Compare commits
2 Commits
dd89a5d7fa
...
d60bd7fb98
Author | SHA1 | Date |
---|---|---|
Alex D. | d60bd7fb98 | |
Alex D. | 130e6aee18 |
|
@ -53,3 +53,10 @@ daemons/postfix/${BUILD_ID_OUT}: daemons/postfix/% : \
|
|||
data/postgres-cert/% \
|
||||
data/letsencrypt/%
|
||||
|
||||
daemons/opendkim/${BUILD_ID_OUT}: daemons/opendkim/% : \
|
||||
daemons/opendkim/trusted_hosts \
|
||||
daemons/opendkim/opendkim.conf \
|
||||
data/opendkim/%
|
||||
|
||||
daemons/rspamd/${BUILD_ID_OUT}: daemons/rspamd/% : \
|
||||
daemons/rspamd/config/ \
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
podman container create \
|
||||
--pod default \
|
||||
--pull=missing \
|
||||
--image-volume=tmpfs \
|
||||
--pull missing \
|
||||
--image-volume tmpfs \
|
||||
--volume nsd-data:/var/lib/nsd:rw,nodev,noexec,nosuid \
|
||||
oci-archive:daemons/nsd/oci-archive.tar:redxen.eu/daemons/nsd:latest
|
||||
|
|
|
@ -4,13 +4,18 @@
|
|||
|
||||
podman pod create \
|
||||
--userns=auto \
|
||||
--dns='2606:4700:4700::1111' \
|
||||
--dns='2606:4700:4700::1001' \
|
||||
--dns='2001:4860:4860::8888' \
|
||||
--dns='2001:4860:4860::8844' \
|
||||
--dns='1.1.1.1' \
|
||||
--dns='1.0.0.1' \
|
||||
--dns='8.8.8.8' \
|
||||
--dns='8.8.4.4' \
|
||||
--network=standard:mac="$(randmac)" \
|
||||
--network=host \
|
||||
default
|
||||
|
||||
#podman pod create \
|
||||
# --userns=auto \
|
||||
# --dns='2606:4700:4700::1111' \
|
||||
# --dns='2606:4700:4700::1001' \
|
||||
# --dns='2001:4860:4860::8888' \
|
||||
# --dns='2001:4860:4860::8844' \
|
||||
# --dns='1.1.1.1' \
|
||||
# --dns='1.0.0.1' \
|
||||
# --dns='8.8.8.8' \
|
||||
# --dns='8.8.4.4' \
|
||||
# --network=standard:mac="$(randmac)" \
|
||||
# default
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/sh
|
||||
|
||||
. "$(dirname $0)"/common.sh
|
||||
|
||||
podman container create \
|
||||
--pod default \
|
||||
--pull missing \
|
||||
--image-volume tmpfs \
|
||||
--volume postfix-data:/var/lib/postfix:rw,nodev,noexec,nosuid \
|
||||
oci-archive:daemons/postfix/oci-archive.tar:redxen.eu/daemons/postfix:latest
|
|
@ -54,11 +54,14 @@ service imap-login {
|
|||
}
|
||||
|
||||
service lmtp {
|
||||
unix_listener lmtp {
|
||||
mode = 0660
|
||||
user = dovecot
|
||||
group = mail
|
||||
inet_listener lmtp {
|
||||
port = 11555
|
||||
}
|
||||
# unix_listener lmtp {
|
||||
# mode = 0660
|
||||
# user = dovecot
|
||||
# group = mail
|
||||
# }
|
||||
}
|
||||
|
||||
protocol lmtp {
|
||||
|
|
|
@ -13,6 +13,6 @@ COPY --from=redxen.eu/data/postgres-cert:latest /redxen.eu/keys/murmur.key /root
|
|||
WORKDIR /etc/redxen/murmur
|
||||
|
||||
ADD murmur.ini murmur.ini
|
||||
RUN --mount=type=secret,id=mregpass sed -i -e "s/MUMBLE_REGISTER_PASS/$(cat /run/secrets/mregpass)/" $CONFIG
|
||||
RUN --mount=type=secret,id=mregpass sed -i -e "s/MUMBLE_REGISTER_PASS/$(cat /run/secrets/mregpass)/" murmur.ini
|
||||
|
||||
CMD murmurd -fg -ini murmur.ini
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
FROM alpine:latest
|
||||
|
||||
RUN --network=host apk add opendkim
|
||||
|
||||
WORKDIR /etc/redxen/opendkim
|
||||
COPY --from=redxen.eu/data/opendkim:latest /redxen.eu keys/
|
||||
|
||||
|
||||
ADD trusted_hosts trusted_hosts
|
||||
ADD opendkim.conf opendkim.conf
|
||||
|
||||
RUN for selector in keys/*.private; do \
|
||||
echo "*@redxen.eu $(basename "$selector" .private)._domainkey.redxen.eu" > signing_table; \
|
||||
echo "$(basename "$selector" .private)$_selector._domainkey.redxen.eu redxen.eu:$(basename "$selector" .private):$selector" > key_table; \
|
||||
done
|
||||
|
||||
RUN cat signing_table key_table
|
||||
|
||||
RUN opendkim -n -f -x opendkim.conf
|
||||
|
||||
CMD opendkim -f -x opendkim.conf
|
|
@ -0,0 +1,13 @@
|
|||
AutoRestart No
|
||||
UMask 002
|
||||
|
||||
Canonicalization relaxed/simple
|
||||
|
||||
InternalHosts refile:./trusted_hosts
|
||||
KeyTable refile:./key_table
|
||||
SigningTable refile:./signing_table
|
||||
|
||||
Mode s
|
||||
SignatureAlgorithm rsa-sha256
|
||||
|
||||
Socket inet6:7514
|
|
@ -0,0 +1,2 @@
|
|||
127.0.0.1
|
||||
::1
|
|
@ -43,8 +43,9 @@ smtp_tls_security_level = may
|
|||
smtp_tls_note_starttls_offer = yes
|
||||
|
||||
smtpd_use_tls = yes
|
||||
smtpd_tls_cert_file = /etc/redxen/letsencrypt/chain.crt
|
||||
smtpd_tls_key_file = /etc/redxen/letsencrypt/private.key
|
||||
smtpd_tls_CAfile = /etc/redxen/letsencrypt-cert/ca.crt
|
||||
smtpd_tls_cert_file = /etc/redxen/letsencrypt-cert/public.crt
|
||||
smtpd_tls_key_file = /etc/redxen/letsencrypt-cert/private.key
|
||||
smtpd_tls_security_level = may
|
||||
smtpd_tls_protocols = !SSLv2, !SSLv3
|
||||
|
||||
|
@ -71,12 +72,12 @@ smtpd_sasl_security_options = noanonymous
|
|||
smtpd_sasl_local_domain = $myorigin
|
||||
|
||||
# Dovecot LMTP
|
||||
mailbox_transport = lmtp:unix:/run/dovecot/lmtp
|
||||
mailbox_transport = lmtp:localhost:11555
|
||||
|
||||
# OpenDKIM & RSpamD
|
||||
milter_protocol = 6
|
||||
milter_default_action = tempfail
|
||||
internal_mail_filter_classes =
|
||||
|
||||
smtpd_milters = inet:rspamd.routinginfo.internal:7510 $non_smtpd_milters
|
||||
non_smtpd_milters = inet:opendkim.routinginfo.internal:7514
|
||||
smtpd_milters = inet:localhost:11333 $non_smtpd_milters
|
||||
non_smtpd_milters = inet:localhost:11444
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
hosts = postgresql.routinginfo.internal:7550
|
||||
hosts = localhost:5432
|
||||
dbname = mail
|
||||
user = postfix
|
||||
password = POSTGRESQL_PASSWORD
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
hosts = postgresql.routinginfo.internal:7550
|
||||
hosts = localhost:5432
|
||||
dbname = mail
|
||||
user = postfix
|
||||
password = POSTGRESQL_PASSWORD
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
FROM alpine:latest
|
||||
|
||||
RUN --network=host apk add \
|
||||
rspamd \
|
||||
rspamd-fuzzy
|
||||
|
||||
WORKDIR /etc/redxen/rspamd
|
||||
|
||||
ADD config/ ./
|
||||
|
||||
RUN rspamadm configtest -q -s
|
||||
|
||||
CMD rspamd -f -i
|
|
@ -0,0 +1,11 @@
|
|||
composites {
|
||||
FORGED_RECIPIENTS_MAILLIST {
|
||||
expression = "~FORGED_RECIPIENTS & MAILLIST";
|
||||
}
|
||||
FORGED_SENDER_MAILLIST {
|
||||
expression = "~FORGED_SENDER & MAILLIST";
|
||||
}
|
||||
REPLYTO_MAILLIST {
|
||||
expression = "~REPLYTO_EQ_TO_ADDR & MAILLIST";
|
||||
}
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
logging {
|
||||
type = "syslog";
|
||||
facility = "mail";
|
||||
level = "info";
|
||||
color = false;
|
||||
log_usec = false;
|
||||
debug_modules = []
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
arc {
|
||||
allow_envfrom_empty = true;
|
||||
allow_hdrfrom_mismatch = true;
|
||||
