aboutsummaryrefslogtreecommitdiffstats
path: root/conf/modules.d/surbl.conf
blob: 446cf616faef0f74faa79101a030afd4f9876136 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
# parameters defined on the top level
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
# parameters defined on the top level
#
# For specific modules or configuration you can also modify
# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
#
# See https://rspamd.com/doc/tutorials/writing_rules.html for details

surbl {
    whitelist = [
        "${CONFDIR}/surbl-whitelist.inc",
        "${DBDIR}/surbl-whitelist.inc.local"
    ];
    exceptions = [
        "${CONFDIR}/2tld.inc",
        "${DBDIR}/2tld.inc.local"
    ];

    rules {
        "SURBL_MULTI" {
            suffix = "multi.surbl.org";
            bits {
                CRACKED_SURBL = 128; # From February 2016
                ABUSE_SURBL = 64;
                MW_SURBL_MULTI = 16;
                PH_SURBL_MULTI = 8;
                SURBL_BLOCKED = 1;
            }
        }
        "URIBL_MULTI" {
            suffix = "multi.uribl.com";
            bits {
                URIBL_BLOCKED = 1;
                URIBL_BLACK = 2;
                URIBL_GREY = 4;
                URIBL_RED = 8;
            }
        }
        "RSPAMD_URIBL" {
            suffix = "uribl.rspamd.com";
            process_script =<<EOD
function(url, suffix)
  local cr = require "rspamd_cryptobox_hash"
  h = cr.create(url):base32():sub(1, 32)
  return string.format("%s.%s", h, suffix)
end
EOD;
        }
        "DBL" {
            suffix = "dbl.spamhaus.org";
            no_ip = true;

            ips = {
                # spam domain
                DBL_SPAM = "127.0.1.2";
                # phish domain
                DBL_PHISH = "127.0.1.4";
                # malware domain
                DBL_MALWARE = "127.0.1.5";
                # botnet C&C domain
                DBL_BOTNET = "127.0.1.6";
                # abused legit spam
                DBL_ABUSE = "127.0.1.102";
                # abused spammed redirector domain
                DBL_ABUSE_REDIR = "127.0.1.103";
                # abused legit phish
                DBL_ABUSE_PHISH = "127.0.1.104";
                # abused legit malware
                DBL_ABUSE_MALWARE = "127.0.1.105";
                # abused legit botnet C&C
                DBL_ABUSE_BOTNET = "127.0.1.106";
                # error - IP queries prohibited!
                DBL_PROHIBIT = "127.0.1.255";
            }
        }

        "SBL_URIBL" {
            suffix = "sbl.spamhaus.org";
            resolve_ip = true;
            ips {
                URIBL_SBL = "127.0.0.2";
                URIBL_SBL_CSS = "127.0.0.3";
            }
        }

        "SEM_URIBL_UNKNOWN" {
            suffix = "uribl.spameatingmonkey.net";
            bits {
                SEM_URIBL = 2;
            }
            no_ip = true;
        }

        "SEM_URIBL_FRESH15_UNKNOWN" {
            suffix = "fresh15.spameatingmonkey.net";
            bits {
                SEM_URIBL_FRESH15 = 2;
            }
            no_ip = true;
        }

        "RBL_SARBL_BAD" {
            suffix = "public.sarbl.org";
            noip   = true;
            images = true;
        }
    }

    .include(try=true,priority=5) "${DBDIR}/dynamic/surbl.conf"
    .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/surbl.conf"
    .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/surbl.conf"
}