mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17531 Commits
28 Branches
Tree: 9e9a41aedd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9e9a41aedd'
${ noResults }
rspamd/conf/modules.d/rbl.conf

rbl.conf 8.4KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323 
  1. # Please don't modify this file as your changes might be overwritten with

  2. # the next update.

  3. #

  4. # You can modify 'local.d/rbl.conf' to add and merge

  5. # parameters defined inside this section

  6. #

  7. # You can modify 'override.d/rbl.conf' to strictly override all

  8. # parameters defined inside this section

  9. #

  10. # See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories

  11. # for details

  12. #

  13. # Module documentation can be found at  https://rspamd.com/doc/modules/rbl.html

  14. 

  15. rbl {

  16.   default_exclude_users = true;

  17.   default_exclude_local = true;

  18.   default_unknown = true;

  19.   default_dkim_domainonly = true;

  20.   default_dkim_match_from = false;

  21.   default_ipv4 = true;

  22.   default_ipv6 = true;

  23. 

  24.   url_whitelist = [

  25.     "https://maps.rspamd.com/rspamd/surbl-whitelist.inc.zst",

  26.     "$LOCAL_CONFDIR/local.d/maps.d/surbl-whitelist.inc.local",

  27.     "${DBDIR}/surbl-whitelist.inc.local",

  28.     "fallback+file://${CONFDIR}/maps.d/surbl-whitelist.inc"

  29.   ];

  30. 

  31.   rbls {

  32. 

  33.     spamhaus {

  34.       symbol = "SPAMHAUS"; # Augmented by prefixes

  35.       rbl = "zen.spamhaus.org";

  36.       # Check types

  37.       checks = ['received', 'from'];

  38. 

  39.       symbols_prefixes = {

  40.         received = 'RECEIVED',

  41.         from = 'RBL',

  42.       }

  43.       returncodes {

  44.         SPAMHAUS_SBL = "127.0.0.2";

  45.         SPAMHAUS_CSS = "127.0.0.3";

  46.         SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5",

  47.             "127.0.0.6", "127.0.0.7"];

  48.         SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"];

  49.         SPAMHAUS_DROP = "127.0.0.9";

  50.         SPAMHAUS_BLOCKED_OPENRESOLVER = "127.255.255.254";

  51.         SPAMHAUS_BLOCKED= "127.255.255.255";

  52.       }

  53.     }

  54. 

  55.     mailspike {

  56.       symbol = "MAILSPIKE";

  57.       rbl = "rep.mailspike.net";

  58.       is_whitelist = true;

  59.       checks = ['from'];

  60.       whitelist_exception = "MAILSPIKE";

  61.       whitelist_exception = "RWL_MAILSPIKE_GOOD";

  62.       whitelist_exception = "RWL_MAILSPIKE_NEUTRAL";

  63.       whitelist_exception = "RWL_MAILSPIKE_POSSIBLE";

  64.       whitelist_exception = "RBL_MAILSPIKE_WORST";

  65.       whitelist_exception = "RBL_MAILSPIKE_VERYBAD";

  66.       whitelist_exception = "RBL_MAILSPIKE_BAD";

  67.       returncodes {

  68.         RBL_MAILSPIKE_WORST = "127.0.0.10";

  69.         RBL_MAILSPIKE_VERYBAD = "127.0.0.11";

  70.         RBL_MAILSPIKE_BAD = "127.0.0.12";

  71.         RWL_MAILSPIKE_NEUTRAL = ["127.0.0.16", "127.0.0.15", "127.0.0.14", "127.0.0.13"];

  72.         RWL_MAILSPIKE_POSSIBLE = "127.0.0.17";

  73.         RWL_MAILSPIKE_GOOD = "127.0.0.18";

  74.         RWL_MAILSPIKE_VERYGOOD = "127.0.0.19";

  75.         RWL_MAILSPIKE_EXCELLENT = "127.0.0.20";

  76.       }

  77.     }

  78. 

  79.     senderscore {

  80.       symbol = "RBL_SENDERSCORE";

  81.       checks = ['from'];

  82.       rbl = "bl.score.senderscore.com";

  83.     }

  84. 

  85.     sem {

  86.       symbol = "RBL_SEM";

  87.       rbl = "bl.spameatingmonkey.net";

  88.       ipv6 = false;

  89.       checks = ['from'];

  90.     }

  91. 

  92.     semIPv6 {

  93.       symbol = "RBL_SEM_IPV6";

  94.       rbl = "bl.ipv6.spameatingmonkey.net";

  95.       ipv4 = false;

  96.       ipv6 = true;

  97.       checks = ['from'];

  98.     }

  99. 