allow_hdrfrom_multiple = false;
|
||||
allow_username_mismatch = false;
|
||||
selector = "arc";
|
||||
sign_authenticated = false;
|
||||
sign_inbound = true;
|
||||
sign_local = false;
|
||||
symbol_sign = "ARC_SIGNED";
|
||||
try_fallback = true;
|
||||
use_domain = "recipient";
|
||||
use_esld = true;
|
||||
use_redis = true;
|
||||
key_prefix = "ARC_KEYS";
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
chartable {
|
||||
threshold = 0.300000;
|
||||
symbol = "R_MIXED_CHARSET";
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
dkim {
|
||||
dkim_cache_size = 2k;
|
||||
dkim_cache_expire = 1d;
|
||||
time_jitter = 6h;
|
||||
trusted_only = false;
|
||||
skip_multi = false;
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
dmarc {
|
||||
reporting = true;
|
||||
send_reports = false;
|
||||
}
|
|
@ -0,0 +1,54 @@
|
|||
force_actions {
|
||||
rules {
|
||||
FA_INVALID_DATE {
|
||||
expression = "INVALID_DATE";
|
||||
action = "reject";
|
||||
message = "Mail contains a invalid date";
|
||||
}
|
||||
FA_ANY_FUZZY_DENIED {
|
||||
expression = "RSPAMDCOM_FUZZY_DENIED | LOCAL_FUZZY_DENIED";
|
||||
action = "reject";
|
||||
message = "Mail matches fuzzy pattern";
|
||||
}
|
||||
FA_DMARC_POLICY_REJECT {
|
||||
expression = "DMARC_POLICY_REJECT";
|
||||
action = "reject";
|
||||
message = "DMARC failed";
|
||||
}
|
||||
FA_ARC_REJECT {
|
||||
expression = "ARC_REJECT";
|
||||
action = "reject";
|
||||
message = "ARC failed";
|
||||
}
|
||||
FA_RBL_SPAMHAUS_DBL_ANY {
|
||||
expression = "DBL_SPAM | DBL_PHISH | DBL_MALWARE | DBL_BOTNET | DBL_ABUSE | DBL_ABUSE_PHISH | DBL_ABUSE_MALWARE | DBL_ABUSE_BOTNET";
|
||||
action = "reject";
|
||||
message = "Mail sender / contents are listed on SPAMHAUS DBL";
|
||||
}
|
||||
FA_RBL_SPAMHAUS_DROP_ANY {
|
||||
expression = "RBL_SPAMHAUS_DROP | RECEIVED_SPAMHAUS_DROP | URIBL_DROP";
|
||||
action = "reject";
|
||||
message = "Mail sender / contents are listed on SPAMHAUS DROP";
|
||||
}
|
||||
FA_URIBL_BLACK {
|
||||
expression = "URIBL_BLACK";
|
||||
action = "reject";
|
||||
message = "You are listed on URIBL black";
|
||||
}
|
||||
FA_RBL_MAILSPIKE_ANY {
|
||||
expression = "RBL_MAILSPIKE_BAD | RBL_MAILSPIKE_VERYBAD | RBL_MAILSPIKE_WORST";
|
||||
action = "reject";
|
||||
message = "You are listed on Mailspike as bad or worse";
|
||||
}
|
||||
FA_RBL_SPAMHAUS_XBL_ANY {
|
||||
expression = "RBL_SPAMHAUS_XBL | RECEIVED_SPAMHAUS_XBL | URIBL_XBL";
|
||||
action = "reject";
|
||||
message = "Mail sender / contents are listed on SPAMHAUS XBL";
|
||||
}
|
||||
FA_DMARC_POLICY_QUARANTINE {
|
||||
expression = "DMARC_POLICY_QUARANTINE";
|
||||
action = "add header";
|
||||
honor_action = ["reject", "soft reject"];
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
forged_recipients {
|
||||
symbol_sender = "FORGED_SENDER";
|
||||
symbol_rcpt = "FORGED_RECIPIENTS";
|
||||
}
|
|
@ -0,0 +1,56 @@
|
|||
fuzzy_check {
|
||||
min_bytes = 1k; # Since small parts and small attachments causes too many FP
|
||||
timeout = 2s;
|
||||
retransmits = 1;
|
||||
rule "rspamd.com" {
|
||||
algorithm = "mumhash";
|
||||
servers = "round-robin:fuzzy1.rspamd.com:11335,fuzzy2.rspamd.com:11335";
|
||||
encryption_key = "icy63itbhhni8bq15ntp5n5symuixf73s1kpjh6skaq4e7nx5fiy";
|
||||
symbol = "RSPAMDCOM_FUZZY_UNKNOWN";
|
||||
mime_types = ["*"];
|
||||
max_score = 20.0;
|
||||
read_only = yes;
|
||||
skip_unknown = yes;
|
||||
short_text_direct_hash = true; # If less than min_length then use direct hash
|
||||
min_length = 64; # Minimum words count to consider shingles
|
||||
fuzzy_map = {
|
||||
RSPAMDCOM_FUZZY_DENIED {
|
||||
max_score = 20.0;
|
||||
flag = 1;
|
||||
}
|
||||
RSPAMDCOM_FUZZY_PROB {
|
||||
max_score = 10.0;
|
||||
flag = 2;
|
||||
}
|
||||
RSPAMDCOM_FUZZY_WHITE {
|
||||
max_score = 2.0;
|
||||
flag = 3;
|
||||
}
|
||||
}
|
||||
}
|
||||
rule "local" {
|
||||
algorithm = "mumhash";
|
||||
servers = "localhost:7513";
|
||||
symbol = "LOCAL_FUZZY_UNKNOWN";
|
||||
mime_types = ["*"];
|
||||
max_score = 20.0;
|
||||
read_only = no;
|
||||
skip_unknown = yes;
|
||||
short_text_direct_hash = true; # If less than min_length then use direct hash
|
||||
min_length = 64; # Minimum words count to consider shingles
|
||||
fuzzy_map = {
|
||||
LOCAL_FUZZY_DENIED {
|
||||
max_score = 20.0;
|
||||
flag = 1;
|
||||
}
|
||||
LOCAL_FUZZY_PROB {
|
||||
max_score = 10.0;
|
||||
flag = 2;
|
||||
}
|
||||
LOCAL_FUZZY_WHITE {
|
||||
max_score = 2.0;
|
||||
flag = 3;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
hfilter {
|
||||
helo_enabled = true;
|
||||
hostname_enabled = true;
|
||||
url_enabled = true;
|
||||
from_enabled = true;
|
||||
rcpt_enabled = true;
|
||||
mid_enabled = false;
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
maillist {
|
||||
symbol = "MAILLIST";
|
||||
}
|
|
@ -0,0 +1,32 @@
|
|||
milter_headers {
|
||||
skip_local = false;
|
||||
skip_authenticated = true;
|
||||
extended_spam_headers = false;
|
||||
use = ["x-spamd-result", "authentication-results"];
|
||||
authenticated_headers = ["authentication-results"];
|
||||
spf_symbols {
|
||||
pass = "R_SPF_ALLOW";
|
||||
fail = "R_SPF_FAIL";
|
||||
softfail = "R_SPF_SOFTFAIL";
|
||||
neutral = "R_SPF_NEUTRAL";
|
||||
temperror = "R_SPF_DNSFAIL";
|
||||
none = "R_SPF_NA";
|
||||
permerror = "R_SPF_PERMFAIL";
|
||||
}
|
||||
dkim_symbols {
|
||||
pass = "R_DKIM_ALLOW";
|
||||
fail = "R_DKIM_REJECT";
|
||||
temperror = "R_DKIM_TEMPFAIL";
|
||||
none = "R_DKIM_NA";
|
||||
permerror = "R_DKIM_PERMFAIL";
|
||||
}
|
||||
dmarc_symbols {
|
||||
pass = "DMARC_POLICY_ALLOW";
|
||||
permerror = "DMARC_BAD_POLICY";
|
||||
temperror = "DMARC_DNSFAIL";
|
||||
none = "DMARC_NA";
|
||||
reject = "DMARC_POLICY_REJECT";
|
||||
softfail = "DMARC_POLICY_SOFTFAIL";
|
||||
quarantine = "DMARC_POLICY_QUARANTINE";
|
||||
}
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
mx_check {
|
||||
enabled = true;
|
||||
timeout = 1.0;
|
||||
symbol_bad_mx = "MX_INVALID";
|
||||
symbol_no_mx = "MX_MISSING";
|
||||
symbol_good_mx = "MX_GOOD";
|
||||
expire = 86400;
|
||||
expire_novalid = 7200;
|
||||
greylist_invalid = true;
|
||||
key_prefix = "rmx";
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
phishing {
|
||||
symbol = "PHISHING";
|
||||
openphish_enabled = true;
|
||||
phishtank_enabled = true;
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
ratelimit {
|
||||
rates {
|
||||
to_ip_from = {
|
||||
bucket = {
|
||||
rate = "10 / 1m";
|
||||
burst = 50;
|
||||
}
|
||||
}
|
||||
}
|
||||
whitelisted_rcpts = "postmaster,mailer-daemon";
|
||||
max_rcpt = 25;
|
||||
info_symbol = "RATELIMITED";
|
||||
}
|
|
@ -0,0 +1,280 @@
|
|||
rbl {
|
||||
default_from = true;
