123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319 |
- # Please don't modify this file as your changes might be overwritten with
- # the next update.
- #
- # You can modify 'local.d/rbl.conf' to add and merge
- # parameters defined inside this section
- #
- # You can modify 'override.d/rbl.conf' to strictly override all
- # parameters defined inside this section
- #
- # See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
- # for details
- #
- # Module documentation can be found at https://rspamd.com/doc/modules/rbl.html
-
- rbl {
- default_exclude_users = true;
- default_unknown = true;
-
- url_whitelist = [
- "https://maps.rspamd.com/rspamd/surbl-whitelist.inc.zst",
- "$LOCAL_CONFDIR/local.d/maps.d/surbl-whitelist.inc.local",
- "${DBDIR}/surbl-whitelist.inc.local",
- "fallback+file://${CONFDIR}/maps.d/surbl-whitelist.inc"
- ];
-
- rbls {
-
- spamhaus {
- symbol = "SPAMHAUS"; # Augmented by prefixes
- rbl = "zen.spamhaus.org";
- # Check types
- checks = ['received', 'from'];
-
- symbols_prefixes = {
- received = 'RECEIVED',
- from = 'RBL',
- }
- returncodes {
- SPAMHAUS_SBL = "127.0.0.2";
- SPAMHAUS_CSS = "127.0.0.3";
- SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5",
- "127.0.0.6", "127.0.0.7"];
- SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"];
- SPAMHAUS_DROP = "127.0.0.9";
- SPAMHAUS_BLOCKED_OPENRESOLVER = "127.255.255.254";
- SPAMHAUS_BLOCKED= "127.255.255.255";
- }
- }
-
- mailspike {
- symbol = "MAILSPIKE";
- rbl = "rep.mailspike.net";
- is_whitelist = true;
- checks = ['from'];
- whitelist_exception = "MAILSPIKE";
- whitelist_exception = "RWL_MAILSPIKE_GOOD";
- whitelist_exception = "RWL_MAILSPIKE_NEUTRAL";
- whitelist_exception = "RWL_MAILSPIKE_POSSIBLE";
- whitelist_exception = "RBL_MAILSPIKE_WORST";
- whitelist_exception = "RBL_MAILSPIKE_VERYBAD";
- whitelist_exception = "RBL_MAILSPIKE_BAD";
- returncodes {
- RBL_MAILSPIKE_WORST = "127.0.0.10";
- RBL_MAILSPIKE_VERYBAD = "127.0.0.11";
- RBL_MAILSPIKE_BAD = "127.0.0.12";
- RWL_MAILSPIKE_NEUTRAL = ["127.0.0.16", "127.0.0.15", "127.0.0.14", "127.0.0.13"];
- RWL_MAILSPIKE_POSSIBLE = "127.0.0.17";
- RWL_MAILSPIKE_GOOD = "127.0.0.18";
- RWL_MAILSPIKE_VERYGOOD = "127.0.0.19";
- RWL_MAILSPIKE_EXCELLENT = "127.0.0.20";
- }
- }
-
- senderscore {
- symbol = "RBL_SENDERSCORE";
- checks = ['from'];
- rbl = "bl.score.senderscore.com";
- }
-
- sem {
- symbol = "RBL_SEM";
- rbl = "bl.spameatingmonkey.net";
- ipv6 = false;
- checks = ['from'];
- }
-
- semIPv6 {
- symbol = "RBL_SEM_IPV6";
- rbl = "bl.ipv6.spameatingmonkey.net";
- ipv4 = false;
- ipv6 = true;
- checks = ['from'];
- }
-
- dnswl {
- symbol = "RCVD_IN_DNSWL";
- rbl = "list.dnswl.org";
- ipv6 = true;
- checks = ['from', 'received'];
- is_whitelist = true;
- whitelist_exception = "RCVD_IN_DNSWL";
- whitelist_exception = "RCVD_IN_DNSWL_NONE";
- whitelist_exception = "RCVD_IN_DNSWL_LOW";
- whitelist_exception = "DNSWL_BLOCKED";
- returncodes {
- RCVD_IN_DNSWL_NONE = "127.0.%d+.0";
- RCVD_IN_DNSWL_LOW = "127.0.%d+.1";
- RCVD_IN_DNSWL_MED = "127.0.%d+.2";
- RCVD_IN_DNSWL_HI = "127.0.%d+.3";
- DNSWL_BLOCKED = "127.0.0.255";
- }
- }
-
- # Provided by https://virusfree.cz
- virusfree {
- symbol = "RBL_VIRUSFREE_UNKNOWN";
- rbl = "bip.virusfree.cz";
- ipv6 = true;
- checks = ['from'];
- returncodes {
- RBL_VIRUSFREE_BOTNET = "127.0.0.2";
- }
- }
-
- nixspam {
- symbol = "RBL_NIXSPAM";
- rbl = "ix.dnsbl.manitu.net";
- ipv6 = true;
- checks = ['from'];
- }
-
- blocklistde {
- symbols_prefixes = {
- received = 'RECEIVED',
- from = 'RBL',
- }
- symbol = "BLOCKLISTDE";
- rbl = "bl.blocklist.de";
- ipv6 = true;
- checks = ['from', 'received'];
- }
-
- # Dkim whitelist
- dnswl_dwl {
- symbol = "DWL_DNSWL";
- rbl = "dwl.dnswl.org";
