# Please don't modify this file as your changes might be overwritten with # the next update. # # You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine # parameters defined on the top level # # You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add # parameters defined on the top level # # For specific modules or configuration you can also modify # '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults # '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults # # See https://rspamd.com/doc/tutorials/writing_rules.html for details rbl { default_from = true; default_received = false; default_exclude_users = true; default_unknown = true; url_whitelist = [ "https://maps.rspamd.com/rspamd/surbl-whitelist.inc.zst", "${DBDIR}/surbl-whitelist.inc.local", "fallback+file://${CONFDIR}/surbl-whitelist.inc" ]; rbls { spamhaus { symbol = "RBL_SPAMHAUS"; rbl = "zen.spamhaus.org"; ipv6 = true; returncodes { RBL_SPAMHAUS_SBL = "127.0.0.2"; RBL_SPAMHAUS_CSS = "127.0.0.3"; RBL_SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"]; RBL_SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"]; RBL_SPAMHAUS_DROP = "127.0.0.9"; } } spamhaus_received { symbol = "RECEIVED_SPAMHAUS"; rbl = "zen.spamhaus.org"; ipv6 = true; received = true; from = false; ignore_whitelists = true; returncodes { RECEIVED_SPAMHAUS_SBL = "127.0.0.2"; RECEIVED_SPAMHAUS_CSS = "127.0.0.3"; RECEIVED_SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"]; RECEIVED_SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"]; RECEIVED_SPAMHAUS_DROP = "127.0.0.9"; } } mailspike { symbol = "MAILSPIKE"; rbl = "rep.mailspike.net"; is_whitelist = true; whitelist_exception = "MAILSPIKE"; whitelist_exception = "RWL_MAILSPIKE_GOOD"; whitelist_exception = "RWL_MAILSPIKE_NEUTRAL"; whitelist_exception = "RWL_MAILSPIKE_POSSIBLE"; whitelist_exception = "RBL_MAILSPIKE_WORST"; whitelist_exception = "RBL_MAILSPIKE_VERYBAD"; whitelist_exception = "RBL_MAILSPIKE_BAD"; returncodes { RBL_MAILSPIKE_WORST = "127.0.0.10"; RBL_MAILSPIKE_VERYBAD = "127.0.0.11"; RBL_MAILSPIKE_BAD = "127.0.0.12"; RWL_MAILSPIKE_NEUTRAL = ["127.0.0.16", "127.0.0.15", "127.0.0.14", "127.0.0.13"]; RWL_MAILSPIKE_POSSIBLE = "127.0.0.17"; RWL_MAILSPIKE_GOOD = "127.0.0.18"; RWL_MAILSPIKE_VERYGOOD = "127.0.0.19"; RWL_MAILSPIKE_EXCELLENT = "127.0.0.20"; } } senderscore { symbol = "RBL_SENDERSCORE"; rbl = "bl.score.senderscore.com"; } sem { symbol = "RBL_SEM"; rbl = "bl.spameatingmonkey.net"; ipv6 = false; } semIPv6 { symbol = "RBL_SEM_IPV6"; rbl = "bl.ipv6.spameatingmonkey.net"; ipv4 = false; ipv6 = true; } dnswl { symbol = "RCVD_IN_DNSWL"; rbl = "list.dnswl.org"; ipv6 = true; is_whitelist = true; whitelist_exception = "RCVD_IN_DNSWL"; whitelist_exception = "RCVD_IN_DNSWL_NONE"; whitelist_exception = "RCVD_IN_DNSWL_LOW"; whitelist_exception = "DNSWL_BLOCKED"; returncodes { RCVD_IN_DNSWL_NONE = "127.0.%d+.0"; RCVD_IN_DNSWL_LOW = "127.0.%d+.1"; RCVD_IN_DNSWL_MED = "127.0.%d+.2"; RCVD_IN_DNSWL_HI = "127.0.%d+.3"; DNSWL_BLOCKED = "127.0.0.255"; } } # Provided by https://virusfree.cz virusfree { symbol = "RBL_VIRUSFREE_UNKNOWN"; rbl = "bip.virusfree.cz"; ipv6 = true; returncodes { RBL_VIRUSFREE_BOTNET = "127.0.0.2"; } } nixspam { symbol = "RBL_NIXSPAM"; rbl = "ix.dnsbl.manitu.net"; ipv6 = true; } blocklistde { symbol = "RBL_BLOCKLISTDE"; rbl = "bl.blocklist.de"; ipv6 = true; } blocklistde_received { symbol = "RECEIVED_BLOCKLISTDE"; rbl = "bl.blocklist.de"; ipv6 = true; received = true; from = false; ignore_whitelists = true; } dnswl_dwl { symbol = "DWL_DNSWL"; rbl = "dwl.dnswl.org"; dkim = true; dkim_domainonly = false; dkim_match_from = true; ignore_whitelist = true; unknown = false; returncodes { DWL_DNSWL_NONE = "127.0.