|
||||
default_received = false;
|
||||
default_exclude_users = true;
|
||||
default_unknown = true;
|
||||
rbls {
|
||||
spamhaus {
|
||||
symbol = "RBL_SPAMHAUS";
|
||||
rbl = "zen.spamhaus.org";
|
||||
ipv6 = true;
|
||||
returncodes {
|
||||
RBL_SPAMHAUS_SBL = "127.0.0.2";
|
||||
RBL_SPAMHAUS_CSS = "127.0.0.3";
|
||||
RBL_SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
|
||||
RBL_SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"];
|
||||
RBL_SPAMHAUS_DROP = "127.0.0.9";
|
||||
}
|
||||
}
|
||||
|
||||
spamhaus_received {
|
||||
symbol = "RECEIVED_SPAMHAUS";
|
||||
rbl = "zen.spamhaus.org";
|
||||
ipv6 = true;
|
||||
received = true;
|
||||
from = false;
|
||||
ignore_whitelists = true;
|
||||
returncodes {
|
||||
RECEIVED_SPAMHAUS_SBL = "127.0.0.2";
|
||||
RECEIVED_SPAMHAUS_CSS = "127.0.0.3";
|
||||
RECEIVED_SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
|
||||
RECEIVED_SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"];
|
||||
RECEIVED_SPAMHAUS_DROP = "127.0.0.9";
|
||||
}
|
||||
}
|
||||
|
||||
mailspike {
|
||||
symbol = "MAILSPIKE";
|
||||
rbl = "rep.mailspike.net";
|
||||
is_whitelist = true;
|
||||
whitelist_exception = "MAILSPIKE";
|
||||
whitelist_exception = "RWL_MAILSPIKE_GOOD";
|
||||
whitelist_exception = "RWL_MAILSPIKE_NEUTRAL";
|
||||
whitelist_exception = "RWL_MAILSPIKE_POSSIBLE";
|
||||
whitelist_exception = "RBL_MAILSPIKE_WORST";
|
||||
whitelist_exception = "RBL_MAILSPIKE_VERYBAD";
|
||||
whitelist_exception = "RBL_MAILSPIKE_BAD";
|
||||
returncodes {
|
||||
RBL_MAILSPIKE_WORST = "127.0.0.10";
|
||||
RBL_MAILSPIKE_VERYBAD = "127.0.0.11";
|
||||
RBL_MAILSPIKE_BAD = "127.0.0.12";
|
||||
RWL_MAILSPIKE_NEUTRAL = ["127.0.0.16", "127.0.0.15", "127.0.0.14", "127.0.0.13"];
|
||||
RWL_MAILSPIKE_POSSIBLE = "127.0.0.17";
|
||||
RWL_MAILSPIKE_GOOD = "127.0.0.18";
|
||||
RWL_MAILSPIKE_VERYGOOD = "127.0.0.19";
|
||||
RWL_MAILSPIKE_EXCELLENT = "127.0.0.20";
|
||||
}
|
||||
}
|
||||
|
||||
senderscore {
|
||||
symbol = "RBL_SENDERSCORE";
|
||||
rbl = "bl.score.senderscore.com";
|
||||
}
|
||||
|
||||
sem {
|
||||
symbol = "RBL_SEM";
|
||||
rbl = "bl.spameatingmonkey.net";
|
||||
ipv6 = false;
|
||||
}
|
||||
|
||||
semIPv6 {
|
||||
symbol = "RBL_SEM_IPV6";
|
||||
rbl = "bl.ipv6.spameatingmonkey.net";
|
||||
ipv4 = false;
|
||||
ipv6 = true;
|
||||
}
|
||||
|
||||
dnswl {
|
||||
symbol = "RCVD_IN_DNSWL";
|
||||
rbl = "list.dnswl.org";
|
||||
ipv6 = true;
|
||||
is_whitelist = true;
|
||||
whitelist_exception = "RCVD_IN_DNSWL";
|
||||
whitelist_exception = "RCVD_IN_DNSWL_NONE";
|
||||
whitelist_exception = "RCVD_IN_DNSWL_LOW";
|
||||
whitelist_exception = "DNSWL_BLOCKED";
|
||||
returncodes {
|
||||
RCVD_IN_DNSWL_NONE = "127.0.%d+.0";
|
||||
RCVD_IN_DNSWL_LOW = "127.0.%d+.1";
|
||||
RCVD_IN_DNSWL_MED = "127.0.%d+.2";
|
||||
RCVD_IN_DNSWL_HI = "127.0.%d+.3";
|
||||
DNSWL_BLOCKED = "127.0.0.255";
|
||||
}
|
||||
}
|
||||
|
||||
virusfree {
|
||||
symbol = "RBL_VIRUSFREE_UNKNOWN";
|
||||
rbl = "bip.virusfree.cz";
|
||||
ipv6 = true;
|
||||
returncodes {
|
||||
RBL_VIRUSFREE_BOTNET = "127.0.0.2";
|
||||
}
|
||||
}
|
||||
|
||||
nixspam {
|
||||
symbol = "RBL_NIXSPAM";
|
||||
rbl = "ix.dnsbl.manitu.net";
|
||||
ipv6 = true;
|
||||
}
|
||||
|
||||
blocklistde {
|
||||
symbol = "RBL_BLOCKLISTDE";
|
||||
rbl = "bl.blocklist.de";
|
||||
ipv6 = true;
|
||||
}
|
||||
|
||||
blocklistde_received {
|
||||
symbol = "RECEIVED_BLOCKLISTDE";
|
||||
rbl = "bl.blocklist.de";
|
||||
ipv6 = true;
|
||||
received = true;
|
||||
from = false;
|
||||
ignore_whitelists = true;
|
||||
}
|
||||
|
||||
dnswl_dwl {
|
||||
symbol = "DWL_DNSWL";
|
||||
rbl = "dwl.dnswl.org";
|
||||
dkim = true;
|
||||
dkim_domainonly = false;
|
||||
dkim_match_from = true;
|
||||
ignore_whitelist = true;
|
||||
unknown = false;
|
||||
|
||||
returncodes {
|
||||
DWL_DNSWL_NONE = "127.0.%d+.0";
|
||||
DWL_DNSWL_LOW = "127.0.%d+.1";
|
||||
DWL_DNSWL_MED = "127.0.%d+.2";
|
||||
DWL_DNSWL_HI = "127.0.%d+.3";
|
||||
DWL_DNSWL_BLOCKED = "127.0.0.255";
|
||||
}
|
||||
}
|
||||
|
||||
RSPAMD_EMAILBL {
|
||||
ignore_whitelist = true;
|
||||
ignore_defaults = true;
|
||||
emails_delimiter = ".";
|
||||
hash_format = "base32";
|
||||
hash_len = 32;
|
||||
rbl = "email.rspamd.com";
|
||||
checks = ['emails', 'replyto'];
|
||||
hash = "blake2";
|
||||
returncodes = {
|
||||
RSPAMD_EMAILBL = "127.0.0.2";
|
||||
}
|
||||
}
|
||||
|
||||
MSBL_EBL {
|
||||
ignore_whitelist = true;
|
||||
ignore_defaults = true;
|
||||
rbl = "ebl.msbl.org";
|
||||
checks = ['emails', 'replyto'];
|
||||
emails_domainonly = false;
|
||||
hash = "sha1";
|
||||
returncodes = {
|
||||
MSBL_EBL = [
|
||||
"127.0.0.2",
|
||||
"127.0.0.3"
|
||||
];
|
||||
MSBL_EBL_GREY = [
|
||||
"127.0.1.2",
|
||||
"127.0.1.3"
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
# Old SURBL module
|
||||
"SURBL_MULTI" {
|
||||
ignore_defaults = true;
|
||||
rbl = "multi.surbl.org";
|
||||
checks = ['emails', 'dkim', 'urls'];
|
||||
emails_domainonly = true;
|
||||
|
||||
returnbits = {
|
||||
CRACKED_SURBL = 128; # From February 2016
|
||||
ABUSE_SURBL = 64;
|
||||
MW_SURBL_MULTI = 16;
|
||||
PH_SURBL_MULTI = 8;
|
||||
SURBL_BLOCKED = 1;
|
||||
}
|
||||
}
|
||||
|
||||
"URIBL_MULTI" {
|
||||
ignore_defaults = true;
|
||||
rbl = "multi.uribl.com";
|
||||
checks = ['emails', 'dkim', 'urls'];
|
||||
emails_domainonly = true;
|
||||
|
||||
returnbits {
|
||||
URIBL_BLOCKED = 1;
|
||||
URIBL_BLACK = 2;
|
||||
URIBL_GREY = 4;
|
||||
URIBL_RED = 8;
|
||||
}
|
||||
}
|
||||
|
||||
"RSPAMD_URIBL" {
|
||||
ignore_defaults = true;
|
||||
rbl = "uribl.rspamd.com";
|
||||
checks = ['emails', 'dkim', 'urls'];
|
||||
emails_domainonly = true;
|
||||
hash = 'blake2';
|
||||
hash_len = 32;
|
||||
hash_format = 'base32';
|
||||
|
||||
returncodes = {
|
||||
RSPAMD_URIBL = [
|
||||
"127.0.0.2",
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
"DBL" {
|
||||
ignore_defaults = true;
|
||||
rbl = "dbl.spamhaus.org";
|
||||
no_ip = true;
|
||||
checks = ['emails', 'dkim', 'urls'];
|
||||
emails_domainonly = true;
|
||||
|
||||
returncodes = {
|
||||
# spam domain
|
||||
DBL_SPAM = "127.0.1.2";
|
||||
# phish domain
|
||||
DBL_PHISH = "127.0.1.4";
|
||||
# malware domain
|
||||
DBL_MALWARE = "127.0.1.5";
|
||||
# botnet C&C domain
|
||||
DBL_BOTNET = "127.0.1.6";
|
||||
# abused legit spam
|
||||
DBL_ABUSE = "127.0.1.102";
|
||||
# abused spammed redirector domain
|
||||
DBL_ABUSE_REDIR = "127.0.1.103";
|
||||
# abused legit phish
|
||||
DBL_ABUSE_PHISH = "127.0.1.104";
|
||||
# abused legit malware
|
||||
DBL_ABUSE_MALWARE = "127.0.1.105";
|
||||
# abused legit botnet C&C
|
||||
DBL_ABUSE_BOTNET = "127.0.1.106";
