aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/markdown/modules/phishing.md28
-rw-r--r--doc/markdown/workers/fuzzy_storage.md16
-rw-r--r--doc/rspamadm.1.md16
3 files changed, 46 insertions, 14 deletions
diff --git a/doc/markdown/modules/phishing.md b/doc/markdown/modules/phishing.md
index 4f6d86159..52e6dd6b6 100644
--- a/doc/markdown/modules/phishing.md
+++ b/doc/markdown/modules/phishing.md
@@ -27,10 +27,10 @@ Here is an example of full module configuration.
~~~ucl
phishing {
symbol = "R_PHISHING"; # Default symbol
-
+
# Check only domains from this list
domains = "file:///path/to/map";
-
+
# Make exclusions for known redirectors
redirector_domains = [
# URL/path for map, colon, name of symbol
@@ -57,3 +57,27 @@ payments system phishing.
Finally, the default symbol is yielded- if `domains` is specified then
only if the phished domain is found in the related map.
+
+## Openphish support
+
+Since version 1.3, there is [openphish](https://openphish.com) support in rspamd.
+Now rspamd loads this public feed as a map (using HTTPS) and checks URLs in messages using
+openphish list. If any match is found, then rspamd adds symbol `PHISHED_OPENPHISH`.
+
+If you use research or commercial data feed, rspamd can also use its data and gives
+more details about URLs found: their sector (e.g. 'Finance'), brand name (e.g.
+'Bank of Zimbabwe') and other useful information.
+
+There are couple of options available to configure openphish module:
+
+~~~ucl
+phishing {
+ # URL of feed, default is public url:
+ openphish_map = "https://www.openphish.com/feed.txt";
+ # For premium feed, change that to your personal URL, e.g.
+ # openphish_map = "https://openphish.com/samples/premium_feed.json";
+
+ # Change this to true if premium feed is enabled
+ openphish_premium = false;
+}
+~~~
diff --git a/doc/markdown/workers/fuzzy_storage.md b/doc/markdown/workers/fuzzy_storage.md
index ad955a46a..4a5694591 100644
--- a/doc/markdown/workers/fuzzy_storage.md
+++ b/doc/markdown/workers/fuzzy_storage.md
@@ -103,8 +103,18 @@ generally `match_count / shingles_count`.
Fuzzy storage accepts the following extra options:
-- `database` - path to the sqlite storage
-- `expire` - time value for hashes expiration
+- `hashfile` - path to the sqlite storage (where are also few outdated aliases for this command exist: hash_file, file, database)
+- `sync` - time to perform database sync in seconds, default value: 60
+- `expire` - time value for hashes expiration in seconds, default value: 2 days
+- `keypair` - encryption keypair (can be repeated for different keys), can be obtained via *rspamadm keypair -u* command
+- `keypair_cache_size` - Size of keypairs cache, default value: 512
+- `encrypted_only` - allow encrypted requests only (and forbid all unknown keys or plaintext requests)
+- `master_timeout` - master protocol IO timeout
+- `sync_keypair` - encryption key for master/slave updates
+- `masters` - string, allow master/slave updates from the following IP addresses
+- `master_key` - allow master/slave updates merely using the specified key
+- `slave` - list of slave hosts.
+- `mirror` - list of slave hosts, same as `slave`
- `allow_update` - string, array of strings or a map of IP addresses that are allowed
to perform changes to fuzzy storage (you should also set `read_only = no` in your fuzzy_check plugin).
@@ -114,7 +124,7 @@ Here is an example configuration of fuzzy storage:
worker {
type = "fuzzy";
bind_socket = "*:11335";
- hash_file = "${DBDIR}/fuzzy.db"
+ hashfile = "${DBDIR}/fuzzy.db"
expire = 90d;
allow_update = "127.0.0.1";
}
diff --git a/doc/rspamadm.1.md b/doc/rspamadm.1.md
index 17bfa94c3..efe091da8 100644
--- a/doc/rspamadm.1.md
+++ b/doc/rspamadm.1.md
@@ -8,22 +8,20 @@ rspamadm - rspamd administration utility
rspamadm [*global_options*] [*command*] [*command_options*]...
-rspamadm -l
-
-rspamadm help
-
-rspamadm help <command>
-
-rspamadm --help
-
# DESCRIPTION
`rspamadm` is a routine to manage rspamd spam filtering system. It is intended to perform
such actions as merging databases, performing configuration tests, encrypting passwords,
-signing configurations and so on. You can get a list of available commands by running
+signing configurations and so on. You can get a list of available **commands** by running
rspamadm -l
+Also for each command you can check list of available **command_options** by running
+
+ rspamadm help command
+ rspamadm command --help
+
+
# OPTIONS
-h, \--help