summaryrefslogtreecommitdiffstats
path: root/conf/modules.d
diff options
context:
space:
mode:
Diffstat (limited to 'conf/modules.d')
-rw-r--r--conf/modules.d/antivirus.conf58
-rw-r--r--conf/modules.d/arc.conf72
-rw-r--r--conf/modules.d/asn.conf29
-rw-r--r--conf/modules.d/aws_s3.conf27
-rw-r--r--conf/modules.d/bimi.conf30
-rw-r--r--conf/modules.d/chartable.conf21
-rw-r--r--conf/modules.d/clickhouse.conf59
-rw-r--r--conf/modules.d/dcc.conf28
-rw-r--r--conf/modules.d/dkim.conf25
-rw-r--r--conf/modules.d/dkim_signing.conf77
-rw-r--r--conf/modules.d/dmarc.conf19
-rw-r--r--conf/modules.d/elastic.conf35
-rw-r--r--conf/modules.d/emails.conf8
-rw-r--r--conf/modules.d/external_relay.conf22
-rw-r--r--conf/modules.d/external_services.conf92
-rw-r--r--conf/modules.d/force_actions.conf22
-rw-r--r--conf/modules.d/forged_recipients.conf22
-rw-r--r--conf/modules.d/fuzzy_check.conf49
-rw-r--r--conf/modules.d/greylist.conf35
-rw-r--r--conf/modules.d/hfilter.conf26
-rw-r--r--conf/modules.d/history_redis.conf25
-rw-r--r--conf/modules.d/http_headers.conf22
-rw-r--r--conf/modules.d/known_senders.conf31
-rw-r--r--conf/modules.d/maillist.conf20
-rw-r--r--conf/modules.d/metadata_exporter.conf24
-rw-r--r--conf/modules.d/metric_exporter.conf21
-rw-r--r--conf/modules.d/mid.conf28
-rw-r--r--conf/modules.d/milter_headers.conf29
-rw-r--r--conf/modules.d/mime_types.conf41
-rw-r--r--conf/modules.d/multimap.conf182
-rw-r--r--conf/modules.d/mx_check.conf43
-rw-r--r--conf/modules.d/neural.conf35
-rw-r--r--conf/modules.d/once_received.conf26
-rw-r--r--conf/modules.d/p0f.conf45
-rw-r--r--conf/modules.d/phishing.conf48
-rw-r--r--conf/modules.d/ratelimit.conf44
-rw-r--r--conf/modules.d/rbl.conf347
-rw-r--r--conf/modules.d/redis.conf27
-rw-r--r--conf/modules.d/regexp.conf21
-rw-r--r--conf/modules.d/replies.conf30
-rw-r--r--conf/modules.d/reputation.conf30
-rw-r--r--conf/modules.d/rspamd_update.conf26
-rw-r--r--conf/modules.d/spamassassin.conf26
-rw-r--r--conf/modules.d/spamtrap.conf53
-rw-r--r--conf/modules.d/spf.conf22
-rw-r--r--conf/modules.d/surbl.conf9
-rw-r--r--conf/modules.d/trie.conf37
-rw-r--r--conf/modules.d/url_redirector.conf27
-rw-r--r--conf/modules.d/whitelist.conf66
49 files changed, 2141 insertions, 0 deletions
diff --git a/conf/modules.d/antivirus.conf b/conf/modules.d/antivirus.conf
new file mode 100644
index 0000000..b172288
--- /dev/null
+++ b/conf/modules.d/antivirus.conf
@@ -0,0 +1,58 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/antivirus.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/antivirus.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/antivirus.html
+
+antivirus {
+ # multiple scanners could be checked, for each we create a configuration block with an arbitrary name
+ #clamav {
+ # If set force this action if any virus is found (default unset: no action is forced)
+ # action = "reject";
+ # message = '${SCANNER}: virus found: "${VIRUS}"';
+ # Scan mime_parts separately - otherwise the complete mail will be transferred to AV Scanner
+ #scan_mime_parts = true;
+ # Scanning Text is suitable for some av scanner databases (e.g. Sanesecurity)
+ #scan_text_mime = false;
+ #scan_image_mime = false;
+ # If `max_size` is set, messages > n bytes in size are not scanned
+ #max_size = 20000000;
+ # symbol to add (add it to metric if you want non-zero weight)
+ #symbol = "CLAM_VIRUS";
+ # type of scanner: "clamav", "fprot", "sophos" or "savapi"
+ #type = "clamav";
+ # For "savapi" you must also specify the following variable
+ #product_id = 12345;
+ # You can enable logging for clean messages
+ #log_clean = true;
+ # servers to query (if port is unspecified, scanner-specific default is used)
+ # can be specified multiple times to pool servers
+ # can be set to a path to a unix socket
+ # Enable this in local.d/antivirus.conf
+ #servers = "127.0.0.1:3310";
+ # if `patterns` is specified virus name will be matched against provided regexes and the related
+ # symbol will be yielded if a match is found. If no match is found, default symbol is yielded.
+ #patterns {
+ # symbol_name = "pattern";
+ # JUST_EICAR = '^Eicar-Test-Signature$';
+ #}
+ #patterns_fail {
+ # symbol_name = "pattern";
+ #CLAM_PROTOCOL_ERROR = '^unhandled response';
+ #}
+ # `whitelist` points to a map of signature names. Hits on these signatures are ignored.
+ #whitelist = "/etc/rspamd/antivirus.wl";
+ #}
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/antivirus.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/antivirus.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/antivirus.conf"
+}
diff --git a/conf/modules.d/arc.conf b/conf/modules.d/arc.conf
new file mode 100644
index 0000000..f26dad8
--- /dev/null
+++ b/conf/modules.d/arc.conf
@@ -0,0 +1,72 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/arc.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/arc.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/arc.html
+
+
+# To configure this module, please also check the following document:
+# https://rspamd.com/doc/tutorials/scanning_outbound.html and
+# https://rspamd.com/doc/modules/arc.html
+
+# To enable this module define the following attributes:
+# path = "${DBDIR}/arc/$domain.$selector.key";
+# OR
+# domain { ... }, if you use per-domain conf
+# OR
+# set `use_redis=true;` and define redis servers
+
+arc {
+ # If false, messages with empty envelope from are not signed
+ allow_envfrom_empty = true;
+ # If true, envelope/header domain mismatch is ignored
+ allow_hdrfrom_mismatch = true;
+ # If true, multiple from headers are allowed (but only first is used)
+ allow_hdrfrom_multiple = false;
+ # If true, username does not need to contain matching domain
+ allow_username_mismatch = false;
+ # Default path to key, can include '$domain' and '$selector' variables
+ #path = "${DBDIR}/arc/$domain.$selector.key";
+ # Default selector to use
+ selector = "arc";
+ # If false, messages from authenticated users are not selected for signing
+ sign_authenticated = false;
+ # If false, inbound messages are not selected for signing
+ sign_inbound = true;
+ # If false, messages from local networks are not selected for signing
+ sign_local = false;
+ # Symbol to add when message is signed
+ sign_symbol = "ARC_SIGNED";
+ # Whether to fallback to global config
+ try_fallback = true;
+ # Domain to use for ARC signing: can be "header", "envelope" or "recipient"
+ use_domain = "recipient";
+ # Whether to normalise domains to eSLD
+ use_esld = true;
+ # Whether to get keys from Redis
+ use_redis = false;
+ # Hash for ARC keys in Redis
+ key_prefix = "ARC_KEYS";
+
+ # Domain specific settings
+ #domain {
+ # example.com {
+ # # Private key path
+ # path = "${DBDIR}/arc/example.key";
+ # # Selector
+ # selector = "ds";
+ # }
+ #}
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/arc.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/arc.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/arc.conf"
+}
diff --git a/conf/modules.d/asn.conf b/conf/modules.d/asn.conf
new file mode 100644
index 0000000..61efd52
--- /dev/null
+++ b/conf/modules.d/asn.conf
@@ -0,0 +1,29 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/asn.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/asn.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/asn.html
+
+asn {
+ # Provider: just "rspamd" for now
