mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16716 Commits
28 Branches
Tree: a4beaf4944
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a4beaf4944'
${ noResults }
rspamd/conf/modules.d/rbl.conf

rbl.conf 8.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326 
  1. # Please don't modify this file as your changes might be overwritten with

  2. # the next update.

  3. #

  4. # You can modify 'local.d/rbl.conf' to add and merge

  5. # parameters defined inside this section

  6. #

  7. # You can modify 'override.d/rbl.conf' to strictly override all

  8. # parameters defined inside this section

  9. #

  10. # See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories

  11. # for details

  12. #

  13. # Module documentation can be found at  https://rspamd.com/doc/modules/rbl.html

  14. 

  15. rbl {

  16.   default_from = true;

  17.   default_received = false;

  18.   default_exclude_users = true;

  19.   default_unknown = true;

  20. 

  21.   url_whitelist = [

  22.     "https://maps.rspamd.com/rspamd/surbl-whitelist.inc.zst",

  23.     "$LOCAL_CONFDIR/local.d/maps.d/surbl-whitelist.inc.local",

  24.     "${DBDIR}/surbl-whitelist.inc.local",

  25.     "fallback+file://${CONFDIR}/maps.d/surbl-whitelist.inc"

  26.   ];

  27. 

  28.   rbls {

  29. 

  30.     spamhaus {

  31.       symbol = "SPAMHAUS"; # Augmented by prefixes

  32.       rbl = "zen.spamhaus.org";

  33.       ipv6 = true;

  34.       received = true;

  35.       from = true;

  36.       symbols_prefixes = {

  37.         received = 'RECEIVED',

  38.         from = 'RBL',

  39.       }

  40.       returncodes {

  41.         SPAMHAUS_SBL = "127.0.0.2";

  42.         SPAMHAUS_CSS = "127.0.0.3";

  43.         SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5",

  44.             "127.0.0.6", "127.0.0.7"];

  45.         SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"];

  46.         SPAMHAUS_DROP = "127.0.0.9";

  47.         SPAMHAUS_BLOCKED_OPENRESOLVER = "127.255.255.254";

  48.         SPAMHAUS_BLOCKED= "127.255.255.255";

  49.       }

  50.     }

  51. 

  52.     mailspike {

  53.       symbol = "MAILSPIKE";

  54.       rbl = "rep.mailspike.net";

  55.       is_whitelist = true;

  56.       whitelist_exception = "MAILSPIKE";

  57.       whitelist_exception = "RWL_MAILSPIKE_GOOD";

  58.       whitelist_exception = "RWL_MAILSPIKE_NEUTRAL";

  59.       whitelist_exception = "RWL_MAILSPIKE_POSSIBLE";

  60.       whitelist_exception = "RBL_MAILSPIKE_WORST";

  61.       whitelist_exception = "RBL_MAILSPIKE_VERYBAD";

  62.       whitelist_exception = "RBL_MAILSPIKE_BAD";

  63.       returncodes {

  64.         RBL_MAILSPIKE_WORST = "127.0.0.10";

  65.         RBL_MAILSPIKE_VERYBAD = "127.0.0.11";

  66.         RBL_MAILSPIKE_BAD = "127.0.0.12";

  67.         RWL_MAILSPIKE_NEUTRAL = ["127.0.0.16", "127.0.0.15", "127.0.0.14", "127.0.0.13"];

  68.         RWL_MAILSPIKE_POSSIBLE = "127.0.0.17";

  69.         RWL_MAILSPIKE_GOOD = "127.0.0.18";

  70.         RWL_MAILSPIKE_VERYGOOD = "127.0.0.19";

  71.         RWL_MAILSPIKE_EXCELLENT = "127.0.0.20";

  72.       }

  73.     }

  74. 

  75.     senderscore {

  76.       symbol = "RBL_SENDERSCORE";

  77.       rbl = "bl.score.senderscore.com";

  78.     }

  79. 

  80.     sem {

  81.       symbol = "RBL_SEM";

  82.       rbl = "bl.spameatingmonkey.net";

  83.       ipv6 = false;

  84.     }

  85. 

  86.     semIPv6 {

  87.       symbol = "RBL_SEM_IPV6";

  88.       rbl = "bl.ipv6.spameatingmonkey.net";

  89.       ipv4 = false;

  90.       ipv6 = true;

  91.     }

  92. 

