<?xml version="1.0" encoding="UTF-8"?>
<rspamd>
<!-- Global section -->
<lua src="@ETC_PREFIX@/rspamd/lua/rspamd.lua" />
<!-- Options -->
<options>
<!-- Temporary directory -->
<tempdir>/tmp</tempdir>
<!-- Path to pid file -->
<pidfile>@LOCALSTATES_PREFIX@/rspamd.pid</pidfile>
<!-- Turned on C filters -->
<filters>regexp,surbl,chartable,fuzzy_check,spf,dkim</filters>
<!-- Maximum size of statistics mapped in memory -->
<statfile_pool_size>1G</statfile_pool_size>
<!-- Raw mode is non-utf mode. In utf mode all messages are converted to utf8 (if possible) -->
<raw_mode>no</raw_mode>
<!-- Check text attachements as ordinary text parts -->
<check_attachements>no</check_attachements>
<!-- If a rule has been met several times do not add additional score -->
<one_shot>yes</one_shot>
<!-- DNS requests global timeout -->
<dns_timeout>1s</dns_timeout>
<!-- DNS retransmits count -->
<dns_retransmits>5</dns_retransmits>
<!-- File for saving settings of symbols cache -->
<cache_file>@LOCALSTATES_PREFIX@/symbols.cache</cache_file>
<!-- Maps watch timeout (floating point number in seconds, for file maps this timeout is reduced by two) -->
<map_watch_interval>10.0s</map_watch_interval>
<!-- A path to dynamic configuration file, required for webui -->
<dynamic_conf>@LOCALSTATES_PREFIX@/rspamd_dynamic</dynamic_conf>
<!-- Use mlock to prevent statistic from getting to swap file, requires either root privileges or specific system configuration -->
<use_mlock>no</use_mlock>
</options>
<!-- End of options section -->
<!-- Logging section -->
<logging>
<level>info</level>
<log_urls>no</log_urls>
<type>console</type>
<!-- Other types
<type filename="/var/log/rspamd/rspamd.log">file</type>
<type facility="local7">syslog</type>
-->
<!-- Selective debug
<debug_ip>127.0.0.1</debug_ip>
<debug_symbols>SYMBOL1,SYMBOL2</debug_symbols>
-->
</logging>
<!-- End of logging section -->
<!-- Metrics section -->
<metric>
<name>default</name>
<required_score>15.0</required_score>
<!-- Sample actions -->
<action>reject</action>
<action>greylist:4</action>
<action>add_header:8</action>
<!-- Weights for symbols -->
<!-- Subject is missing inside message -->
<symbol weight="2.00" description="Subject is missing inside message">MISSING_SUBJECT</symbol>
<!-- Message pretends to be send from Outlook but has 'strange' tags -->
<symbol weight="2.10" description="Message pretends to be send from Outlook but has 'strange' tags ">FORGED_OUTLOOK_TAGS</symbol>
<!-- Sender is forged (different From: header and smtp MAIL FROM: addresses) -->
<symbol weight="5.00" description="Sender is forged (different From: header and smtp MAIL FROM: addresses)">FORGED_SENDER</symbol>
<!-- Recipients seems to be autogenerated (works if recipients count is more than 5) -->
<symbol weight="3.50" description="Recipients seems to be autogenerated (works if recipients count is more than 5)">SUSPICIOUS_RECIPS</symbol>
<!-- Fake reply (has RE in subject, but has not References header) -->
<symbol weight="6.00" description="Fake reply (has RE in subject, but has not References header)">FAKE_REPLY_C</symbol>
<!-- Messages that have only HTML part -->
<symbol weight="1.00" description="Messages that have only HTML part">MIME_HTML_ONLY</symbol>
<!-- Forged yahoo msgid -->
<symbol weight="2.00" description="Forged yahoo msgid">FORGED_MSGID_YAHOO</symbol>
<!-- Forged The Bat! MUA headers -->
<symbol weight="2.00" description="Forged The Bat! MUA headers">FORGED_MUA_THEBAT_BOUN</symbol>
<!-- Charset is missing in a message -->
<symbol weight="5.00" description="Charset is missing in a message">R_MISSING_CHARSET</symbol>
<!-- Two received headers with ip addresses -->
<symbol weight="2.00" description="Two received headers with ip addresses">RCVD_DOUBLE_IP_SPAM</symbol>
<!-- Forged outlook HTML signature -->
<symbol weight="5.00" description="Forged outlook HTML signature">FORGED_OUTLOOK_HTML</symbol>