+ provider_type = "rspamd";
+ # Provider-specific configuration
+ provider_info {
+ ip4 = "asn.rspamd.com";
+ ip6 = "asn6.rspamd.com";
+ }
+ # If defined, insert symbol with lookup results
+ # symbol = "ASN";
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/asn.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/asn.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/asn.conf"
+}
diff --git a/conf/modules.d/aws_s3.conf b/conf/modules.d/aws_s3.conf
new file mode 100644
index 0000000..5d78148
--- /dev/null
+++ b/conf/modules.d/aws_s3.conf
@@ -0,0 +1,27 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/aws_s3.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/aws_s3.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/aws_s3.html
+
+aws_s3 {
+ # Required attributes
+ #s3_bucket = 'xxx';
+ s3_region = 'us-east-1';
+ s3_host = 's3.amazonaws.com';
+ #s3_secret_key = 'xxx';
+ #s3_key_id = 'xxx';
+ # Enable in local.d/aws_s3.conf
+ enabled = false;
+ .include(try=true,priority=5) "${DBDIR}/dynamic/aws_s3.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/aws_s3.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/aws_s3.conf"
+}
diff --git a/conf/modules.d/bimi.conf b/conf/modules.d/bimi.conf
new file mode 100644
index 0000000..ed7be6b
--- /dev/null
+++ b/conf/modules.d/bimi.conf
@@ -0,0 +1,30 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/bimi.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/bimi.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Currently there is no documentation for this module. When it is written it will
+# be available at https://rspamd.com/doc/modules/bimi.html
+
+bimi {
+ # Required attributes
+ #helper_url = "http://127.0.0.1:3030",
+ helper_timeout = 5s;
+ helper_sync = true;
+ vmc_only = true;
+ redis_prefix = 'rs_bimi';
+ redis_min_expiry = 24h;
+
+ # Enable in local.d/bimi.conf
+ enabled = false;
+ .include(try=true,priority=5) "${DBDIR}/dynamic/bimi.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/bimi.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/bimi.conf"
+}
diff --git a/conf/modules.d/chartable.conf b/conf/modules.d/chartable.conf
new file mode 100644
index 0000000..849c8bd
--- /dev/null
+++ b/conf/modules.d/chartable.conf
@@ -0,0 +1,21 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/chartable.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/chartable.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/chartable.html
+
+chartable {
+ threshold = 0.300000;
+ symbol = "R_MIXED_CHARSET";
+ .include(try=true,priority=5) "${DBDIR}/dynamic/chartable.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/chartable.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/chartable.conf"
+}
diff --git a/conf/modules.d/clickhouse.conf b/conf/modules.d/clickhouse.conf
new file mode 100644
index 0000000..5edf710
--- /dev/null
+++ b/conf/modules.d/clickhouse.conf
@@ -0,0 +1,59 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/clickhouse.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/clickhouse.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/clickhouse.html
+
+clickhouse {
+ # Push update when 1000 records are collected (1000 if unset)
+ limit = 1000;
+ # IP:port of Clickhouse server
+ # server = "localhost:8123";
+ # Timeout to wait for response (5 seconds if unset)
+ timeout = 5;
+ # How many bits of sending IP to mask in logs for IPv4 (19 if unset)
+ ipmask = 19;
+ # How many bits of sending IP to mask in logs for IPv6 (48 if unset)
+ ipmask6 = 48;
+ # Record URL paths? (default false)
+ full_urls = false;
+ # This parameter points to a map of domain names
+ # If a message has a domain in this map in From: header and DKIM signature,
+ # record general metadata in a table named after the domain
+ #from_tables = "/etc/rspamd/clickhouse_from.map";
+ # These are symbols of other checks in Rspamd
+ # Set these if you use non-default symbol names (unlikely)
+ #bayes_spam_symbols = ["BAYES_SPAM"];
+ #bayes_ham_symbols = ["BAYES_HAM"];
+ #fann_symbols = ["FANN_SCORE"];
+ #fuzzy_symbols = ["FUZZY_DENIED"];
+ #whitelist_symbols = ["WHITELIST_DKIM", "WHITELIST_SPF_DKIM", "WHITELIST_DMARC"];
+ #dkim_allow_symbols = ["R_DKIM_ALLOW"];
+ #dkim_reject_symbols = ["R_DKIM_REJECT"];
+ #dmarc_allow_symbols = ["DMARC_POLICY_ALLOW"];
+ #dmarc_reject_symbols = ["DMARC_POLICY_REJECT", "DMARC_POLICY_QUARANTINE"];
+
+ #retention {
+ # # disabled by default
+ # enable = true;
+ # # drop | detach, please refer to ClickHouse docs for details
+ # # http://clickhouse-docs.readthedocs.io/en/latest/query_language/queries.html#manipulations-with-partitions-and-parts
+ # method = "drop";
+ # # how many month the data should be kept in ClickHouse
+ # period_months = 3;
+ # # how often run the cleanup process
+ # run_every = "7d";
+ #}
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/clickhouse.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/clickhouse.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/clickhouse.conf"
+}
diff --git a/conf/modules.d/dcc.conf b/conf/modules.d/dcc.conf
new file mode 100644
index 0000000..22ca600
--- /dev/null
+++ b/conf/modules.d/dcc.conf
@@ -0,0 +1,28 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/dcc.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/dcc.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/dcc.html
+
+dcc {
+
+ enabled = false;
+
+ # Define local socket or TCP servers in upstreams syntax
+ # When sockets and servers are definined - servers is used!
+ socket = "/var/dcc/dccifd"; # Unix socket
+ #servers = "127.0.0.1:10045" # OR TCP upstreams
+ timeout = 2s; # Timeout to wait for checks
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/dcc.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/dcc.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/dcc.conf"
+}
diff --git a/conf/modules.d/dkim.conf b/conf/modules.d/dkim.conf
new file mode 100644
index 0000000..689ecd2
--- /dev/null
+++ b/conf/modules.d/dkim.conf
@@ -0,0 +1,25 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/dkim.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/dkim.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/dkim.html
+
+dkim {
+ dkim_cache_size = 2k;
+ dkim_cache_expire = 1d;
+ time_jitter = 6h;
+ trusted_only = false;
+ skip_multi = false;
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/dkim.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/dkim.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/dkim.conf"
+}
diff --git a/conf/modules.d/dkim_signing.conf b/conf/modules.d/dkim_signing.conf
new file mode 100644
index 0000000..42cb0e2
--- /dev/null
+++ b/conf/modules.d/dkim_signing.conf
@@ -0,0 +1,77 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/dkim_signing.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/dkim_signing.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+
+
+# To configure this module, please also check the following document:
+# https://rspamd.com/doc/tutorials/scanning_outbound.html and
+# https://rspamd.com/doc/modules/dkim_signing.html
+
+# To enable this module define the following attributes:
+# path = "/var/lib/rspamd/dkim/$domain.$selector.key";
+# OR
+# domain { ... }, if you use per-domain conf
+# OR
+# set `use_redis=true;` and define redis servers
+
+dkim_signing {
+ # If false, messages with empty envelope from are not signed