%d+.0"; DWL_DNSWL_LOW = "127.0.%d+.1"; DWL_DNSWL_MED = "127.0.%d+.2"; DWL_DNSWL_HI = "127.0.%d+.3"; DWL_DNSWL_BLOCKED = "127.0.0.255"; } } # Old emails module RSPAMD_EMAILBL { ignore_defaults = true; emails_delimiter = "."; hash_format = "base32"; hash_len = 32; rbl = "email.rspamd.com"; replyto = true; hash = "blake2"; returncodes = { RSPAMD_EMAILBL = "127.0.0.2"; } } MSBL_EBL { ignore_defaults = true; rbl = "ebl.msbl.org"; emails_domainonly = false; replyto = true; hash = "sha1"; returncodes = { MSBL_EBL = [ "127.0.0.2", "127.0.0.3" ]; MSBL_EBL_GREY = [ "127.0.1.2", "127.0.1.3" ]; } } # Old SURBL module "SURBL_MULTI" { ignore_defaults = true; rbl = "multi.surbl.org"; dkim = true; emails = true; emails_domainonly = true; urls = true; returnbits = { CRACKED_SURBL = 128; # From February 2016 ABUSE_SURBL = 64; MW_SURBL_MULTI = 16; PH_SURBL_MULTI = 8; SURBL_BLOCKED = 1; } } "URIBL_MULTI" { ignore_defaults = true; rbl = "multi.uribl.com"; dkim = true; emails = true; emails_domainonly = true; urls = true; returnbits { URIBL_BLOCKED = 1; URIBL_BLACK = 2; URIBL_GREY = 4; URIBL_RED = 8; } } "RSPAMD_URIBL" { ignore_defaults = true; rbl = "uribl.rspamd.com"; dkim = true; emails = true; emails_domainonly = true; urls = true; hash = 'blake2'; hash_len = 32; hash_format = 'base32'; returncodes = { RSPAMD_URIBL = [ "127.0.0.2", ]; } } "DBL" { ignore_defaults = true; rbl = "dbl.spamhaus.org"; no_ip = true; dkim = true; emails = true; emails_domainonly = true; urls = true; returncodes = { # spam domain DBL_SPAM = "127.0.1.2"; # phish domain DBL_PHISH = "127.0.1.4"; # malware domain DBL_MALWARE = "127.0.1.5"; # botnet C&C domain DBL_BOTNET = "127.0.1.6"; # abused legit spam DBL_ABUSE = "127.0.1.102"; # abused spammed redirector domain DBL_ABUSE_REDIR = "127.0.1.103"; # abused legit phish DBL_ABUSE_PHISH = "127.0.1.104"; # abused legit malware DBL_ABUSE_MALWARE = "127.0.1.105"; # abused legit botnet C&C DBL_ABUSE_BOTNET = "127.0.1.106"; # error - IP queries prohibited! DBL_PROHIBIT = "127.0.1.255"; } } # Not enabled by default due to privacy concerns! (see also groups.d/surbl_group.conf) #"SPAMHAUS_ZEN_URIBL" { # suffix = "zen.spamhaus.org"; # resolve_ip = true; # check_emails = true; # ips { # URIBL_SBL = "127.0.0.2"; # URIBL_SBL_CSS = "127.0.0.3"; # URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"]; # URIBL_PBL = ["127.0.0.10", "127.0.0.11"]; # URIBL_DROP = "127.0.0.9"; # } #} "SEM_URIBL_UNKNOWN" { ignore_defaults = true; rbl = "uribl.spameatingmonkey.net"; no_ip = true; dkim = true; emails = true; emails_domainonly = true; urls = true; returnbits { SEM_URIBL = 2; } } "SEM_URIBL_FRESH15_UNKNOWN" { ignore_defaults = true; rbl = "fresh15.spameatingmonkey.net"; no_ip = true; dkim = true; emails = true; emails_domainonly = true; urls = true; returnbits { SEM_URIBL_FRESH15 = 2; } } # Proved to be broken #"RBL_SARBL_BAD" { # suffix = "public.sarbl.org"; # noip = true; # images = true; #} } .include(try=true,priority=5) "${DBDIR}/dynamic/rbl.conf" .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/rbl.conf" .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/rbl.conf" }