mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15574 Commits
28 Branches
Tree: 69f50374bb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '69f50374bb'
${ noResults }
rspamd/conf/modules.d/rbl.conf

rbl.conf 8.5KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335 
  1. # Please don't modify this file as your changes might be overwritten with

  2. # the next update.

  3. #

  4. # You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine

  5. # parameters defined on the top level

  6. #

  7. # You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add

  8. # parameters defined on the top level

  9. #

  10. # For specific modules or configuration you can also modify

  11. # '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults

  12. # '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults

  13. #

  14. # See https://rspamd.com/doc/tutorials/writing_rules.html for details

  15. 

  16. rbl {

  17.   default_from = true;

  18.   default_received = false;

  19.   default_exclude_users = true;

  20.   default_unknown = true;

  21. 

  22.   url_whitelist = [

  23.     "https://maps.rspamd.com/rspamd/surbl-whitelist.inc.zst",

  24.     "$LOCAL_CONFDIR/local.d/maps.d/surbl-whitelist.inc.local",

  25.     "${DBDIR}/surbl-whitelist.inc.local",

  26.     "fallback+file://${CONFDIR}/maps.d/surbl-whitelist.inc"

  27.   ];

  28. 

  29.   rbls {

  30. 

  31.     spamhaus {

  32.       symbol = "RBL_SPAMHAUS";

  33.       rbl = "zen.spamhaus.org";

  34.       ipv6 = true;

  35.       returncodes {

  36.         RBL_SPAMHAUS_SBL = "127.0.0.2";

  37.         RBL_SPAMHAUS_CSS = "127.0.0.3";

  38.         RBL_SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5",

  39.             "127.0.0.6", "127.0.0.7"];

  40.         RBL_SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"];

  41.         RBL_SPAMHAUS_DROP = "127.0.0.9";

  42.       }

  43.     }

  44. 

  45.     spamhaus_received {

  46.       symbol = "RECEIVED_SPAMHAUS";

  47.       rbl = "zen.spamhaus.org";

  48.       ipv6 = true;

  49.       received = true;

  50.       from = false;

  51.       ignore_whitelists = true;

  52.       returncodes {

  53.         RECEIVED_SPAMHAUS_SBL = "127.0.0.2";

  54.         RECEIVED_SPAMHAUS_CSS = "127.0.0.3";

  55.         RECEIVED_SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5",

  56.             "127.0.0.6", "127.0.0.7"];

  57.         RECEIVED_SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"];

  58.         RECEIVED_SPAMHAUS_DROP = "127.0.0.9";

  59.       }

  60.     }

  61. 

  62.     mailspike {

  63.       symbol = "MAILSPIKE";

  64.       rbl = "rep.mailspike.net";

  65.       is_whitelist = true;

  66.       whitelist_exception = "MAILSPIKE";

  67.       whitelist_exception = "RWL_MAILSPIKE_GOOD";

  68.       whitelist_exception = "RWL_MAILSPIKE_NEUTRAL";

  69.       whitelist_exception = "RWL_MAILSPIKE_POSSIBLE";

  70.       whitelist_exception = "RBL_MAILSPIKE_WORST";

  71.       whitelist_exception = "RBL_MAILSPIKE_VERYBAD";

  72.       whitelist_exception = "RBL_MAILSPIKE_BAD";

  73.       returncodes {

  74.         RBL_MAILSPIKE_WORST = "127.0.0.10";

  75.         RBL_MAILSPIKE_VERYBAD = "127.0.0.11";

  76.         RBL_MAILSPIKE_BAD = "127.0.0.12";

  77.         RWL_MAILSPIKE_NEUTRAL = ["127.0.0.16", "127.0.0.15", "127.0.0.14", "127.0.0.13"];

  78.         RWL_MAILSPIKE_POSSIBLE = "127.0.0.17";

  79.         RWL_MAILSPIKE_GOOD = "127.0.0.18";

  80.         RWL_MAILSPIKE_VERYGOOD = "127.0.0.19";

  81.         RWL_MAILSPIKE_EXCELLENT = "127.0.0.20";

  82.       }

  83.     }

  84. 

  85.     senderscore {

  86.       symbol = "RBL_SENDERSCORE";

  87.       rbl = "bl.score.senderscore.com";

  88.     }

  89. 

  90.     sem {

  91.       symbol = "RBL_SEM";

  92.       rbl = "bl.spameatingmonkey.net";

  93.       ipv6 = false;

  94.     }

  95. 