+ allow_envfrom_empty = true;
+ # If true, envelope/header domain mismatch is ignored
+ allow_hdrfrom_mismatch = false;
+ # If true, multiple from headers are allowed (but only first is used)
+ allow_hdrfrom_multiple = false;
+ # If true, username does not need to contain matching domain
+ allow_username_mismatch = false;
+ # Default path to key, can include '$domain' and '$selector' variables
+ #path = "/var/lib/rspamd/dkim/$domain.$selector.key";
+ # Default selector to use
+ selector = "dkim";
+ # If false, messages from authenticated users are not selected for signing
+ sign_authenticated = true;
+ # If false, messages from local networks are not selected for signing
+ sign_local = true;
+ # Symbol to add when message is signed
+ symbol = "DKIM_SIGNED";
+ # Whether to fallback to global config
+ try_fallback = true;
+ # Domain to use for DKIM signing: can be "header" or "envelope"
+ use_domain = "header";
+ # Whether to normalise domains to eSLD
+ use_esld = true;
+ # Whether to get keys from Redis
+ use_redis = false;
+ # Hash for DKIM keys in Redis
+ key_prefix = "DKIM_KEYS";
+
+ # Domain specific settings
+ #domain {
+ # example.com {
+ # selectors [
+ # { # Private key path
+ # path = "/var/lib/rspamd/dkim/example.key";
+ # # Selector
+ # selector = "ds";
+ # },
+ # { # multiple dkim signature
+ # path = "/var/lib/rspamd/dkim/eddsa.key";
+ # selector = "eddsa";
+ # }
+ # ]
+ # }
+ #}
+
+
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/dkim_signing.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/dkim_signing.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/dkim_signing.conf"
+}
diff --git a/conf/modules.d/dmarc.conf b/conf/modules.d/dmarc.conf
new file mode 100644
index 0000000..d487041
--- /dev/null
+++ b/conf/modules.d/dmarc.conf
@@ -0,0 +1,19 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/dmarc.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/dmarc.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/dmarc.html
+
+dmarc {
+ .include(try=true,priority=5) "${DBDIR}/dynamic/dmarc.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/dmarc.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/dmarc.conf"
+}
diff --git a/conf/modules.d/elastic.conf b/conf/modules.d/elastic.conf
new file mode 100644
index 0000000..8056023
--- /dev/null
+++ b/conf/modules.d/elastic.conf
@@ -0,0 +1,35 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/elastic.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/elastic.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/elastic.html
+
+elastic {
+ # Push update when 10 records are collected (10 if unset)
+ limit = 10;
+ # IP:port of Elasticsearch server
+ #server = "localhost:9200";
+ # Timeout to wait for response (5 seconds if unset)
+ timeout = 5;
+ # Elasticsearch template file (json format)
+ #template_file = "${SHAREDIR}/elastic/rspamd_template.json";
+ # Kibana prebuild visualizations and dashboard template (json format)
+ #kibana_file = "${SHAREDIR}/elastic/kibana.json";
+ # Elasticsearch index name pattern
+ index_pattern = "rspamd-%Y.%m.%d";
+ # Dump debug information
+ debug = false;
+ # Import kibana template
+ import_kibana = false;
+ .include(try=true,priority=5) "${DBDIR}/dynamic/elastic.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/elastic.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/elastic.conf"
+}
diff --git a/conf/modules.d/emails.conf b/conf/modules.d/emails.conf
new file mode 100644
index 0000000..19f750f
--- /dev/null
+++ b/conf/modules.d/emails.conf
@@ -0,0 +1,8 @@
+# Deprecated, preserved for compatibility purposes! Use rbl module
+# Module documentation https://rspamd.com/doc/modules/rbl.html
+
+emails {
+ .include(try=true,priority=5) "${DBDIR}/dynamic/emails.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/emails.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/emails.conf"
+}
diff --git a/conf/modules.d/external_relay.conf b/conf/modules.d/external_relay.conf
new file mode 100644
index 0000000..7d52ced
--- /dev/null
+++ b/conf/modules.d/external_relay.conf
@@ -0,0 +1,22 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/external_relay.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/external_relay.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/external_relay.html
+
+external_relay {
+ # This module is default-disabled
+ enabled = false;
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/external_relay.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/external_relay.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/external_relay.conf"
+}
diff --git a/conf/modules.d/external_services.conf b/conf/modules.d/external_services.conf
new file mode 100644
index 0000000..549c7d7
--- /dev/null
+++ b/conf/modules.d/external_services.conf
@@ -0,0 +1,92 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/external_services.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/external_services.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/external_services.html
+
+external_services {
+ oletools {
+ # If set force this action if any virus is found (default unset: no action is forced)
+ # action = "reject";
+ # If set, then rejection message is set to this value (mention single quotes)
+ # If `max_size` is set, messages > n bytes in size are not scanned
+ # max_size = 20000000;
+ # log_clean = true;
+ # servers = "127.0.0.1:10050";
+ # cache_expire = 86400;
+ # scan_mime_parts = true;
+ # extended = false;
+ # if `patterns` is specified virus name will be matched against provided regexes and the related
+ # symbol will be yielded if a match is found. If no match is found, default symbol is yielded.
+ patterns {
+ # symbol_name = "pattern";
+ }
+ # mime-part regex matching in content-type or filename
+ mime_parts_filter_regex {
+ #GEN1 = "application\/octet-stream";
+ DOC2 = "application\/msword";
+ DOC3 = "application\/vnd\.ms-word.*";
+ XLS = "application\/vnd\.ms-excel.*";
+ PPT = "application\/vnd\.ms-powerpoint.*";
+ GEN2 = "application\/vnd\.openxmlformats-officedocument.*";
+ }
+ # Mime-Part filename extension matching (no regex)
+ mime_parts_filter_ext {
+ doc = "doc";
+ dot = "dot";
+ docx = "docx";
+ dotx = "dotx";
+ docm = "docm";
+ dotm = "dotm";
+ xls = "xls";
+ xlt = "xlt";
+ xla = "xla";
+ xlsx = "xlsx";
+ xltx = "xltx";
+ xlsm = "xlsm";
+ xltm = "xltm";
+ xlam = "xlam";
+ xlsb = "xlsb";
+ ppt = "ppt";
+ pot = "pot";
+ pps = "pps";
+ ppa = "ppa";
+ pptx = "pptx";
+ potx = "potx";
+ ppsx = "ppsx";
+ ppam = "ppam";
+ pptm = "pptm";
+ potm = "potm";
+ ppsm = "ppsm";
+ }
+ # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned.
+ whitelist = "/etc/rspamd/antivirus.wl";
+ }
+ dcc {
+ # If set force this action if any virus is found (default unset: no action is forced)
+ # action = "reject";
+ # If set, then rejection message is set to this value (mention single quotes)
+ # If `max_size` is set, messages > n bytes in size are not scanned
+ max_size = 20000000;
+ #servers = "127.0.0.1:10045";
+ # if `patterns` is specified virus name will be matched against provided regexes and the related
+ # symbol will be yielded if a match is found. If no match is found, default symbol is yielded.
+ patterns {
+ # symbol_name = "pattern";
+ }
+ # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned.
