rspamd/conf/scores.d/surbl_group.conf

# URIBL rules scores
#
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
# parameters defined on the top level
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
# parameters defined on the top level
#
# For specific modules or configuration you can also modify
# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
#
# See https://rspamd.com/doc/tutorials/writing_rules.html for details


max_score = 12.5;

symbols = {
    "SURBL_BLOCKED" {
        weight = 0.0;
        description = "SURBL: blocked by policy/overusage";
        groups = ["surblorg", "blocked"];
    }
    "PH_SURBL_MULTI" {
        weight = 5.5;
        description = "SURBL: Phishing sites";
        groups = ["surblorg", "phishing"];
    }
    "MW_SURBL_MULTI" {
        weight = 5.5;
        description = "SURBL: Malware sites";
        groups = ["surblorg"];
    }
    "ABUSE_SURBL" {
        weight = 5.5;
        description = "SURBL: ABUSE";
        groups = ["surblorg"];
    }
    "CRACKED_SURBL" {
        weight = 4.0;
        description = "SURBL: cracked site";
        groups = ["surblorg"];
    }
    "RSPAMD_URIBL" {
        weight = 4.5;
        description = "Rspamd uribl, bl.rspamd.com";
        one_shot = true;
        groups = ["rspamdbl"];
    }

    "RSPAMD_EMAILBL" {
        weight = 9.5;
        description = "Rspamd emailbl, bl.rspamd.com";
        one_shot = true;
        groups = ["rspamdbl"];
    }

    "MSBL_EBL" {
        weight = 7.5;
        description = "MSBL emailbl";
        one_shot = true;
        groups = ["ebl"];
    }

    "MSBL_EBL_GREY" {
        weight = 0.5; # TODO: test it
        description = "MSBL emailbl grey list";
        one_shot = true;
        groups = ["ebl"];
    }

    "SEM_URIBL_UNKNOWN" {
        weight = 0.0;
        description = "Spameatingmonkey uribl: unknown result";
        groups = ["sem"];
    }
    "SEM_URIBL" {
        weight = 3.5;
        description = "Spameatingmonkey uribl";
        groups = ["sem"];
    }

    "SEM_URIBL_FRESH15_UNKNOWN" {
        weight = 0.0;
        description = "Spameatingmonkey Fresh15 uribl: unknown result";
        groups = ["sem"];
    }
    "SEM_URIBL_FRESH15" {
        weight = 3.0;
        description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)";
        groups = ["sem"];
    }

    "DBL" {
        weight = 0.0;
        description = "DBL unknown result";
        groups = ["spamhaus"];
    }
    "DBL_SPAM" {
        weight = 6.5;
        description = "DBL uribl spam";
        groups = ["spamhaus"];
    }
    "DBL_PHISH" {
        weight = 6.5;
        description = "DBL uribl phishing";
        groups = ["spamhaus"];
    }
    "DBL_MALWARE" {
        weight = 6.5;
        description = "DBL uribl malware";
        groups = ["spamhaus"];
    }
    "DBL_BOTNET" {
        weight = 5.5;
        description = "DBL uribl botnet C&C domain";
        groups = ["spamhaus"];
    }
    "DBL_ABUSE" {
        weight = 6.5;
        description = "DBL uribl abused legit spam";
        groups = ["spamhaus"];
    }
    "DBL_ABUSE_REDIR" {
        weight = 1.5;
        description = "DBL uribl abused spammed redirector domain";
        groups = ["spamhaus"];
    }
    "DBL_ABUSE_PHISH" {
        weight = 7.5;
        description = "DBL uribl abused legit phish";
        groups = ["spamhaus"];
    }
    "DBL_ABUSE_MALWARE" {
        weight = 7.5;
        description = "DBL uribl abused legit malware";
        groups = ["spamhaus"];
    }
    "DBL_ABUSE_BOTNET" {
        weight = 5.5;
        description = "DBL uribl abused legit botnet C&C";
        groups = ["spamhaus"];
    }
    "DBL_PROHIBIT" {
        weight = 0.0;
        description = "DBL uribl IP queries prohibited!";
        groups = ["spamhaus"];
    }
    "URIBL_MULTI" {
        weight = 0.0;
        description = "uribl.com: unrecognised result";
        groups = ["uribl"];
    }
    "URIBL_BLOCKED" {
        weight = 0.0;
        description = "uribl.com: query refused";
        groups = ["uribl", "blocked"];
    }
    "URIBL_BLACK" {
        weight = 7.5;
        description = "uribl.com black url";
        groups = ["uribl"];
    }
    "URIBL_RED" {
        weight = 3.5;
        description = "uribl.com red url";
        groups = ["uribl"];
    }
    "URIBL_GREY" {
        weight = 1.5;
        description = "uribl.com grey url";
        one_shot = true;
        groups = ["uribl"];
    }
    "SPAMHAUS_ZEN_URIBL" {
        weight = 0.0;
        description = "Spamhaus ZEN URIBL: Filtered result";
        groups = ["spamhaus"];
    }
    "URIBL_SBL" {
        weight = 6.5;
        description = "A domain in the message body resolves to an IP listed in Spamhaus SBL";
        one_shot = true;
        groups = ["v"];
    }
    "URIBL_SBL_CSS" {
        weight = 6.5;
        description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS";
        one_shot = true;
        groups = ["spamhaus"];
    }
    "URIBL_XBL" {
        weight = 1.5;
        description = "A domain in the message body resolves to an IP listed in Spamhaus XBL";
        one_shot = true;
        groups = ["spamhaus"];
    }
    "URIBL_PBL" {
        weight = 0.01;
        description = "A domain in the message body resolves to an IP listed in Spamhaus PBL";
        groups = ["spamhaus"];
    }
    "URIBL_DROP" {
        weight = 5.0;
        description = "A domain in the message body resolves to an IP listed in Spamhaus DROP";
        one_shot = true;
        groups = ["spamhaus"];
    }
    "RBL_SARBL_BAD" {
        weight = 2.5;
        description = "A domain in the message body is blacklisted in SARBL";
        one_shot = true;
   }
}