<!-- Recipients are absent or undisclosed -->
<symbol weight="5.00" description="Recipients are absent or undisclosed">R_UNDISC_RCPT</symbol>
<!-- White color on white background in HTML messages -->
<symbol weight="9.00" description="White color on white background in HTML messages">R_WHITE_ON_WHITE</symbol>
<!-- Short html part with a link to an image -->
<symbol weight="3.00" description="Short html part with a link to an image">HTML_SHORT_LINK_IMG_2</symbol>
<!-- Forged outlook MUA -->
<symbol weight="3.00" description="Forged outlook MUA">FORGED_MUA_OUTLOOK</symbol>
<!-- Forged outlook MUA, but from maillist -->
<symbol weight="0.00" description="Forged outlook MUA, but from maillist">FORGED_MUA_OUTLOOK_MAILLIST</symbol>
<!-- Suspicious boundary in header Content-Type -->
<symbol weight="5.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY</symbol>
<!-- Suspicious boundary in header Content-Type -->
<symbol weight="4.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY2</symbol>
<!-- Suspicious boundary in header Content-Type -->
<symbol weight="3.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY3</symbol>
<!-- Suspicious boundary in header Content-Type -->
<symbol weight="4.00" description="Suspicious boundary in header Content-Type">SUSPICIOUS_BOUNDARY4</symbol>
<!-- Message pretends to be send from The Bat! but has forged Message-ID -->
<symbol weight="4.00" description="Message pretends to be send from The Bat! but has forged Message-ID">FORGED_MUA_THEBAT_MSGID</symbol>
<!-- Message pretends to be send from The Bat! but has forged Message-ID -->
<symbol weight="3.00" description="Message pretends to be send from The Bat! but has forged Message-ID">FORGED_MUA_THEBAT_MSGID_UNKNOWN</symbol>
<!-- Message pretends to be send from KMail but has forged Message-ID -->
<symbol weight="3.00" description="Message pretends to be send from KMail but has forged Message-ID">FORGED_MUA_KMAIL_MSGID</symbol>
<!-- Message pretends to be send from KMail but has forged Message-ID -->
<symbol weight="2.50" description="Message pretends to be send from KMail but has forged Message-ID">FORGED_MUA_KMAIL_MSGID_UNKNOWN</symbol>
<!-- Message pretends to be send from Opera Mail but has forged Message-ID -->
<symbol weight="4.00" description="Message pretends to be send from Opera Mail but has forged Message-ID">FORGED_MUA_OPERA_MSGID</symbol>
<!-- Message pretends to be send from suspicious Opera Mail/10.x (Windows) but has forged Message-ID, apparently from KMail -->
<symbol weight="4.00" description="Message pretends to be send from suspicious Opera Mail/10.x (Windows) but has forged Message-ID, apparently from KMail">SUSPICIOUS_OPERA_10W_MSGID</symbol>
<!-- Message pretends to be send from Mozilla Mail but has forged Message-ID -->
<symbol weight="4.00" description="Message pretends to be send from Mozilla Mail but has forged Message-ID">FORGED_MUA_MOZILLA_MAIL_MSGID</symbol>
<!-- Message pretends to be send from Mozilla Mail but has forged Message-ID -->
<symbol weight="2.50" description="Message pretends to be send from Mozilla Mail but has forged Message-ID">FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN</symbol>
<!-- Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID -->
<symbol weight="4.00" description="Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID">FORGED_MUA_THUNDERBIRD_MSGID</symbol>
<!-- Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID -->
<symbol weight="2.50" description="Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID">FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN</symbol>
<!-- Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID -->
<symbol weight="4.00" description="Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID">FORGED_MUA_SEAMONKEY_MSGID</symbol>
<!-- Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID -->