|
||||
# error - IP queries prohibited!
|
||||
DBL_PROHIBIT = "127.0.1.255";
|
||||
# issue #3074
|
||||
DBL_BLOCKED_OPENRESOLVER = "127.255.255.254";
|
||||
DBL_BLOCKED = "127.255.255.255";
|
||||
}
|
||||
}
|
||||
|
||||
"SPAMHAUS_ZEN_URIBL" {
|
||||
suffix = "zen.spamhaus.org";
|
||||
resolve_ip = true;
|
||||
check_emails = true;
|
||||
ips {
|
||||
URIBL_SBL = "127.0.0.2";
|
||||
URIBL_SBL_CSS = "127.0.0.3";
|
||||
URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
|
||||
URIBL_PBL = ["127.0.0.10", "127.0.0.11"];
|
||||
URIBL_DROP = "127.0.0.9";
|
||||
}
|
||||
}
|
||||
|
||||
"SEM_URIBL_UNKNOWN" {
|
||||
ignore_defaults = true;
|
||||
rbl = "uribl.spameatingmonkey.net";
|
||||
no_ip = true;
|
||||
checks = ['emails', 'dkim', 'urls'];
|
||||
emails_domainonly = true;
|
||||
returnbits {
|
||||
SEM_URIBL = 2;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
redis {
|
||||
servers = "redis.routinginfo.internal:7551";
|
||||
db = 1;
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
spamtrap {
|
||||
enabled = true;
|
||||
map = file:///etc/redxen/rspamd/spamtrap.map;
|
||||
symbol = "SPAMTRAP";
|
||||
score = 1.0;
|
||||
learn_fuzzy = true;
|
||||
learn_spam = true;
|
||||
fuzzy_flag = 1;
|
||||
fuzzy_weight = 10.0;
|
||||
check_authed = false;
|
||||
check_local = false;
|
||||
action = "reject";
|
||||
}
|
|
@ -0,0 +1,6 @@
|
|||
spf {
|
||||
spf_cache_size = 2k;
|
||||
spf_cache_expire = 1d;
|
||||
disable_ipv6 = false;
|
||||
min_cache_ttl = 10m;
|
||||
}
|
|
@ -0,0 +1,74 @@
|
|||
.include "/etc/redxen/rspamd/workers.conf"
|
||||
.include "/etc/redxen/rspamd/logging.conf"
|
||||
.include "/etc/redxen/rspamd/composites.conf"
|
||||
.include "/etc/redxen/rspamd/statistic.conf"
|
||||
|
||||
lua = "$RULESDIR/rspamd.lua"
|
||||
modules {
|
||||
path = "${PLUGINSDIR}";
|
||||
}
|
||||
.include(glob=true) "/etc/redxen/rspamd/modules/*.conf"
|
||||
.include(glob=true) "/etc/redxen/rspamd/scores/*.conf"
|
||||
|
||||
options {
|
||||
pidfile = "$RUNDIR/rspamd.pid";
|
||||
filters = "ratelimit,mx_check,dkim,spf,arc,dmarc,maillist,fuzzy_check,chartable,phishing,rbl,hfilter,forged_recipients,redis,force_actions,milter_headers";
|
||||
raw_mode = false;
|
||||
one_shot = false;
|
||||
map_watch_interval = 5min;
|
||||
map_file_watch_multiplier = 0.1;
|
||||
dynamic_conf = "$DBDIR/rspamd_dynamic";
|
||||
history_file = "$DBDIR/rspamd.history";
|
||||
check_all_filters = false;
|
||||
dns {
|
||||
enable_dnssec = true;
|
||||
timeout = 1s;
|
||||
sockets = 16;
|
||||
retransmits = 5;
|
||||
}
|
||||
tempdir = "/tmp";
|
||||
url_tld = "${SHAREDIR}/effective_tld_names.dat";
|
||||
classify_headers = [
|
||||
"User-Agent",
|
||||
"X-Mailer",
|
||||
"Content-Type",
|
||||
"X-MimeOLE",
|
||||
];
|
||||
history_rows = 200;
|
||||
explicit_modules = ["settings","bayes_expiry"];
|
||||
|
||||
# Scan messages even if they are not MIME
|
||||
allow_raw_input = true;
|
||||
|
||||
# Start ignore words when reaching the following limit, so the total
|
||||
# amount of words processed will not be *LIKELY more than the twice of that limit
|
||||
words_decay = 600;
|
||||
|
||||
# Local networks
|
||||
local_addrs = [127.0.0.0/8, 10.0.0.0/8];
|
||||
hs_cache_dir = "${DBDIR}/";
|
||||
|
||||
# Timeout for messages processing (must be larger than any internal timeout used)
|
||||
task_timeout = 10s;
|
||||
|
||||
whitelist {
|
||||
priority = low;
|
||||
rcpt = "postmaster";
|
||||
want_spam = yes;
|
||||
}
|
||||
|
||||
authenticated {
|
||||
priority = high;
|
||||
authenticated = yes;
|
||||
apply {
|
||||
groups_enabled = ["mime_types","phishing","headers"];
|
||||
}
|
||||
}
|
||||
|
||||
# Emit soft reject when timeout takes place
|
||||
soft_reject_on_timeout = true;
|
||||
}
|
||||
|
||||
actions {
|
||||
add_header = 2;
|
||||
}
|
|
@ -0,0 +1,36 @@
|
|||
group "content" {
|
||||
description = "Content rules";
|
||||
|
||||
symbols = {
|
||||
"PDF_ENCRYPTED" {
|
||||
weight = 0.3;
|
||||
description = "There is an encrypted PDF in the message";
|
||||
one_shot = true;
|
||||
}
|
||||
"PDF_JAVASCRIPT" {
|
||||
weight = 0.1;
|
||||
description = "There is an PDF with JavaScript in the message";
|
||||
one_shot = true;
|
||||
}
|
||||
"PDF_SUSPICIOUS" {
|
||||
weight = 4.5;
|
||||
description = "There is an PDF with suspicious properties in the message";
|
||||
one_shot = true;
|
||||
}
|
||||
"PDF_LONG_TRAILER" {
|
||||
weight = 0.2;
|
||||
description = "There is an PDF with a long trailer";
|
||||
one_shot = true;
|
||||
}
|
||||
"PDF_MANY_OBJECTS" {
|
||||
weight = 0;
|
||||
description = "There is a PDF file with too many objects";
|
||||
one_shot = true;
|
||||
}
|
||||
"PDF_TIMEOUT" {
|
||||
weight = 0;
|
||||
description = "There is a PDF file that caused timeout in processing";
|
||||
one_shot = true;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
group "fuzzy" {
|
||||
description = "Fuzzy hashes group";
|
||||
|
||||
symbols = {
|
||||
"RSPAMDCOM_FUZZY_UNKNOWN" {
|
||||
weight = 5.0;
|
||||
description = "Generic fuzzy hash match, bl.rspamd.com";
|
||||
}
|
||||
"RSPAMDCOM_FUZZY_DENIED" {
|
||||
weight = 10.0;
|
||||
description = "Denied fuzzy hash, bl.rspamd.com";
|
||||
}
|
||||
"RSPAMDCOM_FUZZY_PROB" {
|
||||
weight = 5.0;
|
||||
description = "Probable fuzzy hash, bl.rspamd.com";
|
||||
}
|
||||
"RSPAMDCOM_FUZZY_WHITE" {
|
||||
weight = -2.1;
|
||||
description = "Whitelisted fuzzy hash, bl.rspamd.com";
|
||||
}
|
||||
"LOCAL_FUZZY_UNKNOWN" {
|
||||
weight = 5.0;
|
||||
description = "Generic fuzzy hash match, local";
|
||||
}
|
||||
"LOCAL_FUZZY_DENIED" {
|
||||
weight = 12.0;
|
||||
description = "Denied fuzzy hash, local";
|
||||
}
|
||||
"LOCAL_FUZZY_PROB" {
|
||||
weight = 5.0;
|
||||
description = "Probable fuzzy hash, local";
|
||||
}
|
||||
"LOCAL_FUZZY_WHITE" {
|
||||
weight = -2.0;
|
||||
description = "Whitelisted fuzzy hash, local";
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,61 @@
|
|||
group "headers" {
|
||||
description = "Various headers checks";
|
||||
max_score = 8.0;
|
||||
|
||||
symbols = {
|
||||
"FORGED_SENDER" {
|
||||
weight = 0.3;
|
||||
description = "Sender is forged (different From: header and smtp MAIL FROM: addresses)";
|
||||
}
|
||||
"R_MIXED_CHARSET" {
|
||||
weight = 5.0;
|
||||
description = "Mixed characters in a message";
|
||||
one_shot = true;
|
||||
}
|
||||
"R_MIXED_CHARSET_URL" {
|
||||
weight = 7.0;
|
||||
description = "Mixed characters in a URL inside message";
|
||||
one_shot = true;
|
||||
}
|
||||
"FORGED_RECIPIENTS" {
|
||||
weight = 2.0;
|
||||
description = "Recipients are not the same as RCPT TO: mail command";
|
||||
}
|
||||
"FORGED_RECIPIENTS_MAILLIST" {
|
||||
weight = 0.0;
|
||||
description = "Recipients are not the same as RCPT TO: mail command, but a message from a maillist";
|
||||
}
|
||||
"FORGED_SENDER_MAILLIST" {
|
||||
weight = 0.0;
|
||||
description = "Sender is not the same as MAIL FROM: envelope, but a message is from a maillist";
|
||||
}
|
||||
