diff options
Diffstat (limited to 'debian/rspamd.xml')
| -rw-r--r-- | debian/rspamd.xml | 753 |
1 files changed, 0 insertions, 753 deletions
diff --git a/debian/rspamd.xml b/debian/rspamd.xml deleted file mode 100644 index 0a70da068..000000000 --- a/debian/rspamd.xml +++ /dev/null @@ -1,753 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<rspamd> -<!-- Global section --> -<lua src="/etc/rspamd/lua/rspamd.lua" /> - -<!-- Options --> -<options> - <!-- Temporary directory --> - <tempdir>/tmp</tempdir> - <!-- Path to pid file --> - <pidfile>/var/lib/rspamd/rspamd.pid</pidfile> - <!-- Turned on C filters --> - <filters>regexp,surbl,chartable,fuzzy_check,spf,dkim</filters> - <!-- Maximum size of statistics mapped in memory --> - <statfile_pool_size>1G</statfile_pool_size> - <!-- Raw mode is non-utf mode. In utf mode all messages are converted to utf8 (if possible) --> - <raw_mode>no</raw_mode> - <!-- Check text attachements as ordinary text parts --> - <check_attachements>no</check_attachements> - <!-- If a rule has been met several times do not add additional score --> - <one_shot>yes</one_shot> - <!-- DNS requests global timeout --> - <dns_timeout>1s</dns_timeout> - <!-- DNS retransmits count --> - <dns_retransmits>5</dns_retransmits> - <!-- File for saving settings of symbols cache --> - <cache_file>/var/lib/rspamd/symbols.cache</cache_file> - <!-- Maps watch timeout (floating point number in seconds, for file maps this timeout is reduced by two) --> - <map_watch_interval>10.0s</map_watch_interval> - <!-- A path to dynamic configuration file, required for webui --> - <dynamic_conf>/var/lib/rspamd/rspamd_dynamic</dynamic_conf> - <!-- Use mlock to prevent statistic from getting to swap file, requires either root privileges or specific system configuration --> - <use_mlock>no</use_mlock> -</options> -<!-- End of options section --> - -<!-- Logging section --> -<logging> - <level>info</level> - <log_urls>no</log_urls> - <type filename="/var/log/rspamd/rspamd.log">file</type> -<!-- Other types - <type>console</type> - <type facility="local7">syslog</type> ---> -<!-- Selective debug - <debug_ip>127.0.0.1</debug_ip> - <debug_symbols>SYMBOL1,SYMBOL2</debug_symbols> ---> -</logging> -<!-- End of logging section --> - - -<!-- Metrics section --> -<metric> - <name>default</name> - - <required_score>15.0</required_score> - <!-- Sample actions --> - <action>reject</action> - <action>greylist:4</action> - <action>add_header:8</action> - - <!-- Weights for symbols --> - - <!-- Subject is missing inside message --> - <symbol weight="2.00" description="Subject is missing inside message">MISSING_SUBJECT</symbol> - <!-- Message pretends to be send from Outlook but has 'strange' tags --> - <symbol weight="2.10" description="Message pretends to be send from Outlook but has 'strange' tags ">FORGED_OUTLOOK_TAGS</symbol> - <!-- Sender is forged (different From: header and smtp MAIL FROM: addresses) --> - <symbol weight="5.00" description="Sender is forged (different From: header and smtp MAIL FROM: addresses)">FORGED_SENDER</symbol> - <!-- Recipients seems to be autogenerated (works if recipients count is more than 5) --> - <symbol weight="3.50" description="Recipients seems to be autogenerated (works if recipients count is more than 5)">SUSPICIOUS_RECIPS</symbol> - <!-- Fake reply (has RE in subject, but has not References header) --> - <symbol weight="6.00" description="Fake reply (has RE in subject, but has not References header)">FAKE_REPLY_C</symbol> - <!-- Messages that have only HTML part --> - <symbol weight="1.00" description="Messages that have only HTML part">MIME_HTML_ONLY</symbol> - <!-- Forged yahoo msgid --> - <symbol weight="2.00" description="Forged yahoo msgid">FORGED_MSGID_YAHOO</symbol> - <!-- Forged The Bat! MUA headers --> - <symbol weight="2.00" description="Forged The Bat! MUA headers">FORGED_MUA_THEBAT_BOUN</symbol> - <!-- Charset is missing in a message --> - <symbol weight="5.00" description="Charset is missing in a message">R_MISSING_CHARSET</symbol> - <!