<symbol weight="2.50" description="Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID">FORGED_MUA_SEAMONKEY_MSGID_UNKNOWN</symbol>
<!-- Fake helo for verizon provider -->
<symbol weight="2.00" description="Fake helo for verizon provider">FM_FAKE_HELO_VERIZON</symbol>
<!--Quoted reply-to from yahoo (seems to be forged) -->
<symbol weight="2.00" description="Quoted reply-to from yahoo (seems to be forged)">REPTO_QUOTE_YAHOO</symbol>
<!-- Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange) -->
<symbol weight="5.00" description="Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange)">MISSING_MIMEOLE</symbol>
<!-- To header is missing -->
<symbol weight="2.00" description="To header is missing">MISSING_TO</symbol>
<!-- From that contains encoded characters while base 64 is not needed as all symbols are 7bit -->
<symbol weight="1.5" description="From that contains encoded characters while base 64 is not needed as all symbols are 7bit">FROM_EXCESS_BASE64</symbol>
<!-- From that contains encoded characters while quoted-printable is not needed as all symbols are 7bit -->
<symbol weight="1.2" description="From that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">FROM_EXCESS_QP</symbol>
<!-- To that contains encoded characters while base 64 is not needed as all symbols are 7bit -->
<symbol weight="1.5" description="To that contains encoded characters while base 64 is not needed as all symbols are 7bit">TO_EXCESS_BASE64</symbol>
<!-- To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit -->
<symbol weight="1.2" description="To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">TO_EXCESS_QP</symbol>
<!-- Reply-To that contains encoded characters while base 64 is not needed as all symbols are 7bit -->
<symbol weight="1.5" description="Reply-To that contains encoded characters while base 64 is not needed as all symbols are 7bit">REPLYTO_EXCESS_BASE64</symbol>
<!-- Reply-To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit -->
<symbol weight="1.2" description="Reply-To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">REPLYTO_EXCESS_QP</symbol>
<!-- Cc that contains encoded characters while base 64 is not needed as all symbols are 7bit -->
<symbol weight="1.5" description="Cc that contains encoded characters while base 64 is not needed as all symbols are 7bit">CC_EXCESS_BASE64</symbol>
<!-- Cc that contains encoded characters while quoted-printable is not needed as all symbols are 7bit -->
<symbol weight="1.2" description="Cc that contains encoded characters while quoted-printable is not needed as all symbols are 7bit">CC_EXCESS_QP</symbol>
<!-- Mixed characters in a message -->
<symbol weight="5.00" description="Mixed characters in a message">R_MIXED_CHARSET</symbol>
<!-- Recipients list seems to be sorted -->
<symbol weight="3.50" description="Recipients list seems to be sorted">SORTED_RECIPS</symbol>
<!-- Spambots signatures in received headers -->
<symbol weight="3.00" description="Spambots signatures in received headers">R_RCVD_SPAMBOTS</symbol>
<!-- To header seems to be autogenerated -->
<symbol weight="2.00" description="To header seems to be autogenerated">R_TO_SEEMS_AUTO</symbol>
<!-- Subject needs encoding -->
<symbol weight="1.00" description="Subject needs encoding">SUBJECT_NEEDS_ENCODING</symbol>
<!-- Spam string at the end of message to make statistics faults 0-->
<symbol weight="3.84" description="Spam string at the end of message to make statistics faults 0">TRACKER_ID</symbol>
<!-- No space in from header -->
<symbol weight="1.00" description="No space in from header">R_NO_SPACE_IN_FROM</symbol>
<!-- Subject seems to be spam -->
<symbol weight="8.00" description="Subject seems to be spam">R_SAJDING</symbol>
<!-- Detects bad content-transfer-encoding for text parts -->
<symbol weight="3.00" description="Detects bad content-transfer-encoding for text parts">R_BAD_CTE_7BIT</symbol>
<!-- Flash redirect on imageshack.us -->
