conf/modules.d/surbl.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

# Deprecated, use RBL module!
surbl {
  whitelist = [
    "https://maps.rspamd.com/rspamd/surbl-whitelist.inc.zst",
    "${DBDIR}/surbl-whitelist.inc.local",
    "fallback+file://${CONFDIR}/surbl-whitelist.inc"
  ];

  rules {
    "SURBL_MULTI" {
      suffix = "multi.surbl.org";
      check_dkim = true;
      check_emails = true;
      bits {
        CRACKED_SURBL = 128; # From February 2016
        ABUSE_SURBL = 64;
        MW_SURBL_MULTI = 16;
        PH_SURBL_MULTI = 8;
        SURBL_BLOCKED = 1;
      }
    }
    "URIBL_MULTI" {
      suffix = "multi.uribl.com";
      check_dkim = true;
      check_emails = true;
      bits {
        URIBL_BLOCKED = 1;
        URIBL_BLACK = 2;
        URIBL_GREY = 4;
        URIBL_RED = 8;
      }
    }
    "RSPAMD_URIBL" {
      suffix = "uribl.rspamd.com";
      check_dkim = true;
      check_emails = true;
      process_script =<<EOD
function(url, suffix)
  local cr = require "rspamd_cryptobox_hash"
  local h = cr.create(url):base32():sub(1, 32)
  return string.format("%s.%s", h, suffix)
end
EOD;
    }
    "DBL" {
      suffix = "dbl.spamhaus.org";
      no_ip = true;
      check_emails = true;
      check_dkim = true;

      ips = {
        # spam domain
        DBL_SPAM = "127.0.1.2";
        # phish domain
        DBL_PHISH = "127.0.1.4";
        # malware domain
        DBL_MALWARE = "127.0.1.5";
        # botnet C&C domain
        DBL_BOTNET = "127.0.1.6";
        # abused legit spam
        DBL_ABUSE = "127.0.1.102";
        # abused spammed redirector domain
        DBL_ABUSE_REDIR = "127.0.1.103";
        # abused legit phish
        DBL_ABUSE_PHISH = "127.0.1.104";
        # abused legit malware
        DBL_ABUSE_MALWARE = "127.0.1.105";
        # abused legit botnet C&C
        DBL_ABUSE_BOTNET = "127.0.1.106";
        # error - IP queries prohibited!
        DBL_PROHIBIT = "127.0.1.255";
      }
    }

    "SPAMHAUS_ZEN_URIBL" {
      suffix = "zen.spamhaus.org";
      resolve_ip = true;
      check_emails = true;
      ips {
        URIBL_SBL = "127.0.0.2";
        URIBL_SBL_CSS = "127.0.0.3";
        URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
        URIBL_PBL = ["127.0.0.10", "127.0.0.11"];
        URIBL_DROP = "127.0.0.9";
      }
    }

    "SEM_URIBL_UNKNOWN" {
      suffix = "uribl.spameatingmonkey.net";
      bits {
        SEM_URIBL = 2;
      }
      no_ip = true;
    }

    "SEM_URIBL_FRESH15_UNKNOWN" {
      suffix = "fresh15.spameatingmonkey.net";
      bits {
        SEM_URIBL_FRESH15 = 2;
      }
      no_ip = true;
    }

    "RBL_SARBL_BAD" {
      suffix = "public.sarbl.org";
      noip   = true;
      images = true;
    }
  }

  .include(try=true,priority=5) "${DBDIR}/dynamic/surbl.conf"
  .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/surbl.conf"
  .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/surbl.conf"
}