aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2013-11-21 16:20:45 +0000
committerVsevolod Stakhov <vsevolod@highsecure.ru>2013-11-21 16:20:45 +0000
commitac675792e2277deee495bf98f34045c4b3f4d954 (patch)
treef59a45e41d43e4b86d11195b644931edfdfc4cb9
parent3a790729df214dfb00d0d92f813819b23edb23fb (diff)
downloadrspamd-ac675792e2277deee495bf98f34045c4b3f4d954.tar.gz
rspamd-ac675792e2277deee495bf98f34045c4b3f4d954.zip
Add basics of the new configuration.
-rw-r--r--conf/composites.conf10
-rw-r--r--conf/logging.conf7
-rw-r--r--conf/metrics.conf593
-rw-r--r--conf/modules.conf146
-rw-r--r--conf/options.conf14
-rw-r--r--conf/rspamd.conf17
-rw-r--r--conf/statistic.conf19
-rw-r--r--conf/workers.conf20
8 files changed, 826 insertions, 0 deletions
diff --git a/conf/composites.conf b/conf/composites.conf
new file mode 100644
index 000000000..a8fe1ae4a
--- /dev/null
+++ b/conf/composites.conf
@@ -0,0 +1,10 @@
+# Composites setup
+
+composite {
+ name = "FORGED_RECIPIENTS_MAILLIST";
+ expression = "FORGED_RECIPIENTS & -MAILLIST";
+}
+composite {
+ name = "FORGED_MUA_OUTLOOK_MAILLIST";
+ expression = "FORGED_MUA_OUTLOOK and MAILLIST";
+}
diff --git a/conf/logging.conf b/conf/logging.conf
new file mode 100644
index 000000000..816582d56
--- /dev/null
+++ b/conf/logging.conf
@@ -0,0 +1,7 @@
+# Logging setup
+
+logging {
+ level = "info";
+ type = "file";
+ filename = "$LOGDIR/rspamd.log";
+}
diff --git a/conf/metrics.conf b/conf/metrics.conf
new file mode 100644
index 000000000..6cbeb8771
--- /dev/null
+++ b/conf/metrics.conf
@@ -0,0 +1,593 @@
+# Metrics settings
+
+metric {
+ name = "default";
+ action = "reject:10";
+ action = "greylist:4";
+ action = "add_header:6";
+ symbol {
+ weight = 2.0;
+ description = "Subject is missing inside message";
+ name = "MISSING_SUBJECT";
+ }
+ symbol {
+ weight = 2.100000;
+ description = "Message pretends to be send from Outlook but has 'strange' tags ";
+ name = "FORGED_OUTLOOK_TAGS";
+ }
+ symbol {
+ weight = 5.0;
+ description = "Sender is forged (different From: header and smtp MAIL FROM: addresses)";
+ name = "FORGED_SENDER";
+ }
+ symbol {
+ weight = 3.500000;
+ description = "Recipients seems to be autogenerated (works if recipients count is more than 5)";
+ name = "SUSPICIOUS_RECIPS";
+ }
+ symbol {
+ weight = 6.0;
+ description = "Fake reply (has RE in subject, but has not References header)";
+ name = "FAKE_REPLY_C";
+ }
+ symbol {
+ weight = 1.0;
+ description = "Messages that have only HTML part";
+ name = "MIME_HTML_ONLY";
+ }
+ symbol {
+ weight = 2.0;
+ description = "Forged yahoo msgid";
+ name = "FORGED_MSGID_YAHOO";
+ }
+ symbol {
+ weight = 2.0;
+ description = "Forged The Bat! MUA headers";
+ name = "FORGED_MUA_THEBAT_BOUN";
+ }
+ symbol {
+ weight = 5.0;
+ description = "Charset is missing in a message";
+ name = "R_MISSING_CHARSET";
+ }
+ symbol {
+ weight = 2.0;
+ description = "Two received headers with ip addresses";
+ name = "RCVD_DOUBLE_IP_SPAM";
+ }
