|
|
@@ -1,36 +1,40 @@ |
|
|
|
# Rspamd modules configuration |
|
|
|
|
|
|
|
fuzzy_check { |
|
|
|
min_bytes = 300; |
|
|
|
rule { |
|
|
|
servers = "highsecure.ru:11335"; |
|
|
|
symbol = "FUZZY_UNKNOWN"; |
|
|
|
mime_types = "application/pdf"; |
|
|
|
max_score = 20.0; |
|
|
|
read_only = yes; |
|
|
|
skip_unknown = yes; |
|
|
|
fuzzy_map = { |
|
|
|
FUZZY_DENIED { |
|
|
|
max_score = 20.0; |
|
|
|
flag = 1 |
|
|
|
} |
|
|
|
FUZZY_PROB { |
|
|
|
max_score = 10.0; |
|
|
|
flag = 2 |
|
|
|
} |
|
|
|
FUZZY_WHITE { |
|
|
|
max_score = 2.0; |
|
|
|
flag = 3 |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
rule { |
|
|
|
servers = "highsecure.ru:11335"; |
|
|
|
symbol = "FUZZY_UNKNOWN"; |
|
|
|
mime_types = "application/pdf"; |
|
|
|
max_score = 20.0; |
|
|
|
read_only = yes; |
|
|
|
skip_unknown = yes; |
|
|
|
fuzzy_map = { |
|
|
|
FUZZY_DENIED { |
|
|
|
max_score = 20.0; |
|
|
|
flag = 1; |
|
|
|
} |
|
|
|
FUZZY_PROB { |
|
|
|
max_score = 10.0; |
|
|
|
flag = 2; |
|
|
|
} |
|
|
|
FUZZY_WHITE { |
|
|
|
max_score = 2.0; |
|
|
|
flag = 3; |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
forged_recipients { |
|
|
|
symbol_sender = "FORGED_SENDER"; |
|
|
|
symbol_rcpt = "FORGED_RECIPIENTS"; |
|
|
|
} |
|
|
|
|
|
|
|
maillist { |
|
|
|
symbol = "MAILLIST"; |
|
|
|
} |
|
|
|
|
|
|
|
surbl { |
|
|
|
whitelist = "file://$CONFDIR/surbl-whitelist.inc"; |
|
|
|
exceptions = "file://$CONFDIR/2tld.inc"; |
|
|
@@ -65,16 +69,26 @@ surbl { |
|
|
|
symbol = "DBL"; |
|
|
|
options = "noip"; |
|
|
|
ips = { |
|
|
|
DBL_SPAM = "127.0.1.2"; # spam domain |
|
|
|
DBL_PHISH = "127.0.1.4"; # phish domain |
|
|
|
DBL_MALWARE = "127.0.1.5"; # malware domain |
|
|
|
DBL_BOTNET = "127.0.1.6"; # botnet C&C domain |
|
|
|
DBL_ABUSE = "127.0.1.102"; # abused legit spam |
|
|
|
DBL_ABUSE_REDIR = "127.0.1.103"; # abused spammed redirector domain |
|
|
|
DBL_ABUSE_PHISH = "127.0.1.104"; # abused legit phish |
|
|
|
DBL_ABUSE_MALWARE = "127.0.1.105"; # abused legit malware |
|
|
|
DBL_ABUSE_BOTNET = "127.0.1.106"; # abused legit botnet C&C |
|
|
|
DBL_PROHIBIT = "127.0.1.255"; # IP queries prohibited! |
|
|
|
# spam domain |
|
|
|
DBL_SPAM = "127.0.1.2"; |
|
|
|
# phish domain |
|
|
|
DBL_PHISH = "127.0.1.4"; |
|
|
|
# malware domain |
|
|
|
DBL_MALWARE = "127.0.1.5"; |
|
|
|
# botnet C&C domain |
|
