mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19047 Commits
28 Branches
Tree: ed22f77cc2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ed22f77cc2'
${ noResults }
rspamd/conf/modules.d/rbl.conf

rbl.conf 8.3KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319 
  1. # Please don't modify this file as your changes might be overwritten with

  2. # the next update.

  3. #

  4. # You can modify 'local.d/rbl.conf' to add and merge

  5. # parameters defined inside this section

  6. #

  7. # You can modify 'override.d/rbl.conf' to strictly override all

  8. # parameters defined inside this section

  9. #

  10. # See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories

  11. # for details

  12. #

  13. # Module documentation can be found at  https://rspamd.com/doc/modules/rbl.html

  14. 

  15. rbl {

  16.   default_exclude_users = true;

  17.   default_unknown = true;

  18. 

  19.   url_whitelist = [

  20.     "https://maps.rspamd.com/rspamd/surbl-whitelist.inc.zst",

  21.     "$LOCAL_CONFDIR/local.d/maps.d/surbl-whitelist.inc.local",

  22.     "${DBDIR}/surbl-whitelist.inc.local",

  23.     "fallback+file://${CONFDIR}/maps.d/surbl-whitelist.inc"

  24.   ];

  25. 

  26.   rbls {

  27. 

  28.     spamhaus {

  29.       symbol = "SPAMHAUS"; # Augmented by prefixes

  30.       rbl = "zen.spamhaus.org";

  31.       # Check types

  32.       checks = ['received', 'from'];

  33. 

  34.       symbols_prefixes = {

  35.         received = 'RECEIVED',

  36.         from = 'RBL',

  37.       }

  38.       returncodes {

  39.         SPAMHAUS_SBL = "127.0.0.2";

  40.         SPAMHAUS_CSS = "127.0.0.3";

  41.         SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5",

  42.             "127.0.0.6", "127.0.0.7"];

  43.         SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"];

  44.         SPAMHAUS_DROP = "127.0.0.9";

  45.         SPAMHAUS_BLOCKED_OPENRESOLVER = "127.255.255.254";

  46.         SPAMHAUS_BLOCKED= "127.255.255.255";

  47.       }

  48.     }

  49. 

  50.     mailspike {

  51.       symbol = "MAILSPIKE";

  52.       rbl = "rep.mailspike.net";

  53.       is_whitelist = true;

  54.       checks = ['from'];

  55.       whitelist_exception = "MAILSPIKE";

  56.       whitelist_exception = "RWL_MAILSPIKE_GOOD";

  57.       whitelist_exception = "RWL_MAILSPIKE_NEUTRAL";

  58.       whitelist_exception = "RWL_MAILSPIKE_POSSIBLE";

  59.       whitelist_exception = "RBL_MAILSPIKE_WORST";

  60.       whitelist_exception = "RBL_MAILSPIKE_VERYBAD";

  61.       whitelist_exception = "RBL_MAILSPIKE_BAD";

  62.       returncodes {

  63.         RBL_MAILSPIKE_WORST = "127.0.0.10";

  64.         RBL_MAILSPIKE_VERYBAD = "127.0.0.11";

  65.         RBL_MAILSPIKE_BAD = "127.0.0.12";

  66.         RWL_MAILSPIKE_NEUTRAL = ["127.0.0.16", "127.0.0.15", "127.0.0.14", "127.0.0.13"];

  67.         RWL_MAILSPIKE_POSSIBLE = "127.0.0.17";

  68.         RWL_MAILSPIKE_GOOD = "127.0.0.18";

  69.         RWL_MAILSPIKE_VERYGOOD = "127.0.0.19";

  70.         RWL_MAILSPIKE_EXCELLENT = "127.0.0.20";

  71.       }

  72.     }

  73. 

  74.     senderscore {

  75.       symbol = "RBL_SENDERSCORE";

  76.       checks = ['from'];

  77.       rbl = "bl.score.senderscore.com";

  78.     }

  79. 

  80.     sem {

  81.       symbol = "RBL_SEM";

  82.       rbl = "bl.spameatingmonkey.net";

  83.       ipv6 = false;

  84.       checks = ['from'];

  85.     }

  86. 

  87.     semIPv6 {

  88.       symbol = "RBL_SEM_IPV6";

  89.       rbl = "bl.ipv6.spameatingmonkey.net";

  90.       ipv4 = false;

  91.       ipv6 = true;

  92.       checks = ['from'];

  93.     }

  94. 

