diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/markdown/modules/phishing.md | 28 | ||||
-rw-r--r-- | doc/markdown/workers/fuzzy_storage.md | 16 | ||||
-rw-r--r-- | doc/rspamadm.1.md | 16 |
3 files changed, 46 insertions, 14 deletions
diff --git a/doc/markdown/modules/phishing.md b/doc/markdown/modules/phishing.md index 4f6d86159..52e6dd6b6 100644 --- a/doc/markdown/modules/phishing.md +++ b/doc/markdown/modules/phishing.md @@ -27,10 +27,10 @@ Here is an example of full module configuration. ~~~ucl phishing { symbol = "R_PHISHING"; # Default symbol - + # Check only domains from this list domains = "file:///path/to/map"; - + # Make exclusions for known redirectors redirector_domains = [ # URL/path for map, colon, name of symbol @@ -57,3 +57,27 @@ payments system phishing. Finally, the default symbol is yielded- if `domains` is specified then only if the phished domain is found in the related map. + +## Openphish support + +Since version 1.3, there is [openphish](https://openphish.com) support in rspamd. +Now rspamd loads this public feed as a map (using HTTPS) and checks URLs in messages using +openphish list. If any match is found, then rspamd adds symbol `PHISHED_OPENPHISH`. + +If you use research or commercial data feed, rspamd can also use its data and gives +more details about URLs found: their sector (e.g. 'Finance'), brand name (e.g. +'Bank of Zimbabwe') and other useful information. + +There are couple of options available to configure openphish module: + +~~~ucl +phishing { + # URL of feed, default is public url: + openphish_map = "https://www.openphish.com/feed.txt"; + # For premium feed, change that to your personal URL, e.g. + # openphish_map = "https://openphish.com/samples/premium_feed.json"; + + # Change this to true if premium feed is enabled + openphish_premium = false; +} +~~~ diff --git a/doc/markdown/workers/fuzzy_storage.md b/doc/markdown/workers/fuzzy_storage.md index ad955a46a..4a5694591 100644 --- a/doc/markdown/workers/fuzzy_storage.md +++ b/doc/markdown/workers/fuzzy_storage.md @@ -103,8 +103,18 @@ generally `match_count / shingles_count`. Fuzzy storage accepts the following extra options: -- `database` - path to the sqlite storage -- `expire` - time value for hashes expiration +- `hashfile` - path to the sqlite storage (where are also few outdated aliases for this command exist: hash_file, file, database) +- `sync` - time to perform database sync in seconds, default value: 60 +- `expire` - time value for hashes expiration in seconds, default value: 2 days +- `keypair` - encryption keypair (can be repeated for different keys), can be obtained via *rspamadm keypair -u* command +- `keypair_cache_size` - Size of keypairs cache, default value: 512 +- `encrypted_only` - allow encrypted requests only (and forbid all unknown keys or plaintext requests) +- `master_timeout` - master protocol IO timeout +- `sync_keypair` - encryption key for master/slave updates +- `masters` - string, allow master/slave updates from the following IP addresses +- `master_key` - allow master/slave updates merely using the specified key +- `slave` - list of slave hosts. +- `mirror` - list of slave hosts, same as `slave` - `allow_update` - string, array of strings or a map of IP addresses that are allowed to perform changes to fuzzy storage (you should also set `read_only = no` in your fuzzy_check plugin). @@ -114,7 +124,7 @@ Here is an example configuration of fuzzy storage: worker { type = "fuzzy"; bind_socket = "*:11335"; - hash_file = "${DBDIR}/fuzzy.db" + hashfile = "${DBDIR}/fuzzy.db" expire = 90d; allow_update = "127.0.0.1"; } diff --git a/doc/rspamadm.1.md b/doc/rspamadm.1.md index 17bfa94c3..efe091da8 100644 --- a/doc/rspamadm.1.md +++ b/doc/rspamadm.1.md @@ -8,22 +8,20 @@ rspamadm - rspamd administration utility rspamadm [*global_options*] [*command*] [*command_options*]... -rspamadm -l - -rspamadm help - -rspamadm help <command> - -rspamadm --help - # DESCRIPTION `rspamadm` is a routine to manage rspamd spam filtering system. It is intended to perform such actions as merging databases, performing configuration tests, encrypting passwords, -signing configurations and so on. You can get a list of available commands by running +signing configurations and so on. You can get a list of available **commands** by running rspamadm -l +Also for each command you can check list of available **command_options** by running + + rspamadm help command + rspamadm command --help + + # OPTIONS -h, \--help |