  93.     dnswl {

  94.       symbol = "RCVD_IN_DNSWL";

  95.       rbl = "list.dnswl.org";

  96.       ipv6 = true;

  97.       is_whitelist = true;

  98.       whitelist_exception = "RCVD_IN_DNSWL";

  99.       whitelist_exception = "RCVD_IN_DNSWL_NONE";

  100.       whitelist_exception = "RCVD_IN_DNSWL_LOW";

  101.       whitelist_exception = "DNSWL_BLOCKED";

  102.       returncodes {

  103.         RCVD_IN_DNSWL_NONE = "127.0.%d+.0";

  104.         RCVD_IN_DNSWL_LOW = "127.0.%d+.1";

  105.         RCVD_IN_DNSWL_MED = "127.0.%d+.2";

  106.         RCVD_IN_DNSWL_HI = "127.0.%d+.3";

  107.         DNSWL_BLOCKED = "127.0.0.255";

  108.       }

  109.     }

  110. 

  111.     # Provided by https://virusfree.cz

  112.     virusfree {

  113.       symbol = "RBL_VIRUSFREE_UNKNOWN";

  114.       rbl = "bip.virusfree.cz";

  115.       ipv6 = true;

  116.       returncodes {

  117.         RBL_VIRUSFREE_BOTNET = "127.0.0.2";

  118.       }

  119.     }

  120. 

  121.     nixspam {

  122.       symbol = "RBL_NIXSPAM";

  123.       rbl = "ix.dnsbl.manitu.net";

  124.       ipv6 = true;

  125.     }

  126. 

  127.     blocklistde {

  128.       symbols_prefixes = {

  129.         received = 'RECEIVED',

  130.         from = 'RBL',

  131.       }

  132.       symbol = "BLOCKLISTDE";

  133.       rbl = "bl.blocklist.de";

  134.       ipv6 = true;

  135.       received = true;

  136.       from = true;

  137.     }

  138. 

  139.     dnswl_dwl {

  140.       symbol = "DWL_DNSWL";

  141.       rbl = "dwl.dnswl.org";

  142.       dkim = true;

  143.       dkim_domainonly = false;

  144.       dkim_match_from = true;

  145.       ignore_whitelist = true;

  146.       unknown = false;

  147. 

  148.       returncodes {

  149.         DWL_DNSWL_NONE = "127.0.%d+.0";

  150.         DWL_DNSWL_LOW = "127.0.%d+.1";

  151.         DWL_DNSWL_MED = "127.0.%d+.2";

  152.         DWL_DNSWL_HI = "127.0.%d+.3";

  153.         DWL_DNSWL_BLOCKED = "127.0.0.255";

  154.       }

  155.     }

  156.     # Old emails module

  157.     RSPAMD_EMAILBL {

  158.       ignore_defaults = true;

  159.       emails_delimiter = ".";

  160.       hash_format = "base32";

  161.       hash_len = 32;

  162.       rbl = "email.rspamd.com";

  163.       replyto = true;

  164.       hash = "blake2";

  165.       returncodes = {

  166.         RSPAMD_EMAILBL = "127.0.0.2";

  167.       }

  168.     }

  169.     MSBL_EBL {

  170.       ignore_whitelist = true;

  171.       ignore_defaults = true;

  172.       rbl = "ebl.msbl.org";

  173.       emails_domainonly = false;

  174.       replyto = true;

  175.       hash = "sha1";

  176.       returncodes = {

  177.         MSBL_EBL = [

  178.           "127.0.0.2",

  179.           "127.0.0.3"

  180.         ];

  181.         MSBL_EBL_GREY = [

  182.           "127.0.1.2",

  183.           "127.0.1.3"

  184.         ];

  185.       }

  186.     }

  187.     # Old SURBL module

  188.     "SURBL_MULTI" {

  189.       ignore_defaults = true;

  190.       rbl = "multi.surbl.org";

  191.       dkim = true;

  192.       emails = true;

  193.       emails_domainonly = true;

  194.       urls = true;

  195. 

  196.       returnbits = {

  197.         CRACKED_SURBL = 128; # From February 2016

  198.         ABUSE_SURBL = 64;

  199.         MW_SURBL_MULTI = 16;

  200.         PH_SURBL_MULTI = 8;

  201.         SURBL_BLOCKED = 1;

  202.       }

  203.     }

  204. 

  205.     "URIBL_MULTI" {

  206.       ignore_defaults = true;

  207.       rbl = "multi.uribl.com";

  208.       dkim = true;

  209.       emails = true;

  210.       emails_domainonly = true;

  211.       urls = true;

  212. 