+ whitelist = "/etc/rspamd/antivirus.wl";
+ }
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/external_services.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/external_services.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/external_services.conf"
+}
diff --git a/conf/modules.d/force_actions.conf b/conf/modules.d/force_actions.conf
new file mode 100644
index 0000000..a753066
--- /dev/null
+++ b/conf/modules.d/force_actions.conf
@@ -0,0 +1,22 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/force_actions.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/force_actions.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/force_actions.html
+
+force_actions {
+
+ # Refer to https://rspamd.com/doc/modules/force_actions.html for information on configuration
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/force_actions.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/force_actions.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/force_actions.conf"
+}
diff --git a/conf/modules.d/forged_recipients.conf b/conf/modules.d/forged_recipients.conf
new file mode 100644
index 0000000..b480bb1
--- /dev/null
+++ b/conf/modules.d/forged_recipients.conf
@@ -0,0 +1,22 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/forged_recipients.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/forged_recipients.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/forged_recipients.html
+
+forged_recipients {
+ symbol_sender = "FORGED_SENDER";
+ symbol_rcpt = "FORGED_RECIPIENTS";
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/forged_recipients.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/forged_recipients.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/forged_recipients.conf"
+}
diff --git a/conf/modules.d/fuzzy_check.conf b/conf/modules.d/fuzzy_check.conf
new file mode 100644
index 0000000..73e280f
--- /dev/null
+++ b/conf/modules.d/fuzzy_check.conf
@@ -0,0 +1,49 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/fuzzy_check.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/fuzzy_check.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/fuzzy_check.html
+
+fuzzy_check {
+ min_bytes = 1k; # Since small parts and small attachments causes too many FP
+ timeout = 2s;
+ retransmits = 1;
+ rule "rspamd.com" {
+ algorithm = "mumhash";
+ servers = "round-robin:fuzzy1.rspamd.com:11335,fuzzy2.rspamd.com:11335";
+ encryption_key = "icy63itbhhni8bq15ntp5n5symuixf73s1kpjh6skaq4e7nx5fiy";
+ symbol = "FUZZY_UNKNOWN";
+ mime_types = ["*"];
+ max_score = 20.0;
+ read_only = yes;
+ skip_unknown = yes;
+ short_text_direct_hash = true; # If less than min_length then use direct hash
+ min_length = 64; # Minimum words count to consider shingles
+ fuzzy_map = {
+ FUZZY_DENIED {
+ max_score = 20.0;
+ flag = 1;
+ }
+ FUZZY_PROB {
+ max_score = 10.0;
+ flag = 2;
+ }
+ FUZZY_WHITE {
+ max_score = 2.0;
+ flag = 3;
+ }
+ }
+ }
+ # Include dynamic conf for the rule
+ .include(try=true,priority=5) "${DBDIR}/dynamic/fuzzy_check.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/fuzzy_check.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/fuzzy_check.conf"
+}
diff --git a/conf/modules.d/greylist.conf b/conf/modules.d/greylist.conf
new file mode 100644
index 0000000..fde9cc0
--- /dev/null
+++ b/conf/modules.d/greylist.conf
@@ -0,0 +1,35 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/greylist.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/greylist.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/greylisting.html
+
+greylist {
+ # Search "example.com" and "mail.example.com" for "mx.out.mail.example.com":
+ whitelist_domains_url = [
+ "$LOCAL_CONFDIR/local.d/greylist-whitelist-domains.inc",
+ "$LOCAL_CONFDIR/local.d/maps.d/greylist-whitelist-domains.inc",
+ ];
+
+ expire = 1d; # 1 day by default
+ timeout = 5min; # 5 minutes by default
+ key_prefix = "rg"; # default hash name
+ max_data_len = 10k; # default data limit to hash
+ message = "Try again later"; # default greylisted message
+ #symbol = "GREYLIST"; # Symbol to insert
+ action = "soft reject"; # default greylisted action
+ ipv4_mask = 19; # Mask bits for ipv4
+ ipv6_mask = 64; # Mask bits for ipv6
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/greylist.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/greylist.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/greylist.conf"
+}
diff --git a/conf/modules.d/hfilter.conf b/conf/modules.d/hfilter.conf
new file mode 100644
index 0000000..36d5f47
--- /dev/null
+++ b/conf/modules.d/hfilter.conf
@@ -0,0 +1,26 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/hfilter.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/hfilter.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/hfilter.html
+
+hfilter {
+ helo_enabled = true;
+ hostname_enabled = true;
+ url_enabled = true;
+ from_enabled = true;
+ rcpt_enabled = true;
+ mid_enabled = false;
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/hfilter.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/hfilter.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/hfilter.conf"
+}
diff --git a/conf/modules.d/history_redis.conf b/conf/modules.d/history_redis.conf
new file mode 100644
index 0000000..0d1c7f6
--- /dev/null
+++ b/conf/modules.d/history_redis.conf
@@ -0,0 +1,25 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/history_redis.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/history_redis.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/history_redis.html
+
+history_redis {
+ #servers = 127.0.0.1:6379; # Redis server to store history
+ key_prefix = "rs_history"; # Default key name
+ nrows = 200; # Default rows limit
+ compress = true; # Use zstd compression when storing data in redis
+ subject_privacy = false; # subject privacy is off
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/history_redis.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/history_redis.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/history_redis.conf"
+}
diff --git a/conf/modules.d/http_headers.conf b/conf/modules.d/http_headers.conf
new file mode 100644
index 0000000..51e5b82
--- /dev/null
+++ b/conf/modules.d/http_headers.conf
@@ -0,0 +1,22 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/http_headers.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/http_headers.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/http_headers.html
+
+http_headers {
+ # This module is default-disabled
+ enabled = false;
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/http_headers.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/http_headers.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/http_headers.conf"
+}
diff --git a/conf/modules.d/known_senders.conf b/conf/modules.d/known_senders.conf
new file mode 100644
index 0000000..80b9239
--- /dev/null
+++ b/conf/modules.d/known_senders.conf
@@ -0,0 +1,31 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/known_senders.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/known_senders.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/known_senders.html
+
+known_senders {
+ # This module is default-disabled
+ enabled = false;
+
+ # Domains to track senders
+ domains = "https://maps.rspamd.com/freemail/free.txt.zst";
+ # Maximum number of elements
+ max_senders = 100000;
+ # Maximum time to live (when not using bloom filters)
+ max_ttl = 30d;
+ # Use bloom filters (must be enabled in Redis as a plugin)
+ use_bloom = false;
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/known_senders.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/known_senders.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/known_senders.conf"
+} \ No newline at end of file
diff --git a/conf/modules.d/maillist.conf b/conf/modules.d/maillist.conf
new file mode 100644
index 0000000..3ddd0a6
--- /dev/null
+++ b/conf/modules.d/maillist.conf
@@ -0,0 +1,20 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/maillist.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/maillist.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/maillist.html
+
+maillist {
+ symbol = "MAILLIST";
+ .include(try=true,priority=5) "${DBDIR}/dynamic/maillist.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/maillist.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/maillist.conf"
+}
diff --git a/conf/modules.d/metadata_exporter.conf b/conf/modules.d/metadata_exporter.conf
new file mode 100644
index 0000000..cd62be5
--- /dev/null
+++ b/conf/modules.d/metadata_exporter.conf
@@ -0,0 +1,24 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/metadata_exporter.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/metadata_exporter.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/metadata_exporter.html
+
+metadata_exporter {
+
+ # Refer to https://rspamd.com/doc/modules/metadata_exporter.html for information on configuration
+ rules {
+ }
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/metadata_exporter.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/metadata_exporter.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/metadata_exporter.conf"
+}
