# Please don't modify this file as your changes might be overwritten with # the next update. # # You can modify 'local.d/rbl.conf' to add and merge # parameters defined inside this section # # You can modify 'override.d/rbl.conf' to strictly override all # parameters defined inside this section # # See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories # for details # # Module documentation can be found at https://rspamd.com/doc/modules/rbl.html rbl { default_exclude_users = true; default_unknown = true; url_whitelist = [ "https://maps.rspamd.com/rspamd/surbl-whitelist.inc.zst", "$LOCAL_CONFDIR/local.d/maps.d/surbl-whitelist.inc.local", "${DBDIR}/surbl-whitelist.inc.local", "fallback+file://${CONFDIR}/maps.d/surbl-whitelist.inc" ]; rbls { spamhaus { symbol = "SPAMHAUS"; # Augmented by prefixes rbl = "zen.spamhaus.org"; # Check types checks = ['received', 'from']; symbols_prefixes = { received = 'RECEIVED', from = 'RBL', } returncodes { SPAMHAUS_SBL = "127.0.0.2"; SPAMHAUS_CSS = "127.0.0.3"; SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"]; SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"]; SPAMHAUS_DROP = "127.0.0.9"; SPAMHAUS_BLOCKED_OPENRESOLVER = "127.255.255.254"; SPAMHAUS_BLOCKED= "127.255.255.255"; } } mailspike { symbol = "MAILSPIKE"; rbl = "rep.mailspike.net"; is_whitelist = true; checks = ['from']; whitelist_exception = "MAILSPIKE"; whitelist_exception = "RWL_MAILSPIKE_GOOD"; whitelist_exception = "RWL_MAILSPIKE_NEUTRAL"; whitelist_exception = "RWL_MAILSPIKE_POSSIBLE"; whitelist_exception = "RBL_MAILSPIKE_WORST"; whitelist_exception = "RBL_MAILSPIKE_VERYBAD"; whitelist_exception = "RBL_MAILSPIKE_BAD"; returncodes { RBL_MAILSPIKE_WORST = "127.0.0.10"; RBL_MAILSPIKE_VERYBAD = "127.0.0.11"; RBL_MAILSPIKE_BAD = "127.0.0.12"; RWL_MAILSPIKE_NEUTRAL = ["127.0.0.16", "127.0.0.15", "127.0.0.14", "127.0.0.13"]; RWL_MAILSPIKE_POSSIBLE = "127.0.0.17"; RWL_MAILSPIKE_GOOD = "127.0.0.18"; RWL_MAILSPIKE_VERYGOOD = "127.0.0.19"; RWL_MAILSPIKE_EXCELLENT = "127.0.0.20"; } } senderscore { symbol = "RBL_SENDERSCORE"; checks = ['from']; rbl = "bl.score.senderscore.com"; } sem { symbol = "RBL_SEM"; rbl = "bl.spameatingmonkey.net"; ipv6 = false; checks = ['from']; } semIPv6 { symbol = "RBL_SEM_IPV6"; rbl = "bl.ipv6.spameatingmonkey.net"; ipv4 = false; ipv6 = true; checks = ['from']; } dnswl { symbol = "RCVD_IN_DNSWL"; rbl = "list.dnswl.org"; ipv6 = true; checks = ['from', 'received']; is_whitelist = true; whitelist_exception = "RCVD_IN_DNSWL"; whitelist_exception = "RCVD_IN_DNSWL_NONE"; whitelist_exception = "RCVD_IN_DNSWL_LOW"; whitelist_exception = "DNSWL_BLOCKED"; returncodes { RCVD_IN_DNSWL_NONE = "127.0.%d+.0"; RCVD_IN_DNSWL_LOW = "127.0.%d+.1"; RCVD_IN_DNSWL_MED = "127.0.%d+.2"; RCVD_IN_DNSWL_HI = "127.0.%d+.3"; DNSWL_BLOCKED = "127.0.0.255"; } } # Provided by https://virusfree.cz virusfree { symbol = "RBL_VIRUSFREE_UNKNOWN"; rbl = "bip.virusfree.cz"; ipv6 = true; checks = ['from']; returncodes { RBL_VIRUSFREE_BOTNET = "127.0.0.2"; } } nixspam { symbol = "RBL_NIXSPAM"; rbl = "ix.dnsbl.manitu.net"; ipv6 = true; checks = ['from']; } blocklistde { symbols_prefixes = { received = 'RECEIVED', from = 'RBL', } symbol = "BLOCKLISTDE"; rbl = "bl.blocklist.de"; ipv6 = true; checks = ['from', 'received']; } # Dkim whitelist dnswl_dwl { symbol = "DWL_DNSWL"; rbl = "dwl.dnswl.org"; checks = ['dkim']; ignore_whitelist = true; unknown = false; returncodes { DWL_DNSWL_NONE = "127.0.