<?xml version="1.0" encoding="UTF-8"?>
<rspamd>
<!-- Main section -->
<tempdir>/tmp</tempdir>
<pidfile>/var/run/rspamd.pid</pidfile>
<filters>regexp,surbl,chartable,fuzzy_check,spf</filters>
<statfile_pool_size>262144000</statfile_pool_size>
<raw_mode>yes</raw_mode>
<lua src="@ETC_PREFIX@/rspamd/lua/rspamd.lua" />
<!-- End of main section -->

<!-- Logging section -->
<logging>
 <level>info</level>
 <log_urls>yes</log_urls>
 <type>console</type>
<!-- Other types
 <type filename="/var/log/rspamd/rspamd.log">file</type>
 <type facility="local7">syslog</type>
-->
<!-- Selective debug
 <debug_ip>127.0.0.1</debug_ip>
 <debug_symbols>SYMBOL1,SYMBOL2</debug_symbols>
-->
</logging>
<!-- End of logging section -->


<!-- Metrics section -->
<metric>
 <name>default</name>
 <required_score>10.0</required_score>
 <!-- Sample actions -->
 <action>reject</action>
 <action>greylist:5</action>
 <action>add_header:5</action>

 <!-- Weights for symbols -->

 <!-- Subject is missing inside message -->
 <symbol weight="2.00" description="Subject is missing inside message">MISSING_SUBJECT</symbol>
 <!-- Message pretends to be send from Outlook but has 'strange' tags -->
 <symbol weight="2.10" description="Message pretends to be send from Outlook but has 'strange' tags ">FORGED_OUTLOOK_TAGS</symbol>
 <!-- Sender is forged (different From: header and smtp MAIL FROM: addresses) -->
 <symbol weight="5.00" description="Sender is forged (different From: header and smtp MAIL FROM: addresses)">FORGED_SENDER</symbol>
 <!-- Recipients seems to be autogenerated (works if recipients count is more than 5) -->
 <symbol weight="3.50" description="Recipients seems to be autogenerated (works if recipients count is more than 5)">SUSPICIOUS_RECIPS</symbol>
 <!-- Fake reply (has RE in subject, but has not References header) --> 
 <symbol weight="6.00" description="Fake reply (has RE in subject, but has not References header)">FAKE_REPLY_C</symbol>
 <!-- Messages that have only HTML part -->
 <symbol weight="1.00" description="Messages that have only HTML part">MIME_HTML_ONLY</symbol>
 <!-- Forged yahoo msgid -->
 <symbol weight="2.00" description="Forged yahoo msgid">FORGED_MSGID_YAHOO</symbol>
 <!-- Forged The Bat! MUA headers -->
 <symbol weight="2.00" description="Forged The Bat! MUA headers">FORGED_MUA_THEBAT_BOUN</symbol>
 <!-- Charset is missing in a message -->
 <symbol weight="5.00" description="Charset is missing in a message">R_MISSING_CHARSET</symbol>
 <!-- Two received headers with ip addresses -->
 <symbol weight="2.00" description="Two received headers with ip addresses">RCVD_DOUBLE_IP_SPAM</symbol>
 <!-- Forged outlook HTML signature -->
 <symbol weight="5.00" description="Forged outlook HTML signature">FORGED_OUTLOOK_HTML</symbol>
 <!-- Recipients are absent or undisclosed -->
 <symbol weight="5.00" description="Recipients are absent or undisclosed">R_UNDISC_RCPT</symbol>
 <!-- White color on white background in HTML messages -->
 <symbol weight="9.00" description="White color on white background in HTML messages">R_WHITE_ON_WHITE</symbol>
 <!-- Short html part with a link to an image -->
 <symbol weight="3.00" description="Short html part with a link to an image">HTML_SHORT_LINK_IMG_2</symbol>
 <!-- Forged outlook MUA -->
 <symbol weight="3.00" description="Forged outlook MUA ">FORGED_MUA_OUTLOOK</symbol>
 <!-- Fake helo for verizon provider -->
 <symbol weight="2.00" description="Fake helo for verizon provider">FM_FAKE_HELO_VERIZON</symbol>
 <!--Quoted reply-to from yahoo (seems to be forged) --> 
 <symbol weight="2.00" description="Quoted reply-to from yahoo (seems to be forged)">REPTO_QUOTE_YAHOO</symbol>
