diff options
Diffstat (limited to 'conf/modules.conf')
-rw-r--r-- | conf/modules.conf | 349 |
1 files changed, 184 insertions, 165 deletions
diff --git a/conf/modules.conf b/conf/modules.conf index 3bd62c672..ad875ece3 100644 --- a/conf/modules.conf +++ b/conf/modules.conf @@ -1,36 +1,40 @@ # Rspamd modules configuration + fuzzy_check { min_bytes = 300; - rule { - servers = "highsecure.ru:11335"; - symbol = "FUZZY_UNKNOWN"; - mime_types = "application/pdf"; - max_score = 20.0; - read_only = yes; - skip_unknown = yes; - fuzzy_map = { - FUZZY_DENIED { - max_score = 20.0; - flag = 1 - } - FUZZY_PROB { - max_score = 10.0; - flag = 2 - } - FUZZY_WHITE { - max_score = 2.0; - flag = 3 - } - } - } + rule { + servers = "highsecure.ru:11335"; + symbol = "FUZZY_UNKNOWN"; + mime_types = "application/pdf"; + max_score = 20.0; + read_only = yes; + skip_unknown = yes; + fuzzy_map = { + FUZZY_DENIED { + max_score = 20.0; + flag = 1; + } + FUZZY_PROB { + max_score = 10.0; + flag = 2; + } + FUZZY_WHITE { + max_score = 2.0; + flag = 3; + } + } + } } + forged_recipients { symbol_sender = "FORGED_SENDER"; symbol_rcpt = "FORGED_RECIPIENTS"; } + maillist { symbol = "MAILLIST"; } + surbl { whitelist = "file://$CONFDIR/surbl-whitelist.inc"; exceptions = "file://$CONFDIR/2tld.inc"; @@ -65,16 +69,26 @@ surbl { symbol = "DBL"; options = "noip"; ips = { - DBL_SPAM = "127.0.1.2"; # spam domain - DBL_PHISH = "127.0.1.4"; # phish domain - DBL_MALWARE = "127.0.1.5"; # malware domain - DBL_BOTNET = "127.0.1.6"; # botnet C&C domain - DBL_ABUSE = "127.0.1.102"; # abused legit spam - DBL_ABUSE_REDIR = "127.0.1.103"; # abused spammed redirector domain - DBL_ABUSE_PHISH = "127.0.1.104"; # abused legit phish - DBL_ABUSE_MALWARE = "127.0.1.105"; # abused legit malware - DBL_ABUSE_BOTNET = "127.0.1.106"; # abused legit botnet C&C - DBL_PROHIBIT = "127.0.1.255"; # IP queries prohibited! + # spam domain + DBL_SPAM = "127.0.1.2"; + # phish domain + DBL_PHISH = "127.0.1.4"; + # malware domain + DBL_MALWARE = "127.0.1.5"; + # botnet C&C domain + DBL_BOTNET = "127.0.1.6"; + # abused legit spam + DBL_ABUSE = "127.0.1.102"; + # abused spammed redirector domain + DBL_ABUSE_REDIR = "127.0.1.103"; + # abused legit phish + DBL_ABUSE_PHISH = "127.0.1.104"; + # abused legit malware + DBL_ABUSE_MALWARE = "127.0.1.105"; + # abused legit botnet C&C + DBL_ABUSE_BOTNET = "127.0.1.106"; + # error - IP queries prohibited! + DBL_PROHIBIT = "127.0.1.255"; } } rule { @@ -94,150 +108,152 @@ surbl { options = "noip"; } } + rbl { - default_from = true; - default_received = false; - default_exclude_users = true; - - private_ips = "127.0.0.0/8 10.0.0.0/8 192.168.0.0/16 169.254.0.0/16 172.16.0.0/12 100.64.0.0/10 fc00::/7 fe80::/10 fec0::/10 ::1"; - - rbls { - - spamhaus { - symbol = "RBL_SPAMHAUS"; - rbl = "zen.spamhaus.org"; - ipv6 = true; - returncodes { - RBL_SPAMHAUS_SBL = "127.0.0.2"; - RBL_SPAMHAUS_CSS = "127.0.0.3"; - RBL_SPAMHAUS_XBL = "127.0.0.4"; - RBL_SPAMHAUS_XBL = "127.0.0.5"; - RBL_SPAMHAUS_XBL = "127.0.0.6"; - RBL_SPAMHAUS_XBL = "127.0.0.7"; - RBL_SPAMHAUS_PBL = "127.0.0.10"; - RBL_SPAMHAUS_PBL = "127.0.0.11"; + default_from = true; + default_received = false; + default_exclude_users = true; + + private_ips = "127.0.0.0/8 10.0.0.0/8 192.168.0.0/16 169.254.0.0/16 172.16.0.0/12 100.64.0.0/10 fc00::/7 fe80::/10 fec0::/10 ::1"; + + rbls { + + spamhaus { + symbol = "RBL_SPAMHAUS"; + rbl = "zen.spamhaus.org"; + ipv6 = true; + returncodes { + RBL_SPAMHAUS_SBL = "127.0.0.2"; + RBL_SPAMHAUS_CSS = "127.0.0.3"; + RBL_SPAMHAUS_XBL = "127.0.0.4"; + RBL_SPAMHAUS_XBL = "127.0.0.5"; + RBL_SPAMHAUS_XBL = "127.0.0.6"; + RBL_SPAMHAUS_XBL = "127.0.0.7"; + RBL_SPAMHAUS_PBL = "127.0.0.10"; + RBL_SPAMHAUS_PBL = "127.0.0.11"; + } } - } - spamhaus_xbl { - symbol = "RECEIVED_SPAMHAUS_XBL"; - rbl = "xbl.spamhaus.org"; - ipv6 = true; - received = true; - from = false; - } - - spamhaus_swl { - symbol = "RWL_SPAMHAUS_WL"; - rbl = "swl.spamhaus.org"; - ipv6 = true; - is_whitelist = true; - returncodes { - RWL_SPAMHAUS_WL_IND = "127.0.2.2"; - RWL_SPAMHAUS_WL_TRANS = "127.0.2.3"; - RWL_SPAMHAUS_WL_IND_EXP = "127.0.2.102"; - RWL_SPAMHAUS_WL_TRANS_EXP = "127.0.2.103"; + spamhaus_xbl { + symbol = "RECEIVED_SPAMHAUS_XBL"; + rbl = "xbl.spamhaus.org"; + ipv6 = true; + received = true; + from = false; } - } - mailspike_bl { - rbl = "bl.mailspike.net"; - returncodes { - RBL_MAILSPIKE_ZOMBIE = "127.0.0.2"; - RBL_MAILSPIKE_WORST = "127.0.0.10"; - RBL_MAILSPIKE_VERYBAD = "127.0.0.11"; - RBL_MAILSPIKE_BAD = "127.0.0.12"; - } - } + spamhaus_swl { + symbol = "RWL_SPAMHAUS_WL"; + rbl = "swl.spamhaus.org"; + ipv6 = true; + is_whitelist = true; + returncodes { + RWL_SPAMHAUS_WL_IND = "127.0.2.2"; + RWL_SPAMHAUS_WL_TRANS = "127.0.2.3"; + RWL_SPAMHAUS_WL_IND_EXP = "127.0.2.102"; + RWL_SPAMHAUS_WL_TRANS_EXP = "127.0.2.103"; + } + } - mailspike_wl { - rbl = "wl.mailspike.net"; - is_whitelist = true; - returncodes { - RWL_MAILSPIKE_POSSIBLE = "127.0.0.17"; - RWL_MAILSPIKE_GOOD = "127.0.0.18"; - RWL_MAILSPIKE_VERYGOOD = "127.0.0.19"; - RWL_MAILSPIKE_EXCELLENT = "127.0.0.20"; - } - } - - senderscore { - symbol = "RBL_SENDERSCORE"; - rbl = "bl.score.senderscore.com"; - } - - abusech { - symbol = "RBL_ABUSECH"; - rbl = "spam.abuse.ch"; - } - - uceprotect1 { - symbol = "RBL_UCEPROTECT_LEVEL1"; - rbl = "dnsbl-1.uceprotect.net"; - } - - sorbs { - symbol = "RBL_SORBS"; - rbl = "dnsbl.sorbs.net"; - returncodes { - #http://www.sorbs.net/general/using.shtml - RBL_SORBS_HTTP = "127.0.0.2" - RBL_SORBS_SOCKS = "127.0.0.3" - RBL_SORBS_MISC = "127.0.0.4" - RBL_SORBS_SMTP = "127.0.0.5" - RBL_SORBS_RECENT = "127.0.0.6" - RBL_SORBS_WEB = "127.0.0.7" - RBL_SORBS_DUL = "127.0.0.10" - RBL_SORBS_BLOCK = "127.0.0.8" - RBL_SORBS_ZOMBIE = "127.0.0.9" - } - } - - sem { - symbol = "RBL_SEM"; - rbl = "bl.spameatingmonkey.net"; - } - - semIPv6 { - symbol = "RBL_SEM_IPV6"; - rbl = "bl.ipv6.spameatingmonkey.net"; - ipv4 = false; - ipv6 = true; - } + mailspike_bl { + rbl = "bl.mailspike.net"; + returncodes { + RBL_MAILSPIKE_ZOMBIE = "127.0.0.2"; + RBL_MAILSPIKE_WORST = "127.0.0.10"; + RBL_MAILSPIKE_VERYBAD = "127.0.0.11"; + RBL_MAILSPIKE_BAD = "127.0.0.12"; + } + } - dnswl { - symbol = "RCVD_IN_DNSWL"; - rbl = "list.dnswl.org"; - ipv6 = true; - is_whitelist = true; - returncodes { - RCVD_IN_DNSWL_NONE = "127.0.