+ symbol {
+ weight = 5.0;
+ description = "Forged outlook HTML signature";
+ name = "FORGED_OUTLOOK_HTML";
+ }
+ symbol {
+ weight = 5.0;
+ description = "Recipients are absent or undisclosed";
+ name = "R_UNDISC_RCPT";
+ }
+ symbol {
+ weight = 9.0;
+ description = "White color on white background in HTML messages";
+ name = "R_WHITE_ON_WHITE";
+ }
+ symbol {
+ weight = 3.0;
+ description = "Short html part with a link to an image";
+ name = "HTML_SHORT_LINK_IMG_2";
+ }
+ symbol {
+ weight = 3.0;
+ description = "Forged outlook MUA";
+ name = "FORGED_MUA_OUTLOOK";
+ }
+ symbol {
+ weight = 0.0;
+ description = "Forged outlook MUA, but from maillist";
+ name = "FORGED_MUA_OUTLOOK_MAILLIST";
+ }
+ symbol {
+ weight = 5.0;
+ description = "Suspicious boundary in header Content-Type";
+ name = "SUSPICIOUS_BOUNDARY";
+ }
+ symbol {
+ weight = 4.0;
+ description = "Suspicious boundary in header Content-Type";
+ name = "SUSPICIOUS_BOUNDARY2";
+ }
+ symbol {
+ weight = 3.0;
+ description = "Suspicious boundary in header Content-Type";
+ name = "SUSPICIOUS_BOUNDARY3";
+ }
+ symbol {
+ weight = 4.0;
+ description = "Suspicious boundary in header Content-Type";
+ name = "SUSPICIOUS_BOUNDARY4";
+ }
+ symbol {
+ weight = 4.0;
+ description = "Message pretends to be send from The Bat! but has forged Message-ID";
+ name = "FORGED_MUA_THEBAT_MSGID";
+ }
+ symbol {
+ weight = 3.0;
+ description = "Message pretends to be send from The Bat! but has forged Message-ID";
+ name = "FORGED_MUA_THEBAT_MSGID_UNKNOWN";
+ }
+ symbol {
+ weight = 3.0;
+ description = "Message pretends to be send from KMail but has forged Message-ID";
+ name = "FORGED_MUA_KMAIL_MSGID";
+ }
+ symbol {
+ weight = 2.500000;
+ description = "Message pretends to be send from KMail but has forged Message-ID";
+ name = "FORGED_MUA_KMAIL_MSGID_UNKNOWN";
+ }
+ symbol {
+ weight = 4.0;
+ description = "Message pretends to be send from Opera Mail but has forged Message-ID";
+ name = "FORGED_MUA_OPERA_MSGID";
+ }
+ symbol {
+ weight = 4.0;
+ description = "Message pretends to be send from suspicious Opera Mail/10.x (Windows) but has forged Message-ID, apparently from KMail";
+ name = "SUSPICIOUS_OPERA_10W_MSGID";
+ }
+ symbol {
+ weight = 4.0;
+ description = "Message pretends to be send from Mozilla Mail but has forged Message-ID";
+ name = "FORGED_MUA_MOZILLA_MAIL_MSGID";
+ }
+ symbol {
+ weight = 2.500000;
+ description = "Message pretends to be send from Mozilla Mail but has forged Message-ID";
+ name = "FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN";
+ }
+ symbol {
+ weight = 4.0;
+ description = "Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID";
+ name = "FORGED_MUA_THUNDERBIRD_MSGID";
+ }
+ symbol {
+ weight = 2.500000;
+ description = "Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID";
+ name = "FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN";
+ }
+ symbol {
+ weight = 4.0;
+ description = "Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID";
