summaryrefslogtreecommitdiffstats
path: root/conf/modules.d/rbl.conf
diff options
context:
space:
mode:
Diffstat (limited to 'conf/modules.d/rbl.conf')
-rw-r--r--conf/modules.d/rbl.conf347
1 files changed, 347 insertions, 0 deletions
diff --git a/conf/modules.d/rbl.conf b/conf/modules.d/rbl.conf
new file mode 100644
index 0000000..79dfc84
--- /dev/null
+++ b/conf/modules.d/rbl.conf
@@ -0,0 +1,347 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/rbl.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/rbl.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/rbl.html
+
+rbl {
+ default_exclude_users = true;
+ default_unknown = true;
+
+ url_whitelist = [
+ "https://maps.rspamd.com/rspamd/surbl-whitelist.inc.zst",
+ "$LOCAL_CONFDIR/local.d/maps.d/surbl-whitelist.inc.local",
+ "${DBDIR}/surbl-whitelist.inc.local",
+ "fallback+file://${CONFDIR}/maps.d/surbl-whitelist.inc"
+ ];
+
+ attached_maps = [
+ {
+ selector_alias = "surbl_hashbl_map",
+ description = "SURBL hashbl map",
+ url = "regexp;http://sa-update.surbl.org/rspamd/surbl-hashbl-map.inc",
+ }
+ ]
+
+ rbls {
+
+ spamhaus {
+ symbol = "SPAMHAUS"; # Augmented by prefixes
+ rbl = "zen.spamhaus.org";
+ # Check types
+ checks = ['received', 'from'];
+
+ symbols_prefixes = {
+ received = 'RECEIVED',
+ from = 'RBL',
+ }
+ returncodes {
+ SPAMHAUS_SBL = "127.0.0.2";
+ SPAMHAUS_CSS = "127.0.0.3";
+ SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
+ SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"];
+ SPAMHAUS_DROP = "127.0.0.9";
+ SPAMHAUS_BLOCKED_OPENRESOLVER = "127.255.255.254";
+ SPAMHAUS_BLOCKED= "127.255.255.255";
+ }
+ }
+
+ mailspike {
+ symbol = "MAILSPIKE";
+ rbl = "rep.mailspike.net";
+ is_whitelist = true;
+ checks = ['from'];
+ whitelist_exception = "MAILSPIKE";
+ whitelist_exception = "RWL_MAILSPIKE_GOOD";
+ whitelist_exception = "RWL_MAILSPIKE_NEUTRAL";
+ whitelist_exception = "RWL_MAILSPIKE_POSSIBLE";
+ whitelist_exception = "RBL_MAILSPIKE_WORST";
+ whitelist_exception = "RBL_MAILSPIKE_VERYBAD";
+ whitelist_exception = "RBL_MAILSPIKE_BAD";
+ returncodes {
+ RBL_MAILSPIKE_WORST = "127.0.0.10";
+ RBL_MAILSPIKE_VERYBAD = "127.0.0.11";
+ RBL_MAILSPIKE_BAD = "127.0.0.12";
+ RWL_MAILSPIKE_NEUTRAL = ["127.0.0.16", "127.0.0.15", "127.0.0.14", "127.0.0.13"];
+ RWL_MAILSPIKE_POSSIBLE = "127.0.0.17";
+ RWL_MAILSPIKE_GOOD = "127.0.0.18";
+ RWL_MAILSPIKE_VERYGOOD = "127.0.0.19";
+ RWL_MAILSPIKE_EXCELLENT = "127.0.0.20";
+ }
+ }
+
+ senderscore {
+ symbol = "RBL_SENDERSCORE";
+ checks = ['from'];
+ rbl = "bl.score.senderscore.com";
+ }
+
+ sem {
+ symbol = "RBL_SEM";
+ rbl = "bl.spameatingmonkey.net";
+ ipv6 = false;
+ checks = ['from'];
+ }
+
+ semIPv6 {
+ symbol = "RBL_SEM_IPV6";
+ rbl = "bl.ipv6.spameatingmonkey.net";
+ ipv4 = false;
+ ipv6 = true;
+ checks = ['from'];
+ }
+
+ dnswl {
+ symbol = "RCVD_IN_DNSWL";
+ rbl = "list.dnswl.org";
+ ipv6 = true;
+ checks = ['from', 'received'];
+ is_whitelist = true;
+ returncodes_matcher = "luapattern";
+ whitelist_exception = "RCVD_IN_DNSWL";
