1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
# parameters defined on the top level
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
# parameters defined on the top level
#
# For specific modules or configuration you can also modify
# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
#
# See https://rspamd.com/doc/tutorials/writing_rules.html for details
surbl {
whitelist = [
"https://maps.rspamd.com/rspamd/surbl-whitelist.inc.zst",
"${DBDIR}/surbl-whitelist.inc.local",
"fallback+file://${CONFDIR}/surbl-whitelist.inc"
];
exceptions = [
"https://maps.rspamd.com/rspamd/2tld.inc.zst",
"${DBDIR}/2tld.inc.local",
"fallback+file://${CONFDIR}/2tld.inc"
];
rules {
"SURBL_MULTI" {
suffix = "multi.surbl.org";
check_dkim = true;
check_emails = true;
bits {
CRACKED_SURBL = 128; # From February 2016
ABUSE_SURBL = 64;
MW_SURBL_MULTI = 16;
PH_SURBL_MULTI = 8;
SURBL_BLOCKED = 1;
}
}
"URIBL_MULTI" {
suffix = "multi.uribl.com";
check_dkim = true;
check_emails = true;
bits {
URIBL_BLOCKED = 1;
URIBL_BLACK = 2;
URIBL_GREY = 4;
URIBL_RED = 8;
}
}
"RSPAMD_URIBL" {
suffix = "uribl.rspamd.com";
check_dkim = true;
check_emails = true;
process_script =<<EOD
function(url, suffix)
local cr = require "rspamd_cryptobox_hash"
local h = cr.create(url):base32():sub(1, 32)
return string.format("%s.%s", h, suffix)
end
EOD;
}
"DBL" {
suffix = "dbl.spamhaus.org";
no_ip = true;
check_emails = true;
check_dkim = true;
ips = {
# spam domain
DBL_SPAM = "127.0.1.2";
# phish domain
DBL_PHISH = "127.0.1.4";
# malware domain
DBL_MALWARE = "127.0.1.5";
# botnet C&C domain
DBL_BOTNET = "127.0.1.6";
# abused legit spam
DBL_ABUSE = "127.0.1.102";
# abused spammed redirector domain
DBL_ABUSE_REDIR = "127.0.1.103";
# abused legit phish
DBL_ABUSE_PHISH = "127.0.1.104";
# abused legit malware
DBL_ABUSE_MALWARE = "127.0.1.105";
# abused legit botnet C&C
DBL_ABUSE_BOTNET = "127.0.1.106";
# error - IP queries prohibited!
DBL_PROHIBIT = "127.0.1.255";
}
}
"SPAMHAUS_ZEN_URIBL" {
suffix = "zen.spamhaus.org";
resolve_ip = true;
check_emails = true;
ips {
URIBL_SBL = "127.0.0.2";
URIBL_SBL_CSS = "127.0.0.3";
URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
URIBL_PBL = ["127.0.0.10", "127.0.0.11"];
URIBL_DROP = "127.0.0.9";
}
}
"SEM_URIBL_UNKNOWN" {
suffix = "uribl.spameatingmonkey.net";
bits {
SEM_URIBL = 2;
}
no_ip = true;
}
"SEM_URIBL_FRESH15_UNKNOWN" {
suffix = "fresh15.spameatingmonkey.net";
bits {
SEM_URIBL_FRESH15 = 2;
}
no_ip = true;
}
"RBL_SARBL_BAD" {
suffix = "public.sarbl.org";
noip = true;
images = true;
}
}
.include(try=true,priority=5) "${DBDIR}/dynamic/surbl.conf"
.include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/surbl.conf"
.include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/surbl.conf"
}
|