-- Two received headers with ip addresses --> - <symbol weight="2.00" description="Two received headers with ip addresses">RCVD_DOUBLE_IP_SPAM</symbol> - <!-- Forged outlook HTML signature --> - <symbol weight="5.00" description="Forged outlook HTML signature">FORGED_OUTLOOK_HTML</symbol> - <!-- Recipients are absent or undisclosed --> - <symbol weight="5.00" description="Recipients are absent or undisclosed">R_UNDISC_RCPT</symbol> - <!-- White color on white background in HTML messages --> - <symbol weight="9.00" description="White color on white background in HTML messages">R_WHITE_ON_WHITE</symbol> - <!-- Short html part with a link to an image --> - <symbol weight="3.00" description="Short html part with a link to an image">HTML_SHORT_LINK_IMG_2</symbol> - <!-- Forged outlook MUA --> - <symbol weight="3.00" description="Forged outlook MUA">FORGED_MUA_OUTLOOK</symbol> - <!-- Forged outlook MUA, but from maillist --> - <symbol weight="0.00" description="Forged outlook MUA, but from maillist">FORGED_MUA_OUTLOOK_MAILLIST</symbol> - - <!-- Suspicious boundary in header Content-Type --> - <symbol weight="5.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY</symbol> - <!-- Suspicious boundary in header Content-Type --> - <symbol weight="4.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY2</symbol> - <!-- Suspicious boundary in header Content-Type --> - <symbol weight="3.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY3</symbol> - <!-- Suspicious boundary in header Content-Type --> - <symbol weight="4.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY4</symbol> - - <!-- Message pretends to be send from The Bat! but has forged Message-ID --> - <symbol weight="4.00" description="Message pretends to be send from The Bat! but has forged Message-ID">FORGED_MUA_THEBAT_MSGID</symbol> - <!-- Message pretends to be send from The Bat! but has forged Message-ID --> - <symbol weight="3.00" description="Message pretends to be send from The Bat! but has forged Message-ID">FORGED_MUA_THEBAT_MSGID_UNKNOWN</symbol> - - <!-- Message pretends to be send from KMail but has forged Message-ID --> - <symbol weight="3.00" description="Message pretends to be send from KMail but has forged Message-ID">FORGED_MUA_KMAIL_MSGID</symbol> - <!-- Message pretends to be send from KMail but has forged Message-ID --> - <symbol weight="2.50" description="Message pretends to be send from KMail but has forged Message-ID">FORGED_MUA_KMAIL_MSGID_UNKNOWN</symbol> - - <!-- Message pretends to be send from Opera Mail but has forged Message-ID --> - <symbol weight="4.00" description="Message pretends to be send from Opera Mail but has forged Message-ID">FORGED_MUA_OPERA_MSGID</symbol> - <!-- Message pretends to be send from suspicious Opera Mail/10.x (Windows) but has forged Message-ID, apparently from KMail --> - <symbol weight="4.00" description="Message pretends to be send from suspicious Opera Mail/10.x (Windows) but has forged Message-ID, apparently from KMail">SUSPICIOUS_OPERA_10W_MSGID</symbol> - - <!-- Message pretends to be send from Mozilla Mail but has forged Message-ID --> - <symbol weight="4.00" description="Message pretends to be send from Mozilla Mail but has forged Message-ID">FORGED_MUA_MOZILLA_MAIL_MSGID</symbol> - <!-- Message pretends to be send from Mozilla Mail but has forged Message-ID --> - <symbol weight="2.50" description="Message pretends to be send from Mozilla Mail but has forged Message-ID">FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN</symbol> - <!-- Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID --> - <symbol weight="4.00" description="Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID">FORGED_MUA_THUNDERBIRD_MSGID</symbol> - <!-- Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID --> - <symbol weight="2.50" description="Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID">FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN</symbol> - <!-- Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID --> - <symbol weight="4.00" description="Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID">FORGED_MUA_SEAMONKEY_MSGID</symbol> - <!-- Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID --> - <symbol weight="2.50" description="Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID">FORGED_MUA_SEAMONKEY_MSGID_UNKNOWN</symbol> - - <!-- Fake helo for verizon provider --> - <symbol weight="2.00" description="Fake helo for verizon provider">FM_FAKE_HELO_VERIZON</symbol> - <!--Quoted reply-to from yahoo (seems to be forged) --> - <symbol weight="2.00" description="Quoted reply-to from yahoo (seems to be forged)">REPTO_QUOTE_YAHOO</symbol> - <!-- Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange) --> - <symbol weight="5.00" description="Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange)">MISSING_MIMEOLE</symbol> - <!-- To header is missing --> - <symbol weight="2.00" description="To header is missing">MISSING_TO</symbol> - - <!-- From that contains encoded characters while base 64 is not needed as all symbols are 7bit --> - <symbol weight="1.5" description="From that contains encoded characters while base 64 is not needed as all symbols are 7bit">FROM_EXCESS_BASE64</symbol> - <!-- From that contains encoded characters while quoted-printable is not needed as all symbols are 7bit --> - <symbol weight="1.2" description="From that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">FROM_EXCESS_QP</symbol> - <!-- To that contains encoded characters while base 64 is not needed as all symbols are 7bit --> - <symbol weight="1.5" description="To that contains encoded characters while base 64 is not needed as all symbols are 7bit">TO_EXCESS_BASE64</symbol> - <!-- To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit --> - <symbol weight="1.2" description="To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">TO_EXCESS_QP</symbol> - <!-- Reply-To that contains encoded characters while base 64 is not needed as all symbols are 7bit --> - <symbol weight="1.5" description="Reply-To that contains encoded characters while base 64 is not needed as all symbols are 7bit">REPLYTO_EXCESS_BASE64</symbol> - <!-- Reply-To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit --> - <symbol weight="1.2" description="Reply-To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">REPLYTO_EXCESS_QP</symbol> - <!-- Cc that contains encoded characters while base 64 is not needed as all symbols are 7bit --> - <symbol weight="1.5" description="Cc that contains encoded characters while base 64 is not needed as all symbols are 7bit">CC_EXCESS_BASE64</symbol> - <!-- Cc that contains encoded characters while quoted-printable is not needed as all symbols are 7bit --> - <symbol weight="1.2" description="Cc that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">CC_EXCESS_QP</symbol> - - <!-- Mixed characters in a message --> - <symbol weight="5.00" description="Mixed characters in a message">R_MIXED_CHARSET</symbol> - <!-- Recipients list seems to be sorted --> - <symbol weight="3.50" description="Recipients list seems to be sorted">SORTED_RECIPS</symbol> - <!-- Spambots signatures in received headers --> - <symbol weight="3.00" description="Spambots signatures in received headers">R_RCVD_SPAMBOTS</symbol> - <!-- To header seems to be autogenerated --> - <symbol weight="2.00" description="To header seems to be autogenerated">R_TO_SEEMS_AUTO</symbol> - <!-- Subject needs encoding --> - <symbol weight="1.00" description="Subject needs encoding">SUBJECT_NEEDS_ENCODING</symbol> - <!-- Spam string at the end of message to make statistics faults 0--> - <symbol weight="3.84" description="Spam string at the end of message to make statistics faults 0">TRACKER_ID</symbol> - <!-- No space in from header --> - <symbol weight="1.00" description="No space in from header">R_NO_SPACE_IN_FROM</symbol> - <!-- Subject seems to be spam --> - <symbol weight="8.00" description="Subject seems to be spam">R_SAJDING</symbol> - <!-- Detects bad content-transfer-encoding for text parts --> - <symbol weight="3.00" description="Detects bad content-transfer-encoding for text parts">R_BAD_CTE_7BIT</symbol> - <!