 <!-- Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange) -->
 <symbol weight="5.00" description="Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange)">MISSING_MIMEOLE</symbol>
 <!-- To header is missing -->
 <symbol weight="2.00" description="To header is missing">MISSING_TO</symbol>
 <!-- From that contains encoded characters while base 64 is not needed as all symbols are 7bit -->
 <symbol weight="2.0" description="From that contains encoded characters while base 64 is not needed as all symbols are 7bit">FROM_EXCESS_BASE64</symbol>
 <!-- Mixed characters in a message -->
 <symbol weight="5.00" description="Mixed characters in a message">R_MIXED_CHARSET</symbol>
 <!-- Recipients list seems to be sorted -->
 <symbol weight="3.50" description="Recipients list seems to be sorted">SORTED_RECIPS</symbol>
 <!-- Spambots signatures in received headers -->
 <symbol weight="3.00" description="Spambots signatures in received headers">R_RCVD_SPAMBOTS</symbol>
 <!-- To header seems to be autogenerated -->
 <symbol weight="2.00" description="To header seems to be autogenerated">R_TO_SEEMS_AUTO</symbol>
 <!-- Subject needs encoding -->
 <symbol weight="1.00" description="Subject needs encoding">SUBJECT_NEEDS_ENCODING</symbol>
 <!-- Spam string at the end of message to make statistics faults 0-->
 <symbol weight="3.84" description="Spam string at the end of message to make statistics faults 0">TRACKER_ID</symbol>
 <!-- No space in from header -->
 <symbol weight="3.00" description="No space in from header">R_NO_SPACE_IN_FROM</symbol>
 <!-- Subject seems to be spam --> 
 <symbol weight="8.00" description="Subject seems to be spam">R_SAJDING</symbol>
 <!-- Detects bad content-transfer-encoding for text parts -->
 <symbol weight="3.00" description="Detects bad content-transfer-encoding for text parts">R_BAD_CTE_7BIT</symbol>
 <!-- Flash redirect on imageshack.us -->
 <symbol weight="10.00" description="Flash redirect on imageshack.us">R_FLASH_REDIR_IMGSHACK</symbol>
 <!-- Message id is incorrect -->
 <symbol weight="5.00" description="Message id is incorrect">INVALID_MSGID</symbol>
 <!-- Message id is missing -->
 <symbol weight="3.00" description="Message id is missing ">MISSING_MID</symbol>
 <!-- Recipients are not the same as RCPT TO: mail command -->
 <symbol weight="3.00" description="Recipients are not the same as RCPT TO: mail command">FORGED_RECIPIENTS</symbol>
 <!-- Forged Exchange messages -->
 <symbol weight="2.00" description="Forged Exchange messages ">RATWARE_MS_HASH</symbol>
 <!-- Reply-type in content-type -->
 <symbol weight="1.00" description="Reply-type in content-type">STOX_REPLY_TYPE</symbol>
 <!-- IP in received headers is in PBL -->
 <symbol weight="3.00" description="IP in received headers is in PBL">R_IP_PBL</symbol>
 <!-- One received header in a message -->
 <symbol weight="1.00" description="One received header in a message ">ONCE_RECEIVED</symbol>
 <!-- One received header with 'bad' patterns inside -->
 <symbol weight="4.00" description="One received header with 'bad' patterns inside">ONCE_RECEIVED_STRICT</symbol>
 <!-- Received headers contains addresses from RBL -->
 <symbol weight="1.00" description="Received headers contains addresses from RBL">RECEIVED_RBL</symbol>
 <!-- Text and HTML parts differ -->
 <symbol weight="3.00" description="Text and HTML parts differ">R_PARTS_DIFFER</symbol>
 <!-- Only Content-Type header without other MIME headers -->
 <symbol weight="2.00" description="Only Content-Type header without other MIME headers">MIME_HEADER_CTYPE_ONLY</symbol>
 <!-- Message contains empty parts and image -->
 <symbol weight="2.00" description="Message contains empty parts and image ">R_EMPTY_IMAGE</symbol>