+ whitelist_exception = "RCVD_IN_DNSWL_NONE";
+ whitelist_exception = "RCVD_IN_DNSWL_LOW";
+ whitelist_exception = "DNSWL_BLOCKED";
+ returncodes {
+ RCVD_IN_DNSWL_NONE = ["127%.0%.%d%.0", "127%.0%.[02-9]%d%.0", "127%.0%.1[1-9]%.0", "127%.0%.[12]%d%d%.0"];
+ RCVD_IN_DNSWL_LOW = ["127%.0%.%d%.1", "127%.0%.[02-9]%d%.1", "127%.0%.1[1-9]%.1", "127%.0%.[12]%d%d%.1"];
+ RCVD_IN_DNSWL_MED = ["127%.0%.%d%.2", "127%.0%.[02-9]%d%.2", "127%.0%.1[1-9]%.2", "127%.0%.[12]%d%d%.2"];
+ RCVD_IN_DNSWL_HI = ["127%.0%.%d%.3", "127%.0%.[02-9]%d%.3", "127%.0%.1[1-9]%.3", "127%.0%.[12]%d%d%.3"];
+ DNSWL_BLOCKED = ["127%.0%.0%.255", "127%.0%.10%.%d+"];
+ }
+ }
+
+ # Provided by https://virusfree.cz
+ virusfree {
+ symbol = "RBL_VIRUSFREE_UNKNOWN";
+ rbl = "bip.virusfree.cz";
+ ipv6 = true;
+ checks = ['from'];
+ returncodes {
+ RBL_VIRUSFREE_BOTNET = "127.0.0.2";
+ }
+ }
+
+ nixspam {
+ symbol = "RBL_NIXSPAM";
+ rbl = "ix.dnsbl.manitu.net";
+ ipv6 = true;
+ checks = ['from'];
+ }
+
+ blocklistde {
+ symbols_prefixes = {
+ received = 'RECEIVED',
+ from = 'RBL',
+ }
+ symbol = "BLOCKLISTDE";
+ rbl = "bl.blocklist.de";
+ checks = ['from', 'received'];
+ }
+
+ # Dkim whitelist
+ dnswl_dwl {
+ symbol = "DWL_DNSWL";
+ rbl = "dwl.dnswl.org";
+ checks = ['dkim'];
+ ignore_whitelist = true;
+ returncodes_matcher = "luapattern";
+ unknown = false;
+
+ returncodes {
+ DWL_DNSWL_NONE = ["127%.0%.%d%.0", "127%.0%.[02-9]%d%.0", "127%.0%.1[1-9]%.0", "127%.0%.[12]%d%d%.0"];
+ DWL_DNSWL_LOW = ["127%.0%.%d%.1", "127%.0%.[02-9]%d%.1", "127%.0%.1[1-9]%.1", "127%.0%.[12]%d%d%.1"];
+ DWL_DNSWL_MED = ["127%.0%.%d%.2", "127%.0%.[02-9]%d%.2", "127%.0%.1[1-9]%.2", "127%.0%.[12]%d%d%.2"];
+ DWL_DNSWL_HI = ["127%.0%.%d%.3", "127%.0%.[02-9]%d%.3", "127%.0%.1[1-9]%.3", "127%.0%.[12]%d%d%.3"];
+ DWL_DNSWL_BLOCKED = ["127%.0%.0%.255", "127%.0%.10%.%d+"];
+ }
+ }
+
+ RSPAMD_EMAILBL {
+ ignore_whitelist = true;
+ ignore_url_whitelist = true;
+ ignore_defaults = true;
+ exclude_users = false;
+ emails_delimiter = ".";
+ hash_format = "base32";
+ hash_len = 32;
+ rbl = "email.rspamd.com";
+ checks = ['emails', 'replyto'];
+ hash = "blake2";
+ returncodes = {
+ RSPAMD_EMAILBL = "127.0.0.2";
+ }
+ }
+
+ MSBL_EBL {
+ ignore_whitelist = true;
+ ignore_url_whitelist = true;
+ ignore_defaults = true;
+ exclude_users = false;
+ rbl = "ebl.msbl.org";
+ checks = ['emails', 'replyto'];
+ emails_domainonly = false;
+ hash = "sha1";
+ returncodes = {
+ MSBL_EBL = [
+ "127.0.0.2",
+ "127.0.0.3"
+ ];
+ MSBL_EBL_GREY = [
+ "127.0.1.2",
+ "127.0.1.3"
+ ];
+ }
+ }
+
+ "SURBL_MULTI" {
+ ignore_defaults = true;
+ rbl = "multi.surbl.org";
+ checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls'];
+ emails_domainonly = true;
+ exclude_users = false;
+
+ returnbits = {
+ CRACKED_SURBL = 128;
+ ABUSE_SURBL = 64;
+ MW_SURBL_MULTI = 16;
+ PH_SURBL_MULTI = 8;
+ SURBL_BLOCKED = 1;
+ }
+ }
+
+ SURBL_HASHBL {
+ rbl = "hashbl.surbl.org";
+ ignore_defaults = true;
+ random_monitored = true,
+ # TODO: make limit more configurable maybe?