+ name = "FORGED_MUA_SEAMONKEY_MSGID";
+ }
+ symbol {
+ weight = 2.500000;
+ description = "Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID";
+ name = "FORGED_MUA_SEAMONKEY_MSGID_UNKNOWN";
+ }
+ symbol {
+ weight = 2.0;
+ description = "Fake helo for verizon provider";
+ name = "FM_FAKE_HELO_VERIZON";
+ }
+ symbol {
+ weight = 2.0;
+ description = "Quoted reply-to from yahoo (seems to be forged)";
+ name = "REPTO_QUOTE_YAHOO";
+ }
+ symbol {
+ weight = 5.0;
+ description = "Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange)";
+ name = "MISSING_MIMEOLE";
+ }
+ symbol {
+ weight = 2.0;
+ description = "To header is missing";
+ name = "MISSING_TO";
+ }
+ symbol {
+ weight = 1.500000;
+ description = "From that contains encoded characters while base 64 is not needed as all symbols are 7bit";
+ name = "FROM_EXCESS_BASE64";
+ }
+ symbol {
+ weight = 1.200000;
+ description = "From that contains encoded characters while quoted-printable is not needed as all symbols are 7bit";
+ name = "FROM_EXCESS_QP";
+ }
+ symbol {
+ weight = 1.500000;
+ description = "To that contains encoded characters while base 64 is not needed as all symbols are 7bit";
+ name = "TO_EXCESS_BASE64";
+ }
+ symbol {
+ weight = 1.200000;
+ description = "To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit";
+ name = "TO_EXCESS_QP";
+ }
+ symbol {
+ weight = 1.500000;
+ description = "Reply-To that contains encoded characters while base 64 is not needed as all symbols are 7bit";
+ name = "REPLYTO_EXCESS_BASE64";
+ }
+ symbol {
+ weight = 1.200000;
+ description = "Reply-To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit";
+ name = "REPLYTO_EXCESS_QP";
+ }
+ symbol {
+ weight = 1.500000;
+ description = "Cc that contains encoded characters while base 64 is not needed as all symbols are 7bit";
+ name = "CC_EXCESS_BASE64";
+ }
+ symbol {
+ weight = 1.200000;
+ description = "Cc that contains encoded characters while quoted-printable is not needed as all symbols are 7bit";
+ name = "CC_EXCESS_QP";
+ }
+ symbol {
+ weight = 5.0;
+ description = "Mixed characters in a message";
+ name = "R_MIXED_CHARSET";
+ }
+ symbol {
+ weight = 3.500000;
+ description = "Recipients list seems to be sorted";
+ name = "SORTED_RECIPS";
+ }
+ symbol {
+ weight = 3.0;
+ description = "Spambots signatures in received headers";
+ name = "R_RCVD_SPAMBOTS";
+ }
+ symbol {
+ weight = 2.0;
+ description = "To header seems to be autogenerated";
+ name = "R_TO_SEEMS_AUTO";
+ }
+ symbol {
+ weight = 1.0;
+ description = "Subject needs encoding";
+ name = "SUBJECT_NEEDS_ENCODING";
+ }
+ symbol {
+ weight = 3.840000;
+ description = "Spam string at the end of message to make statistics faults 0";
+ name = "TRACKER_ID";
+ }
+ symbol {
+ weight = 1.0;
+ description = "No space in from header";
+ name = "R_NO_SPACE_IN_FROM";
+ }
+ symbol {
+ weight = 8.0;
+ description = "Subject seems to be spam";
+ name = "R_SAJDING";
+ }