 <!-- Drugs patterns inside message -->
 <symbol weight="2.00" description="Drugs patterns inside message">DRUGS_MANYKINDS</symbol>
 <!-- Specific drugs signatures -->
 <symbol weight="2.00" description="">DRUGS_ANXIETY</symbol>
 <symbol weight="2.00" description="">DRUGS_MUSCLE</symbol>
 <symbol weight="2.00" description="">DRUGS_ANXIETY_EREC</symbol>
 <symbol weight="2.00" description="">DRUGS_DIET</symbol>
 <symbol weight="2.00" description="">DRUGS_ERECTILE</symbol>

 <!-- 2 or 3 'advance fee' patterns in a message -->
 <symbol weight="3.30" description="2 'advance fee' patterns in a message">ADVANCE_FEE_2</symbol>
 <symbol weight="2.12" description="3 'advance fee' patterns in a message">ADVANCE_FEE_3</symbol>

 <!-- Lotto signatures -->
 <symbol weight="8.00" description="Lotto signatures">R_LOTTO</symbol>

 <!-- Statistics -->
 <symbol weight="3.00" description="Message probably spam, probability: ">BAYES_SPAM</symbol>
 <symbol weight="-3.00" description="Message probably ham, probability: ">BAYES_HAM</symbol>

 <!-- Fuzzy lists example -->
 <symbol weight="1.00" description="">R_FUZZY</symbol>
 <symbol weight="1.00" description="">R_FUZZY1</symbol>
 <symbol weight="1.00" description="">R_FUZZY2</symbol>
 <symbol weight="1.00" description="">R_FUZZY3</symbol>

 <!-- SPF rules -->
 <symbol weight="3.00" description="SPF verification failed">R_SPF_FAIL</symbol>
 <symbol weight="1.00" description="SPF verification soft-failed">R_SPF_SOFTFAIL</symbol>
 <symbol weight="-3.00" description="SPF verification alowed">R_SPF_ALLOW</symbol>

 <!-- Whitelisted client's IP --> 
 <symbol weight="-2.00" description="Whitelisted client's IP">WHITELIST_IP</symbol>
 <!-- Message seems to be from maillist -->
 <symbol weight="-2.00" description="Message seems to be from maillist">MAILLIST</symbol>

 <!-- multi.surbl.org lists (more details at http://www.surbl.org) -->
 <!-- Phishing and malware sites -->
 <symbol weight="5.50" description="Phishing and malware sites">PH_SURBL_MULTI</symbol>
 <!-- Outblaze URI Blacklist -->
 <symbol weight="5.50" description="Outblaze URI Blacklist">OB_SURBL_MULTI</symbol>
 <!-- AbuseButler web sites -->
 <symbol weight="5.50" description="AbuseButler web sites">AB_SURBL_MULTI</symbol>
 <!-- SpamCop web sites -->
 <symbol weight="5.50" description="SpamCop web sites">SC_SURBL_MULTI</symbol>
 <!-- jwSpamSpy + Prolocation sites -->
 <symbol weight="5.50" description="jwSpamSpy + Prolocation sites">JP_SURBL_MULTI</symbol>
 <!-- sa-blacklist web sites -->
 <symbol weight="5.50" description="sa-blacklist web sites ">WS_SURBL_MULTI</symbol>