diff --git a/conf/modules.d/metric_exporter.conf b/conf/modules.d/metric_exporter.conf
new file mode 100644
index 0000000..8edce1d
--- /dev/null
+++ b/conf/modules.d/metric_exporter.conf
@@ -0,0 +1,21 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/metric_exporter.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/metric_exporter.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/metric_exporter.html
+metric_exporter {
+
+ # Refer to https://rspamd.com/doc/modules/metric_exporter.html for information on configuration
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/metric_exporter.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/metric_exporter.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/metric_exporter.conf"
+}
diff --git a/conf/modules.d/mid.conf b/conf/modules.d/mid.conf
new file mode 100644
index 0000000..e214a71
--- /dev/null
+++ b/conf/modules.d/mid.conf
@@ -0,0 +1,28 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/mid.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/mid.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/mid.html
+
+mid = {
+ source = {
+ url = [
+ "https://maps.rspamd.com/rspamd/mid.inc.zst",
+ "$LOCAL_CONFDIR/local.d/maps.d/mid.inc",
+ "$LOCAL_CONFDIR/local.d/mid.inc",
+ "fallback+file://${CONFDIR}/maps.d/mid.inc"
+ ];
+ }
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/mid.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/mid.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/mid.conf"
+}
diff --git a/conf/modules.d/milter_headers.conf b/conf/modules.d/milter_headers.conf
new file mode 100644
index 0000000..eafdaed
--- /dev/null
+++ b/conf/modules.d/milter_headers.conf
@@ -0,0 +1,29 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/milter_headers.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/milter_headers.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/milter_headers.html
+
+milter_headers {
+
+ # Refer to https://rspamd.com/doc/modules/milter_headers.html for information on configuration
+
+ use = [];
+
+ # Compatibility
+ .include(try=true,priority=5) "${DBDIR}/dynamic/rmilter_headers.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/rmilter_headers.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/rmilter_headers.conf"
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/milter_headers.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/milter_headers.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/milter_headers.conf"
+}
diff --git a/conf/modules.d/mime_types.conf b/conf/modules.d/mime_types.conf
new file mode 100644
index 0000000..1f67595
--- /dev/null
+++ b/conf/modules.d/mime_types.conf
@@ -0,0 +1,41 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/mime_types.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/mime_types.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/mime_types.html
+
+mime_types {
+ file = [
+ "https://maps.rspamd.com/rspamd/mime_types.inc.zst",
+ "$LOCAL_CONFDIR/local.d/maps.d/mime_types.inc.local",
+ "${DBDIR}/mime_types.inc.local",
+ "fallback+file://${CONFDIR}/maps.d/mime_types.inc"
+ ]
+
+ # Match specific extensions to specific content types
+ extension_map = {
+ html = "text/html";
+ txt = [
+ "message/disposition-notification",
+ "text/plain",
+ "text/rfc822-headers"
+ ];
+ pdf = [
+ "application/octet-stream",
+ "application/pdf",
+ "application/x-pdf"
+ ];
+ }
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/mime_types.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/mime_types.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/mime_types.conf"
+}
diff --git a/conf/modules.d/multimap.conf b/conf/modules.d/multimap.conf
new file mode 100644
index 0000000..b707ddf
--- /dev/null
+++ b/conf/modules.d/multimap.conf
@@ -0,0 +1,182 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/multimap.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/multimap.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/multimap.html
+
+multimap {
+ redirector {
+ type = "url";
+ filter = "tld";
+ map = "https://maps.rspamd.com/rspamd/redirectors.inc.zst";
+ symbol = "REDIRECTOR_URL";
+ description = "The presence of a redirector in the mail";
+ score = 0.0;
+ one_shot = true;
+ }
+
+ # Freemail Addresses
+ freemail_envfrom {
+ type = "from";
+ filter = "email:domain";
+ map = "https://maps.rspamd.com/freemail/free.txt.zst";
+ symbol = "FREEMAIL_ENVFROM";
+ description = "Envelope From is a Freemail address";
+ score = 0.0;
+ }
+
+ freemail_envrcpt {
+ type = "rcpt";
+ filter = "email:domain";
+ map = "https://maps.rspamd.com/freemail/free.txt.zst";
+ symbol = "FREEMAIL_ENVRCPT";
+ description = "Envelope Recipient is a Freemail address";
+ score = 0.0;
+ one_shot = true;
+ }
+
+ freemail_from {
+ type = "header";
+ header = "from";
+ filter = "email:domain";
+ map = "https://maps.rspamd.com/freemail/free.txt.zst";
+ symbol = "FREEMAIL_FROM";
+ description = "From is a Freemail address";
+ score = 0.0;
+ }
+
+ freemail_to {
+ type = "header";
+ header = "To";
+ filter = "email:domain";
+ map = "https://maps.rspamd.com/freemail/free.txt.zst";
+ symbol = "FREEMAIL_TO";
+ description = "To is a Freemail address";
+ score = 0.0;
+ one_shot = true;
+ }
+
+ freemail_cc {
+ type = "header";
+ header = "Cc";
+ filter = "email:domain";
+ map = "https://maps.rspamd.com/freemail/free.txt.zst";
+ symbol = "FREEMAIL_CC";
+ description = "To is a Freemail address";
+ score = 0.0;
+ one_shot = true;
+ }
+
+ freemail_replyto {
+ type = "header";
+ header = "Reply-To";
+ filter = "email:domain";
+ map = "https://maps.rspamd.com/freemail/free.txt.zst";
+ symbol = "FREEMAIL_REPLYTO";
+ description = "Reply-To is a Freemail address";
+ score = 0.0;
+ }
+
+ # Disposable Addresses
+ disposable_envfrom {
+ type = "from";
+ filter = "email:domain";
+ map = "https://maps.rspamd.com/freemail/disposable.txt.zst";
+ symbol = "DISPOSABLE_ENVFROM";
+ description = "Envelope From is a Disposable e-mail address";
+ score = 0.0;
+ }
+
+ disposable_envrcpt {
+ type = "rcpt";
+ filter = "email:domain";
+ map = "https://maps.rspamd.com/freemail/disposable.txt.zst";
+ symbol = "DISPOSABLE_ENVRCPT";
+ description = "Envelope Recipient is a Disposable e-mail address";
+ score = 0.0;
+ one_shot = true;
+ }
+
+ disposable_from {
+ type = "header";
+ header = "from";
+ filter = "email:domain";
+ map = "https://maps.rspamd.com/freemail/disposable.txt.zst";
+ symbol = "DISPOSABLE_FROM";
+ description = "From a Disposable e-mail address";
+ score = 0.0;
+ }
+
+ disposable_to {
+ type = "header";
+ header = "To";
+ filter = "email:domain";
+ map = "https://maps.rspamd.com/freemail/disposable.txt.zst";
+ symbol = "DISPOSABLE_TO";
+ description = "To a disposable e-mail address";
+ score = 0.0;
+ one_shot = true;
+ }
+
+ disposable_cc {
+ type = "header";
+ header = "Cc";
+ filter = "email:domain";
+ map = "https://maps.rspamd.com/freemail/disposable.txt.zst";
+ symbol = "DISPOSABLE_CC";
+ description = "To a disposable e-mail address";
+ score = 0.0;
+ one_shot = true;
+ }
+
+ disposable_replyto {
+ type = "header";
+ header = "Reply-To";
+ filter = "email:domain";
+ map = "https://maps.rspamd.com/freemail/disposable.txt.zst";
+ symbol = "DISPOSABLE_REPLYTO";
+ description = "Reply-To a disposable e-mail address";
+ score = 0.0;
+ }
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/multimap.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/multimap.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/multimap.conf"
+}
+
+/* Example setup
+sender_from_whitelist_user {
+ type = "from";
+ filter = "email:user";
+ map = "file:///tmp/from.map";
+ symbol = "SENDER_FROM_WHITELIST_USER";
+ action = "accept"; # Prefilter mode
+}
+sender_from_regexp {
+ type = "header";
+ header = "from";
+ filter = 'regexp:/.*@/';
+ map = "file:///tmp/from_re.map";
+ symbol = "SENDER_FROM_REGEXP";
+}
+url_map {
+ type = "url";
+ filter = "tld";
+ map = "file:///tmp/url.map";
+ symbol = "URL_MAP";
+}
+url_tld_re {
+ type = "url";
+ filter = 'tld:regexp:/\.[^.]+$/'; # Extracts the last component of URL
+ map = "file:///tmp/url.map";
+ symbol = "URL_MAP_RE";
+}
+*/
diff --git a/conf/modules.d/mx_check.conf b/conf/modules.d/mx_check.conf
new file mode 100644
index 0000000..2068fc5
--- /dev/null
+++ b/conf/modules.d/mx_check.conf
@@ -0,0 +1,43 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/mx_check.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/mx_check.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/mx_check.html
+
+# This module is *DISABLED* by default
+# If you need to enable it, then define the following line in
+# local.d/mx_check.conf:
+#
+# enabled = true;
+#
+# You also need to define redis servers for this module
+
+mx_check {
+ # connection timeout in seconds
+ timeout = 1.0;
+ # symbol yielded if no MX is connectable
+ symbol_bad_mx = "MX_INVALID";
+ # symbol yielded if no MX is found
+ symbol_no_mx = "MX_MISSING";
+ # symbol yielded if MX is connectable
+ symbol_good_mx = "MX_GOOD";
+ # lifetime of redis cache - 1 day by default
+ expire = 86400;
+ # prefix used for redis key
+ key_prefix = "rmx";
+
+ # !!! Disabled by default !!!