+ symbol {
+ weight = 3.0;
+ description = "Detects bad content-transfer-encoding for text parts";
+ name = "R_BAD_CTE_7BIT";
+ }
+ symbol {
+ weight = 10.0;
+ description = "Flash redirect on imageshack.us";
+ name = "R_FLASH_REDIR_IMGSHACK";
+ }
+ symbol {
+ weight = 5.0;
+ description = "Message id is incorrect";
+ name = "INVALID_MSGID";
+ }
+ symbol {
+ weight = 3.0;
+ description = "Message id is missing ";
+ name = "MISSING_MID";
+ }
+ symbol {
+ weight = 3.0;
+ description = "Recipients are not the same as RCPT TO: mail command";
+ name = "FORGED_RECIPIENTS";
+ }
+ symbol {
+ weight = 0.0;
+ description = "Recipients are not the same as RCPT TO: mail command, but from maillist";
+ name = "FORGED_RECIPIENTS_MAILLIST";
+ }
+ symbol {
+ weight = 2.0;
+ description = "Forged Exchange messages ";
+ name = "RATWARE_MS_HASH";
+ }
+ symbol {
+ weight = 1.0;
+ description = "Reply-type in content-type";
+ name = "STOX_REPLY_TYPE";
+ }
+ symbol {
+ weight = 3.0;
+ description = "IP in received headers is in PBL";
+ name = "R_IP_PBL";
+ }
+ symbol {
+ weight = 1.0;
+ description = "One received header in a message ";
+ name = "ONCE_RECEIVED";
+ }
+ symbol {
+ weight = 4.0;
+ description = "One received header with 'bad' patterns inside";
+ name = "ONCE_RECEIVED_STRICT";
+ }
+ symbol {
+ weight = 1.0;
+ description = "Received headers contains addresses from RBL";
+ name = "RECEIVED_RBL";
+ }
+ symbol {
+ weight = 3.0;
+ description = "Text and HTML parts differ";
+ name = "R_PARTS_DIFFER";
+ }
+ symbol {
+ weight = 2.0;
+ description = "Only Content-Type header without other MIME headers";
+ name = "MIME_HEADER_CTYPE_ONLY";
+ }
+ symbol {
+ weight = 2.0;
+ description = "Message contains empty parts and image ";
+ name = "R_EMPTY_IMAGE";
+ }
+ symbol {
+ weight = 2.0;
+ description = "Drugs patterns inside message";
+ name = "DRUGS_MANYKINDS";
+ }
+ symbol {
+ weight = 2.0;
+ description = "";
+ name = "DRUGS_ANXIETY";
+ }
+ symbol {
+ weight = 2.0;
+ description = "";
+ name = "DRUGS_MUSCLE";
+ }
+ symbol {
+ weight = 2.0;
+ description = "";
+ name = "DRUGS_ANXIETY_EREC";
+ }
+ symbol {
+ weight = 2.0;
+ description = "";
+ name = "DRUGS_DIET";
+ }
+ symbol {
+ weight = 2.0;
+ description = "";
+ name = "DRUGS_ERECTILE";
+ }
+ symbol {
+ weight = 3.300000;
+ description = "2 'advance fee' patterns in a message";
+ name = "ADVANCE_FEE_2";
+ }
+ symbol {
+ weight = 2.120000;
+ description = "3 'advance fee' patterns in a message";
+ name = "ADVANCE_FEE_3";
+ }
+ symbol {
+ weight = 8.0;
+ description = "Lotto signatures";
+ name = "R_LOTTO";
+ }
+ symbol {
+ weight = 3.0;
+ description = "Message probably spam, probability: ";
+ name = "BAYES_SPAM";
+ }
+ symbol {
+ weight = -3.0;
+ description = "Message probably ham, probability: ";
+ name = "BAYES_HAM";
+ }
+ symbol {
+ weight = 1.0;
+ description = "";
+ name = "R_FUZZY";
+ }
+ symbol {
+ weight = 1.0;
+ description = "";
+ name = "R_FUZZY1";
+ }