<symbol weight="10.00" description="Flash redirect on imageshack.us">R_FLASH_REDIR_IMGSHACK</symbol>
<!-- Message id is incorrect -->
<symbol weight="5.00" description="Message id is incorrect">INVALID_MSGID</symbol>
<!-- Message id is missing -->
<symbol weight="3.00" description="Message id is missing ">MISSING_MID</symbol>
<!-- Recipients are not the same as RCPT TO: mail command -->
<symbol weight="3.00" description="Recipients are not the same as RCPT TO: mail command">FORGED_RECIPIENTS</symbol>
<!-- Recipients are not the same as RCPT TO: mail command, but from maillist -->
<symbol weight="0.00" description="Recipients are not the same as RCPT TO: mail command, but from maillist">FORGED_RECIPIENTS_MAILLIST</symbol>
<!-- Forged Exchange messages -->
<symbol weight="2.00" description="Forged Exchange messages ">RATWARE_MS_HASH</symbol>
<!-- Reply-type in content-type -->
<symbol weight="1.00" description="Reply-type in content-type">STOX_REPLY_TYPE</symbol>
<!-- IP in received headers is in PBL -->
<symbol weight="3.00" description="IP in received headers is in PBL">R_IP_PBL</symbol>
<!-- One received header in a message -->
<symbol weight="1.00" description="One received header in a message ">ONCE_RECEIVED</symbol>
<!-- One received header with 'bad' patterns inside -->
<symbol weight="4.00" description="One received header with 'bad' patterns inside">ONCE_RECEIVED_STRICT</symbol>
<!-- Received headers contains addresses from RBL -->
<symbol weight="1.00" description="Received headers contains addresses from RBL">RECEIVED_RBL</symbol>
<!-- Text and HTML parts differ -->
<symbol weight="3.00" description="Text and HTML parts differ">R_PARTS_DIFFER</symbol>
<!-- Only Content-Type header without other MIME headers -->
<symbol weight="2.00" description="Only Content-Type header without other MIME headers">MIME_HEADER_CTYPE_ONLY</symbol>
<!-- Message contains empty parts and image -->
<symbol weight="2.00" description="Message contains empty parts and image ">R_EMPTY_IMAGE</symbol>
<!-- Drugs patterns inside message -->
<symbol weight="2.00" description="Drugs patterns inside message">DRUGS_MANYKINDS</symbol>
<!-- Specific drugs signatures -->
<symbol weight="2.00" description="">DRUGS_ANXIETY</symbol>
<symbol weight="2.00" description="">DRUGS_MUSCLE</symbol>
<symbol weight="2.00" description="">DRUGS_ANXIETY_EREC</symbol>
<symbol weight="2.00" description="">DRUGS_DIET</symbol>
<symbol weight="2.00" description="">DRUGS_ERECTILE</symbol>
<!-- 2 or 3 'advance fee' patterns in a message -->
<symbol weight="3.30" description="2 'advance fee' patterns in a message">ADVANCE_FEE_2</symbol>
<symbol weight="2.12" description="3 'advance fee' patterns in a message">ADVANCE_FEE_3</symbol>
<!-- Lotto signatures -->
<symbol weight="8.00" description="Lotto signatures">R_LOTTO</symbol>
<!-- Statistics -->
<symbol weight="3.00" description="Message probably spam, probability: ">BAYES_SPAM</symbol>
<symbol weight="-3.00" description="Message probably ham, probability: ">BAYES_HAM</symbol>
<!-- Fuzzy lists example -->
<symbol weight="1.00" description="">R_FUZZY</symbol>
<symbol weight="1.00" description="">R_FUZZY_DENIED</symbol>
<symbol weight="1.00" description="">R_FUZZY_PROB</symbol>
<symbol weight="1.00" description="">R_FUZZY_WHITE</symbol>
<!-- DKIM rules -->
<symbol weight="1.0" description="DKIM policy reject">R_DKIM_REJECT</symbol>
<symbol weight="0.0" description="DKIM policy temporary fail">R_DKIM_TEMPFAIL</symbol>
<symbol weight="-0.5" description="DKIM policy allow">R_DKIM_ALLOW</symbol>
<!-- SPF rules -->
<symbol weight="3.00" description="SPF verification failed">R_SPF_FAIL</symbol>
<symbol weight="1.00" description="SPF verification soft-failed">R_SPF_SOFTFAIL</symbol>
<symbol weight="-3.00" description="SPF verification alowed">R_SPF_ALLOW</symbol>
<!-- Message seems to be from maillist -->
<symbol weight="-2.00" description="Message seems to be from maillist">MAILLIST</symbol>