|
|
DBL_BOTNET = "127.0.1.6"; |
|
|
|
# abused legit spam |
|
|
|
DBL_ABUSE = "127.0.1.102"; |
|
|
|
# abused spammed redirector domain |
|
|
|
DBL_ABUSE_REDIR = "127.0.1.103"; |
|
|
|
# abused legit phish |
|
|
|
DBL_ABUSE_PHISH = "127.0.1.104"; |
|
|
|
# abused legit malware |
|
|
|
DBL_ABUSE_MALWARE = "127.0.1.105"; |
|
|
|
# abused legit botnet C&C |
|
|
|
DBL_ABUSE_BOTNET = "127.0.1.106"; |
|
|
|
# error - IP queries prohibited! |
|
|
|
DBL_PROHIBIT = "127.0.1.255"; |
|
|
|
} |
|
|
|
} |
|
|
|
rule { |
|
|
@@ -94,150 +108,152 @@ surbl { |
|
|
|
options = "noip"; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
rbl { |
|
|
|
|
|
|
|
default_from = true; |
|
|
|
default_received = false; |
|
|
|
default_exclude_users = true; |
|
|
|
|
|
|
|
private_ips = "127.0.0.0/8 10.0.0.0/8 192.168.0.0/16 169.254.0.0/16 172.16.0.0/12 100.64.0.0/10 fc00::/7 fe80::/10 fec0::/10 ::1"; |
|
|
|
|
|
|
|
rbls { |
|
|
|
|
|
|
|
spamhaus { |
|
|
|
symbol = "RBL_SPAMHAUS"; |
|
|
|
rbl = "zen.spamhaus.org"; |
|
|
|
ipv6 = true; |
|
|
|
returncodes { |
|
|
|
RBL_SPAMHAUS_SBL = "127.0.0.2"; |
|
|
|
RBL_SPAMHAUS_CSS = "127.0.0.3"; |
|
|
|
RBL_SPAMHAUS_XBL = "127.0.0.4"; |
|
|
|
RBL_SPAMHAUS_XBL = "127.0.0.5"; |
|
|
|
RBL_SPAMHAUS_XBL = "127.0.0.6"; |
|
|
|
RBL_SPAMHAUS_XBL = "127.0.0.7"; |
|
|
|
RBL_SPAMHAUS_PBL = "127.0.0.10"; |
|
|
|
RBL_SPAMHAUS_PBL = "127.0.0.11"; |
|
|
|
default_from = true; |
|
|
|
default_received = false; |
|
|
|
default_exclude_users = true; |
|
|
|
|
|
|
|
private_ips = "127.0.0.0/8 10.0.0.0/8 192.168.0.0/16 169.254.0.0/16 172.16.0.0/12 100.64.0.0/10 fc00::/7 fe80::/10 fec0::/10 ::1"; |
|
|
|
|
|
|
|
rbls { |
|
|
|
|
|
|
|
spamhaus { |
|
|
|
symbol = "RBL_SPAMHAUS"; |
|
|
|
rbl = "zen.spamhaus.org"; |
|
|
|
ipv6 = true; |
|
|
|
returncodes { |
|
|
|
RBL_SPAMHAUS_SBL = "127.0.0.2"; |
|
|
|
RBL_SPAMHAUS_CSS = "127.0.0.3"; |
|
|
|
RBL_SPAMHAUS_XBL = "127.0.0.4"; |
|
|
|
RBL_SPAMHAUS_XBL = "127.0.0.5"; |
|
|
|
RBL_SPAMHAUS_XBL = "127.0.0.6"; |
|
|
|
RBL_SPAMHAUS_XBL = "127.0.0.7"; |
|
|
|
RBL_SPAMHAUS_PBL = "127.0.0.10"; |
|
|
|
RBL_SPAMHAUS_PBL = "127.0.0.11"; |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
spamhaus_xbl { |
|
|
|
symbol = "RECEIVED_SPAMHAUS_XBL"; |
|
|
|
rbl = "xbl.spamhaus.org"; |
|
|
|
ipv6 = true; |
|
|
|
received = true; |
|
|