+ symbol {
+ weight = 1.0;
+ description = "";
+ name = "R_FUZZY2";
+ }
+ symbol {
+ weight = 1.0;
+ description = "";
+ name = "R_FUZZY3";
+ }
+ symbol {
+ weight = 3.0;
+ description = "SPF verification failed";
+ name = "R_SPF_FAIL";
+ }
+ symbol {
+ weight = 1.0;
+ description = "SPF verification soft-failed";
+ name = "R_SPF_SOFTFAIL";
+ }
+ symbol {
+ weight = -3.0;
+ description = "SPF verification alowed";
+ name = "R_SPF_ALLOW";
+ }
+ symbol {
+ weight = -2.0;
+ description = "Whitelisted client's IP";
+ name = "WHITELIST_IP";
+ }
+ symbol {
+ weight = -2.0;
+ description = "Message seems to be from maillist";
+ name = "MAILLIST";
+ }
+ symbol {
+ weight = 5.500000;
+ description = "Phishing and malware sites";
+ name = "PH_SURBL_MULTI";
+ }
+ symbol {
+ weight = 5.500000;
+ description = "Outblaze URI Blacklist";
+ name = "OB_SURBL_MULTI";
+ }
+ symbol {
+ weight = 5.500000;
+ description = "AbuseButler web sites";
+ name = "AB_SURBL_MULTI";
+ }
+ symbol {
+ weight = 5.500000;
+ description = "SpamCop web sites";
+ name = "SC_SURBL_MULTI";
+ }
+ symbol {
+ weight = 5.500000;
+ description = "jwSpamSpy + Prolocation sites";
+ name = "JP_SURBL_MULTI";
+ }
+ symbol {
+ weight = 5.500000;
+ description = "sa-blacklist web sites ";
+ name = "WS_SURBL_MULTI";
+ }
+ symbol {
+ weight = 9.500000;
+ description = "rambler.ru uribl";
+ name = "RAMBLER_URIBL";
+ }
+ symbol {
+ weight = 9.500000;
+ description = "rambler.ru emailbl";
+ name = "RAMBLER_EMAILBL";
+ }
+ symbol {
+ weight = 5.0;
+ description = "Phished mail";
+ name = "PHISHING";
+ }
+ symbol {
+ weight = 1.0;
+ description = "Header From begins with tab";
+ name = "HEADER_FROM_DELIMITER_TAB";
+ }
+ symbol {
+ weight = 1.0;
+ description = "Header To begins with tab";
+ name = "HEADER_TO_DELIMITER_TAB";
+ }
+ symbol {
+ weight = 1.0;
+ description = "Header Cc begins with tab";
+ name = "HEADER_CC_DELIMITER_TAB";
+ }
+ symbol {
+ weight = 1.0;
+ description = "Header Reply-To begins with tab";
+ name = "HEADER_REPLYTO_DELIMITER_TAB";
+ }
+ symbol {
+ weight = 1.0;
+ description = "Header Date begins with tab";
+ name = "HEADER_DATE_DELIMITER_TAB";
+ }
+ symbol {
+ weight = 1.0;
+ description = "Header From has no delimiter between header name and header value";
+ name = "HEADER_FROM_EMPTY_DELIMITER";
+ }
+ symbol {
+ weight = 1.0;
+ description = "Header To has no delimiter between header name and header value";
+ name = "HEADER_TO_EMPTY_DELIMITER";
+ }
+ symbol {
+ weight = 1.0;
+ description = "Header Cc has no delimiter between header name and header value";
+ name = "HEADER_CC_EMPTY_DELIMITER";
+ }
+ symbol {
+ weight = 1.0;
+ description = "Header Reply-To has no delimiter between header name and header value";
+ name = "HEADER_REPLYTO_EMPTY_DELIMITER";
+ }
+ symbol {
+ weight = 1.0;
+ description = "Header Date has no delimiter between header name and header value";
+ name = "HEADER_DATE_EMPTY_DELIMITER";
+ }
+ symbol {
+ weight = 4.0;