-- Flash redirect on imageshack.us --> - <symbol weight="10.00" description="Flash redirect on imageshack.us">R_FLASH_REDIR_IMGSHACK</symbol> - <!-- Message id is incorrect --> - <symbol weight="5.00" description="Message id is incorrect">INVALID_MSGID</symbol> - <!-- Message id is missing --> - <symbol weight="3.00" description="Message id is missing ">MISSING_MID</symbol> - <!-- Recipients are not the same as RCPT TO: mail command --> - <symbol weight="3.00" description="Recipients are not the same as RCPT TO: mail command">FORGED_RECIPIENTS</symbol> - <!-- Recipients are not the same as RCPT TO: mail command, but from maillist --> - <symbol weight="0.00" description="Recipients are not the same as RCPT TO: mail command, but from maillist">FORGED_RECIPIENTS_MAILLIST</symbol> - <!-- Forged Exchange messages --> - <symbol weight="2.00" description="Forged Exchange messages ">RATWARE_MS_HASH</symbol> - <!-- Reply-type in content-type --> - <symbol weight="1.00" description="Reply-type in content-type">STOX_REPLY_TYPE</symbol> - <!-- IP in received headers is in PBL --> - <symbol weight="3.00" description="IP in received headers is in PBL">R_IP_PBL</symbol> - <!-- One received header in a message --> - <symbol weight="1.00" description="One received header in a message ">ONCE_RECEIVED</symbol> - <!-- One received header with 'bad' patterns inside --> - <symbol weight="4.00" description="One received header with 'bad' patterns inside">ONCE_RECEIVED_STRICT</symbol> - <!-- Received headers contains addresses from RBL --> - <symbol weight="1.00" description="Received headers contains addresses from RBL">RECEIVED_RBL</symbol> - <!-- Text and HTML parts differ --> - <symbol weight="3.00" description="Text and HTML parts differ">R_PARTS_DIFFER</symbol> - <!-- Only Content-Type header without other MIME headers --> - <symbol weight="2.00" description="Only Content-Type header without other MIME headers">MIME_HEADER_CTYPE_ONLY</symbol> - <!-- Message contains empty parts and image --> - <symbol weight="2.00" description="Message contains empty parts and image ">R_EMPTY_IMAGE</symbol> - - <!-- Drugs patterns inside message --> - <symbol weight="2.00" description="Drugs patterns inside message">DRUGS_MANYKINDS</symbol> - <!-- Specific drugs signatures --> - <symbol weight="2.00" description="">DRUGS_ANXIETY</symbol> - <symbol weight="2.00" description="">DRUGS_MUSCLE</symbol> - <symbol weight="2.00" description="">DRUGS_ANXIETY_EREC</symbol> - <symbol weight="2.00" description="">DRUGS_DIET</symbol> - <symbol weight="2.00" description="">DRUGS_ERECTILE</symbol> - - <!-- 2 or 3 'advance fee' patterns in a message --> - <symbol weight="3.30" description="2 'advance fee' patterns in a message">ADVANCE_FEE_2</symbol> - <symbol weight="2.12" description="3 'advance fee' patterns in a message">ADVANCE_FEE_3</symbol> - - <!-- Lotto signatures --> - <symbol weight="8.00" description="Lotto signatures">R_LOTTO</symbol> - - <!-- Statistics --> - <symbol weight="3.00" description="Message probably spam, probability: ">BAYES_SPAM</symbol> - <symbol weight="-3.00" description="Message probably ham, probability: ">BAYES_HAM</symbol> - - <!-- Fuzzy lists example --> - <symbol weight="1.00" description="">R_FUZZY</symbol> - <symbol weight="1.00" description="">R_FUZZY_DENIED</symbol> - <symbol weight="1.00" description="">R_FUZZY_PROB</symbol> - <symbol weight="1.00" description="">R_FUZZY_WHITE</symbol> - - <!-- DKIM rules --> - <symbol weight="1.0" description="DKIM policy reject">R_DKIM_REJECT</symbol> - <symbol weight="0.0" description="DKIM policy temporary fail">R_DKIM_TEMPFAIL</symbol> - <symbol weight="-0.5" description="DKIM policy allow">R_DKIM_ALLOW</symbol> - - <!-- SPF rules --> - <symbol weight="3.00" description="SPF verification failed">R_SPF_FAIL</symbol> - <symbol weight="1.00" description="SPF verification soft-failed">R_SPF_SOFTFAIL</symbol> - <symbol weight="-3.00" description="SPF verification alowed">R_SPF_ALLOW</symbol> - - <!-- Message seems to be from maillist --> - <symbol weight="-2.00" description="Message seems to be from maillist">MAILLIST</symbol> - - <!