123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151 |
- # Policies rules scores, includes SPF, DKIM, DMARC and ARC symbols
- #
- # Please don't modify this file as your changes might be overwritten with
- # the next update.
- #
- # You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
- # parameters defined on the top level
- #
- # You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
- # parameters defined on the top level
- #
- # For specific modules or configuration you can also modify
- # '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
- # '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
- #
- # See https://rspamd.com/doc/tutorials/writing_rules.html for details
-
- description = "SPF, DKIM, DMARC, ARC";
-
- symbols = {
- # SPF
- "R_SPF_FAIL" {
- weight = 1.0;
- description = "SPF verification failed";
- groups = ["spf"];
- }
- "R_SPF_SOFTFAIL" {
- weight = 0.0;
- description = "SPF verification soft-failed";
- groups = ["spf"];
- }
- "R_SPF_NEUTRAL" {
- weight = 0.0;
- description = "SPF policy is neutral";
- groups = ["spf"];
- }
- "R_SPF_ALLOW" {
- weight = -0.2;
- description = "SPF verification allows sending";
- groups = ["spf"];
- }
- "R_SPF_DNSFAIL" {
- weight = 0.0;
- description = "SPF DNS failure";
- groups = ["spf"];
- }
- "R_SPF_NA" {
- weight = 0.0;
- description = "Missing SPF record";
- one_shot = true;
- groups = ["spf"];
- }
- "R_SPF_PERMFAIL" {
- weight = 0.0;
- description = "SPF record is malformed or persistent DNS error";
- groups = ["spf"];
- }
-
- # DKIM
- "R_DKIM_REJECT" {
- weight = 1.0;
- description = "DKIM verification failed";
- one_shot = true;
- groups = ["dkim"];
- }
- "R_DKIM_TEMPFAIL" {
- weight = 0.0;
- description = "DKIM verification soft-failed";
- groups = ["dkim"];
- }
- "R_DKIM_PERMFAIL" {
- weight = 0.0;
- description = "DKIM verification hard-failed (invalid)";
- groups = ["dkim"];
- }
- "R_DKIM_ALLOW" {
- weight = -0.2;
- description = "DKIM verification succeed";
- one_shot = true;
- groups = ["dkim"];
- }
- "R_DKIM_NA" {
- weight = 0.0;
- description = "Missing DKIM signature";
- one_shot = true;
- groups = ["dkim"];
- }
-
- # DMARC
- "DMARC_POLICY_ALLOW" {
- weight = -0.5;
- description = "DMARC permit policy";
- groups = ["dmarc"];
- }
- "DMARC_POLICY_ALLOW_WITH_FAILURES" {
- weight = -0.5;
- description = "DMARC permit policy with DKIM/SPF failure";
- groups = ["dmarc"];
- }
- "DMARC_POLICY_REJECT" {
- weight = 2.0;
- description = "DMARC reject policy";
- groups = ["dmarc"];
- }
- "DMARC_POLICY_QUARANTINE" {
- weight = 1.5;
- description = "DMARC quarantine policy";
- groups = ["dmarc"];
- }
- "DMARC_POLICY_SOFTFAIL" {
- weight = 0.1;
- description = "DMARC failed";
- groups = ["dmarc"];
- }
- "DMARC_NA" {
- weight = 0.0;
- description = "No DMARC record";
- groups = ["dmarc"];
- }
-
- # ARC
- "ARC_ALLOW" {
- weight = -1.0;
- description = "ARC checks success";
- groups = ["arc"];
- }
-
- "ARC_REJECT" {
- weight = 1.0;
- description = "ARC checks failed";
- groups = ["arc"];
- }
-
- "ARC_INVALID" {
- weight = 0.5;
- description = "ARC structure invalid";
- groups = ["arc"];
- }
-
- "ARC_DNSFAIL" {
- weight = 0.0;
- description = "ARC DNS error";
- groups = ["arc"];
- }
-
- "ARC_NA" {
- weight = 0.0;
- description = "ARC signature absent";
- groups = ["arc"];
- }
- }
|