- checks = ['dkim'];
- ignore_whitelist = true;
- unknown = false;
-
- returncodes {
- DWL_DNSWL_NONE = "127.0.%d+.0";
- DWL_DNSWL_LOW = "127.0.%d+.1";
- DWL_DNSWL_MED = "127.0.%d+.2";
- DWL_DNSWL_HI = "127.0.%d+.3";
- DWL_DNSWL_BLOCKED = "127.0.0.255";
- }
- }
-
- RSPAMD_EMAILBL {
- ignore_whitelist = true;
- ignore_defaults = true;
- emails_delimiter = ".";
- hash_format = "base32";
- hash_len = 32;
- rbl = "email.rspamd.com";
- checks = ['emails', 'replyto'];
- hash = "blake2";
- returncodes = {
- RSPAMD_EMAILBL = "127.0.0.2";
- }
- }
- MSBL_EBL {
- ignore_whitelist = true;
- ignore_defaults = true;
- rbl = "ebl.msbl.org";
- checks = ['emails', 'replyto'];
- emails_domainonly = false;
- hash = "sha1";
- returncodes = {
- MSBL_EBL = [
- "127.0.0.2",
- "127.0.0.3"
- ];
- MSBL_EBL_GREY = [
- "127.0.1.2",
- "127.0.1.3"
- ];
- }
- }
- # Old SURBL module
- "SURBL_MULTI" {
- ignore_defaults = true;
- rbl = "multi.surbl.org";
- checks = ['emails', 'dkim', 'urls'];
- emails_domainonly = true;
-
- returnbits = {
- CRACKED_SURBL = 128; # From February 2016
- ABUSE_SURBL = 64;
- MW_SURBL_MULTI = 16;
- PH_SURBL_MULTI = 8;
- SURBL_BLOCKED = 1;
- }
- }
-
- "URIBL_MULTI" {
- ignore_defaults = true;
- rbl = "multi.uribl.com";
- checks = ['emails', 'dkim', 'urls'];
- emails_domainonly = true;
-
- returnbits {
- URIBL_BLOCKED = 1;
- URIBL_BLACK = 2;
- URIBL_GREY = 4;
- URIBL_RED = 8;
- }
- }
-
- "RSPAMD_URIBL" {
- ignore_defaults = true;
- rbl = "uribl.rspamd.com";
- checks = ['emails', 'dkim', 'urls'];
- emails_domainonly = true;
- hash = 'blake2';
- hash_len = 32;
- hash_format = 'base32';
-
- returncodes = {
- RSPAMD_URIBL = [
- "127.0.0.2",
- ];
- }
- }
-
- "DBL" {
- ignore_defaults = true;
- rbl = "dbl.spamhaus.org";
- no_ip = true;
- checks = ['emails', 'dkim', 'urls'];
- emails_domainonly = true;
-
- returncodes = {
- # spam domain
- DBL_SPAM = "127.0.1.2";
- # phish domain
- DBL_PHISH = "127.0.1.4";
- # malware domain
- DBL_MALWARE = "127.0.1.5";
- # botnet C&C domain
- DBL_BOTNET = "127.0.1.6";
- # abused legit spam
- DBL_ABUSE = "127.0.1.102";
- # abused spammed redirector domain
- DBL_ABUSE_REDIR = "127.0.1.103";
- # abused legit phish
- DBL_ABUSE_PHISH = "127.0.1.104";
- # abused legit malware
- DBL_ABUSE_MALWARE = "127.0.1.105";
- # abused legit botnet C&C
- DBL_ABUSE_BOTNET = "127.0.1.106";
- # error - IP queries prohibited!
- DBL_PROHIBIT = "127.0.1.255";
- # issue #3074
- DBL_BLOCKED_OPENRESOLVER = "127.255.255.254";
- DBL_BLOCKED = "127.255.255.255";
- }
- }
-
- # Not enabled by default due to privacy concerns! (see also groups.d/surbl_group.conf)
- "SPAMHAUS_ZEN_URIBL" {
- enabled = false;
- rbl = "zen.spamhaus.org";
- checks = ['emails'];
- resolve_ip = true;
- returncodes = {
- URIBL_SBL = "127.0.0.2";
- URIBL_SBL_CSS = "127.0.0.3";
- URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
- URIBL_PBL = ["127.0.0.10", "127.0.0.11"];
- URIBL_DROP = "127.0.0.9";
- }
- }
-
- "SEM_URIBL_UNKNOWN" {
- ignore_defaults = true;
- rbl = "uribl.spameatingmonkey.net";
- no_ip = true;
- checks = ['emails', 'dkim', 'urls'];
- emails_domainonly = true;
- returnbits {
- SEM_URIBL = 2;
- }
- }
-
- "SEM_URIBL_FRESH15_UNKNOWN" {
- ignore_defaults = true;
- rbl = "fresh15.spameatingmonkey.net";
- no_ip = true;
- checks = ['emails', 'dkim', 'urls'];
- emails_domainonly = true;
- returnbits {
- SEM_URIBL_FRESH15 = 2;
- }
- }
-
- # Proved to be broken
- #"RBL_SARBL_BAD" {
- # suffix = "public.sarbl.org";
- # noip = true;
- # images = true;
- #}
- }
-
- .include(try=true,priority=5) "${DBDIR}/dynamic/rbl.conf"
- .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/rbl.conf"
- .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/rbl.conf"
- }
|