-- multi.surbl.org lists (more details at http://www.surbl.org) --> - <!-- Phishing and malware sites --> - <symbol weight="10.50" description="Phishing and malware sites">PH_SURBL_MULTI</symbol> - <!-- Outblaze URI Blacklist --> - <symbol weight="10.50" description="Outblaze URI Blacklist">OB_SURBL_MULTI</symbol> - <!-- AbuseButler web sites --> - <symbol weight="10.50" description="AbuseButler web sites">AB_SURBL_MULTI</symbol> - <!-- SpamCop web sites --> - <symbol weight="10.50" description="SpamCop web sites">SC_SURBL_MULTI</symbol> - <!-- jwSpamSpy + Prolocation sites --> - <symbol weight="10.50" description="jwSpamSpy + Prolocation sites">JP_SURBL_MULTI</symbol> - <!-- sa-blacklist web sites --> - <symbol weight="10.50" description="sa-blacklist web sites ">WS_SURBL_MULTI</symbol> - - <!-- rambler.ru uribl --> - <symbol weight="12.50" description="rambler.ru uribl">RAMBLER_URIBL</symbol> - - <!-- DBL uribl --> - <symbol weight="7.50" description="dbl.spamhaus.org uribl">DBL</symbol> - - <!-- rambler.ru emailbl --> - <symbol weight="9.50" description="rambler.ru emailbl">RAMBLER_EMAILBL</symbol> - - <!-- Phished mail --> - <symbol weight="5.0" description="Phished mail">PHISHING</symbol> - - <!-- Tabs as delimiters between header names and header values --> - <symbol weight="1.0" description="Header From begins with tab">HEADER_FROM_DELIMITER_TAB</symbol> - <symbol weight="1.0" description="Header To begins with tab">HEADER_TO_DELIMITER_TAB</symbol> - <symbol weight="1.0" description="Header Cc begins with tab">HEADER_CC_DELIMITER_TAB</symbol> - <symbol weight="1.0" description="Header Reply-To begins with tab">HEADER_REPLYTO_DELIMITER_TAB</symbol> - <symbol weight="1.0" description="Header Date begins with tab">HEADER_DATE_DELIMITER_TAB</symbol> - - <!-- Empty delimiters between header names and header values --> - <symbol weight="1.0" description="Header From has no delimiter between header name and header value">HEADER_FROM_EMPTY_DELIMITER</symbol> - <symbol weight="1.0" description="Header To has no delimiter between header name and header value">HEADER_TO_EMPTY_DELIMITER</symbol> - <symbol weight="1.0" description="Header Cc has no delimiter between header name and header value">HEADER_CC_EMPTY_DELIMITER</symbol> - <symbol weight="1.0" description="Header Reply-To has no delimiter between header name and header value">HEADER_REPLYTO_EMPTY_DELIMITER</symbol> - <symbol weight="1.0" description="Header Date has no delimiter between header name and header value">HEADER_DATE_EMPTY_DELIMITER</symbol> - - <!-- Received headers --> - <symbol weight="4.0" description="Header Received has raw illegal character">RCVD_ILLEGAL_CHARS</symbol> - <symbol weight="4.0" description="Fake helo mail.ru in header Received from non mail.ru sender address">FAKE_RECEIVED_mail_ru</symbol> - <symbol weight="4.0" description="Fake smtp.yandex.ru Received">FAKE_RECEIVED_smtp_yandex_ru</symbol> - <symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED</symbol> - <symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED2</symbol> - <symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED3</symbol> - <symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED4</symbol> - <symbol weight="4.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED5</symbol> - <symbol weight="3.0" description="Invalid Postfix Received">INVALID_POSTFIX_RECEIVED</symbol> - <symbol weight="5.0" description="Invalid Exim Received">INVALID_EXIM_RECEIVED</symbol> - <symbol weight="3.0" description="Invalid Exim Received">INVALID_EXIM_RECEIVED2</symbol> - - <!-- Date checks --> - <symbol weight="1.5" description="Message date is in future">DATE_IN_FUTURE</symbol> - <symbol weight="1.0" description="Message date is in past">DATE_IN_PAST</symbol> -</metric> -<!-- End of metrics section --> - -<!-- Composites section --> -<composite name="FORGED_RECIPIENTS_MAILLIST">FORGED_RECIPIENTS & -MAILLIST</composite> -<composite name="FORGED_MUA_OUTLOOK_MAILLIST">FORGED_MUA_OUTLOOK & -MAILLIST</composite> -<!