"ONCE_RECEIVED" {
|
||||
weight = 0.1;
|
||||
description = "One received header in a message";
|
||||
}
|
||||
"RDNS_NONE" {
|
||||
weight = 1.0;
|
||||
description = "Cannot resolve reverse DNS for sender's IP";
|
||||
}
|
||||
"RDNS_DNSFAIL" {
|
||||
weight = 0.0;
|
||||
description = "PTR verification DNS error";
|
||||
}
|
||||
"ONCE_RECEIVED_STRICT" {
|
||||
weight = 4.0;
|
||||
description = "One received header with 'bad' patterns inside";
|
||||
}
|
||||
"DIRECT_TO_MX" {
|
||||
weight = 0.0;
|
||||
description = "Message has been directly delivered from MUA to local MX";
|
||||
}
|
||||
"MAILLIST" {
|
||||
weight = -0.2;
|
||||
description = "Message seems to be from maillist";
|
||||
}
|
||||
"BOUNCE" {
|
||||
weight = -0.1;
|
||||
description = "(Non) Delivery Status Notification";
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,118 @@
|
|||
group "hfilter" {
|
||||
description = "SMTP envelope filter";
|
||||
|
||||
symbols = {
|
||||
"HFILTER_HELO_BAREIP" {
|
||||
weight = 3.0;
|
||||
description = "Helo host is bare ip";
|
||||
}
|
||||
"HFILTER_HELO_BADIP" {
|
||||
weight = 4.5;
|
||||
description = "Helo host is very bad ip";
|
||||
}
|
||||
"HFILTER_HELO_1" {
|
||||
weight = 0.5;
|
||||
description = "Helo host checks (very low)";
|
||||
}
|
||||
"HFILTER_HELO_2" {
|
||||
weight = 1.0;
|
||||
description = "Helo host checks (low)";
|
||||
}
|
||||
"HFILTER_HELO_3" {
|
||||
weight = 2.0;
|
||||
description = "Helo host checks (medium)";
|
||||
}
|
||||
"HFILTER_HELO_4" {
|
||||
weight = 2.5;
|
||||
description = "Helo host checks (hard)";
|
||||
}
|
||||
"HFILTER_HELO_5" {
|
||||
weight = 3.0;
|
||||
description = "Helo host checks (very hard)";
|
||||
}
|
||||
"HFILTER_HOSTNAME_1" {
|
||||
weight = 0.5;
|
||||
description = "Hostname checks (very low)";
|
||||
}
|
||||
"HFILTER_HOSTNAME_2" {
|
||||
weight = 1.0;
|
||||
description = "Hostname checks (low)";
|
||||
}
|
||||
"HFILTER_HOSTNAME_3" {
|
||||
weight = 2.0;
|
||||
description = "Hostname checks (medium)";
|
||||
}
|
||||
"HFILTER_HOSTNAME_4" {
|
||||
weight = 2.5;
|
||||
description = "Hostname checks (hard)";
|
||||
}
|
||||
"HFILTER_HOSTNAME_5" {
|
||||
weight = 3.0;
|
||||
description = "Hostname checks (very hard)";
|
||||
}
|
||||
"HFILTER_HELO_NORESOLVE_MX" {
|
||||
weight = 0.2;
|
||||
description = "MX found in Helo and no resolve";
|
||||
}
|
||||
"HFILTER_HELO_NORES_A_OR_MX" {
|
||||
weight = 0.3;
|
||||
description = "Helo no resolve to A or MX";
|
||||
}
|
||||
"HFILTER_HELO_IP_A" {
|
||||
weight = 1.0;
|
||||
description = "Helo A IP != hostname IP";
|
||||
}
|
||||
"HFILTER_HELO_NOT_FQDN" {
|
||||
weight = 2.0;
|
||||
description = "Helo not FQDN";
|
||||
}
|
||||
"HFILTER_FROMHOST_NORESOLVE_MX" {
|
||||
weight = 0.5;
|
||||
description = "MX found in FROM host and no resolve";
|
||||
}
|
||||
"HFILTER_FROMHOST_NORES_A_OR_MX" {
|
||||
weight = 1.5;
|
||||
description = "FROM host no resolve to A or MX";
|
||||
}
|
||||
"HFILTER_FROMHOST_NOT_FQDN" {
|
||||
weight = 3.0;
|
||||
description = "FROM host not FQDN";
|
||||
}
|
||||
"HFILTER_FROM_BOUNCE" {
|
||||
weight = 0.0;
|
||||
description = "Bounce message";
|
||||
}
|
||||
/*
|
||||
# Disabled by default
|
||||
"HFILTER_MID_NORESOLVE_MX" {
|
||||
weight = 0.5;
|
||||
description = "MX found in Message-id host and no resolve";
|
||||
}
|
||||
"HFILTER_MID_NORES_A_OR_MX" {
|
||||
weight = 0.5;
|
||||
name = ;
|
||||
description = "Message-id host no resolve to A or MX";
|
||||
}
|
||||
"HFILTER_MID_NOT_FQDN" {
|
||||
weight = 0.5;
|
||||
description = "Message-id host not FQDN";
|
||||
}
|
||||
*/
|
||||
"HFILTER_HOSTNAME_UNKNOWN" {
|
||||
weight = 2.5;
|
||||
description = "Unknown client hostname (PTR or FCrDNS verification failed)";
|
||||
}
|
||||
"HFILTER_RCPT_BOUNCEMOREONE" {
|
||||
weight = 1.5;
|
||||
description = "Message from bounce and over 1 recipient";
|
||||
}
|
||||
"HFILTER_URL_ONLY" {
|
||||
weight = 2.2;
|
||||
description = "URL only in body";
|
||||
}
|
||||
"HFILTER_URL_ONELINE" {
|
||||
weight = 2.5;
|
||||
description = "One line URL and text in body";
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,63 @@
|
|||
group "mime_types" {
|
||||
description = "Mime attachments rules";
|
||||
max_score = 10.0;
|
||||
|
||||
|
||||
symbols = {
|
||||
"MIME_GOOD" {
|
||||
weight = -0.1;
|
||||
description = "Known content-type";
|
||||
one_shot = true;
|
||||
}
|
||||
"MIME_BAD" {
|
||||
weight = 1.0;
|
||||
description = "Known bad content-type";
|
||||
one_shot = true;
|
||||
}
|
||||
"MIME_UNKNOWN" {
|
||||
weight = 0.1;
|
||||
description = "Missing or unknown content-type";
|
||||
one_shot = true;
|
||||
}
|
||||
"MIME_BAD_ATTACHMENT" {
|
||||
weight = 4.0;
|
||||
description = "Invalid attachment mime type";
|
||||
one_shot = true;
|
||||
}
|
||||
"MIME_ENCRYPTED_ARCHIVE" {
|
||||
weight = 2.0;
|
||||
description = "Encrypted archive in a message";
|
||||
one_shot = true;
|
||||
}
|
||||
"MIME_OBFUSCATED_ARCHIVE" {
|
||||
weight = 8.0;
|
||||
description = "Archive has files with clear obfuscation signs";
|
||||
one_shot = true;
|
||||
}
|
||||
"MIME_EXE_IN_GEN_SPLIT_RAR" {
|
||||
weight = 5.0;
|
||||
description = "EXE file in RAR archive with generic split extension (e.g. .001)";
|
||||
one_shot = true;
|
||||
}
|
||||
"MIME_ARCHIVE_IN_ARCHIVE" {
|
||||
weight = 5.0;
|
||||
description = "Archive within another archive";
|
||||
one_shot = true;
|
||||
}
|
||||
"MIME_DOUBLE_BAD_EXTENSION" {
|
||||
weight = 3.0; # This rule has dynamic weight up to 4.0
|
||||
description = "Bad extension cloaking";
|
||||
one_shot = true;
|
||||
}
|
||||
"MIME_BAD_EXTENSION" {
|
||||
weight = 2.0; # This rule has dynamic weight up to 4.0
|
||||
description = "Bad extension";
|
||||
one_shot = true;
|
||||
}
|
||||
"MIME_BAD_UNICODE" {
|
||||
weight = 8.0;
|
||||
description = "Filename with known obscured unicode characters";
|
||||
one_shot = true;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,10 @@
|
|||
group "mua" {
|
||||
description = "MUA forgeries";
|
||||
|
||||
symbols = {
|
||||
"FORGED_MUA_MAILLIST" {
|
||||
weight = 0.0;
|
||||
description = "Avoid false positives for FORGED_MUA_* in maillist";
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,32 @@
|
|||
group "phishing" {
|
||||
description = "Phishing in emails";
|
||||
max_score = 10.0;
|
||||
|
||||
symbols = {
|
||||
"PHISHING" {
|
||||
weight = 4.0;
|
||||
description = "Phished URL";
|
||||
one_shot = true;
|
||||
}
|
||||
"PHISHED_OPENPHISH" {
|
||||
weight = 7.0;
|
||||
description = "Phished URL found in openphish.com";
|
||||
}
|
||||
"PHISHED_PHISHTANK" {
|
||||
weight = 7.0;
|
||||
description = "Phished URL found in phishtank.com";
|
||||
}
|
||||
HACKED_WP_PHISHING {
|
||||
weight = 4.5;
|
||||
description = "Phishing message from hacked wordpress";
|
||||
}
|
||||
REDIRECTOR_FALSE {
|
||||
weight = 0.0;
|
||||
description = "Phishing exclusion symbol for known redirectors";
|
||||
}
|
||||