  95.     dnswl {

  96.       symbol = "RCVD_IN_DNSWL";

  97.       rbl = "list.dnswl.org";

  98.       ipv6 = true;

  99.       checks = ['from', 'received'];

  100.       is_whitelist = true;

  101.       whitelist_exception = "RCVD_IN_DNSWL";

  102.       whitelist_exception = "RCVD_IN_DNSWL_NONE";

  103.       whitelist_exception = "RCVD_IN_DNSWL_LOW";

  104.       whitelist_exception = "DNSWL_BLOCKED";

  105.       returncodes {

  106.         RCVD_IN_DNSWL_NONE = "127.0.%d+.0";

  107.         RCVD_IN_DNSWL_LOW = "127.0.%d+.1";

  108.         RCVD_IN_DNSWL_MED = "127.0.%d+.2";

  109.         RCVD_IN_DNSWL_HI = "127.0.%d+.3";

  110.         DNSWL_BLOCKED = "127.0.0.255";

  111.       }

  112.     }

  113. 

  114.     # Provided by https://virusfree.cz

  115.     virusfree {

  116.       symbol = "RBL_VIRUSFREE_UNKNOWN";

  117.       rbl = "bip.virusfree.cz";

  118.       ipv6 = true;

  119.       checks = ['from'];

  120.       returncodes {

  121.         RBL_VIRUSFREE_BOTNET = "127.0.0.2";

  122.       }

  123.     }

  124. 

  125.     nixspam {

  126.       symbol = "RBL_NIXSPAM";

  127.       rbl = "ix.dnsbl.manitu.net";

  128.       ipv6 = true;

  129.       checks = ['from'];

  130.     }

  131. 

  132.     blocklistde {

  133.       symbols_prefixes = {

  134.         received = 'RECEIVED',

  135.         from = 'RBL',

  136.       }

  137.       symbol = "BLOCKLISTDE";

  138.       rbl = "bl.blocklist.de";

  139.       ipv6 = true;

  140.       checks = ['from', 'received'];

  141.     }

  142. 

  143.     # Dkim whitelist

  144.     dnswl_dwl {

  145.       symbol = "DWL_DNSWL";

  146.       rbl = "dwl.dnswl.org";

  147.       checks = ['dkim'];

  148.       ignore_whitelist = true;

  149.       unknown = false;

  150. 

  151.       returncodes {

  152.         DWL_DNSWL_NONE = "127.0.%d+.0";

  153.         DWL_DNSWL_LOW = "127.0.%d+.1";

  154.         DWL_DNSWL_MED = "127.0.%d+.2";

  155.         DWL_DNSWL_HI = "127.0.%d+.3";

  156.         DWL_DNSWL_BLOCKED = "127.0.0.255";

  157.       }

  158.     }

  159. 

  160.     RSPAMD_EMAILBL {

  161.       ignore_whitelist = true;

  162.       ignore_defaults = true;

  163.       emails_delimiter = ".";

  164.       hash_format = "base32";

  165.       hash_len = 32;

  166.       rbl = "email.rspamd.com";

  167.       checks = ['emails', 'replyto'];

  168.       hash = "blake2";

  169.       returncodes = {

  170.         RSPAMD_EMAILBL = "127.0.0.2";

  171.       }

  172.     }

  173.     MSBL_EBL {

  174.       ignore_whitelist = true;

  175.       ignore_defaults = true;

  176.       rbl = "ebl.msbl.org";

  177.       checks = ['emails', 'replyto'];

  178.       emails_domainonly = false;

  179.       hash = "sha1";

  180.       returncodes = {

  181.         MSBL_EBL = [

  182.           "127.0.0.2",

  183.           "127.0.0.3"

  184.         ];

  185.         MSBL_EBL_GREY = [

  186.           "127.0.1.2",

  187.           "127.0.1.3"

  188.         ];

  189.       }

  190.     }

  191.     # Old SURBL module

  192.     "SURBL_MULTI" {

  193.       ignore_defaults = true;

  194.       rbl = "multi.surbl.org";

  195.       checks = ['emails', 'dkim', 'urls'];

  196.       emails_domainonly = true;

  197. 

  198.       returnbits = {

  199.         CRACKED_SURBL = 128; # From February 2016

  200.         ABUSE_SURBL = 64;

  201.         MW_SURBL_MULTI = 16;

  202.         PH_SURBL_MULTI = 8;

  203.         SURBL_BLOCKED = 1;

  204.       }

  205.     }

  206. 