-- End of composites section --> - -<!-- Workers section --> -<!-- -<worker> - <type>fuzzy</type> - <bind_socket>localhost:11335</bind_socket> - <count>1</count> - <maxfiles>2048</maxfiles> - <hashfile>/var/lib/rspamd/fuzzy.db</hashfile> - <use_judy>yes</use_judy> -</worker> ---> -<worker> - <type>controller</type> - <bind_socket>localhost:11334</bind_socket> - <count>1</count> - <maxfiles>2048</maxfiles> -<!-- Other params --> - <password>q1</password> -</worker> -<worker> - <type>normal</type> - <bind_socket>*:11333</bind_socket> - <maxfiles>2048</maxfiles> -<!-- Other params --> -</worker> -<!-- Webui worker --> -<worker> - <type>webui</type> - <count>1</count> - <bind_socket>localhost:11336</bind_socket> - <!-- UI password, should be changed to something more secure --> - <password>q1</password> -</worker> - -<!-- End of workers section --> - -<!-- Modules section --> -<!-- fuzzy_check --> -<module name="fuzzy_check"> - <servers>highsecure.ru:11335</servers> - <symbol>R_FUZZY</symbol> - <min_bytes>300</min_bytes> - <max_score>10</max_score> - <mime_types>application/pdf</mime_types> - <fuzzy_map>1:R_FUZZY_DENIED:10,2:R_FUZZY_PROB:5,3:R_FUZZY_WHITE:-2.1</fuzzy_map> -</module> - - -<!-- forged_recipients --> -<module name="forged_recipients"> - <symbol_sender>FORGED_SENDER</symbol_sender> - <symbol_rcpt>FORGED_RECIPIENTS</symbol_rcpt> -</module> - -<!-- maillist --> -<module name="maillist"> - <symbol>MAILLIST</symbol> -</module> - -<!-- surbl --> -<module name="surbl"> - <whitelist>file:///etc/rspamd/surbl-whitelist.inc</whitelist> - <exceptions>file:///etc/rspamd/2tld.inc</exceptions> - <bit_64>JP</bit_64> - <bit_32>AB</bit_32> - <bit_16>OB</bit_16> - <bit_8>PH</bit_8> - <bit_4>WS</bit_4> - <bit_2>SC</bit_2> - <suffix_RAMBLER_URIBL>uribl.rambler.ru</suffix_RAMBLER_URIBL> - <option name="suffix_%b_SURBL_MULTI">multi.surbl.org</option> - <suffix_DBL>dbl.spamhaus.org</suffix_DBL> - <!-- Do not send ip urls to this URIBL --> - <options_DBL>noip</options_DBL> -<!-- Redirector sample setup --> -<!-- - <redirector_read_timeout>10s</redirector_read_timeout> - <redirector_connect_timeout>1s</redirector_connect_timeout> - <redirector>localhost:8080</redirector> - --> -</module> - -<!-- received_rbl --> -<module name="received_rbl"> - <symbol>RECEIVED_RBL</symbol> - <rbl>pbl.spamhaus.org</rbl> - <rbl>xbl.spamhaus.org</rbl> - <rbl>insecure-bl.rambler.ru</rbl> -</module> - -<!-- whitelist --> -<!-- Example of using HTTP maps for whitelisting -<module name="whitelist"> - <ip_whitelist>http://highsecure.ru/grey_whitelist.conf</ip_whitelist> - <symbol_ip>WHITELIST_IP</symbol_ip> -</module> ---> - -<!-- chartable --> -<module name="chartable"> - <!-- Division of symbols from different charsets to a total number of symbols --> - <threshold>0.3</threshold> - <symbol>R_MIXED_CHARSET</symbol> -</module> - -<!-- once_received --> -<module name="once_received"> - <good_host>mail</good_host> - <bad_host>static</bad_host> - <bad_host>dynamic</bad_host> - <symbol_strict>ONCE_RECEIVED_STRICT</symbol_strict> - <symbol>ONCE_RECEIVED</symbol> -</module> - -<!-- multimap --> -<module name="multimap"> -<!-- - <rule>type = header, header = To, pattern = @(.+)>?$, map = file:///etc/rspamd/rcpt_test, symbol = R_RCPT_WHITELIST, description = RCPT whitelist</rule> - <rule>type = ip, map = file:///etc/rspamd/ip_test, symbol = R_IP_WHITELIST, description = IP whitelist</rule> ---> - <rule>type = dnsbl, map = pbl.spamhaus.org, symbol = R_IP_PBL, description = PBL dns block list</rule> -</module> - -<!-- phishing --> -<module name="phishing"> - <symbol>PHISHING</symbol> - <!-- Check phishing only for specified domains - <domains>file://path/to/domains</domains> - --> - <!-- If phishing detected for that domains insert another symbol specified after semicolon symbol - <strict_domains>file://path/to/domains:STRICT_PHISHING</strict_domains> - --> -</module> - -<!-- Trie module --> -<!-- -<module name="trie"> - <rule>TRIE1:bad pattern</rule> - <rule>TRIE2:file:///var/lib/rspamd/bad_patterns.list</rule> -</module> ---> - -<!