<!-- multi.surbl.org lists (more details at http://www.surbl.org) -->
<!-- Phishing and malware sites -->
<symbol weight="10.50" description="Phishing and malware sites">PH_SURBL_MULTI</symbol>
<!-- Outblaze URI Blacklist -->
<symbol weight="10.50" description="Outblaze URI Blacklist">OB_SURBL_MULTI</symbol>
<!-- AbuseButler web sites -->
<symbol weight="10.50" description="AbuseButler web sites">AB_SURBL_MULTI</symbol>
<!-- SpamCop web sites -->
<symbol weight="10.50" description="SpamCop web sites">SC_SURBL_MULTI</symbol>
<!-- jwSpamSpy + Prolocation sites -->
<symbol weight="10.50" description="jwSpamSpy + Prolocation sites">JP_SURBL_MULTI</symbol>
<!-- sa-blacklist web sites -->
<symbol weight="10.50" description="sa-blacklist web sites ">WS_SURBL_MULTI</symbol>
<!-- rambler.ru uribl -->
<symbol weight="12.50" description="rambler.ru uribl">RAMBLER_URIBL</symbol>
<!-- DBL uribl -->
<symbol weight="11.50" description="dbl.spamhaus.org uribl">DBL</symbol>
<!-- rambler.ru emailbl -->
<symbol weight="9.50" description="rambler.ru emailbl">RAMBLER_EMAILBL</symbol>
<!-- Phished mail -->
<symbol weight="5.0" description="Phished mail">PHISHING</symbol>
<!-- Tabs as delimiters between header names and header values -->
<symbol weight="1.0" description="Header From begins with tab">HEADER_FROM_DELIMITER_TAB</symbol>
<symbol weight="1.0" description="Header To begins with tab">HEADER_TO_DELIMITER_TAB</symbol>
<symbol weight="1.0" description="Header Cc begins with tab">HEADER_CC_DELIMITER_TAB</symbol>
<symbol weight="1.0" description="Header Reply-To begins with tab">HEADER_REPLYTO_DELIMITER_TAB</symbol>
<symbol weight="1.0" description="Header Date begins with tab">HEADER_DATE_DELIMITER_TAB</symbol>
<!-- Empty delimiters between header names and header values -->
<symbol weight="1.0" description="Header From has no delimiter between header name and header value">HEADER_FROM_EMPTY_DELIMITER</symbol>
<symbol weight="1.0" description="Header To has no delimiter between header name and header value">HEADER_TO_EMPTY_DELIMITER</symbol>
<symbol weight="1.0" description="Header Cc has no delimiter between header name and header value">HEADER_CC_EMPTY_DELIMITER</symbol>
<symbol weight="1.0" description="Header Reply-To has no delimiter between header name and header value">HEADER_REPLYTO_EMPTY_DELIMITER</symbol>
<symbol weight="1.0" description="Header Date has no delimiter between header name and header value">HEADER_DATE_EMPTY_DELIMITER</symbol>
<!-- Received headers -->
<symbol weight="4.0" description="Header Received has raw illegal character">RCVD_ILLEGAL_CHARS</symbol>
<symbol weight="4.0" description="Fake helo mail.ru in header Received from non mail.ru sender address">FAKE_RECEIVED_mail_ru</symbol>
<symbol weight="4.0" description="Fake smtp.yandex.ru Received">FAKE_RECEIVED_smtp_yandex_ru</symbol>
<symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED</symbol>
<symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED2</symbol>
<symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED3</symbol>
<symbol weight="3.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED4</symbol>
<symbol weight="4.6" description="Forged generic Received">FORGED_GENERIC_RECEIVED5</symbol>
<symbol weight="3.0" description="Invalid Postfix Received">INVALID_POSTFIX_RECEIVED</symbol>
<symbol weight="5.0" description="Invalid Exim Received">INVALID_EXIM_RECEIVED</symbol>
<symbol weight="3.0" description="Invalid Exim Received">INVALID_EXIM_RECEIVED2</symbol>
<!-- Date checks -->
<symbol weight="1.5" description="Message date is in future">DATE_IN_FUTURE</symbol>
<symbol weight="1.0" description="Message date is in past">DATE_IN_PAST</symbol>
</metric>
<!-- End of metrics section -->
<!-- Composites section -->
<composite name="FORGED_RECIPIENTS_MAILLIST">FORGED_RECIPIENTS & -MAILLIST</composite>