PHISHED_WHITELISTED {
|
||||
weight = 0.0;
|
||||
description = "Phishing exclusion symbol for known exceptions";
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,136 @@
|
|||
group "policies" {
|
||||
description = "SPF, DKIM, DMARC, ARC";
|
||||
|
||||
symbols = {
|
||||
# SPF
|
||||
"R_SPF_FAIL" {
|
||||
weight = 1.0;
|
||||
description = "SPF verification failed";
|
||||
groups = ["spf"];
|
||||
}
|
||||
"R_SPF_SOFTFAIL" {
|
||||
weight = 0.0;
|
||||
description = "SPF verification soft-failed";
|
||||
groups = ["spf"];
|
||||
}
|
||||
"R_SPF_NEUTRAL" {
|
||||
weight = 0.0;
|
||||
description = "SPF policy is neutral";
|
||||
groups = ["spf"];
|
||||
}
|
||||
"R_SPF_ALLOW" {
|
||||
weight = -0.2;
|
||||
description = "SPF verification allows sending";
|
||||
groups = ["spf"];
|
||||
}
|
||||
"R_SPF_DNSFAIL" {
|
||||
weight = 0.0;
|
||||
description = "SPF DNS failure";
|
||||
groups = ["spf"];
|
||||
}
|
||||
"R_SPF_NA" {
|
||||
weight = 0.0;
|
||||
description = "Missing SPF record";
|
||||
one_shot = true;
|
||||
groups = ["spf"];
|
||||
}
|
||||
"R_SPF_PERMFAIL" {
|
||||
weight = 0.0;
|
||||
description = "SPF record is malformed or persistent DNS error";
|
||||
groups = ["spf"];
|
||||
}
|
||||
|
||||
# DKIM
|
||||
"R_DKIM_REJECT" {
|
||||
weight = 1.0;
|
||||
description = "DKIM verification failed";
|
||||
one_shot = true;
|
||||
groups = ["dkim"];
|
||||
}
|
||||
"R_DKIM_TEMPFAIL" {
|
||||
weight = 0.0;
|
||||
description = "DKIM verification soft-failed";
|
||||
groups = ["dkim"];
|
||||
}
|
||||
"R_DKIM_PERMFAIL" {
|
||||
weight = 0.0;
|
||||
description = "DKIM verification hard-failed (invalid)";
|
||||
groups = ["dkim"];
|
||||
}
|
||||
"R_DKIM_ALLOW" {
|
||||
weight = -0.2;
|
||||
description = "DKIM verification succeed";
|
||||
one_shot = true;
|
||||
groups = ["dkim"];
|
||||
}
|
||||
"R_DKIM_NA" {
|
||||
weight = 0.0;
|
||||
description = "Missing DKIM signature";
|
||||
one_shot = true;
|
||||
groups = ["dkim"];
|
||||
}
|
||||
|
||||
# DMARC
|
||||
"DMARC_POLICY_ALLOW" {
|
||||
weight = -0.5;
|
||||
description = "DMARC permit policy";
|
||||
groups = ["dmarc"];
|
||||
}
|
||||
"DMARC_POLICY_ALLOW_WITH_FAILURES" {
|
||||
weight = -0.5;
|
||||
description = "DMARC permit policy with DKIM/SPF failure";
|
||||
groups = ["dmarc"];
|
||||
}
|
||||
"DMARC_POLICY_REJECT" {
|
||||
weight = 2.0;
|
||||
description = "DMARC reject policy";
|
||||
groups = ["dmarc"];
|
||||
}
|
||||
"DMARC_POLICY_QUARANTINE" {
|
||||
weight = 1.5;
|
||||
description = "DMARC quarantine policy";
|
||||
groups = ["dmarc"];
|
||||
}
|
||||
"DMARC_POLICY_SOFTFAIL" {
|
||||
weight = 0.1;
|
||||
description = "DMARC failed";
|
||||
groups = ["dmarc"];
|
||||
}
|
||||
"DMARC_NA" {
|
||||
weight = 0.0;
|
||||
description = "No DMARC record";
|
||||
groups = ["dmarc"];
|
||||
}
|
||||
|
||||
# ARC
|
||||
"ARC_ALLOW" {
|
||||
weight = -1.0;
|
||||
description = "ARC checks success";
|
||||
groups = ["arc"];
|
||||
}
|
||||
|
||||
"ARC_REJECT" {
|
||||
weight = 1.0;
|
||||
description = "ARC checks failed";
|
||||
groups = ["arc"];
|
||||
}
|
||||
|
||||
"ARC_INVALID" {
|
||||
weight = 0.5;
|
||||
description = "ARC structure invalid";
|
||||
groups = ["arc"];
|
||||
}
|
||||
|
||||
"ARC_DNSFAIL" {
|
||||
weight = 0.0;
|
||||
description = "ARC DNS error";
|
||||
groups = ["arc"];
|
||||
}
|
||||
|
||||
"ARC_NA" {
|
||||
weight = 0.0;
|
||||
description = "ARC signature absent";
|
||||
groups = ["arc"];
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,239 @@
|
|||
group "rbl" {
|
||||
description = "IP DNS lists";
|
||||
|
||||
symbols = {
|
||||
|
||||
"DNSWL_BLOCKED" {
|
||||
weight = 0.0;
|
||||
description = "Resolver blocked due to excessive queries";
|
||||
groups = ["dnswl", "blocked"];
|
||||
}
|
||||
"RCVD_IN_DNSWL" {
|
||||
weight = 0.0;
|
||||
description = "Unrecognised result from https://www.dnswl.org";
|
||||
groups = ["dnswl"];
|
||||
}
|
||||
"RCVD_IN_DNSWL_NONE" {
|
||||
weight = 0.0;
|
||||
description = "Sender listed at https://www.dnswl.org, no trust";
|
||||
groups = ["dnswl"];
|
||||
}
|
||||
"RCVD_IN_DNSWL_LOW" {
|
||||
weight = -0.1;
|
||||
description = "Sender listed at https://www.dnswl.org, low trust";
|
||||
groups = ["dnswl"];
|
||||
}
|
||||
"RCVD_IN_DNSWL_MED" {
|
||||
weight = -0.2;
|
||||
description = "Sender listed at https://www.dnswl.org, medium trust";
|
||||
groups = ["dnswl"];
|
||||
}
|
||||
"RCVD_IN_DNSWL_HI" {
|
||||
weight = -0.5;
|
||||
description = "Sender listed at https://www.dnswl.org, high trust";
|
||||
groups = ["dnswl"];
|
||||
}
|
||||
|
||||
"DWL_DNSWL_BLOCKED" {
|
||||
weight = 0.0;
|
||||
description = "Resolver blocked due to excessive queries (dwl)";
|
||||
groups = ["dnswl", "blocked"];
|
||||
}
|
||||
"DWL_DNSWL" {
|
||||
weight = 0.0;
|
||||
description = "Unrecognised result from https://www.dnswl.org (dwl)";
|
||||
groups = ["dnswl"];
|
||||
}
|
||||
"DWL_DNSWL_NONE" {
|
||||
weight = 0.0;
|
||||
description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, no trust";
|
||||
groups = ["dnswl"];
|
||||
}
|
||||
"DWL_DNSWL_LOW" {
|
||||
weight = -1.0;
|
||||
description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, low trust";
|
||||
groups = ["dnswl"];
|
||||
}
|
||||
"DWL_DNSWL_MED" {
|
||||
weight = -2.0;
|
||||
description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, medium trust";
|
||||
groups = ["dnswl"];
|
||||
}
|
||||
"DWL_DNSWL_HI" {
|
||||
weight = -3.5;
|
||||
description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, high trust";
|
||||
groups = ["dnswl"];
|
||||
}
|
||||
|
||||
"RBL_SPAMHAUS" {
|
||||
weight = 0.0;
|
||||
description = "Unrecognised result from Spamhaus ZEN";
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"RBL_SPAMHAUS_SBL" {
|
||||
weight = 2.0;
|
||||
description = "From address is listed in ZEN SBL";
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"RBL_SPAMHAUS_CSS" {
|
||||
weight = 2.0;
|
||||
description = "From address is listed in ZEN CSS";
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"RBL_SPAMHAUS_XBL" {
|
||||
weight = 4.0;
|
||||
description = "From address is listed in ZEN XBL";
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"RBL_SPAMHAUS_XBL_ANY" {
|
||||
weight = 4.0;
|
||||
description = "From or received address is listed in ZEN XBL (any list)";
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"RBL_SPAMHAUS_PBL" {
|
||||
weight = 2.0;
|
||||
description = "From address is listed in ZEN PBL (ISP list)";
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"RBL_SPAMHAUS_DROP" {
|
||||
weight = 7.0;
|
||||
description = "From address is listed in ZEN DROP BL";
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"RBL_SPAMHAUS_BLOCKED_OPENRESOLVER" {
|
||||
weight = 0.0;
|
||||
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"RBL_SPAMHAUS_BLOCKED" {
|
||||
weight = 0.0;
|
||||
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"RECEIVED_SPAMHAUS_SBL" {
|
||||
weight = 1.0;
|
||||