-- Emails blacklist --> -<module name="emails"> - <rule>symbol = RAMBLER_EMAILBL, dnsbl = email-bl.rambler.ru, domain_only = false</rule> -</module> - -<!-- SPF module setup --> -<module name="spf"> - <!-- Cache setup for spf records to accelerate spf checks --> - <spf_cache_size>2048</spf_cache_size> - <spf_cache_expire>1d</spf_cache_expire> -</module> - -<!-- DKIM module setup --> -<module name="dkim"> - <!-- Cache setup for dkim records to accelerate dkim checks --> - <dkim_cache_size>2048</dkim_cache_size> - <dkim_cache_expire>1d</dkim_cache_expire> - <!-- Domains list can be added, each domain file entry can be in format: - <domain_name> [<score_reject>:<score_allow>] - where scores are multiplier for this domain, if scores are skipped - normal multiplier is used --> - <!-- <domains>file:///some/path</domains> --> - - <!-- Whitelist is ip/mask list of whitelisted ips to skip dkim check --> - <!-- <whitelist>file:///some/path</whitelist> --> - - <!-- Time jitter is value in seconds to ignore comparing timestamp of signatures --> - <time_jitter>1m</time_jitter> - - <!-- Check only trusted domains from 'domains' list --> - <trusted_only>no</trusted_only> - - <!-- Skip mails with several DKIM signatures --> - <skip_multi>no</skip_multi> -</module> - -<!-- Rstelimit module setup --> -<!-- Disabled by default till servers option is properly set --> -<module name="ratelimit"> - <!-- List of servers to store limits in format: host1[:port][,host2[:port]] - port 6379 is used by default, if no servers defined, this module is not enabled --> - <!-- <servers>localhost</servers> --> - - <!-- limits description, type:burst:leak_rate --> - <!-- per rcpt limit, 100 messages burst, 2 messages per minute leak rate --> - <limit>to:100:0.033333333</limit> - <!-- per rcpt/ip limit, 30 messages burst, 1.5 messages per minute leak rate --> - <limit>to_ip:30:0.025</limit> - <!-- per rcpt/ip/from limit, 20 messages burst, 1 messages per minute leak rate --> - <limit>to_ip_from:20:0.01666666667</limit> - - <!-- per rcpt bounce limit, 10 messages burst, 2 messages per hour leak rate --> - <limit>bounce_to:10:0.000555556</limit> - <!-- per rcpt/ip bounce limit, 5 messages burst, 1 messages per hour leak rate --> - <limit>bounce_to_ip:5:0.000277778</limit> - - <!-- Whitelist map --> - <!-- <whitelisted_ip>file:///some/path</whitelisted_ip> --> - - <!-- List of whitelisted recipients --> - <whitelisted_rcpts>postmaster,mailer-daemon</whitelisted_rcpts> - - <!-- Limit if recipients to check --> - <max_rcpt>5</max_rcpt> -</module> - -<!-- Regexp module configuration --> -<module name="regexp"> - <!-- Maximum size of text for regexp checks --> - <max_size>1M</max_size> -</module> - -<!-- End of modules section --> -<!-- Classifiers section --> -<!-- -<classifier type="winnow"> - <tokenizer>osb-text</tokenizer> - <metric>default</metric> - <min_tokens>20</min_tokens> - <statfile> - <symbol>WINNOW_HAM</symbol> - <size>100M</size> - <path>/var/lib/rspamd/data.ham</path> - </statfile> - <statfile> - <symbol>WINNOW_SPAM</symbol> - <size>100M</size> - <path>/var/lib/rspamd/data.spam</path> - </statfile> -</classifier> ---> -<!-- Example of slave -<classifier type="bayes"> - <tokenizer>osb-text</tokenizer> - <metric>default</metric> - <min_tokens>10</min_tokens> - <learn_threshold>0.2</learn_threshold> - <statfile> - <symbol>BAYES_HAM</symbol> - <size>10M</size> - <path>/var/lib/rspamd/bayes_slave.ham</path> - <binlog_master>localhost:11334</binlog_master> - <binlog>slave</binlog> - </statfile> - <statfile> - <symbol>BAYES_SPAM</symbol> - <size>10M</size> - <path>/var/lib/rspamd/bayes_slave.spam</path> - <binlog>slave</binlog> - <binlog_master>localhost:11334</binlog_master> - </statfile> -</classifier> ---> - -<!-- Example of language specific statfiles --> - -<!