<composite name="FORGED_MUA_OUTLOOK_MAILLIST">FORGED_MUA_OUTLOOK & -MAILLIST</composite>
<!-- End of composites section -->
<!-- Workers section -->
<!--
<worker>
<type>fuzzy</type>
<bind_socket>localhost:11335</bind_socket>
<count>1</count>
<maxfiles>2048</maxfiles>
<hashfile>@LOCALSTATES_PREFIX@/fuzzy.db</hashfile>
<use_judy>yes</use_judy>
<allow_update>127.0.0.1</allow_update>
</worker>
-->
<worker>
<type>controller</type>
<bind_socket>localhost:11334</bind_socket>
<count>1</count>
<maxfiles>2048</maxfiles>
<!-- Other params -->
<password>q1</password>
</worker>
<worker>
<type>normal</type>
<bind_socket>*:11333</bind_socket>
<maxfiles>2048</maxfiles>
<!-- Other params -->
</worker>
<!-- Webui worker -->
<worker>
<type>webui</type>
<count>1</count>
<bind_socket>localhost:11336</bind_socket>
<!-- UI password, should be changed to something more secure -->
<password>q1</password>
</worker>
<!-- End of workers section -->
<!-- Modules section -->
<!-- fuzzy_check -->
<module name="fuzzy_check">
<servers>highsecure.ru:11335</servers>
<symbol>R_FUZZY</symbol>
<min_bytes>300</min_bytes>
<max_score>10</max_score>
<mime_types>application/pdf</mime_types>
<fuzzy_map>1:R_FUZZY_DENIED:10,2:R_FUZZY_PROB:5,3:R_FUZZY_WHITE:-2.1</fuzzy_map>
</module>
<!-- forged_recipients -->
<module name="forged_recipients">
<symbol_sender>FORGED_SENDER</symbol_sender>
<symbol_rcpt>FORGED_RECIPIENTS</symbol_rcpt>
</module>
<!-- maillist -->
<module name="maillist">
<symbol>MAILLIST</symbol>
</module>
<!-- surbl -->
<module name="surbl">
<whitelist>file://@ETC_PREFIX@/rspamd/surbl-whitelist.inc</whitelist>
<exceptions>file://@ETC_PREFIX@/rspamd/2tld.inc</exceptions>
<bit_64>JP</bit_64>
<bit_32>AB</bit_32>
<bit_16>OB</bit_16>
<bit_8>PH</bit_8>
<bit_4>WS</bit_4>
<bit_2>SC</bit_2>
<suffix_RAMBLER_URIBL>uribl.rambler.ru</suffix_RAMBLER_URIBL>
<option name="suffix_%b_SURBL_MULTI">multi.surbl.org</option>
<suffix_DBL>dbl.spamhaus.org</suffix_DBL>
<!-- Do not send ip urls to this URIBL -->
<options_DBL>noip</options_DBL>
<!-- Redirector sample setup -->
<!--
<redirector_read_timeout>10s</redirector_read_timeout>
<redirector_connect_timeout>1s</redirector_connect_timeout>
<redirector>localhost:8080</redirector>
-->
</module>
<!-- received_rbl -->
<module name="received_rbl">
<symbol>RECEIVED_RBL</symbol>
<rbl>pbl.spamhaus.org</rbl>
<rbl>xbl.spamhaus.org</rbl>
<rbl>insecure-bl.rambler.ru</rbl>
</module>
<!-- whitelist -->
<!-- Example of using HTTP maps for whitelisting
<module name="whitelist">
<ip_whitelist>http://highsecure.ru/grey_whitelist.conf</ip_whitelist>
<symbol_ip>WHITELIST_IP</symbol_ip>
</module>
-->
<!-- chartable -->
<module name="chartable">
<!-- Division of symbols from different charsets to a total number of symbols -->
<threshold>0.3</threshold>
<symbol>R_MIXED_CHARSET</symbol>
</module>
<!-- once_received -->
<module name="once_received">
<good_host>mail</good_host>
<bad_host>static</bad_host>
<bad_host>dynamic</bad_host>
<symbol_strict>ONCE_RECEIVED_STRICT</symbol_strict>
<symbol>ONCE_RECEIVED</symbol>
</module>
<!-- multimap -->
<module name="multimap">
<!--
<rule>type = header, header = To, pattern = @(.+)>?$, map = file://@ETC_PREFIX@/rspamd/rcpt_test, symbol = R_RCPT_WHITELIST, description = RCPT whitelist</rule>
<rule>type = ip, map = file://@ETC_PREFIX@/rspamd/ip_test, symbol = R_IP_WHITELIST, description = IP whitelist</rule>
-->
<rule>type = dnsbl, map = pbl.spamhaus.org, symbol = R_IP_PBL, description = PBL dns block list�</rule>
</module>
<!-- phishing -->
<module name="phishing">
<symbol>PHISHING</symbol>
<!-- Check phishing only for specified domains
<domains>file://path/to/domains</domains>
-->
<!-- If phishing detected for that domains insert another symbol specified after semicolon symbol
<strict_domains>file://path/to/domains:STRICT_PHISHING</strict_domains>
-->
</module>
<!-- Trie module -->
<!--
<module name="trie">
<rule>TRIE1:bad pattern</rule>