+ enabled = false;
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/mx_check.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/mx_check.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/mx_check.conf"
+}
diff --git a/conf/modules.d/neural.conf b/conf/modules.d/neural.conf
new file mode 100644
index 0000000..2ab0cbe
--- /dev/null
+++ b/conf/modules.d/neural.conf
@@ -0,0 +1,35 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/neural.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/neural.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/neural.html
+
+neural {
+ #servers = 127.0.0.1:6379; # Redis server to store learning data and ANN
+
+ train {
+ max_trains = 1k; # Number of trains per epoch
+ max_usages = 20; # Number of learn iterations while ANN data is valid
+ learning_rate = 0.01; # Rate of learning (Torch only)
+ max_iterations = 25; # Maximum iterations of learning (Torch only)
+ }
+
+ timeout = 20; # Increase redis timeout
+
+ # Legacy support
+ .include(try=true,priority=5) "${DBDIR}/dynamic/fann_redis.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/fann_redis.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/fann_redis.conf"
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/neural.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/neural.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/neural.conf"
+}
diff --git a/conf/modules.d/once_received.conf b/conf/modules.d/once_received.conf
new file mode 100644
index 0000000..ab07492
--- /dev/null
+++ b/conf/modules.d/once_received.conf
@@ -0,0 +1,26 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/once_received.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/once_received.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/once_received.html
+
+once_received {
+ good_host = "mail";
+ bad_host = "static";
+ bad_host = "dynamic";
+ symbol_strict = "ONCE_RECEIVED_STRICT";
+ symbol = "ONCE_RECEIVED";
+ symbol_mx = "DIRECT_TO_MX";
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/once_received.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/once_received.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/once_received.conf"
+}
diff --git a/conf/modules.d/p0f.conf b/conf/modules.d/p0f.conf
new file mode 100644
index 0000000..049d4fe
--- /dev/null
+++ b/conf/modules.d/p0f.conf
@@ -0,0 +1,45 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/p0f.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/p0f.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/p0f.html
+
+p0f {
+ # Disable module by default
+ enabled = false;
+
+ # Path to the unix socket that p0f listens on
+ socket = '/var/run/p0f.sock';
+
+ # Connection timeout
+ timeout = 5s;
+
+ # If defined, insert symbol with lookup results
+ symbol = 'P0F';
+
+ # Patterns to match against results returned by p0f
+ # Symbol will be yielded on OS string, link type or distance matches
+ patterns = {
+ WINDOWS = '^Windows.*';
+ #DSL = '^DSL$';
+ #DISTANCE10 = '^distance:10$';
+ }
+
+ # Cache lifetime in seconds (default - 2 hours)
+ expire = 7200;
+
+ # Cache key prefix
+ prefix = 'p0f';
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/p0f.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/p0f.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/p0f.conf"
+}
diff --git a/conf/modules.d/phishing.conf b/conf/modules.d/phishing.conf
new file mode 100644
index 0000000..a6531e6
--- /dev/null
+++ b/conf/modules.d/phishing.conf
@@ -0,0 +1,48 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/phishing.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/phishing.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/phishing.html
+
+phishing {
+ symbol = "PHISHING";
+ # Disabled by default
+ openphish_enabled = false;
+ openphish_premium = false;
+ openphish_map = "https://www.openphish.com/feed.txt";
+ # Phishtank is disabled by default in the module, so let's enable it here explicitly
+ phishtank_enabled = true;
+
+ # List of excluded hosts from checks over openphish, phishtank and generic_service
+ phishing_feed_exclusion_symbol = "PHISHED_EXCLUDED";
+ # Disabled by default
+ phishing_feed_exclusion_enabled = false;
+ phishing_feed_exclusion_map = "$LOCAL_CONFDIR/local.d/maps.d/phishing_feed_exclusion.inc";
+
+ # Make exclusions for known redirectors and domains
+ exceptions = {
+ REDIRECTOR_FALSE = [
+ "https://maps.rspamd.com/rspamd/redirectors.inc.zst",
+ "$LOCAL_CONFDIR/local.d/maps.d/redirectors.inc",
+ "$LOCAL_CONFDIR/local.d/redirectors.inc",
+ "fallback+file://${CONFDIR}/maps.d/redirectors.inc"
+ ];
+ PHISHED_WHITELISTED = [
+ "glob;https://maps.rspamd.com/rspamd/phishing_whitelist.inc.zst",
+ "glob;$LOCAL_CONFDIR/local.d/maps.d/phishing_whitelist.inc",
+ "glob;$LOCAL_CONFDIR/local.d/phishing_whitelist.inc",
+ ];
+ };
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/phishing.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/phishing.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/phishing.conf"
+}
diff --git a/conf/modules.d/ratelimit.conf b/conf/modules.d/ratelimit.conf
new file mode 100644
index 0000000..d1a91d3
--- /dev/null
+++ b/conf/modules.d/ratelimit.conf
@@ -0,0 +1,44 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/ratelimit.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/ratelimit.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/ratelimit.html
+
+ratelimit {
+ #rates {
+ # Predefined ratelimit
+ #to = {
+ # bucket = {
+ # burst = 100;
+ # rate = 0.01666666666666666666; # leak 1 message per minute
+ # }
+ #}
+ # or define it with selector
+ #other_limit_alt = {
+ # selector = 'rcpts:addr.take_n(5)';
+ # bucket = {
+ # burst = 100;
+ # rate = "1 / 1m"; # leak 1 message per minute
+ # }
+ #}
+ #}
+ # If symbol is specified, then it is inserted *instead* of setting result to soft reject
+ #symbol = "R_RATELIMIT";
+
+ # If info_symbol is specified, then it is inserted next to set the result
+ #info_symbol = "R_RATELIMIT_INFO";
+
+ whitelisted_rcpts = "postmaster,mailer-daemon";
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/ratelimit.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/ratelimit.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/ratelimit.conf"
+}
diff --git a/conf/modules.d/rbl.conf b/conf/modules.d/rbl.conf
new file mode 100644
index 0000000..79dfc84
--- /dev/null
+++ b/conf/modules.d/rbl.conf
@@ -0,0 +1,347 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/rbl.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/rbl.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/rbl.html
+
+rbl {
+ default_exclude_users = true;
+ default_unknown = true;
+
+ url_whitelist = [
+ "https://maps.rspamd.com/rspamd/surbl-whitelist.inc.zst",
+ "$LOCAL_CONFDIR/local.d/maps.d/surbl-whitelist.inc.local",
+ "${DBDIR}/surbl-whitelist.inc.local",
+ "fallback+file://${CONFDIR}/maps.d/surbl-whitelist.inc"
+ ];