  213.       returnbits {

  214.         URIBL_BLOCKED = 1;

  215.         URIBL_BLACK = 2;

  216.         URIBL_GREY = 4;

  217.         URIBL_RED = 8;

  218.       }

  219.     }

  220. 

  221.     "RSPAMD_URIBL" {

  222.       ignore_defaults = true;

  223.       rbl = "uribl.rspamd.com";

  224.       dkim = true;

  225.       emails = true;

  226.       emails_domainonly = true;

  227.       urls = true;

  228.       hash = 'blake2';

  229.       hash_len = 32;

  230.       hash_format = 'base32';

  231. 

  232.       returncodes = {

  233.         RSPAMD_URIBL = [

  234.           "127.0.0.2",

  235.         ];

  236.       }

  237.     }

  238. 

  239.     "DBL" {

  240.       ignore_defaults = true;

  241.       rbl = "dbl.spamhaus.org";

  242.       no_ip = true;

  243.       dkim = true;

  244.       emails = true;

  245.       emails_domainonly = true;

  246.       urls = true;

  247. 

  248.       returncodes = {

  249.         # spam domain

  250.         DBL_SPAM = "127.0.1.2";

  251.         # phish domain

  252.         DBL_PHISH = "127.0.1.4";

  253.         # malware domain

  254.         DBL_MALWARE = "127.0.1.5";

  255.         # botnet C&C domain

  256.         DBL_BOTNET = "127.0.1.6";

  257.         # abused legit spam

  258.         DBL_ABUSE = "127.0.1.102";

  259.         # abused spammed redirector domain

  260.         DBL_ABUSE_REDIR = "127.0.1.103";

  261.         # abused legit phish

  262.         DBL_ABUSE_PHISH = "127.0.1.104";

  263.         # abused legit malware

  264.         DBL_ABUSE_MALWARE = "127.0.1.105";

  265.         # abused legit botnet C&C

  266.         DBL_ABUSE_BOTNET = "127.0.1.106";

  267.         # error - IP queries prohibited!

  268.         DBL_PROHIBIT = "127.0.1.255";

  269.         # issue #3074

  270.         DBL_BLOCKED_OPENRESOLVER = "127.255.255.254";

  271.         DBL_BLOCKED = "127.255.255.255";

  272.       }

  273.     }

  274. 

  275.     # Not enabled by default due to privacy concerns! (see also groups.d/surbl_group.conf)

  276.     #"SPAMHAUS_ZEN_URIBL" {

  277.     #  suffix = "zen.spamhaus.org";

  278.     #  resolve_ip = true;

  279.     #  check_emails = true;

  280.     #  ips {

  281.     #    URIBL_SBL = "127.0.0.2";

  282.     #    URIBL_SBL_CSS = "127.0.0.3";

  283.     #    URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];

  284.     #    URIBL_PBL = ["127.0.0.10", "127.0.0.11"];

  285.     #    URIBL_DROP = "127.0.0.9";

  286.     #  }

  287.     #}

  288. 

  289.     "SEM_URIBL_UNKNOWN" {

  290.       ignore_defaults = true;

  291.       rbl = "uribl.spameatingmonkey.net";

  292.       no_ip = true;

  293.       dkim = true;

  294.       emails = true;

  295.       emails_domainonly = true;

  296.       urls = true;

  297.       returnbits {

  298.         SEM_URIBL = 2;

  299.       }

  300.     }

  301. 

  302.     "SEM_URIBL_FRESH15_UNKNOWN" {

  303.       ignore_defaults = true;

  304.       rbl = "fresh15.spameatingmonkey.net";

  305.       no_ip = true;

  306.       dkim = true;

  307.       emails = true;

  308.       emails_domainonly = true;

  309.       urls = true;

  310.       returnbits {

  311.         SEM_URIBL_FRESH15 = 2;

  312.       }

  313.     }

  314. 

  315.     # Proved to be broken

  316.     #"RBL_SARBL_BAD" {

  317.     #  suffix = "public.sarbl.org";

  318.     #  noip   = true;

  319.     #  images = true;

  320.     #}

  321.   }

  322. 

  323.   .include(try=true,priority=5) "${DBDIR}/dynamic/rbl.conf"

  324.   .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/rbl.conf"

  325.   .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/rbl.conf"

  326. }