|
from = false; |
|
|
|
} |
|
|
|
|
|
|
|
spamhaus_swl { |
|
|
|
symbol = "RWL_SPAMHAUS_WL"; |
|
|
|
rbl = "swl.spamhaus.org"; |
|
|
|
ipv6 = true; |
|
|
|
is_whitelist = true; |
|
|
|
returncodes { |
|
|
|
RWL_SPAMHAUS_WL_IND = "127.0.2.2"; |
|
|
|
RWL_SPAMHAUS_WL_TRANS = "127.0.2.3"; |
|
|
|
RWL_SPAMHAUS_WL_IND_EXP = "127.0.2.102"; |
|
|
|
RWL_SPAMHAUS_WL_TRANS_EXP = "127.0.2.103"; |
|
|
|
spamhaus_xbl { |
|
|
|
symbol = "RECEIVED_SPAMHAUS_XBL"; |
|
|
|
rbl = "xbl.spamhaus.org"; |
|
|
|
ipv6 = true; |
|
|
|
received = true; |
|
|
|
from = false; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
mailspike_bl { |
|
|
|
rbl = "bl.mailspike.net"; |
|
|
|
returncodes { |
|
|
|
RBL_MAILSPIKE_ZOMBIE = "127.0.0.2"; |
|
|
|
RBL_MAILSPIKE_WORST = "127.0.0.10"; |
|
|
|
RBL_MAILSPIKE_VERYBAD = "127.0.0.11"; |
|
|
|
RBL_MAILSPIKE_BAD = "127.0.0.12"; |
|
|
|
} |
|
|
|
} |
|
|
|
spamhaus_swl { |
|
|
|
symbol = "RWL_SPAMHAUS_WL"; |
|
|
|
rbl = "swl.spamhaus.org"; |
|
|
|
ipv6 = true; |
|
|
|
is_whitelist = true; |
|
|
|
returncodes { |
|
|
|
RWL_SPAMHAUS_WL_IND = "127.0.2.2"; |
|
|
|
RWL_SPAMHAUS_WL_TRANS = "127.0.2.3"; |
|
|
|
RWL_SPAMHAUS_WL_IND_EXP = "127.0.2.102"; |
|
|
|
RWL_SPAMHAUS_WL_TRANS_EXP = "127.0.2.103"; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
mailspike_wl { |
|
|
|
rbl = "wl.mailspike.net"; |
|
|
|
is_whitelist = true; |
|
|
|
returncodes { |
|
|
|
RWL_MAILSPIKE_POSSIBLE = "127.0.0.17"; |
|
|
|
RWL_MAILSPIKE_GOOD = "127.0.0.18"; |
|
|
|
RWL_MAILSPIKE_VERYGOOD = "127.0.0.19"; |
|
|
|
RWL_MAILSPIKE_EXCELLENT = "127.0.0.20"; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
senderscore { |
|
|
|
symbol = "RBL_SENDERSCORE"; |
|
|
|
rbl = "bl.score.senderscore.com"; |
|
|
|
} |
|
|
|
|
|
|
|
abusech { |
|
|
|
symbol = "RBL_ABUSECH"; |
|
|
|
rbl = "spam.abuse.ch"; |
|
|
|
} |
|
|
|
|
|
|
|
uceprotect1 { |
|
|
|
symbol = "RBL_UCEPROTECT_LEVEL1"; |
|
|
|
rbl = "dnsbl-1.uceprotect.net"; |
|
|
|
} |
|
|
|
|
|
|
|
sorbs { |
|
|
|
symbol = "RBL_SORBS"; |
|
|
|
rbl = "dnsbl.sorbs.net"; |
|
|
|
returncodes { |
|
|
|
#http://www.sorbs.net/general/using.shtml |
|
|
|
RBL_SORBS_HTTP = "127.0.0.2" |
|
|
|
RBL_SORBS_SOCKS = "127.0.0.3" |
|
|
|
RBL_SORBS_MISC = "127.0.0.4" |
|
|
|
RBL_SORBS_SMTP = "127.0.0.5" |
|
|
|
RBL_SORBS_RECENT = "127.0.0.6" |
|
|
|