-- -<classifier type="bayes"> - <tokenizer>osb-text</tokenizer> - <metric>default</metric> - <min_tokens>10</min_tokens> - <max_tokens>1000</max_tokens> - <statfile> - <symbol>BAYES_HAM_RU</symbol> - <size>50M</size> - <path>/var/lib/rspamd/bayes_ru.ham</path> - <param name="language">ru</param> - </statfile> - <statfile> - <symbol>BAYES_SPAM_RU</symbol> - <size>50M</size> - <path>/var/lib/rspamd/bayes_ru.spam</path> - <param name="language">ru</param> - </statfile> - <statfile> - <symbol>BAYES_HAM</symbol> - <size>50M</size> - <path>/var/lib/rspamd/bayes.ham</path> - </statfile> - <statfile> - <symbol>BAYES_SPAM</symbol> - <size>50M</size> - <path>/var/lib/rspamd/bayes.spam</path> - </statfile> -</classifier> ---> - -<!-- Ordinary statistic for a small mail system --> -<classifier type="bayes"> - <tokenizer>osb-text</tokenizer> - <metric>default</metric> - <min_tokens>10</min_tokens> - <max_tokens>1000</max_tokens> - <statfile> - <symbol>BAYES_HAM</symbol> - <size>20M</size> - <path>/var/lib/rspamd/bayes.ham</path> - </statfile> - <statfile> - <symbol>BAYES_SPAM</symbol> - <size>20M</size> - <path>/var/lib/rspamd/bayes.spam</path> - </statfile> -</classifier> - -<!-- Advanced meta-classification statistic --> -<!-- -<classifier type="bayes"> - <tokenizer>osb-text</tokenizer> - <metric>default</metric> - <min_tokens>6</min_tokens> - <max_tokens>5000</max_tokens> - <statfile> - <symbol>BAYES_HAM</symbol> - <size>50M</size> - <path>/var/lib/rspamd/bayes.ham</path> - <spam>no</spam> - </statfile> - <statfile> - <symbol>BAYES_SPAM</symbol> - <size>50M</size> - <path>/var/lib/rspamd/bayes.spam</path> - <spam>yes</spam> - </statfile> - <statfile> - <symbol>BAYES_HAM_RU</symbol> - <size>50M</size> - <path>/var/lib/rspamd/bayes_ru.ham</path> - <language>ru</language> - <spam>no</spam> - </statfile> - <statfile> - <symbol>BAYES_SPAM_RU</symbol> - <size>50M</size> - <path>/var/lib/rspamd/bayes_ru.spam</path> - <language>ru</language> - <spam>yes</spam> - </statfile> - - <statfile> - <symbol>BAYES_SPAM</symbol> - <size>10M</size> - <path>/var/lib/rspamd/bayes_manyrcpt.spam</path> - <spam>yes</spam> - <label>many recipients</label> - </statfile> - <statfile> - <symbol>BAYES_HAM</symbol> - <size>10M</size> - <path>/var/lib/rspamd/bayes_manyrcpt.ham</path> - <spam>no</spam> - <label>many recipients</label> - </statfile> - - <statfile> - <symbol>BAYES_SPAM</symbol> - <size>10M</size> - <path>/var/lib/rspamd/bayes_undisclosedrcpt.spam</path> - <spam>yes</spam> - <label>undisclosed recipients</label> - </statfile> - <statfile> - <symbol>BAYES_HAM</symbol> - <size>10M</size> - <path>/var/lib/rspamd/bayes_undisclosedrcpt.ham</path> - <spam>no</spam> - <label>undisclosed recipients</label> - </statfile> - - <statfile> - <symbol>BAYES_SPAM</symbol> - <size>10M</size> - <path>/var/lib/rspamd/bayes_maillist.spam</path> - <spam>yes</spam> - <label>maillist</label> - </statfile> - <statfile> - <symbol>BAYES_HAM</symbol> - <size>10M</size> - <path>/var/lib/rspamd/bayes_maillist.ham</path> - <spam>no</spam> - <label>maillist</label> - </statfile> - - <statfile> - <symbol>BAYES_SPAM</symbol> - <size>10M</size> - <path>/var/lib/rspamd/bayes_longsubject.spam</path> - <spam>yes</spam> - <label>long subject</label> - </statfile> - <statfile> - <symbol>BAYES_HAM</symbol> - <size>10M</size> - <path>/var/lib/rspamd/bayes_longsubject.ham</path> - <spam>no</spam> - <label>long subject</label> - </statfile> - - <statfile> - <symbol>BAYES_SPAM</symbol> - <size>10M</size> - <path>/var/lib/rspamd/bayes_replyto.spam</path> - <spam>yes</spam> - <label>different reply to</label> - </statfile> - <statfile> - <symbol>BAYES_HAM</symbol> - <size>10M</size> - <path>/var/lib/rspamd/bayes_replyto.ham</path> - <spam>no</spam> - <label>different reply to</label> - </statfile> - - <statfile> - <symbol>BAYES_SPAM</symbol> - <size>10M</size> - <path>/var/lib/rspamd/bayes_replymessage.spam</path> - <spam>yes</spam> - <label>reply message</label> - </statfile> - <statfile> - <symbol>BAYES_HAM</symbol> - <size>10M</size> - <path>/var/lib/rspamd/bayes_replymessage.ham</path> - <spam>no</spam> - <label>reply message</label> - </statfile> -</classifier> ---> - -<!-- End of classifiers section --> - -<!-- Modules section --> -<modules> - <path>/etc/rspamd/plugins/lua/</path> -</modules> -<!-- End of modules section --> - -</rspamd> |