aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2020-10-20 09:57:21 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2020-10-20 09:57:21 +0100
commit6598ceb596b3171cf57d2106c9ffa0454b2a6e61 (patch)
tree2e3e4c8df0bf8d08dd8900fc655a9633c948017d
parent9794220fa8c50fe1d797a75da2e9b258f1079d90 (diff)
downloadrspamd-6598ceb596b3171cf57d2106c9ffa0454b2a6e61.tar.gz
rspamd-6598ceb596b3171cf57d2106c9ffa0454b2a6e61.zip
[Rework] Rbl: Rework defaults logic
-rw-r--r--conf/modules.d/rbl.conf35
-rw-r--r--src/plugins/lua/rbl.lua9
2 files changed, 24 insertions, 20 deletions
diff --git a/conf/modules.d/rbl.conf b/conf/modules.d/rbl.conf
index cd995a0d4..6a0b37ce0 100644
--- a/conf/modules.d/rbl.conf
+++ b/conf/modules.d/rbl.conf
@@ -13,10 +13,13 @@
# Module documentation can be found at https://rspamd.com/doc/modules/rbl.html
rbl {
- default_from = true;
- default_received = false;
default_exclude_users = true;
+ default_exclude_local = true;
default_unknown = true;
+ default_dkim_domainonly = true;
+ default_dkim_match_from = false;
+ default_ipv4 = true;
+ default_ipv6 = true;
url_whitelist = [
"https://maps.rspamd.com/rspamd/surbl-whitelist.inc.zst",
@@ -30,9 +33,10 @@ rbl {
spamhaus {
symbol = "SPAMHAUS"; # Augmented by prefixes
rbl = "zen.spamhaus.org";
- ipv6 = true;
+ # Check types
received = true;
from = true;
+
symbols_prefixes = {
received = 'RECEIVED',
from = 'RBL',
@@ -53,6 +57,7 @@ rbl {
symbol = "MAILSPIKE";
rbl = "rep.mailspike.net";
is_whitelist = true;
+ from = true; # Check source IP address
whitelist_exception = "MAILSPIKE";
whitelist_exception = "RWL_MAILSPIKE_GOOD";
whitelist_exception = "RWL_MAILSPIKE_NEUTRAL";
@@ -74,6 +79,7 @@ rbl {
senderscore {
symbol = "RBL_SENDERSCORE";
+ from = true; # Check source IP address
rbl = "bl.score.senderscore.com";
}
@@ -81,6 +87,7 @@ rbl {
symbol = "RBL_SEM";
rbl = "bl.spameatingmonkey.net";
ipv6 = false;
+ from = true; # Check source IP address
}
semIPv6 {
@@ -88,12 +95,15 @@ rbl {
rbl = "bl.ipv6.spameatingmonkey.net";
ipv4 = false;
ipv6 = true;
+ from = true; # Check source IP address
}
dnswl {
symbol = "RCVD_IN_DNSWL";
rbl = "list.dnswl.org";
ipv6 = true;
+ from = true; # Check source IP address
+ received = true; # Check source IP address
is_whitelist = true;
whitelist_exception = "RCVD_IN_DNSWL";
whitelist_exception = "RCVD_IN_DNSWL_NONE";
@@ -113,6 +123,7 @@ rbl {
symbol = "RBL_VIRUSFREE_UNKNOWN";
rbl = "bip.virusfree.cz";
ipv6 = true;
+ from = true; # Check source IP address
returncodes {
RBL_VIRUSFREE_BOTNET = "127.0.0.2";
}
@@ -122,6 +133,7 @@ rbl {
symbol = "RBL_NIXSPAM";
rbl = "ix.dnsbl.manitu.net";
ipv6 = true;
+ from = true; # Check source IP address
}
blocklistde {
@@ -136,6 +148,7 @@ rbl {
from = true;
}
+ # Dkim whitelist
dnswl_dwl {
symbol = "DWL_DNSWL";
rbl = "dwl.dnswl.org";
@@ -153,16 +166,16 @@ rbl {
DWL_DNSWL_BLOCKED = "127.0.0.255";
}
}
- # Old emails module
+
RSPAMD_EMAILBL {
ignore_whitelist = true;
ignore_defaults = true;
emails_delimiter = ".";
- emails = true;
hash_format = "base32";
hash_len = 32;
rbl = "email.rspamd.com";
- replyto = true;
+ emails = true; # Emails in body
+ replyto = true; # Email from reply-to header
hash = "blake2";
returncodes = {
RSPAMD_EMAILBL = "127.0.0.2";
@@ -172,9 +185,9 @@ rbl {
ignore_whitelist = true;
ignore_defaults = true;
rbl = "ebl.msbl.org";
- emails = true;
+ emails = true; # Emails in body
+ replyto = true; # Email from reply-to header
emails_domainonly = false;
- replyto = true;
hash = "sha1";
returncodes = {
MSBL_EBL = [
@@ -193,8 +206,8 @@ rbl {
rbl = "multi.surbl.org";
dkim = true;
emails = true;
- emails_domainonly = true;
urls = true;
+ emails_domainonly = true;
returnbits = {
CRACKED_SURBL = 128; # From February 2016
@@ -210,8 +223,8 @@ rbl {
rbl = "multi.uribl.com";
dkim = true;
emails = true;
- emails_domainonly = true;
urls = true;
+ emails_domainonly = true;
returnbits {
URIBL_BLOCKED = 1;
@@ -226,8 +239,8 @@ rbl {
rbl = "uribl.rspamd.com";
dkim = true;
emails = true;
- emails_domainonly = true;
urls = true;
+ emails_domainonly = true;
hash = 'blake2';
hash_len = 32;
hash_format = 'base32';
diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua
index 122bfe515..8c96cff52 100644
--- a/src/plugins/lua/rbl.lua
+++ b/src/plugins/lua/rbl.lua
@@ -1118,22 +1118,13 @@ local default_options = {
['default_enabled'] = true,
['default_ipv4'] = true,
['default_ipv6'] = true,
- ['default_received'] = false,
- ['default_from'] = true,
['default_unknown'] = false,
- ['default_rdns'] = false,
- ['default_helo'] = false,
- ['default_dkim'] = false,
['default_dkim_domainonly'] = true,
- ['default_emails'] = false,
- ['default_urls'] = false,
['default_emails_domainonly'] = false,
['default_exclude_private_ips'] = true,
['default_exclude_users'] = false,
['default_exclude_local'] = true,
['default_no_ip'] = false,
- ['default_images'] = false,
- ['default_replyto'] = false,
['default_dkim_match_from'] = false,
}