RBL_SORBS_WEB = "127.0.0.7" |
|
|
|
RBL_SORBS_DUL = "127.0.0.10" |
|
|
|
RBL_SORBS_BLOCK = "127.0.0.8" |
|
|
|
RBL_SORBS_ZOMBIE = "127.0.0.9" |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
sem { |
|
|
|
symbol = "RBL_SEM"; |
|
|
|
rbl = "bl.spameatingmonkey.net"; |
|
|
|
} |
|
|
|
|
|
|
|
semIPv6 { |
|
|
|
symbol = "RBL_SEM_IPV6"; |
|
|
|
rbl = "bl.ipv6.spameatingmonkey.net"; |
|
|
|
ipv4 = false; |
|
|
|
ipv6 = true; |
|
|
|
} |
|
|
|
mailspike_bl { |
|
|
|
rbl = "bl.mailspike.net"; |
|
|
|
returncodes { |
|
|
|
RBL_MAILSPIKE_ZOMBIE = "127.0.0.2"; |
|
|
|
RBL_MAILSPIKE_WORST = "127.0.0.10"; |
|
|
|
RBL_MAILSPIKE_VERYBAD = "127.0.0.11"; |
|
|
|
RBL_MAILSPIKE_BAD = "127.0.0.12"; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
dnswl { |
|
|
|
symbol = "RCVD_IN_DNSWL"; |
|
|
|
rbl = "list.dnswl.org"; |
|
|
|
ipv6 = true; |
|
|
|
is_whitelist = true; |
|
|
|
returncodes { |
|
|
|
RCVD_IN_DNSWL_NONE = "127.0.%d+.0"; |
|
|
|
RCVD_IN_DNSWL_LOW = "127.0.%d+.1"; |
|
|
|
RCVD_IN_DNSWL_MED = "127.0.%d+.2"; |
|
|
|
RCVD_IN_DNSWL_HI = "127.0.%d+.3"; |
|
|
|
DNSWL_BLOCKED = "127.0.0.255"; |
|
|
|
mailspike_wl { |
|
|
|
rbl = "wl.mailspike.net"; |
|
|
|
is_whitelist = true; |
|
|
|
returncodes { |
|
|
|
RWL_MAILSPIKE_POSSIBLE = "127.0.0.17"; |
|
|
|
RWL_MAILSPIKE_GOOD = "127.0.0.18"; |
|
|
|
RWL_MAILSPIKE_VERYGOOD = "127.0.0.19"; |
|
|
|
RWL_MAILSPIKE_EXCELLENT = "127.0.0.20"; |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
rambleremails { |
|
|
|
symbol = RAMBLER_EMAILBL; |
|
|
|
rbl = email-bl.rambler.ru; |
|
|
|
from = false; |
|
|
|
emails = true; |
|
|
|
exclude_users = false; |
|
|
|
exclude_private_ips = false; |
|
|
|
exclude_local = false; |
|
|
|
ignore_whitelists = true; |
|
|
|
} |
|
|
|
senderscore { |
|
|
|
symbol = "RBL_SENDERSCORE"; |
|
|
|
rbl = "bl.score.senderscore.com"; |
|
|
|
} |
|
|
|
|
|
|
|
abusech { |
|
|
|
symbol = "RBL_ABUSECH"; |
|
|
|
rbl = "spam.abuse.ch"; |
|
|
|
} |
|
|
|
|
|
|
|
uceprotect1 { |
|
|
|
symbol = "RBL_UCEPROTECT_LEVEL1"; |
|
|
|
rbl = "dnsbl-1.uceprotect.net"; |
|
|
|
} |
|
|
|
|
|
|
|
sorbs { |
|
|
|
symbol = "RBL_SORBS"; |
|
|
|
rbl = "dnsbl.sorbs.net"; |
|
|
|
returncodes { |
|
|
|
# http:// www.sorbs.net/general/using.shtml |
|
|
|
RBL_SORBS_HTTP = "127.0.0.2"; |
|
|
|
RBL_SORBS_SOCKS = "127.0.0.3"; |
|
|
|