%d+.0"; - RCVD_IN_DNSWL_LOW = "127.0.%d+.1"; - RCVD_IN_DNSWL_MED = "127.0.%d+.2"; - RCVD_IN_DNSWL_HI = "127.0.%d+.3"; - DNSWL_BLOCKED = "127.0.0.255"; + mailspike_wl { + rbl = "wl.mailspike.net"; + is_whitelist = true; + returncodes { + RWL_MAILSPIKE_POSSIBLE = "127.0.0.17"; + RWL_MAILSPIKE_GOOD = "127.0.0.18"; + RWL_MAILSPIKE_VERYGOOD = "127.0.0.19"; + RWL_MAILSPIKE_EXCELLENT = "127.0.0.20"; + } } - } - rambleremails { - symbol = RAMBLER_EMAILBL; - rbl = email-bl.rambler.ru; - from = false; - emails = true; - exclude_users = false; - exclude_private_ips = false; - exclude_local = false; - ignore_whitelists = true; - } + senderscore { + symbol = "RBL_SENDERSCORE"; + rbl = "bl.score.senderscore.com"; + } + + abusech { + symbol = "RBL_ABUSECH"; + rbl = "spam.abuse.ch"; + } + + uceprotect1 { + symbol = "RBL_UCEPROTECT_LEVEL1"; + rbl = "dnsbl-1.uceprotect.net"; + } + + sorbs { + symbol = "RBL_SORBS"; + rbl = "dnsbl.sorbs.net"; + returncodes { + # http:// www.sorbs.net/general/using.shtml + RBL_SORBS_HTTP = "127.0.0.2"; + RBL_SORBS_SOCKS = "127.0.0.3"; + RBL_SORBS_MISC = "127.0.0.4"; + RBL_SORBS_SMTP = "127.0.0.5"; + RBL_SORBS_RECENT = "127.0.0.6"; + RBL_SORBS_WEB = "127.0.0.7"; + RBL_SORBS_DUL = "127.0.0.10"; + RBL_SORBS_BLOCK = "127.0.0.8"; + RBL_SORBS_ZOMBIE = "127.0.0.9"; + } + } + + sem { + symbol = "RBL_SEM"; + rbl = "bl.spameatingmonkey.net"; + } - } + semIPv6 { + symbol = "RBL_SEM_IPV6"; + rbl = "bl.ipv6.spameatingmonkey.net"; + ipv4 = false; + ipv6 = true; + } + + dnswl { + symbol = "RCVD_IN_DNSWL"; + rbl = "list.dnswl.org"; + ipv6 = true; + is_whitelist = true; + returncodes { + RCVD_IN_DNSWL_NONE = "127.0.%d+.0"; + RCVD_IN_DNSWL_LOW = "127.0.%d+.1"; + RCVD_IN_DNSWL_MED = "127.0.%d+.2"; + RCVD_IN_DNSWL_HI = "127.0.%d+.3"; + DNSWL_BLOCKED = "127.0.0.255"; + } + } + + rambleremails { + symbol = RAMBLER_EMAILBL; + rbl = "email-bl.rambler.ru"; + from = false; + emails = true; + exclude_users = false; + exclude_private_ips = false; + exclude_local = false; + ignore_whitelists = true; + } + + } } chartable { threshold = 0.300000; symbol = "R_MIXED_CHARSET"; } + once_received { good_host = "mail"; bad_host = "static"; @@ -252,12 +268,15 @@ once_received { phishing { symbol = "PHISHING"; } + #emails { #} + spf { spf_cache_size = 2k; spf_cache_expire = 1d; } + dkim { dkim_cache_size = 2k; dkim_cache_expire = 1d; @@ -282,12 +301,12 @@ regexp { } ip_score { -# servers = "localhost"; -# treshold = 100; -# reject_score = 3; -# no_action_score = -2; -# add_header_score = 1; -# whitelist = "file:///ip_map"; +# servers = "localhost"; +# treshold = 100; +# reject_score = 3; +# no_action_score = -2; +# add_header_score = 1; +# whitelist = "file:///ip_map"; } hfilter { |