  100.     dnswl {

  101.       symbol = "RCVD_IN_DNSWL";

  102.       rbl = "list.dnswl.org";

  103.       ipv6 = true;

  104.       checks = ['from', 'received'];

  105.       is_whitelist = true;

  106.       whitelist_exception = "RCVD_IN_DNSWL";

  107.       whitelist_exception = "RCVD_IN_DNSWL_NONE";

  108.       whitelist_exception = "RCVD_IN_DNSWL_LOW";

  109.       whitelist_exception = "DNSWL_BLOCKED";

  110.       returncodes {

  111.         RCVD_IN_DNSWL_NONE = "127.0.%d+.0";

  112.         RCVD_IN_DNSWL_LOW = "127.0.%d+.1";

  113.         RCVD_IN_DNSWL_MED = "127.0.%d+.2";

  114.         RCVD_IN_DNSWL_HI = "127.0.%d+.3";

  115.         DNSWL_BLOCKED = "127.0.0.255";

  116.       }

  117.     }

  118. 

  119.     # Provided by https://virusfree.cz

  120.     virusfree {

  121.       symbol = "RBL_VIRUSFREE_UNKNOWN";

  122.       rbl = "bip.virusfree.cz";

  123.       ipv6 = true;

  124.       checks = ['from'];

  125.       returncodes {

  126.         RBL_VIRUSFREE_BOTNET = "127.0.0.2";

  127.       }

  128.     }

  129. 

  130.     nixspam {

  131.       symbol = "RBL_NIXSPAM";

  132.       rbl = "ix.dnsbl.manitu.net";

  133.       ipv6 = true;

  134.       checks = ['from'];

  135.     }

  136. 

  137.     blocklistde {

  138.       symbols_prefixes = {

  139.         received = 'RECEIVED',

  140.         from = 'RBL',

  141.       }

  142.       symbol = "BLOCKLISTDE";

  143.       rbl = "bl.blocklist.de";

  144.       ipv6 = true;

  145.       checks = ['from', 'received'];

  146.     }

  147. 

  148.     # Dkim whitelist

  149.     dnswl_dwl {

  150.       symbol = "DWL_DNSWL";

  151.       rbl = "dwl.dnswl.org";

  152.       checks = ['dkim'];

  153.       ignore_whitelist = true;

  154.       unknown = false;

  155. 

  156.       returncodes {

  157.         DWL_DNSWL_NONE = "127.0.%d+.0";

  158.         DWL_DNSWL_LOW = "127.0.%d+.1";

  159.         DWL_DNSWL_MED = "127.0.%d+.2";

  160.         DWL_DNSWL_HI = "127.0.%d+.3";

  161.         DWL_DNSWL_BLOCKED = "127.0.0.255";

  162.       }

  163.     }

  164. 

  165.     RSPAMD_EMAILBL {

  166.       ignore_whitelist = true;

  167.       ignore_defaults = true;

  168.       emails_delimiter = ".";

  169.       hash_format = "base32";

  170.       hash_len = 32;

  171.       rbl = "email.rspamd.com";

  172.       checks = ['emails', 'replyto'];

  173.       hash = "blake2";

  174.       returncodes = {

  175.         RSPAMD_EMAILBL = "127.0.0.2";

  176.       }

  177.     }

  178.     MSBL_EBL {

  179.       ignore_whitelist = true;

  180.       ignore_defaults = true;

  181.       rbl = "ebl.msbl.org";

  182.       checks = ['emails', 'replyto'];

  183.       emails_domainonly = false;

  184.       hash = "sha1";

  185.       returncodes = {

  186.         MSBL_EBL = [

  187.           "127.0.0.2",

  188.           "127.0.0.3"

  189.         ];

  190.         MSBL_EBL_GREY = [

  191.           "127.0.1.2",

  192.           "127.0.1.3"

  193.         ];

  194.       }

  195.     }

  196.     # Old SURBL module

  197.     "SURBL_MULTI" {

  198.       ignore_defaults = true;

  199.       rbl = "multi.surbl.org";

  200.       checks = ['emails', 'dkim', 'urls'];

  201.       emails_domainonly = true;

  202. 

  203.       returnbits = {

  204.         CRACKED_SURBL = 128; # From February 2016

  205.         ABUSE_SURBL = 64;

  206.         MW_SURBL_MULTI = 16;

  207.         PH_SURBL_MULTI = 8;

  208.         SURBL_BLOCKED = 1;

  209.       }

  210.     }

  211. 