  96.     semIPv6 {

  97.       symbol = "RBL_SEM_IPV6";

  98.       rbl = "bl.ipv6.spameatingmonkey.net";

  99.       ipv4 = false;

  100.       ipv6 = true;

  101.     }

  102. 

  103.     dnswl {

  104.       symbol = "RCVD_IN_DNSWL";

  105.       rbl = "list.dnswl.org";

  106.       ipv6 = true;

  107.       is_whitelist = true;

  108.       whitelist_exception = "RCVD_IN_DNSWL";

  109.       whitelist_exception = "RCVD_IN_DNSWL_NONE";

  110.       whitelist_exception = "RCVD_IN_DNSWL_LOW";

  111.       whitelist_exception = "DNSWL_BLOCKED";

  112.       returncodes {

  113.         RCVD_IN_DNSWL_NONE = "127.0.%d+.0";

  114.         RCVD_IN_DNSWL_LOW = "127.0.%d+.1";

  115.         RCVD_IN_DNSWL_MED = "127.0.%d+.2";

  116.         RCVD_IN_DNSWL_HI = "127.0.%d+.3";

  117.         DNSWL_BLOCKED = "127.0.0.255";

  118.       }

  119.     }

  120. 

  121.     # Provided by https://virusfree.cz

  122.     virusfree {

  123.       symbol = "RBL_VIRUSFREE_UNKNOWN";

  124.       rbl = "bip.virusfree.cz";

  125.       ipv6 = true;

  126.       returncodes {

  127.         RBL_VIRUSFREE_BOTNET = "127.0.0.2";

  128.       }

  129.     }

  130. 

  131.     nixspam {

  132.       symbol = "RBL_NIXSPAM";

  133.       rbl = "ix.dnsbl.manitu.net";

  134.       ipv6 = true;

  135.     }

  136. 

  137.     blocklistde {

  138.       symbol = "RBL_BLOCKLISTDE";

  139.       rbl = "bl.blocklist.de";

  140.       ipv6 = true;

  141.     }

  142. 

  143.     blocklistde_received {

  144.       symbol = "RECEIVED_BLOCKLISTDE";

  145.       rbl = "bl.blocklist.de";

  146.       ipv6 = true;

  147.       received = true;

  148.       from = false;

  149.       ignore_whitelists = true;

  150.     }

  151. 

  152.     dnswl_dwl {

  153.       symbol = "DWL_DNSWL";

  154.       rbl = "dwl.dnswl.org";

  155.       dkim = true;

  156.       dkim_domainonly = false;

  157.       dkim_match_from = true;

  158.       ignore_whitelist = true;

  159.       unknown = false;

  160. 

  161.       returncodes {

  162.         DWL_DNSWL_NONE = "127.0.%d+.0";

  163.         DWL_DNSWL_LOW = "127.0.%d+.1";

  164.         DWL_DNSWL_MED = "127.0.%d+.2";

  165.         DWL_DNSWL_HI = "127.0.%d+.3";

  166.         DWL_DNSWL_BLOCKED = "127.0.0.255";

  167.       }

  168.     }

  169.     # Old emails module

  170.     RSPAMD_EMAILBL {

  171.       ignore_defaults = true;

  172.       emails_delimiter = ".";

  173.       hash_format = "base32";

  174.       hash_len = 32;

  175.       rbl = "email.rspamd.com";

  176.       replyto = true;

  177.       hash = "blake2";

  178.       returncodes = {

  179.         RSPAMD_EMAILBL = "127.0.0.2";

  180.       }

  181.     }

  182.     MSBL_EBL {

  183.       ignore_defaults = true;

  184.       rbl = "ebl.msbl.org";

  185.       emails_domainonly = false;

  186.       replyto = true;

  187.       hash = "sha1";

  188.       returncodes = {

  189.         MSBL_EBL = [

  190.           "127.0.0.2",

  191.           "127.0.0.3"

  192.         ];

  193.         MSBL_EBL_GREY = [

  194.           "127.0.1.2",

  195.           "127.0.1.3"

  196.         ];

  197.       }

  198.     }

  199.     # Old SURBL module

  200.     "SURBL_MULTI" {

  201.       ignore_defaults = true;

  202.       rbl = "multi.surbl.org";

  203.       dkim = true;

  204.       emails = true;

  205.       emails_domainonly = true;

  206.       urls = true;

  207. 

  208.       returnbits = {

  209.         CRACKED_SURBL = 128; # From February 2016

  210.         ABUSE_SURBL = 64;

  211.         MW_SURBL_MULTI = 16;

  212.         PH_SURBL_MULTI = 8;

  213.         SURBL_BLOCKED = 1;

  214.       }

  215.     }

  216. 