<rule>TRIE2:file://@LOCALSTATES_PREFIX@/bad_patterns.list</rule>
</module>
-->
<!-- Emails blacklist -->
<module name="emails">
<rule>symbol = RAMBLER_EMAILBL, dnsbl = email-bl.rambler.ru, domain_only = false</rule>
</module>
<!-- SPF module setup -->
<module name="spf">
<!-- Cache setup for spf records to accelerate spf checks -->
<spf_cache_size>2048</spf_cache_size>
<spf_cache_expire>1d</spf_cache_expire>
</module>
<!-- DKIM module setup -->
<module name="dkim">
<!-- Cache setup for dkim records to accelerate dkim checks -->
<dkim_cache_size>2048</dkim_cache_size>
<dkim_cache_expire>1d</dkim_cache_expire>
<!-- Domains list can be added, each domain file entry can be in format:
<domain_name> [<score_reject>:<score_allow>]
where scores are multiplier for this domain, if scores are skipped
normal multiplier is used -->
<!-- <domains>file:///some/path</domains> -->
<!-- Whitelist is ip/mask list of whitelisted ips to skip dkim check -->
<!-- <whitelist>file:///some/path</whitelist> -->
<!-- Time jitter is value in seconds to ignore comparing timestamp of signatures -->
<time_jitter>1m</time_jitter>
<!-- Check only trusted domains from 'domains' list -->
<trusted_only>no</trusted_only>
<!-- Skip mails with several DKIM signatures -->
<skip_multi>no</skip_multi>
</module>
<!-- Rstelimit module setup -->
<!-- Disabled by default till servers option is properly set -->
<module name="ratelimit">
<!-- List of servers to store limits in format: host1[:port][,host2[:port]]
port 6379 is used by default, if no servers defined, this module is not enabled -->
<!-- <servers>localhost</servers> -->
<!-- limits description, type:burst:leak_rate -->
<!-- per rcpt limit, 100 messages burst, 2 messages per minute leak rate -->
<limit>to:100:0.033333333</limit>
<!-- per rcpt/ip limit, 30 messages burst, 1.5 messages per minute leak rate -->
<limit>to_ip:30:0.025</limit>
<!-- per rcpt/ip/from limit, 20 messages burst, 1 messages per minute leak rate -->
<limit>to_ip_from:20:0.01666666667</limit>
<!-- per rcpt bounce limit, 10 messages burst, 2 messages per hour leak rate -->
<limit>bounce_to:10:0.000555556</limit>
<!-- per rcpt/ip bounce limit, 5 messages burst, 1 messages per hour leak rate -->
<limit>bounce_to_ip:5:0.000277778</limit>
<!-- Whitelist map -->
<!-- <whitelisted_ip>file:///some/path</whitelisted_ip> -->
<!-- List of whitelisted recipients -->
<whitelisted_rcpts>postmaster,mailer-daemon</whitelisted_rcpts>
<!-- Limit if recipients to check -->
<max_rcpt>5</max_rcpt>
</module>
<!-- Regexp module configuration -->
<module name="regexp">
<!-- Maximum size of text for regexp checks -->
<max_size>1M</max_size>
</module>
<!-- End of modules section -->
<!-- Classifiers section -->
<!--
<classifier type="winnow">
<tokenizer>osb-text</tokenizer>
<metric>default</metric>
<min_tokens>20</min_tokens>
<statfile>
<symbol>WINNOW_HAM</symbol>
<size>100M</size>
<path>@LOCALSTATES_PREFIX@/data.ham</path>
</statfile>
<statfile>
<symbol>WINNOW_SPAM</symbol>
<size>100M</size>
<path>@LOCALSTATES_PREFIX@/data.spam</path>
</statfile>
</classifier>
-->
<!-- Example of slave
<classifier type="bayes">
<tokenizer>osb-text</tokenizer>
<metric>default</metric>
<min_tokens>10</min_tokens>
<learn_threshold>0.2</learn_threshold>
<statfile>
<symbol>BAYES_HAM</symbol>
<size>10M</size>
<path>@LOCALSTATES_PREFIX@/bayes_slave.ham</path>
<binlog_master>localhost:11334</binlog_master>
<binlog>slave</binlog>
</statfile>
<statfile>
<symbol>BAYES_SPAM</symbol>
<size>10M</size>
<path>@LOCALSTATES_PREFIX@/bayes_slave.spam</path>
<binlog>slave</binlog>
<binlog_master>localhost:11334</binlog_master>
</statfile>
</classifier>
-->
<!-- Example of language specific statfiles -->
<!--
<classifier type="bayes">
<tokenizer>osb-text</tokenizer>
<metric>default</metric>
<min_tokens>10</min_tokens>
<max_tokens>1000</max_tokens>
<statfile>
<symbol>BAYES_HAM_RU</symbol>
<size>50M</size>