  212.     "URIBL_MULTI" {

  213.       ignore_defaults = true;

  214.       rbl = "multi.uribl.com";

  215.       checks = ['emails', 'dkim', 'urls'];

  216.       emails_domainonly = true;

  217. 

  218.       returnbits {

  219.         URIBL_BLOCKED = 1;

  220.         URIBL_BLACK = 2;

  221.         URIBL_GREY = 4;

  222.         URIBL_RED = 8;

  223.       }

  224.     }

  225. 

  226.     "RSPAMD_URIBL" {

  227.       ignore_defaults = true;

  228.       rbl = "uribl.rspamd.com";

  229.       checks = ['emails', 'dkim', 'urls'];

  230.       emails_domainonly = true;

  231.       hash = 'blake2';

  232.       hash_len = 32;

  233.       hash_format = 'base32';

  234. 

  235.       returncodes = {

  236.         RSPAMD_URIBL = [

  237.           "127.0.0.2",

  238.         ];

  239.       }

  240.     }

  241. 

  242.     "DBL" {

  243.       ignore_defaults = true;

  244.       rbl = "dbl.spamhaus.org";

  245.       no_ip = true;

  246.       checks = ['emails', 'dkim', 'urls'];

  247.       emails_domainonly = true;

  248. 

  249.       returncodes = {

  250.         # spam domain

  251.         DBL_SPAM = "127.0.1.2";

  252.         # phish domain

  253.         DBL_PHISH = "127.0.1.4";

  254.         # malware domain

  255.         DBL_MALWARE = "127.0.1.5";

  256.         # botnet C&C domain

  257.         DBL_BOTNET = "127.0.1.6";

  258.         # abused legit spam

  259.         DBL_ABUSE = "127.0.1.102";

  260.         # abused spammed redirector domain

  261.         DBL_ABUSE_REDIR = "127.0.1.103";

  262.         # abused legit phish

  263.         DBL_ABUSE_PHISH = "127.0.1.104";

  264.         # abused legit malware

  265.         DBL_ABUSE_MALWARE = "127.0.1.105";

  266.         # abused legit botnet C&C

  267.         DBL_ABUSE_BOTNET = "127.0.1.106";

  268.         # error - IP queries prohibited!

  269.         DBL_PROHIBIT = "127.0.1.255";

  270.         # issue #3074

  271.         DBL_BLOCKED_OPENRESOLVER = "127.255.255.254";

  272.         DBL_BLOCKED = "127.255.255.255";

  273.       }

  274.     }

  275. 

  276.     # Not enabled by default due to privacy concerns! (see also groups.d/surbl_group.conf)

  277.     #"SPAMHAUS_ZEN_URIBL" {

  278.     #  suffix = "zen.spamhaus.org";

  279.     #  resolve_ip = true;

  280.     #  check_emails = true;

  281.     #  ips {

  282.     #    URIBL_SBL = "127.0.0.2";

  283.     #    URIBL_SBL_CSS = "127.0.0.3";

  284.     #    URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];

  285.     #    URIBL_PBL = ["127.0.0.10", "127.0.0.11"];

  286.     #    URIBL_DROP = "127.0.0.9";

  287.     #  }

  288.     #}

  289. 

  290.     "SEM_URIBL_UNKNOWN" {

  291.       ignore_defaults = true;

  292.       rbl = "uribl.spameatingmonkey.net";

  293.       no_ip = true;

  294.       checks = ['emails', 'dkim', 'urls'];

  295.       emails_domainonly = true;

  296.       returnbits {

  297.         SEM_URIBL = 2;

  298.       }

  299.     }

  300. 

  301.     "SEM_URIBL_FRESH15_UNKNOWN" {

  302.       ignore_defaults = true;

  303.       rbl = "fresh15.spameatingmonkey.net";

  304.       no_ip = true;

  305.       checks = ['emails', 'dkim', 'urls'];

  306.       emails_domainonly = true;

  307.       returnbits {

  308.         SEM_URIBL_FRESH15 = 2;

  309.       }

  310.     }

  311. 

  312.     # Proved to be broken

  313.     #"RBL_SARBL_BAD" {

  314.     #  suffix = "public.sarbl.org";

  315.     #  noip   = true;

  316.     #  images = true;

  317.     #}

  318.   }

  319. 

  320.   .include(try=true,priority=5) "${DBDIR}/dynamic/rbl.conf"

  321.   .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/rbl.conf"

  322.   .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/rbl.conf"

  323. }