RBL_SORBS_MISC = "127.0.0.4"; |
|
|
|
RBL_SORBS_SMTP = "127.0.0.5"; |
|
|
|
RBL_SORBS_RECENT = "127.0.0.6"; |
|
|
|
RBL_SORBS_WEB = "127.0.0.7"; |
|
|
|
RBL_SORBS_DUL = "127.0.0.10"; |
|
|
|
RBL_SORBS_BLOCK = "127.0.0.8"; |
|
|
|
RBL_SORBS_ZOMBIE = "127.0.0.9"; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
sem { |
|
|
|
symbol = "RBL_SEM"; |
|
|
|
rbl = "bl.spameatingmonkey.net"; |
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
semIPv6 { |
|
|
|
symbol = "RBL_SEM_IPV6"; |
|
|
|
rbl = "bl.ipv6.spameatingmonkey.net"; |
|
|
|
ipv4 = false; |
|
|
|
ipv6 = true; |
|
|
|
} |
|
|
|
|
|
|
|
dnswl { |
|
|
|
symbol = "RCVD_IN_DNSWL"; |
|
|
|
rbl = "list.dnswl.org"; |
|
|
|
ipv6 = true; |
|
|
|
is_whitelist = true; |
|
|
|
returncodes { |
|
|
|
RCVD_IN_DNSWL_NONE = "127.0.%d+.0"; |
|
|
|
RCVD_IN_DNSWL_LOW = "127.0.%d+.1"; |
|
|
|
RCVD_IN_DNSWL_MED = "127.0.%d+.2"; |
|
|
|
RCVD_IN_DNSWL_HI = "127.0.%d+.3"; |
|
|
|
DNSWL_BLOCKED = "127.0.0.255"; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
rambleremails { |
|
|
|
symbol = RAMBLER_EMAILBL; |
|
|
|
rbl = "email-bl.rambler.ru"; |
|
|
|
from = false; |
|
|
|
emails = true; |
|
|
|
exclude_users = false; |
|
|
|
exclude_private_ips = false; |
|
|
|
exclude_local = false; |
|
|
|
ignore_whitelists = true; |
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
chartable { |
|
|
|
threshold = 0.300000; |
|
|
|
symbol = "R_MIXED_CHARSET"; |
|
|
|
} |
|
|
|
|
|
|
|
once_received { |
|
|
|
good_host = "mail"; |
|
|
|
bad_host = "static"; |
|
|
@@ -252,12 +268,15 @@ once_received { |
|
|
|
phishing { |
|
|
|
symbol = "PHISHING"; |
|
|
|
} |
|
|
|
|
|
|
|
#emails { |
|
|
|
#} |
|
|
|
|
|
|
|
spf { |
|
|
|
spf_cache_size = 2k; |
|
|
|
spf_cache_expire = 1d; |
|
|
|
} |
|
|
|
|
|
|
|
dkim { |
|
|
|
dkim_cache_size = 2k; |
|
|
|
dkim_cache_expire = 1d; |
|
|
@@ -282,12 +301,12 @@ regexp { |
|
|
|
} |
|
|
|
|
|
|
|
ip_score { |
|
|
|
# servers = "localhost"; |
|
|
|
# treshold = 100; |
|
|
|
# reject_score = 3; |
|
|
|
# no_action_score = -2; |
|
|
|
# add_header_score = 1; |
|
|
|
# whitelist = "file:///ip_map"; |
|
|
|
# servers = "localhost"; |
|
|
|
# treshold = 100; |
|
|
|
# reject_score = 3; |
|
|
|
# no_action_score = -2; |
|
|
|
# add_header_score = 1; |
|
|
|
# whitelist = "file:///ip_map"; |
|
|
|
} |
|
|
|
|
|
|
|
hfilter { |