+ description = "Header Received has raw illegal character";
+ name = "RCVD_ILLEGAL_CHARS";
+ }
+ symbol {
+ weight = 4.0;
+ description = "Fake helo mail.ru in header Received from non mail.ru sender address";
+ name = "FAKE_RECEIVED_mail_ru";
+ }
+ symbol {
+ weight = 4.0;
+ description = "Fake smtp.yandex.ru Received";
+ name = "FAKE_RECEIVED_smtp_yandex_ru";
+ }
+ symbol {
+ weight = 3.600000;
+ description = "Forged generic Received";
+ name = "FORGED_GENERIC_RECEIVED";
+ }
+ symbol {
+ weight = 3.600000;
+ description = "Forged generic Received";
+ name = "FORGED_GENERIC_RECEIVED2";
+ }
+ symbol {
+ weight = 3.600000;
+ description = "Forged generic Received";
+ name = "FORGED_GENERIC_RECEIVED3";
+ }
+ symbol {
+ weight = 3.600000;
+ description = "Forged generic Received";
+ name = "FORGED_GENERIC_RECEIVED4";
+ }
+ symbol {
+ weight = 4.600000;
+ description = "Forged generic Received";
+ name = "FORGED_GENERIC_RECEIVED5";
+ }
+ symbol {
+ weight = 3.0;
+ description = "Invalid Postfix Received";
+ name = "INVALID_POSTFIX_RECEIVED";
+ }
+ symbol {
+ weight = 5.0;
+ description = "Invalid Exim Received";
+ name = "INVALID_EXIM_RECEIVED";
+ }
+ symbol {
+ weight = 3.0;
+ description = "Invalid Exim Received";
+ name = "INVALID_EXIM_RECEIVED2";
+ }
+}
diff --git a/conf/modules.conf b/conf/modules.conf
new file mode 100644
index 000000000..c549a6213
--- /dev/null
+++ b/conf/modules.conf
@@ -0,0 +1,146 @@
+# Rspamd modules configuration
+fuzzy_check {
+ servers = "highsecure.ru:11335";
+ symbol = "R_FUZZY";
+ min_bytes = 300;
+ max_score = 10;
+ mime_types = "application/pdf";
+ fuzzy_map = {
+ FUZZY_DENIED {
+ weight = 10.0;
+ flag = 1
+ }
+ FUZZY_PROB {
+ weight = 5.0;
+ flag = 2
+ }
+ FUZZY_WHITE {
+ weight = -2.1;
+ flag = 3
+ }
+ }
+}
+forged_recipients {
+ symbol_sender = "FORGED_SENDER";
+ symbol_rcpt = "FORGED_RECIPIENTS";
+}
+maillist {
+ symbol = "MAILLIST";
+}
+surbl {
+ whitelist = "file://$CONFDIR/rspamd/surbl-whitelist.inc";
+ exceptions = "file://$CONFDIR/rspamd/2tld.inc";
+
+ rule {
+ suffix = "multi.surbl.org";
+ symbol = "SURBL_MULTI";
+ bits {
+ JP_SURBL_MULTI = 64;
+ AB_SURBL_MULTI = 32;
+ OB_SURBL_MULTI = 16;
+ PH_SURBL_MULTI = 8;
+ WS_SURBL_MULTI = 4;
+ SC_SURBL_MULTI = 2;
+ }
+ }
+ rule {
+ suffix = "uribl.rambler.ru";
+ symbol = "RAMBLER_URIBL";
+ }
+ rule {
+ suffix = "dbl.spamhaus.org";
+ options = "noip";
+ }
+}
+rbl {
+ default_received = false;
+ default_from = true;
+
+ rbls {
+ spamhaus_zen {
+ symbol = "RBL_ZEN";
+ rbl = "zen.spamhaus.org";
+ ipv4 = true;
+ ipv6 = true;
+ }
+ spamhaus_pbl {
+ symbol = "RECEIVED_PBL";
+ rbl = "pbl.spamhaus.org";
+ ipv4 = true;
+ ipv6 = true;
+ received = true;
+ from = false;
+ }
+ spamhaus_pbl {
+ symbol = "RECEIVED_XBL";
+ rbl = "xbl.spamhaus.org";
+ ipv4 = true;
+ ipv6 = true;
+ received = true;
+ from = false;
+ }
+ mailspike {
+ symbol = "RBL_MAILSPIKE";
+ rbl = "bl.mailspike.net";
+ }
+ senderscore {
+ symbol = "RBL_SENDERSCORE";
