# Policies rules scores, includes SPF, DKIM, DMARC and ARC symbols # # Please don't modify this file as your changes might be overwritten with # the next update. # # You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine # parameters defined on the top level # # You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add # parameters defined on the top level # # For specific modules or configuration you can also modify # '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults # '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults # # See https://rspamd.com/doc/tutorials/writing_rules.html for details description = "SPF, DKIM, DMARC, ARC"; symbols = { # SPF "R_SPF_FAIL" { weight = 1.0; description = "SPF verification failed"; groups = ["spf"]; } "R_SPF_SOFTFAIL" { weight = 0.0; description = "SPF verification soft-failed"; groups = ["spf"]; } "R_SPF_NEUTRAL" { weight = 0.0; description = "SPF policy is neutral"; groups = ["spf"]; } "R_SPF_ALLOW" { weight = -0.2; description = "SPF verification allows sending"; groups = ["spf"]; } "R_SPF_DNSFAIL" { weight = 0.0; description = "SPF DNS failure"; groups = ["spf"]; } "R_SPF_NA" { weight = 0.0; description = "Missing SPF record"; one_shot = true; groups = ["spf"]; } "R_SPF_PERMFAIL" { weight = 0.0; description = "SPF record is malformed or persistent DNS error"; groups = ["spf"]; } "R_SPF_PLUSALL" { weight = 4.0; description = "SPF record allows to send from any IP"; groups = ["spf"]; } # DKIM "R_DKIM_REJECT" { weight = 1.0; description = "DKIM verification failed"; one_shot = true; groups = ["dkim"]; } "R_DKIM_TEMPFAIL" { weight = 0.0; description = "DKIM verification soft-failed"; groups = ["dkim"]; } "R_DKIM_PERMFAIL" { weight = 0.0; description = "DKIM verification hard-failed (invalid)"; groups = ["dkim"]; } "R_DKIM_ALLOW" { weight = -0.2; description = "DKIM verification succeed"; one_shot = true; groups = ["dkim"]; } "R_DKIM_NA" { weight = 0.0; description = "Missing DKIM signature"; one_shot = true; groups = ["dkim"]; } # DMARC "DMARC_POLICY_ALLOW" { weight = -0.5; description = "DMARC permit policy"; groups = ["dmarc"]; } "DMARC_POLICY_ALLOW_WITH_FAILURES" { weight = -0.5; description = "DMARC permit policy with DKIM/SPF failure"; groups = ["dmarc"]; } "DMARC_POLICY_REJECT" { weight = 2.0; description = "DMARC reject policy"; groups = ["dmarc"]; } "DMARC_POLICY_QUARANTINE" { weight = 1.5; description = "DMARC quarantine policy"; groups = ["dmarc"]; } "DMARC_POLICY_SOFTFAIL" { weight = 0.1; description = "DMARC failed"; groups = ["dmarc"]; } "DMARC_NA" { weight = 0.0; description = "No DMARC record"; groups = ["dmarc"]; } # ARC "ARC_ALLOW" { weight = -1.0; description = "ARC checks success"; groups = ["arc"]; } "ARC_REJECT" { weight = 1.0; description = "ARC checks failed"; groups = ["arc"]; } "ARC_INVALID" { weight = 0.5; description = "ARC structure invalid"; groups = ["arc"]; } "ARC_DNSFAIL" { weight = 0.0; description = "ARC DNS error"; groups = ["arc"]; } "ARC_NA" { weight = 0.0; description = "ARC signature absent"; groups = ["arc"]; } }