%d+.0"; DWL_DNSWL_LOW = "127.0.%d+.1"; DWL_DNSWL_MED = "127.0.%d+.2"; DWL_DNSWL_HI = "127.0.%d+.3"; DWL_DNSWL_BLOCKED = "127.0.0.255"; } } RSPAMD_EMAILBL { ignore_whitelist = true; ignore_defaults = true; emails_delimiter = "."; hash_format = "base32"; hash_len = 32; rbl = "email.rspamd.com"; checks = ['emails', 'replyto']; hash = "blake2"; returncodes = { RSPAMD_EMAILBL = "127.0.0.2"; } } MSBL_EBL { ignore_whitelist = true; ignore_defaults = true; rbl = "ebl.msbl.org"; checks = ['emails', 'replyto']; emails_domainonly = false; hash = "sha1"; returncodes = { MSBL_EBL = [ "127.0.0.2", "127.0.0.3" ]; MSBL_EBL_GREY = [ "127.0.1.2", "127.0.1.3" ]; } } # Old SURBL module "SURBL_MULTI" { ignore_defaults = true; rbl = "multi.surbl.org"; checks = ['emails', 'dkim', 'urls']; emails_domainonly = true; returnbits = { CRACKED_SURBL = 128; # From February 2016 ABUSE_SURBL = 64; MW_SURBL_MULTI = 16; PH_SURBL_MULTI = 8; SURBL_BLOCKED = 1; } } "URIBL_MULTI" { ignore_defaults = true; rbl = "multi.uribl.com"; checks = ['emails', 'dkim', 'urls']; emails_domainonly = true; returnbits { URIBL_BLOCKED = 1; URIBL_BLACK = 2; URIBL_GREY = 4; URIBL_RED = 8; } } "RSPAMD_URIBL" { ignore_defaults = true; rbl = "uribl.rspamd.com"; checks = ['emails', 'dkim', 'urls']; emails_domainonly = true; hash = 'blake2'; hash_len = 32; hash_format = 'base32'; returncodes = { RSPAMD_URIBL = [ "127.0.0.2", ]; } } "DBL" { ignore_defaults = true; rbl = "dbl.spamhaus.org"; no_ip = true; checks = ['emails', 'dkim', 'urls']; emails_domainonly = true; returncodes = { # spam domain DBL_SPAM = "127.0.1.2"; # phish domain DBL_PHISH = "127.0.1.4"; # malware domain DBL_MALWARE = "127.0.1.5"; # botnet C&C domain DBL_BOTNET = "127.0.1.6"; # abused legit spam DBL_ABUSE = "127.0.1.102"; # abused spammed redirector domain DBL_ABUSE_REDIR = "127.0.1.103"; # abused legit phish DBL_ABUSE_PHISH = "127.0.1.104"; # abused legit malware DBL_ABUSE_MALWARE = "127.0.1.105"; # abused legit botnet C&C DBL_ABUSE_BOTNET = "127.0.1.106"; # error - IP queries prohibited! DBL_PROHIBIT = "127.0.1.255"; # issue #3074 DBL_BLOCKED_OPENRESOLVER = "127.255.255.254"; DBL_BLOCKED = "127.255.255.255"; } } # Not enabled by default due to privacy concerns! (see also groups.d/surbl_group.conf) "SPAMHAUS_ZEN_URIBL" { enabled = false; rbl = "zen.spamhaus.org"; checks = ['emails']; resolve_ip = true; returncodes = { URIBL_SBL = "127.0.0.2"; URIBL_SBL_CSS = "127.0.0.3"; URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"]; URIBL_PBL = ["127.0.0.10", "127.0.0.11"]; URIBL_DROP = "127.0.0.9"; } } "SEM_URIBL_UNKNOWN" { ignore_defaults = true; rbl = "uribl.spameatingmonkey.net"; no_ip = true; checks = ['emails', 'dkim', 'urls']; emails_domainonly = true; returnbits { SEM_URIBL = 2; } } "SEM_URIBL_FRESH15_UNKNOWN" { ignore_defaults = true; rbl = "fresh15.spameatingmonkey.net"; no_ip = true; checks = ['emails', 'dkim', 'urls']; emails_domainonly = true; returnbits { SEM_URIBL_FRESH15 = 2; } } # Proved to be broken #"RBL_SARBL_BAD" { # suffix = "public.sarbl.org"; # noip = true; # images = true; #} } .include(try=true,priority=5) "${DBDIR}/dynamic/rbl.conf" .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/rbl.conf" .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/rbl.conf" }