+ rbl = "bl.score.senderscore.com";
+ }
+ }
+}
+
+chartable {
+ threshold = 0.300000;
+ symbol = "R_MIXED_CHARSET";
+}
+once_received {
+ good_host = "mail";
+ bad_host = "static";
+ bad_host = "dynamic";
+ symbol_strict = "ONCE_RECEIVED_STRICT";
+ symbol = "ONCE_RECEIVED";
+}
+multimap {
+ spamhaus {
+ type = "dnsbl";
+ map = "pbl.spamhaus.org";
+ symbol = "R_IP_PBL";
+ description = "PBL dns block list";
+ }
+}
+phishing {
+ symbol = "PHISHING";
+}
+emails {
+ rule {
+ symbol = RAMBLER_EMAILBL;
+ dnsbl = email-bl.rambler.ru;
+ domain_only = false;
+ }
+}
+spf {
+ spf_cache_size = 2k;
+ spf_cache_expire = 1d;
+}
+dkim {
+ dkim_cache_size = 2k;
+ dkim_cache_expire = 1d;
+ time_jitter = 6h;
+ trusted_only = false;
+ skip_multi = false;
+}
+
+ratelimit {
+ limit = "to:100:0.033333333";
+ limit = "to_ip:30:0.025";
+ limit = "to_ip_from:20:0.01666666667";
+ limit = "bounce_to:10:0.000555556";
+ limit = "bounce_to_ip:5:0.000277778";
+ whitelisted_rcpts = "postmaster,mailer-daemon";
+ max_rcpt = 5;
+}
+
+regexp {
+ max_size = 1M;
+}
diff --git a/conf/options.conf b/conf/options.conf
new file mode 100644
index 000000000..b074c5556
--- /dev/null
+++ b/conf/options.conf
@@ -0,0 +1,14 @@
+# Basic options
+
+options {
+ pidfile = "$RUNDIR/rspamd.pid";
+ filters = "chartable,dkim,spf,surbl,regexp";
+ raw_mode = false;
+ one_shot = false;
+ dns_timeout = 1s;
+ dns_retransmits = 5;
+ cache_file = "$DBDIR/symbols.cache";
+ map_watch_interval = 1min;
+ dynamic_conf = "$DBDIR/rspamd_dynamic";
+ history_file = "$DBDIR/rspamd.history";
+}
diff --git a/conf/rspamd.conf b/conf/rspamd.conf
new file mode 100644
index 000000000..bbfb12007
--- /dev/null
+++ b/conf/rspamd.conf
@@ -0,0 +1,17 @@
+# A common rspamd configuration file
+
+lua = "$CONFDIR/lua/rspamd.lua"
+
+.include "options.conf"
+.include "logging.conf"
+.include "metrics.conf"
+.include "workers.conf"
+.include "composites.conf"
+
+.icnlude "statistic.conf"
+
+.include "modules.conf"
+
+modules {
+ path = "$PLUGINSDIR/lua/"
+}
diff --git a/conf/statistic.conf b/conf/statistic.conf
new file mode 100644
index 000000000..bd738dd84
--- /dev/null
+++ b/conf/statistic.conf
@@ -0,0 +1,19 @@
+# Rspamd statistic setup
+
+classifier {
+ type = "bayes";
+ tokenizer = "osb-text";
+ metric = "default";
+ min_tokens = 10;
+ max_tokens = 1000;
+ statfile {
+ symbol = "BAYES_HAM";
+ size = 50M;
+ path = "$DBDIR/bayes.ham";
+ }
+ statfile {
+ symbol = "BAYES_SPAM";
+ size = 50M;
+ path = "$DBDIR/bayes.spam";
+ }
+}
diff --git a/conf/workers.conf b/conf/workers.conf
new file mode 100644
index 000000000..1d8e0df90
--- /dev/null
+++ b/conf/workers.conf
@@ -0,0 +1,20 @@
+# Common workers configuration
+
+worker {
+ type = "normal";
+ bind_socket = "*:11333";
+ http = false;
+ allow_learn = true;
+ mime = true;
+}
+worker {
+ type = "controller";
+ bind_socket = "127.0.0.1:11334";
+ count = 1;
+}
+worker {
+ type = "webui";
+ count = 1;
+ bind_socket = "localhost:11336";
+ password = "q1";
+}