diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-02-13 14:43:19 +0000 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-02-13 14:43:19 +0000 |
commit | b7420cb4cb0a2c9c96abc18ecd4de3c2bfec98d3 (patch) | |
tree | 5ac4fda42c4bd60a823559121c4eab9ef762916c /doc/markdown/modules | |
parent | c44e6068dae016d31380fcc64317a8d3f2f55980 (diff) | |
download | rspamd-b7420cb4cb0a2c9c96abc18ecd4de3c2bfec98d3.tar.gz rspamd-b7420cb4cb0a2c9c96abc18ecd4de3c2bfec98d3.zip |
Add some documentation for once_received module
Diffstat (limited to 'doc/markdown/modules')
-rw-r--r-- | doc/markdown/modules/once_received.md | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/doc/markdown/modules/once_received.md b/doc/markdown/modules/once_received.md index e69de29bb..398ce1cb1 100644 --- a/doc/markdown/modules/once_received.md +++ b/doc/markdown/modules/once_received.md @@ -0,0 +1,22 @@ +# Once received module + +This module is intended to do simple checks for mail with one `Received` header. The idea behind these checks is that legitimate mail likely has more than one received and some bad patterns, such as `dynamic` or `broadband` are common for spam from hacked users' machines. + +## Configuration + +The configuration of this module is pretty straightforward: specify `symbol` for generic one received mail, specify `symbol_strict` for emails with bad patterns or with unresolvable hostnames and add **good** and **bad** patterns. Patterns can contain [lua patterns](http://lua-users.org/wiki/PatternsTutorial). `good_host` lines are used to negate this module for certain hosts, `bad_host` lines are used to specify certain bad patterns. It is also possible to specify `whitelist` to define a list of networks for which `once_received` checks should be excluded. + +## Example + +~~~nginx +once_received { + good_host = "^mail"; + bad_host = "static"; + bad_host = "dynamic"; + symbol_strict = "ONCE_RECEIVED_STRICT"; + symbol = "ONCE_RECEIVED"; + whitelist = "/tmp/ip.map"; +} +~~~ + +IP map can contain, as usually, IP's (both v4 and v6), networks (in CIDR notation) and optional comments starting from `#` symbol. |