description = "Received address is listed in ZEN SBL";
|
||||
groups = ["spamhaus"];
|
||||
one_shot = true;
|
||||
}
|
||||
"RECEIVED_SPAMHAUS_CSS" {
|
||||
weight = 1.0;
|
||||
description = "Received address is listed in ZEN CSS";
|
||||
groups = ["spamhaus"];
|
||||
one_shot = true;
|
||||
}
|
||||
"RECEIVED_SPAMHAUS_XBL" {
|
||||
weight = 3.0;
|
||||
description = "Received address is listed in ZEN XBL";
|
||||
groups = ["spamhaus"];
|
||||
one_shot = true;
|
||||
}
|
||||
"RECEIVED_SPAMHAUS_PBL" {
|
||||
weight = 0.0;
|
||||
description = "Received address is listed in ZEN PBL (ISP list)";
|
||||
groups = ["spamhaus"];
|
||||
one_shot = true;
|
||||
}
|
||||
"RECEIVED_SPAMHAUS_DROP" {
|
||||
weight = 6.0;
|
||||
description = "Received address is listed in ZEN DROP BL";
|
||||
groups = ["spamhaus"];
|
||||
one_shot = true;
|
||||
}
|
||||
"RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER" {
|
||||
weight = 0.0;
|
||||
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"RECEIVED_SPAMHAUS_BLOCKED" {
|
||||
weight = 0.0;
|
||||
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
|
||||
"RBL_SENDERSCORE" {
|
||||
weight = 2.0;
|
||||
description = "From address is listed in senderscore.com BL";
|
||||
}
|
||||
"MAILSPIKE" {
|
||||
weight = 0.0;
|
||||
description = "Unrecognised result from Mailspike";
|
||||
groups = ["mailspike"];
|
||||
}
|
||||
"RWL_MAILSPIKE_NEUTRAL" {
|
||||
weight = 0.0;
|
||||
description = "Neutral result from Mailspike";
|
||||
groups = ["mailspike"];
|
||||
}
|
||||
"RBL_MAILSPIKE_WORST" {
|
||||
weight = 2.0;
|
||||
description = "From address is listed in RBL - worst possible reputation";
|
||||
groups = ["mailspike"];
|
||||
}
|
||||
"RBL_MAILSPIKE_VERYBAD" {
|
||||
weight = 1.5;
|
||||
description = "From address is listed in RBL - very bad reputation";
|
||||
groups = ["mailspike"];
|
||||
}
|
||||
"RBL_MAILSPIKE_BAD" {
|
||||
weight = 1.0;
|
||||
description = "From address is listed in RBL - bad reputation";
|
||||
groups = ["mailspike"];
|
||||
}
|
||||
"RWL_MAILSPIKE_POSSIBLE" {
|
||||
weight = 0.0;
|
||||
description = "From address is listed in RWL - possibly legit";
|
||||
groups = ["mailspike"];
|
||||
}
|
||||
"RWL_MAILSPIKE_GOOD" {
|
||||
weight = -0.1;
|
||||
description = "From address is listed in RWL - good reputation";
|
||||
groups = ["mailspike"];
|
||||
}
|
||||
"RWL_MAILSPIKE_VERYGOOD" {
|
||||
weight = -0.2;
|
||||
description = "From address is listed in RWL - very good reputation";
|
||||
groups = ["mailspike"];
|
||||
}
|
||||
"RWL_MAILSPIKE_EXCELLENT" {
|
||||
weight = -0.4;
|
||||
description = "From address is listed in RWL - excellent reputation";
|
||||
groups = ["mailspike"];
|
||||
}
|
||||
|
||||
"RBL_SEM" {
|
||||
weight = 1.0;
|
||||
description = "From address is listed in Spameatingmonkey RBL";
|
||||
groups = ["sem"];
|
||||
}
|
||||
|
||||
"RBL_SEM_IPV6" {
|
||||
weight = 1.0;
|
||||
description = "From address is listed in Spameatingmonkey RBL (IPv6)";
|
||||
groups = ["sem"];
|
||||
}
|
||||
|
||||
"RBL_VIRUSFREE_BOTNET" {
|
||||
weight = 2.0;
|
||||
description = "From address is listed in virusfree.cz BL";
|
||||
}
|
||||
|
||||
"RBL_NIXSPAM" {
|
||||
weight = 4.0;
|
||||
description = "From address is listed in NiX Spam (http://www.dnsbl.manitu.net/)";
|
||||
}
|
||||
|
||||
"RBL_BLOCKLISTDE" {
|
||||
weight = 4.0;
|
||||
description = "From address is listed in Blocklist (https://www.blocklist.de/)";
|
||||
groups = ["blocklistde"];
|
||||
}
|
||||
|
||||
"RECEIVED_BLOCKLISTDE" {
|
||||
weight = 3.0;
|
||||
description = "Received address is listed in Blocklist (https://www.blocklist.de/)";
|
||||
groups = ["blocklistde"];
|
||||
one_shot = true;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,14 @@
|
|||
group "statistics" {
|
||||
description = "Statistical symbols";
|
||||
|
||||
symbols = {
|
||||
"BAYES_SPAM" {
|
||||
weight = 5.1;
|
||||
description = "Message probably spam, probability: ";
|
||||
}
|
||||
"BAYES_HAM" {
|
||||
weight = -3.0;
|
||||
description = "Message probably ham, probability: ";
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
group "subject" {
|
||||
description = "Subject filters";
|
||||
max_score = 6.0;
|
||||
|
||||
symbols = {
|
||||
}
|
||||
}
|
|
@ -0,0 +1,246 @@
|
|||
group "surbl" {
|
||||
description = "URL DNS lists";
|
||||
max_score = 12.5;
|
||||
|
||||
symbols = {
|
||||
"SURBL_BLOCKED" {
|
||||
weight = 0.0;
|
||||
description = "SURBL: blocked by policy/overusage";
|
||||
one_shot = true;
|
||||
groups = ["surblorg", "blocked"];
|
||||
}
|
||||
"PH_SURBL_MULTI" {
|
||||
weight = 5.5;
|
||||
description = "SURBL: Phishing sites";
|
||||
one_shot = true;
|
||||
groups = ["surblorg", "phishing"];
|
||||
}
|
||||
"MW_SURBL_MULTI" {
|
||||
weight = 5.5;
|
||||
description = "SURBL: Malware sites";
|
||||
one_shot = true;
|
||||
groups = ["surblorg"];
|
||||
}
|
||||
"ABUSE_SURBL" {
|
||||
weight = 5.5;
|
||||
description = "SURBL: ABUSE";
|
||||
one_shot = true;
|
||||
groups = ["surblorg"];
|
||||
}
|
||||
"CRACKED_SURBL" {
|
||||
weight = 4.0;
|
||||
description = "SURBL: cracked site";
|
||||
one_shot = true;
|
||||
groups = ["surblorg"];
|
||||
}
|
||||
"RSPAMD_URIBL" {
|
||||
weight = 4.5;
|
||||
description = "Rspamd uribl, bl.rspamd.com";
|
||||
one_shot = true;
|
||||
groups = ["rspamdbl"];
|
||||
}
|
||||
|
||||
"RSPAMD_EMAILBL" {
|
||||
weight = 2.5;
|
||||
description = "Rspamd emailbl, bl.rspamd.com";
|
||||
one_shot = true;
|
||||
groups = ["rspamdbl"];
|
||||
}
|
||||
|
||||
"MSBL_EBL" {
|
||||
weight = 7.5;
|
||||
description = "MSBL emailbl";
|
||||
one_shot = true;
|
||||
groups = ["ebl"];
|
||||
}
|
||||
|
||||
"MSBL_EBL_GREY" {
|
||||
weight = 0.5; # TODO: test it
|
||||
description = "MSBL emailbl grey list";
|
||||
one_shot = true;
|
||||
groups = ["ebl"];
|
||||
}
|
||||
|
||||
"SEM_URIBL_UNKNOWN" {
|
||||
weight = 0.0;
|
||||
description = "Spameatingmonkey uribl: unknown result";
|
||||
one_shot = true;
|
||||
groups = ["sem"];
|
||||
}
|
||||
"SEM_URIBL" {
|
||||
weight = 3.5;
|
||||
description = "Spameatingmonkey uribl";
|
||||
one_shot = true;
|
||||
groups = ["sem"];
|
||||
}
|
||||
|
||||
"SEM_URIBL_FRESH15_UNKNOWN" {
|
||||
weight = 0.0;
|
||||
description = "Spameatingmonkey Fresh15 uribl: unknown result";
|
||||
one_shot = true;
|
||||
groups = ["sem"];
|
||||
}
|
||||
"SEM_URIBL_FRESH15" {
|
||||
weight = 3.0;
|
||||
description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)";
|
||||
one_shot = true;
|
||||
groups = ["sem"];
|
||||
}
|
||||
|
||||
"DBL" {
|
||||
weight = 0.0;
|
||||
description = "DBL unknown result";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"DBL_SPAM" {
|
||||
weight = 6.5;
|
||||
description = "DBL uribl spam";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"DBL_PHISH" {
|
||||
weight = 6.5;
|
||||
description = "DBL uribl phishing";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"DBL_MALWARE" {
|
||||
weight = 6.5;
|
