM = "127.0.1.2";
|
|
# phish domain
|
|
DBL_PHISH = "127.0.1.4";
|
|
}
|
|
}
|
|
"URIBL_MULTI" {
|
|
suffix = "test3.uribl";
|
|
check_dkim = true;
|
|
check_emails = true;
|
|
bits {
|
|
URIBL_BLOCKED = 1;
|
|
URIBL_BLACK = 2;
|
|
URIBL_GREY = 4;
|
|
URIBL_RED = 8;
|
|
}
|
|
}
|
|
"SPAMHAUS_ZEN_URIBL" {
|
|
suffix = "test4.uribl";
|
|
resolve_ip = true;
|
|
check_emails = true;
|
|
ips {
|
|
URIBL_SBL = "127.0.0.2";
|
|
URIBL_SBL_CSS = "127.0.0.3";
|
|
URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
|
|
URIBL_PBL = ["127.0.0.10", "127.0.0.11"];
|
|
URIBL_DROP = "127.0.0.9";
|
|
}
|
|
}
|
|
"RSPAMD_URIBL_IMAGES" {
|
|
suffix = "test.uribl";
|
|
check_dkim = true;
|
|
check_emails = false;
|
|
images = true;
|
|
process_script =<<EOD
|
|
function(url, suffix)
|
|
local cr = require "rspamd_cryptobox_hash"
|
|
local h = cr.create(url):base32():sub(1, 32)
|
|
return string.format("%s.%s", h, suffix)
|
|
end
|
|
EOD;
|
|
}
|
|
"BAD_SUBDOMAIN" {
|
|
suffix = "test7.uribl";
|
|
url_compose_map = "{= env.TESTDIR =}/configs/maps/url_compose_map.list";
|
|
check_dkim = true;
|
|
check_emails = false;
|
|
}
|
|
}
|
|
}
|