+ selector = "specific_urls_filter_map('surbl_hashbl_map', {limit = 10}).apply_methods('get_host', 'get_path').join_tables('/')",
+ hash = 'md5';
+ hash_len = 32;
+ returncodes_matcher = "luapattern";
+ returncodes = {
+ SURBL_HASHBL_PHISH = "127.0.0.8";
+ SURBL_HASHBL_MALWARE = "127.0.0.16";
+ SURBL_HASHBL_ABUSE = "127.0.0.64";
+ SURBL_HASHBL_CRACKED = "127.0.0.128";
+ SURBL_HASHBL_EMAIL = "127.0.1.%d+";
+ }
+ }
+
+ "URIBL_MULTI" {
+ ignore_defaults = true;
+ rbl = "multi.uribl.com";
+ checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls'];
+ emails_domainonly = true;
+ exclude_users = false;
+
+ returnbits {
+ URIBL_BLOCKED = 1;
+ URIBL_BLACK = 2;
+ URIBL_GREY = 4;
+ URIBL_RED = 8;
+ }
+ }
+
+ "RSPAMD_URIBL" {
+ ignore_defaults = true;
+ rbl = "uribl.rspamd.com";
+ checks = ['emails', 'dkim', 'urls'];
+ emails_domainonly = true;
+ hash = 'blake2';
+ hash_len = 32;
+ hash_format = 'base32';
+ exclude_users = false;
+
+ returncodes = {
+ RSPAMD_URIBL = [
+ "127.0.0.2",
+ ];
+ }
+ }
+
+ "DBL" {
+ ignore_defaults = true;
+ rbl = "dbl.spamhaus.org";
+ no_ip = true;
+ checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls'];
+ emails_domainonly = true;
+ exclude_users = false;
+
+ returncodes = {
+ # spam domain
+ DBL_SPAM = "127.0.1.2";
+ # phish domain
+ DBL_PHISH = "127.0.1.4";
+ # malware domain
+ DBL_MALWARE = "127.0.1.5";
+ # botnet C&C domain
+ DBL_BOTNET = "127.0.1.6";
+ # abused legit spam
+ DBL_ABUSE = "127.0.1.102";
+ # abused spammed redirector domain
+ DBL_ABUSE_REDIR = "127.0.1.103";
+ # abused legit phish
+ DBL_ABUSE_PHISH = "127.0.1.104";
+ # abused legit malware
+ DBL_ABUSE_MALWARE = "127.0.1.105";
+ # abused legit botnet C&C
+ DBL_ABUSE_BOTNET = "127.0.1.106";
+ # error - IP queries prohibited!
+ DBL_PROHIBIT = "127.0.1.255";
+ # issue #3074
+ DBL_BLOCKED_OPENRESOLVER = "127.255.255.254";
+ DBL_BLOCKED = "127.255.255.255";
+ }
+ }
+
+ # Not enabled by default due to privacy concerns! (see also groups.d/surbl_group.conf)
+ "SPAMHAUS_ZEN_URIBL" {
+ enabled = false;
+ rbl = "zen.spamhaus.org";
+ checks = ['emails'];
+ resolve_ip = true;
+ returncodes = {
+ URIBL_SBL = "127.0.0.2";
+ URIBL_SBL_CSS = "127.0.0.3";
+ URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
+ URIBL_PBL = ["127.0.0.10", "127.0.0.11"];
+ URIBL_DROP = "127.0.0.9";
+ }
+ }
+
+ "SEM_URIBL_UNKNOWN" {
+ ignore_defaults = true;
+ rbl = "uribl.spameatingmonkey.net";
+ no_ip = true;
+ checks = ['emails', 'dkim', 'urls'];
+ emails_domainonly = true;
+ returnbits {
+ SEM_URIBL = 2;
+ }
+ }
+
+ "SEM_URIBL_FRESH15_UNKNOWN" {
+ ignore_defaults = true;
+ rbl = "fresh15.spameatingmonkey.net";
+ no_ip = true;
+ checks = ['emails', 'dkim', 'urls'];
+ emails_domainonly = true;
+ returnbits {
+ SEM_URIBL_FRESH15 = 2;
+ }
+ }
+ }
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/rbl.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/rbl.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/rbl.conf"
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-21 22:46:24 +0000