  217.     "URIBL_MULTI" {

  218.       ignore_defaults = true;

  219.       rbl = "multi.uribl.com";

  220.       dkim = true;

  221.       emails = true;

  222.       emails_domainonly = true;

  223.       urls = true;

  224. 

  225.       returnbits {

  226.         URIBL_BLOCKED = 1;

  227.         URIBL_BLACK = 2;

  228.         URIBL_GREY = 4;

  229.         URIBL_RED = 8;

  230.       }

  231.     }

  232. 

  233.     "RSPAMD_URIBL" {

  234.       ignore_defaults = true;

  235.       rbl = "uribl.rspamd.com";

  236.       dkim = true;

  237.       emails = true;

  238.       emails_domainonly = true;

  239.       urls = true;

  240.       hash = 'blake2';

  241.       hash_len = 32;

  242.       hash_format = 'base32';

  243. 

  244.       returncodes = {

  245.         RSPAMD_URIBL = [

  246.           "127.0.0.2",

  247.         ];

  248.       }

  249.     }

  250. 

  251.     "DBL" {

  252.       ignore_defaults = true;

  253.       rbl = "dbl.spamhaus.org";

  254.       no_ip = true;

  255.       dkim = true;

  256.       emails = true;

  257.       emails_domainonly = true;

  258.       urls = true;

  259. 

  260.       returncodes = {

  261.         # spam domain

  262.         DBL_SPAM = "127.0.1.2";

  263.         # phish domain

  264.         DBL_PHISH = "127.0.1.4";

  265.         # malware domain

  266.         DBL_MALWARE = "127.0.1.5";

  267.         # botnet C&C domain

  268.         DBL_BOTNET = "127.0.1.6";

  269.         # abused legit spam

  270.         DBL_ABUSE = "127.0.1.102";

  271.         # abused spammed redirector domain

  272.         DBL_ABUSE_REDIR = "127.0.1.103";

  273.         # abused legit phish

  274.         DBL_ABUSE_PHISH = "127.0.1.104";

  275.         # abused legit malware

  276.         DBL_ABUSE_MALWARE = "127.0.1.105";

  277.         # abused legit botnet C&C

  278.         DBL_ABUSE_BOTNET = "127.0.1.106";

  279.         # error - IP queries prohibited!

  280.         DBL_PROHIBIT = "127.0.1.255";

  281.       }

  282.     }

  283. 

  284.     # Not enabled by default due to privacy concerns! (see also groups.d/surbl_group.conf)

  285.     #"SPAMHAUS_ZEN_URIBL" {

  286.     #  suffix = "zen.spamhaus.org";

  287.     #  resolve_ip = true;

  288.     #  check_emails = true;

  289.     #  ips {

  290.     #    URIBL_SBL = "127.0.0.2";

  291.     #    URIBL_SBL_CSS = "127.0.0.3";

  292.     #    URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];

  293.     #    URIBL_PBL = ["127.0.0.10", "127.0.0.11"];

  294.     #    URIBL_DROP = "127.0.0.9";

  295.     #  }

  296.     #}

  297. 

  298.     "SEM_URIBL_UNKNOWN" {

  299.       ignore_defaults = true;

  300.       rbl = "uribl.spameatingmonkey.net";

  301.       no_ip = true;

  302.       dkim = true;

  303.       emails = true;

  304.       emails_domainonly = true;

  305.       urls = true;

  306.       returnbits {

  307.         SEM_URIBL = 2;

  308.       }

  309.     }

  310. 

  311.     "SEM_URIBL_FRESH15_UNKNOWN" {

  312.       ignore_defaults = true;

  313.       rbl = "fresh15.spameatingmonkey.net";

  314.       no_ip = true;

  315.       dkim = true;

  316.       emails = true;

  317.       emails_domainonly = true;

  318.       urls = true;

  319.       returnbits {

  320.         SEM_URIBL_FRESH15 = 2;

  321.       }

  322.     }

  323. 

  324.     # Proved to be broken

  325.     #"RBL_SARBL_BAD" {

  326.     #  suffix = "public.sarbl.org";

  327.     #  noip   = true;

  328.     #  images = true;

  329.     #}

  330.   }

  331. 

  332.   .include(try=true,priority=5) "${DBDIR}/dynamic/rbl.conf"

  333.   .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/rbl.conf"

  334.   .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/rbl.conf"

  335. }