<path>@LOCALSTATES_PREFIX@/bayes_ru.ham</path>
<param name="language">ru</param>
</statfile>
<statfile>
<symbol>BAYES_SPAM_RU</symbol>
<size>50M</size>
<path>@LOCALSTATES_PREFIX@/bayes_ru.spam</path>
<param name="language">ru</param>
</statfile>
<statfile>
<symbol>BAYES_HAM</symbol>
<size>50M</size>
<path>@LOCALSTATES_PREFIX@/bayes.ham</path>
</statfile>
<statfile>
<symbol>BAYES_SPAM</symbol>
<size>50M</size>
<path>@LOCALSTATES_PREFIX@/bayes.spam</path>
</statfile>
</classifier>
-->
<!-- Ordinary statistic for a small mail system -->
<classifier type="bayes">
<tokenizer>osb-text</tokenizer>
<metric>default</metric>
<min_tokens>10</min_tokens>
<max_tokens>1000</max_tokens>
<statfile>
<symbol>BAYES_HAM</symbol>
<size>20M</size>
<path>@LOCALSTATES_PREFIX@/bayes.ham</path>
</statfile>
<statfile>
<symbol>BAYES_SPAM</symbol>
<size>20M</size>
<path>@LOCALSTATES_PREFIX@/bayes.spam</path>
</statfile>
</classifier>
<!-- Advanced meta-classification statistic -->
<!--
<classifier type="bayes">
<tokenizer>osb-text</tokenizer>
<metric>default</metric>
<min_tokens>6</min_tokens>
<max_tokens>5000</max_tokens>
<statfile>
<symbol>BAYES_HAM</symbol>
<size>50M</size>
<path>@LOCALSTATES_PREFIX@/bayes.ham</path>
<spam>no</spam>
</statfile>
<statfile>
<symbol>BAYES_SPAM</symbol>
<size>50M</size>
<path>@LOCALSTATES_PREFIX@/bayes.spam</path>
<spam>yes</spam>
</statfile>
<statfile>
<symbol>BAYES_HAM_RU</symbol>
<size>50M</size>
<path>@LOCALSTATES_PREFIX@/bayes_ru.ham</path>
<language>ru</language>
<spam>no</spam>
</statfile>
<statfile>
<symbol>BAYES_SPAM_RU</symbol>
<size>50M</size>
<path>@LOCALSTATES_PREFIX@/bayes_ru.spam</path>
<language>ru</language>
<spam>yes</spam>
</statfile>
<statfile>
<symbol>BAYES_SPAM</symbol>
<size>10M</size>
<path>@LOCALSTATES_PREFIX@/bayes_manyrcpt.spam</path>
<spam>yes</spam>
<label>many recipients</label>
</statfile>
<statfile>
<symbol>BAYES_HAM</symbol>
<size>10M</size>
<path>@LOCALSTATES_PREFIX@/bayes_manyrcpt.ham</path>
<spam>no</spam>
<label>many recipients</label>
</statfile>
<statfile>
<symbol>BAYES_SPAM</symbol>
<size>10M</size>
<path>@LOCALSTATES_PREFIX@/bayes_undisclosedrcpt.spam</path>
<spam>yes</spam>
<label>undisclosed recipients</label>
</statfile>
<statfile>
<symbol>BAYES_HAM</symbol>
<size>10M</size>
<path>@LOCALSTATES_PREFIX@/bayes_undisclosedrcpt.ham</path>
<spam>no</spam>
<label>undisclosed recipients</label>
</statfile>
<statfile>
<symbol>BAYES_SPAM</symbol>
<size>10M</size>
<path>@LOCALSTATES_PREFIX@/bayes_maillist.spam</path>
<spam>yes</spam>
<label>maillist</label>
</statfile>
<statfile>
<symbol>BAYES_HAM</symbol>
<size>10M</size>
<path>@LOCALSTATES_PREFIX@/bayes_maillist.ham</path>
<spam>no</spam>
<label>maillist</label>
</statfile>
<statfile>
<symbol>BAYES_SPAM</symbol>
<size>10M</size>
<path>@LOCALSTATES_PREFIX@/bayes_longsubject.spam</path>
<spam>yes</spam>
<label>long subject</label>
</statfile>
<statfile>
<symbol>BAYES_HAM</symbol>
<size>10M</size>
<path>@LOCALSTATES_PREFIX@/bayes_longsubject.ham</path>
<spam>no</spam>
<label>long subject</label>
</statfile>
<statfile>
<symbol>BAYES_SPAM</symbol>
<size>10M</size>
<path>@LOCALSTATES_PREFIX@/bayes_replyto.spam</path>
<spam>yes</spam>
<label>different reply to</label>
</statfile>
<statfile>
<symbol>BAYES_HAM</symbol>
<size>10M</size>
<path>@LOCALSTATES_PREFIX@/bayes_replyto.ham</path>
<spam>no</spam>
<label>different reply to</label>
</statfile>
<statfile>
<symbol>BAYES_SPAM</symbol>
<size>10M</size>
<path>@LOCALSTATES_PREFIX@/bayes_replymessage.spam</path>
<spam>yes</spam>
<label>reply message</label>
</statfile>
<statfile>
<symbol>BAYES_HAM</symbol>
<size>10M</size>
<path>@LOCALSTATES_PREFIX@/bayes_replymessage.ham</path>
<spam>no</spam>
<label>reply message</label>
</statfile>
</classifier>
-->
<!-- End of classifiers section -->
<!-- Modules section -->
<modules>
<path>@ETC_PREFIX@/rspamd/plugins/lua/</path>
</modules>
<!-- End of modules section -->
</rspamd>