||||
description = "DBL uribl malware";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"DBL_BOTNET" {
|
||||
weight = 5.5;
|
||||
description = "DBL uribl botnet C&C domain";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"DBL_ABUSE" {
|
||||
weight = 6.5;
|
||||
description = "DBL uribl abused legit spam";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"DBL_ABUSE_REDIR" {
|
||||
weight = 1.5;
|
||||
description = "DBL uribl abused spammed redirector domain";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"DBL_ABUSE_PHISH" {
|
||||
weight = 7.5;
|
||||
description = "DBL uribl abused legit phish";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"DBL_ABUSE_MALWARE" {
|
||||
weight = 7.5;
|
||||
description = "DBL uribl abused legit malware";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"DBL_ABUSE_BOTNET" {
|
||||
weight = 5.5;
|
||||
description = "DBL uribl abused legit botnet C&C";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"DBL_PROHIBIT" {
|
||||
weight = 0.0;
|
||||
description = "DBL uribl IP queries prohibited!";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"DBL_BLOCKED_OPENRESOLVER" {
|
||||
weight = 0.0;
|
||||
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"DBL_BLOCKED" {
|
||||
weight = 0.0;
|
||||
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"URIBL_MULTI" {
|
||||
weight = 0.0;
|
||||
description = "uribl.com: unrecognised result";
|
||||
one_shot = true;
|
||||
groups = ["uribl"];
|
||||
}
|
||||
"URIBL_BLOCKED" {
|
||||
weight = 0.0;
|
||||
description = "uribl.com: query refused";
|
||||
one_shot = true;
|
||||
groups = ["uribl", "blocked"];
|
||||
}
|
||||
"URIBL_BLACK" {
|
||||
weight = 7.5;
|
||||
description = "uribl.com black url";
|
||||
one_shot = true;
|
||||
groups = ["uribl"];
|
||||
}
|
||||
"URIBL_RED" {
|
||||
weight = 3.5;
|
||||
description = "uribl.com red url";
|
||||
one_shot = true;
|
||||
groups = ["uribl"];
|
||||
}
|
||||
"URIBL_GREY" {
|
||||
weight = 1.5;
|
||||
description = "uribl.com grey url";
|
||||
one_shot = true;
|
||||
groups = ["uribl"];
|
||||
}
|
||||
"SPAMHAUS_ZEN_URIBL" {
|
||||
ignore = true;
|
||||
weight = 0.0;
|
||||
description = "Spamhaus ZEN URIBL: Filtered result";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"URIBL_SBL" {
|
||||
ignore = true;
|
||||
weight = 6.5;
|
||||
description = "A domain in the message body resolves to an IP listed in Spamhaus SBL";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"URIBL_SBL_CSS" {
|
||||
ignore = true;
|
||||
weight = 6.5;
|
||||
description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"URIBL_XBL" {
|
||||
ignore = true;
|
||||
weight = 1.5;
|
||||
description = "A domain in the message body resolves to an IP listed in Spamhaus XBL";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"URIBL_PBL" {
|
||||
ignore = true;
|
||||
weight = 0.01;
|
||||
description = "A domain in the message body resolves to an IP listed in Spamhaus PBL";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
"URIBL_DROP" {
|
||||
ignore = true;
|
||||
weight = 5.0;
|
||||
description = "A domain in the message body resolves to an IP listed in Spamhaus DROP";
|
||||
one_shot = true;
|
||||
groups = ["spamhaus"];
|
||||
}
|
||||
#"RBL_SARBL_BAD" {
|
||||
# weight = 2.5;
|
||||
# description = "A domain in the message body is blacklisted in SARBL";
|
||||
# one_shot = true;
|
||||
#}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,39 @@
|
|||
group "whitelist" {
|
||||
description = "White lists group";
|
||||
max_score = 10.0;
|
||||
|
||||
symbols = {
|
||||
"WHITELIST_SPF" {
|
||||
weight = -1.0;
|
||||
description = "Mail comes from the whitelisted domain and has a valid SPF policy";
|
||||
}
|
||||
"BLACKLIST_SPF" {
|
||||
weight = 1.0;
|
||||
description = "Mail comes from the whitelisted domain and has no valid SPF policy";
|
||||
}
|
||||
"WHITELIST_DKIM" {
|
||||
weight = -1.0;
|
||||
description = "Mail comes from the whitelisted domain and has a valid DKIM signature";
|
||||
}
|
||||
"BLACKLIST_DKIM" {
|
||||
weight = 2.0;
|
||||
description = "Mail comes from the whitelisted domain and has non-valid DKIM signature";
|
||||
}
|
||||
"WHITELIST_SPF_DKIM" {
|
||||
weight = -3.0;
|
||||
description = "Mail comes from the whitelisted domain and has valid SPF and DKIM policies";
|
||||
}
|
||||
"BLACKLIST_SPF_DKIM" {
|
||||
weight = 3.0;
|
||||
description = "Mail comes from the whitelisted domain and has no valid SPF policy or a bad DKIM signature";
|
||||
}
|
||||
"WHITELIST_DMARC" {
|
||||
weight = -7.0;
|
||||
description = "Mail comes from the whitelisted domain and has valid DMARC and DKIM policies";
|
||||
}
|
||||
"BLACKLIST_DMARC" {
|
||||
weight = 6.0;
|
||||
description = "Mail comes from the whitelisted domain and has failed DMARC and DKIM policies";
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
/^honeypot@redxen\.eu$/
|
|
@ -0,0 +1,26 @@
|
|||
classifier "bayes" {
|
||||
learn_condition = 'return require("lua_bayes_learn").can_learn';
|
||||
tokenizer {
|
||||
name = "osb";
|
||||
}
|
||||
backend = "redis";
|
||||
min_tokens = 20;
|
||||
min_learns = 50;
|
||||
new_schema = true;
|
||||
store_tokens = true;
|
||||
signatures = false;
|
||||
expire = 604800;
|
||||
statfile {
|
||||
symbol = "BAYES_HAM";
|
||||
spam = false;
|
||||
}
|
||||
statfile {
|
||||
symbol = "BAYES_SPAM";
|
||||
spam = true;
|
||||
}
|
||||
autolearn {
|
||||
learn_verdict = true; # Learn based on message verdict
|
||||
check_balance = true;
|
||||
min_balance = 0.9;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
worker "normal" {
|
||||
count = 1;
|
||||
bind_socket = "localhost:7511";
|
||||
mime = true;
|
||||
}
|
||||
|
||||
worker "controller" {
|
||||
enabled = true;
|
||||
count = 1;
|
||||
bind_socket = "localhost:7512";
|
||||
}
|
||||
|
||||
worker "rspamd_proxy" {
|
||||
count = 1;
|
||||
bind_socket = "*:7510";
|
||||
milter = yes;
|
||||
timeout = 120s; # Needed for Milter usually
|
||||
max_retries = 5;
|
||||
discard_on_reject = false;
|
||||
quarantine_on_reject = false;
|
||||
spam_header = "X-Spam";
|
||||
reject_message = "RedXen Mail: Spam message rejected";
|
||||
upstream "local" {
|
||||
default = yes;
|
||||
hosts = "localhost:7511";
|
||||
}
|
||||
}
|
||||
|
||||
worker "fuzzy" {
|
||||
enabled = true;
|
||||
count = 1;
|
||||
bind_socket = "localhost:7513";
|
||||
encrypted_only = false;
|
||||
backend = "redis";
|
||||
expire = 90d;
|
||||
allow_update = ["localhost"];
|
||||
sync = 1m;
|
||||
}
|
|
@ -2,12 +2,12 @@ FROM alpine:latest as generator
|
|||
|
||||
RUN --network=host apk add opendkim-utils
|
||||
|
||||
RUN mkdir "/redxen.eu"
|
||||
WORKDIR "/redxen.eu"
|
||||
RUN opendkim-genkey --verbose \
|
||||
--bits 2048 \
|
||||
--directory . \
|
||||
--selector "$(date +'%Y%m%d'01)-mail" \
|
||||
--domain redxen.eu \
|
||||
--directory /redxen.eu
|
||||
--domain redxen.eu
|
||||
|
||||
FROM scratch
|
||||
|
||||
|
|
Loading…
Reference in New Issue