 <!-- rambler.ru uribl -->
 <symbol weight="9.50" description="rambler.ru uribl">RAMBLER_URIBL</symbol>

 <!-- rambler.ru emailbl -->
 <symbol weight="9.50" description="rambler.ru emailbl">RAMBLER_EMAILBL</symbol>

 <!-- Phished mail -->
 <symbol weight="5.0" description="Phished mail">PHISHING</symbol>

 <!-- Recipients are not the same as RCPT TO: mail command, but from maillist -->
 <symbol weight="-0.1" description="Recipients are not the same as RCPT TO: mail command, but from maillist">FORGED_RECIPIENTS_MAILLIST</symbol>


</metric>
<!-- End of metrics section -->

<!-- Composites section -->
<composite name="FORGED_RECIPIENTS_MAILLIST">FORGED_RECIPIENTS &amp; MAILLIST</composite>
<!-- End of composites section -->

<!-- Workers section -->
<worker>
  <type>fuzzy</type>
  <bind_socket>localhost:11335</bind_socket>
  <count>1</count>
  <maxfiles>2048</maxfiles>
  <maxcore>0</maxcore>
<!-- Other params -->
    <hashfile>/tmp/fuzzy.db</hashfile>
    <use_judy>yes</use_judy>
</worker>
<worker>
  <type>controller</type>
  <bind_socket>localhost:11334</bind_socket>
  <count>1</count>
  <maxfiles>2048</maxfiles>
  <maxcore>0</maxcore>
<!-- Other params -->
    <password>q1</password>
</worker>
<worker>
  <type>normal</type>
  <bind_socket>*:11333</bind_socket>
  <count>1</count>
  <maxfiles>2048</maxfiles>
  <maxcore>0</maxcore>
<!-- Other params -->
</worker>
<!-- End of workers section -->

<!-- Modules section -->
<!-- fuzzy_check -->
<module name="fuzzy_check">
  <servers>localhost:11335</servers>
  <symbol>R_FUZZY</symbol>
  <min_bytes>300</min_bytes>
  <max_score>10</max_score>
  <mime_types>application/pdf</mime_types>
  <fuzzy_map>1:R_FUZZY1:10,2:R_FUZZY2:5,3:R_FUZZY3:-2.1</fuzzy_map>
</module>


<!-- forged_recipients -->
<module name="forged_recipients">
  <symbol_sender>FORGED_SENDER</symbol_sender>
  <symbol_rcpt>FORGED_RECIPIENTS</symbol_rcpt>
</module>

<!-- maillist -->
<module name="maillist">
  <symbol>MAILLIST</symbol>
</module>

<!-- surbl -->
<module name="surbl">
  <whitelist>file://@ETC_PREFIX@/rspamd/surbl-whitelist.inc</whitelist>
  <exceptions>file://@ETC_PREFIX@/rspamd/2tld.inc</exceptions>
  <bit_64>JP</bit_64>
  <bit_32>AB</bit_32>
  <bit_16>OB</bit_16>
  <bit_8>PH</bit_8>
  <bit_4>WS</bit_4>
  <bit_2>SC</bit_2>
  <suffix_RAMBLER_URIBL>uribl.rambler.ru</suffix_RAMBLER_URIBL>
  <option name="suffix_%b_SURBL_MULTI">multi.surbl.org</option>
  <redirector_read_timeout>10s</redirector_read_timeout>
  <redirector_connect_timeout>1s</redirector_connect_timeout>
  <redirector>localhost:8080</redirector>
</module>

<!-- received_rbl -->
<module name="received_rbl">
  <symbol>RECEIVED_RBL</symbol>
  <rbl>pbl.spamhaus.org</rbl>
  <rbl>xbl.spamhaus.org</rbl>
  <rbl>insecure-bl.rambler.ru</rbl>
</module>

<!-- whitelist -->
<module name="whitelist">
  <ip_whitelist>http://cebka.pp.ru/stuff/grey_whitelist.conf</ip_whitelist>
  <symbol_ip>WHITELIST_IP</symbol_ip>
</module>