+
+ attached_maps = [
+ {
+ selector_alias = "surbl_hashbl_map",
+ description = "SURBL hashbl map",
+ url = "regexp;http://sa-update.surbl.org/rspamd/surbl-hashbl-map.inc",
+ }
+ ]
+
+ rbls {
+
+ spamhaus {
+ symbol = "SPAMHAUS"; # Augmented by prefixes
+ rbl = "zen.spamhaus.org";
+ # Check types
+ checks = ['received', 'from'];
+
+ symbols_prefixes = {
+ received = 'RECEIVED',
+ from = 'RBL',
+ }
+ returncodes {
+ SPAMHAUS_SBL = "127.0.0.2";
+ SPAMHAUS_CSS = "127.0.0.3";
+ SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
+ SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"];
+ SPAMHAUS_DROP = "127.0.0.9";
+ SPAMHAUS_BLOCKED_OPENRESOLVER = "127.255.255.254";
+ SPAMHAUS_BLOCKED= "127.255.255.255";
+ }
+ }
+
+ mailspike {
+ symbol = "MAILSPIKE";
+ rbl = "rep.mailspike.net";
+ is_whitelist = true;
+ checks = ['from'];
+ whitelist_exception = "MAILSPIKE";
+ whitelist_exception = "RWL_MAILSPIKE_GOOD";
+ whitelist_exception = "RWL_MAILSPIKE_NEUTRAL";
+ whitelist_exception = "RWL_MAILSPIKE_POSSIBLE";
+ whitelist_exception = "RBL_MAILSPIKE_WORST";
+ whitelist_exception = "RBL_MAILSPIKE_VERYBAD";
+ whitelist_exception = "RBL_MAILSPIKE_BAD";
+ returncodes {
+ RBL_MAILSPIKE_WORST = "127.0.0.10";
+ RBL_MAILSPIKE_VERYBAD = "127.0.0.11";
+ RBL_MAILSPIKE_BAD = "127.0.0.12";
+ RWL_MAILSPIKE_NEUTRAL = ["127.0.0.16", "127.0.0.15", "127.0.0.14", "127.0.0.13"];
+ RWL_MAILSPIKE_POSSIBLE = "127.0.0.17";
+ RWL_MAILSPIKE_GOOD = "127.0.0.18";
+ RWL_MAILSPIKE_VERYGOOD = "127.0.0.19";
+ RWL_MAILSPIKE_EXCELLENT = "127.0.0.20";
+ }
+ }
+
+ senderscore {
+ symbol = "RBL_SENDERSCORE";
+ checks = ['from'];
+ rbl = "bl.score.senderscore.com";
+ }
+
+ sem {
+ symbol = "RBL_SEM";
+ rbl = "bl.spameatingmonkey.net";
+ ipv6 = false;
+ checks = ['from'];
+ }
+
+ semIPv6 {
+ symbol = "RBL_SEM_IPV6";
+ rbl = "bl.ipv6.spameatingmonkey.net";
+ ipv4 = false;
+ ipv6 = true;
+ checks = ['from'];
+ }
+
+ dnswl {
+ symbol = "RCVD_IN_DNSWL";
+ rbl = "list.dnswl.org";
+ ipv6 = true;
+ checks = ['from', 'received'];
+ is_whitelist = true;
+ returncodes_matcher = "luapattern";
+ whitelist_exception = "RCVD_IN_DNSWL";
+ whitelist_exception = "RCVD_IN_DNSWL_NONE";
+ whitelist_exception = "RCVD_IN_DNSWL_LOW";
+ whitelist_exception = "DNSWL_BLOCKED";
+ returncodes {
+ RCVD_IN_DNSWL_NONE = ["127%.0%.%d%.0", "127%.0%.[02-9]%d%.0", "127%.0%.1[1-9]%.0", "127%.0%.[12]%d%d%.0"];
+ RCVD_IN_DNSWL_LOW = ["127%.0%.%d%.1", "127%.0%.[02-9]%d%.1", "127%.0%.1[1-9]%.1", "127%.0%.[12]%d%d%.1"];
+ RCVD_IN_DNSWL_MED = ["127%.0%.%d%.2", "127%.0%.[02-9]%d%.2", "127%.0%.1[1-9]%.2", "127%.0%.[12]%d%d%.2"];
+ RCVD_IN_DNSWL_HI = ["127%.0%.%d%.3", "127%.0%.[02-9]%d%.3", "127%.0%.1[1-9]%.3", "127%.0%.[12]%d%d%.3"];
+ DNSWL_BLOCKED = ["127%.0%.0%.255", "127%.0%.10%.%d+"];
+ }
+ }
+
+ # Provided by https://virusfree.cz
+ virusfree {
+ symbol = "RBL_VIRUSFREE_UNKNOWN";
+ rbl = "bip.virusfree.cz";
+ ipv6 = true;
+ checks = ['from'];
+ returncodes {
+ RBL_VIRUSFREE_BOTNET = "127.0.0.2";
+ }
+ }
+
+ nixspam {
+ symbol = "RBL_NIXSPAM";
+ rbl = "ix.dnsbl.manitu.net";
+ ipv6 = true;
+ checks = ['from'];
+ }
+
+ blocklistde {
+ symbols_prefixes = {
+ received = 'RECEIVED',
+ from = 'RBL',
+ }
+ symbol = "BLOCKLISTDE";
+ rbl = "bl.blocklist.de";
+ checks = ['from', 'received'];
+ }
+
+ # Dkim whitelist
+ dnswl_dwl {
+ symbol = "DWL_DNSWL";
+ rbl = "dwl.dnswl.org";
+ checks = ['dkim'];
+ ignore_whitelist = true;
+ returncodes_matcher = "luapattern";
+ unknown = false;
+
+ returncodes {
+ DWL_DNSWL_NONE = ["127%.0%.%d%.0", "127%.0%.[02-9]%d%.0", "127%.0%.1[1-9]%.0", "127%.0%.[12]%d%d%.0"];
+ DWL_DNSWL_LOW = ["127%.0%.%d%.1", "127%.0%.[02-9]%d%.1", "127%.0%.1[1-9]%.1", "127%.0%.[12]%d%d%.1"];
+ DWL_DNSWL_MED = ["127%.0%.%d%.2", "127%.0%.[02-9]%d%.2", "127%.0%.1[1-9]%.2", "127%.0%.[12]%d%d%.2"];
+ DWL_DNSWL_HI = ["127%.0%.%d%.3", "127%.0%.[02-9]%d%.3", "127%.0%.1[1-9]%.3", "127%.0%.[12]%d%d%.3"];
+ DWL_DNSWL_BLOCKED = ["127%.0%.0%.255", "127%.0%.10%.%d+"];
+ }
+ }
+
+ RSPAMD_EMAILBL {
+ ignore_whitelist = true;
+ ignore_url_whitelist = true;
+ ignore_defaults = true;
+ exclude_users = false;
+ emails_delimiter = ".";
+ hash_format = "base32";
+ hash_len = 32;
+ rbl = "email.rspamd.com";
+ checks = ['emails', 'replyto'];
+ hash = "blake2";
+ returncodes = {
+ RSPAMD_EMAILBL = "127.0.0.2";
+ }
+ }
+
+ MSBL_EBL {
+ ignore_whitelist = true;
+ ignore_url_whitelist = true;
+ ignore_defaults = true;
+ exclude_users = false;
+ rbl = "ebl.msbl.org";
+ checks = ['emails', 'replyto'];
+ emails_domainonly = false;
+ hash = "sha1";
+ returncodes = {
+ MSBL_EBL = [
+ "127.0.0.2",
+ "127.0.0.3"
+ ];
+ MSBL_EBL_GREY = [
+ "127.0.1.2",
+ "127.0.1.3"
+ ];
+ }
+ }
+
+ "SURBL_MULTI" {
+ ignore_defaults = true;
+ rbl = "multi.surbl.org";
+ checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls'];
+ emails_domainonly = true;
+ exclude_users = false;
+
+ returnbits = {
+ CRACKED_SURBL = 128;
+ ABUSE_SURBL = 64;
+ MW_SURBL_MULTI = 16;
+ PH_SURBL_MULTI = 8;
+ SURBL_BLOCKED = 1;
+ }
+ }
+
+ SURBL_HASHBL {
+ rbl = "hashbl.surbl.org";
+ ignore_defaults = true;
+ random_monitored = true,
+ # TODO: make limit more configurable maybe?
+ selector = "specific_urls_filter_map('surbl_hashbl_map', {limit = 10}).apply_methods('get_host', 'get_path').join_tables('/')",
+ hash = 'md5';
+ hash_len = 32;
+ returncodes_matcher = "luapattern";
+ returncodes = {
+ SURBL_HASHBL_PHISH = "127.0.0.8";
+ SURBL_HASHBL_MALWARE = "127.0.0.16";
+ SURBL_HASHBL_ABUSE = "127.0.0.64";
+ SURBL_HASHBL_CRACKED = "127.0.0.128";
+ SURBL_HASHBL_EMAIL = "127.0.1.%d+";
+ }
+ }
+
+ "URIBL_MULTI" {
+ ignore_defaults = true;
+ rbl = "multi.uribl.com";
+ checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls'];
+ emails_domainonly = true;
+ exclude_users = false;
+
+ returnbits {
+ URIBL_BLOCKED = 1;
+ URIBL_BLACK = 2;
+ URIBL_GREY = 4;
+ URIBL_RED = 8;
+ }
+ }
+
+ "RSPAMD_URIBL" {
+ ignore_defaults = true;
+ rbl = "uribl.rspamd.com";
+ checks = ['emails', 'dkim', 'urls'];
+ emails_domainonly = true;
+ hash = 'blake2';
+ hash_len = 32;
+ hash_format = 'base32';
+ exclude_users = false;
+
+ returncodes = {
+ RSPAMD_URIBL = [
+ "127.0.0.2",
+ ];
+ }
+ }
+
+ "DBL" {
+ ignore_defaults = true;
+ rbl = "dbl.spamhaus.org";
+ no_ip = true;
+ checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls'];
+ emails_domainonly = true;
+ exclude_users = false;
+
+ returncodes = {
+ # spam domain
+ DBL_SPAM = "127.0.1.2";
+ # phish domain
+ DBL_PHISH = "127.0.1.4";
+ # malware domain
+ DBL_MALWARE = "127.0.1.5";
+ # botnet C&C domain
+ DBL_BOTNET = "127.0.1.6";
+ # abused legit spam
+ DBL_ABUSE = "127.0.1.102";
+ # abused spammed redirector domain
+ DBL_ABUSE_REDIR = "127.0.1.103";
+ # abused legit phish
+ DBL_ABUSE_PHISH = "127.0.1.104";
+ # abused legit malware
+ DBL_ABUSE_MALWARE = "127.0.1.105";
+ # abused legit botnet C&C
+ DBL_ABUSE_BOTNET = "127.0.1.106";
+ # error - IP queries prohibited!