  207.     "URIBL_MULTI" {

  208.       ignore_defaults = true;

  209.       rbl = "multi.uribl.com";

  210.       checks = ['emails', 'dkim', 'urls'];

  211.       emails_domainonly = true;

  212. 

  213.       returnbits {

  214.         URIBL_BLOCKED = 1;

  215.         URIBL_BLACK = 2;

  216.         URIBL_GREY = 4;

  217.         URIBL_RED = 8;

  218.       }

  219.     }

  220. 

  221.     "RSPAMD_URIBL" {

  222.       ignore_defaults = true;

  223.       rbl = "uribl.rspamd.com";

  224.       checks = ['emails', 'dkim', 'urls'];

  225.       emails_domainonly = true;

  226.       hash = 'blake2';

  227.       hash_len = 32;

  228.       hash_format = 'base32';

  229. 

  230.       returncodes = {

  231.         RSPAMD_URIBL = [

  232.           "127.0.0.2",

  233.         ];

  234.       }

  235.     }

  236. 

  237.     "DBL" {

  238.       ignore_defaults = true;

  239.       rbl = "dbl.spamhaus.org";

  240.       no_ip = true;

  241.       checks = ['emails', 'dkim', 'urls'];

  242.       emails_domainonly = true;

  243. 

  244.       returncodes = {

  245.         # spam domain

  246.         DBL_SPAM = "127.0.1.2";

  247.         # phish domain

  248.         DBL_PHISH = "127.0.1.4";

  249.         # malware domain

  250.         DBL_MALWARE = "127.0.1.5";

  251.         # botnet C&C domain

  252.         DBL_BOTNET = "127.0.1.6";

  253.         # abused legit spam

  254.         DBL_ABUSE = "127.0.1.102";

  255.         # abused spammed redirector domain

  256.         DBL_ABUSE_REDIR = "127.0.1.103";

  257.         # abused legit phish

  258.         DBL_ABUSE_PHISH = "127.0.1.104";

  259.         # abused legit malware

  260.         DBL_ABUSE_MALWARE = "127.0.1.105";

  261.         # abused legit botnet C&C

  262.         DBL_ABUSE_BOTNET = "127.0.1.106";

  263.         # error - IP queries prohibited!

  264.         DBL_PROHIBIT = "127.0.1.255";

  265.         # issue #3074

  266.         DBL_BLOCKED_OPENRESOLVER = "127.255.255.254";

  267.         DBL_BLOCKED = "127.255.255.255";

  268.       }

  269.     }

  270. 

  271.     # Not enabled by default due to privacy concerns! (see also groups.d/surbl_group.conf)

  272.     "SPAMHAUS_ZEN_URIBL" {

  273.       enabled = false;

  274.       rbl = "zen.spamhaus.org";

  275.       checks = ['emails'];

  276.       resolve_ip = true;

  277.       returncodes = {

  278.         URIBL_SBL = "127.0.0.2";

  279.         URIBL_SBL_CSS = "127.0.0.3";

  280.         URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];

  281.         URIBL_PBL = ["127.0.0.10", "127.0.0.11"];

  282.         URIBL_DROP = "127.0.0.9";

  283.       }

  284.     }

  285. 

  286.     "SEM_URIBL_UNKNOWN" {

  287.       ignore_defaults = true;

  288.       rbl = "uribl.spameatingmonkey.net";

  289.       no_ip = true;

  290.       checks = ['emails', 'dkim', 'urls'];

  291.       emails_domainonly = true;

  292.       returnbits {

  293.         SEM_URIBL = 2;

  294.       }

  295.     }

  296. 

  297.     "SEM_URIBL_FRESH15_UNKNOWN" {

  298.       ignore_defaults = true;

  299.       rbl = "fresh15.spameatingmonkey.net";

  300.       no_ip = true;

  301.       checks = ['emails', 'dkim', 'urls'];

  302.       emails_domainonly = true;

  303.       returnbits {

  304.         SEM_URIBL_FRESH15 = 2;

  305.       }

  306.     }

  307. 

  308.     # Proved to be broken

  309.     #"RBL_SARBL_BAD" {

  310.     #  suffix = "public.sarbl.org";

  311.     #  noip   = true;

  312.     #  images = true;

  313.     #}

  314.   }

  315. 

  316.   .include(try=true,priority=5) "${DBDIR}/dynamic/rbl.conf"

  317.   .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/rbl.conf"

  318.   .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/rbl.conf"

  319. }