<!-- chartable -->
<module name="chartable">
  <threshold>0.1</threshold>
  <symbol>R_MIXED_CHARSET</symbol>
</module>

<!-- once_received -->
<module name="once_received">
  <good_host>mail</good_host>
  <bad_host>static</bad_host>
  <bad_host>dynamic</bad_host>
  <symbol_strict>ONCE_RECEIVED_STRICT</symbol_strict>
  <symbol>ONCE_RECEIVED</symbol>
</module>

<!-- multimap -->
<module name="multimap">
<!--
	<rule>type = header, header = To, pattern = @(.+)>?$, map = file://@ETC_PREFIX@/rspamd/rcpt_test, symbol = R_RCPT_WHITELIST</rule>
	<rule>type = ip, map = file://@ETC_PREFIX@/rspamd/ip_test, symbol = R_IP_WHITELIST</rule>
-->
	<rule>type = dnsbl, map = pbl.spamhaus.org, symbol = R_IP_PBL</rule>
</module>

<!-- phishing -->
<module name="phishing">
   <symbol>PHISHING</symbol>
   <!-- <domains>file://path/to/domains</domains> -->
</module>

<!-- Trie module -->
<!-- 
<module name="trie">
  <option name="rule">TRIE1:bad pattern</option>
</module>
-->

<!-- Emails blacklist -->
<module name="emails">
  <option name="rule">symbol = RAMBLER_EMAILBL, dnsbl = email-bl.rambler.ru, domain_only = false</option>
  <!--
  <option name="rule">symbol = R_BAD_EMAIL1, map = file:///tmp/emails.list, domain_only = true</option>
  -->
</module>


<!-- End of modules section -->

<!-- Classifiers section -->
<!--
<classifier type="winnow">
 <tokenizer>osb-text</tokenizer>
 <metric>default</metric>
 <min_tokens>20</min_tokens>
 <statfile>
  <symbol>WINNOW_HAM</symbol>
  <size>100M</size>
  <path>/var/run/rspamd/data.ham</path>
 </statfile>
 <statfile>
  <symbol>WINNOW_SPAM</symbol>
  <size>100M</size>
  <path>/var/run/rspamd/data.spam</path>
 </statfile>
</classifier>
-->
<!-- Example of slave
<classifier type="bayes">
 <tokenizer>osb-text</tokenizer>
 <metric>default</metric>
 <min_tokens>10</min_tokens>
 <learn_threshold>0.2</learn_threshold>
 <statfile>
  <symbol>BAYES_HAM</symbol>
  <size>10M</size>
  <path>/var/run/rspamd/bayes_slave.ham</path>
  <binlog_master>localhost:11334</binlog_master>
  <binlog>slave</binlog>
 </statfile>
 <statfile>
  <symbol>BAYES_SPAM</symbol>
  <size>10M</size>
  <path>/var/run/rspamd/bayes_slave.spam</path>
  <binlog>slave</binlog>
  <binlog_master>localhost:11334</binlog_master>
 </statfile>
</classifier>

-->
<classifier type="bayes">
 <tokenizer>osb-text</tokenizer>
 <metric>default</metric>
 <min_tokens>10</min_tokens>
 <statfile>
  <symbol>BAYES_HAM</symbol>
  <size>10M</size>
  <path>/var/run/rspamd/bayes.ham</path>
  <binlog>master</binlog>
 </statfile>
 <statfile>
  <symbol>BAYES_SPAM</symbol>
  <size>10M</size>
  <path>/var/run/rspamd/bayes.spam</path>
  <binlog>master</binlog>
 </statfile>
</classifier>

<!-- End of classifiers section -->

<!-- Modules section -->
<modules>
	<path>@ETC_PREFIX@/rspamd/plugins/lua/</path>
</modules>
<!-- End of modules section -->

</rspamd>