+ DBL_PROHIBIT = "127.0.1.255";
+ # issue #3074
+ DBL_BLOCKED_OPENRESOLVER = "127.255.255.254";
+ DBL_BLOCKED = "127.255.255.255";
+ }
+ }
+
+ # Not enabled by default due to privacy concerns! (see also groups.d/surbl_group.conf)
+ "SPAMHAUS_ZEN_URIBL" {
+ enabled = false;
+ rbl = "zen.spamhaus.org";
+ checks = ['emails'];
+ resolve_ip = true;
+ returncodes = {
+ URIBL_SBL = "127.0.0.2";
+ URIBL_SBL_CSS = "127.0.0.3";
+ URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
+ URIBL_PBL = ["127.0.0.10", "127.0.0.11"];
+ URIBL_DROP = "127.0.0.9";
+ }
+ }
+
+ "SEM_URIBL_UNKNOWN" {
+ ignore_defaults = true;
+ rbl = "uribl.spameatingmonkey.net";
+ no_ip = true;
+ checks = ['emails', 'dkim', 'urls'];
+ emails_domainonly = true;
+ returnbits {
+ SEM_URIBL = 2;
+ }
+ }
+
+ "SEM_URIBL_FRESH15_UNKNOWN" {
+ ignore_defaults = true;
+ rbl = "fresh15.spameatingmonkey.net";
+ no_ip = true;
+ checks = ['emails', 'dkim', 'urls'];
+ emails_domainonly = true;
+ returnbits {
+ SEM_URIBL_FRESH15 = 2;
+ }
+ }
+ }
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/rbl.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/rbl.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/rbl.conf"
+}
diff --git a/conf/modules.d/redis.conf b/conf/modules.d/redis.conf
new file mode 100644
index 0000000..24948b1
--- /dev/null
+++ b/conf/modules.d/redis.conf
@@ -0,0 +1,27 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/redis.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/redis.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# See https://rspamd.com/doc/configuration/redis.html
+
+redis {
+ #servers = "127.0.0.1"; # Read servers (unless write_servers are unspecified)
+ #servers = "master-slave:127.0.0.1,10.0.1.1";
+ #write_servers = "127.0.0.1"; # Servers to write data
+ #disabled_modules = ["ratelimit"]; # List of modules that should not use redis from this section
+ #timeout = 1s;
+ #db = "0";
+ #username = "some_username";
+ #password = "some_password";
+ .include(try=true,priority=5) "${DBDIR}/dynamic/redis.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/redis.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/redis.conf"
+}
diff --git a/conf/modules.d/regexp.conf b/conf/modules.d/regexp.conf
new file mode 100644
index 0000000..f7d5921
--- /dev/null
+++ b/conf/modules.d/regexp.conf
@@ -0,0 +1,21 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/regexp.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/regexp.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/regexp.html
+
+regexp {
+ max_size = 1M;
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/regexp.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/regexp.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/regexp.conf"
+}
diff --git a/conf/modules.d/replies.conf b/conf/modules.d/replies.conf
new file mode 100644
index 0000000..a1a85df
--- /dev/null
+++ b/conf/modules.d/replies.conf
@@ -0,0 +1,30 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/replies.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/replies.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/replies.html
+
+replies {
+ # This setting is non-default & is required to be set
+ # Redis servers to use
+ #servers = "localhost";
+ # This setting is non-default & may be desirable
+ #action = "no action";
+ # These are default settings you may want to change
+ expire = 86400;
+ key_prefix = "rr";
+ message = "Message is reply to one we originated";
+ symbol = "REPLY";
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/replies.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/replies.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/replies.conf"
+}
diff --git a/conf/modules.d/reputation.conf b/conf/modules.d/reputation.conf
new file mode 100644
index 0000000..fe9d5f7
--- /dev/null
+++ b/conf/modules.d/reputation.conf
@@ -0,0 +1,30 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/reputation.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/reputation.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/reputation.html
+
+reputation {
+# rules {
+# SPF_REPUTATION = {
+# selector {
+# type = "spf";
+# }
+# backend {
+# type = "redis";
+# }
+# symbol = "SPF_REPUTATION";
+# }
+# }
+ .include(try=true,priority=5) "${DBDIR}/dynamic/reputation.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/reputation.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/reputation.conf"
+}
diff --git a/conf/modules.d/rspamd_update.conf b/conf/modules.d/rspamd_update.conf
new file mode 100644
index 0000000..1b998b2
--- /dev/null
+++ b/conf/modules.d/rspamd_update.conf
@@ -0,0 +1,26 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/rspamd_update.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/rspamd_update.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/rspamd_update.html
+
+# This module is disabled by default, please don't enable it unless you know
+# what are you doing!
+
+rspamd_update {
+ rules = "sign+https://updates.rspamd.com/rspamd-${BRANCH_VERSION}.ucl";
+ key = "qxuogdh5eghytji1utkkte1dn3n81c3y5twe61uzoddzwqzuxxyb";
+ enabled = false; # Disable this module by default
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/rspamd_update.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/rspamd_update.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/rspamd_update.conf"
+}
diff --git a/conf/modules.d/spamassassin.conf b/conf/modules.d/spamassassin.conf
new file mode 100644
index 0000000..79f7527
--- /dev/null
+++ b/conf/modules.d/spamassassin.conf
@@ -0,0 +1,26 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/spamassassin.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/spamassassin.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/spamassassin.html
+
+spamassassin {
+ # This config defines no SA files leaving this module efficiently disabled by default
+ #ruleset = "/path/to/file";
+ # Limit search size to 100 kilobytes for all regular expressions
+ #match_limit = 100k;
+ # Those regexp atoms will not be passed through hyperscan:
+ #pcre_only = ["RULE1", "__RULE2"];
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/spamassassin.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/spamassassin.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/spamassassin.conf"
+}
diff --git a/conf/modules.d/spamtrap.conf b/conf/modules.d/spamtrap.conf
new file mode 100644
index 0000000..d0e70f6
--- /dev/null
+++ b/conf/modules.d/spamtrap.conf
@@ -0,0 +1,53 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/spamtrap.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/spamtrap.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/spamtrap.html
+
+# This module is *DISABLED* by default
+# If you need to enable it, then define the following line in
+# local.d/spamtrap.conf:
+#
+# enabled = true;
+#
+# You also need to define redis servers for this module
+
+spamtrap {
+ # Optionally set an action
+ #action = "no action";
+ # A map file containing regexp entries for spamtrap emails and domains
+ #map = file://$LOCAL_CONFDIR/local.d/maps.d/spamtrap.map
+ # Name of the symbol
+ #symbol = "SPAMTRAP";
+ # A score for this module
+ #score = 0.0;
+ # Flag to enable fuzzy learning
+ learn_fuzzy = false;
+ # Flag to enable bayes spam learning
+ learn_spam = false;
+ # Fuzzy flag
+ #fuzzy_flag = 1;
+ # Fuzzy weight
+ #fuzzy_weight = 10.0;
+ # Redis key prefix
+ #key_prefix = 'sptr_';
+ # Skip spamtrap checks for authorized users
+ #check_authed = false;
+ # Skip spamtrap checks for local networks
+ #check_local = false;
+
+ # !!! Disabled by default !!!
+ enabled = false;
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/spamtrap.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/spamtrap.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/spamtrap.conf"
+}
diff --git a/conf/modules.d/spf.conf b/conf/modules.d/spf.conf
new file mode 100644
index 0000000..c4284bc
--- /dev/null
+++ b/conf/modules.d/spf.conf
@@ -0,0 +1,22 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/spf.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/spf.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/spf.html
+spf {
+ spf_cache_size = 2k;
+ spf_cache_expire = 1d;
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/spf.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/spf.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/spf.conf"
+
+}
diff --git a/conf/modules.d/surbl.conf b/conf/modules.d/surbl.conf
new file mode 100644
index 0000000..89b8842
--- /dev/null
+++ b/conf/modules.d/surbl.conf
@@ -0,0 +1,9 @@
+# Deprecated, use RBL module!
+surbl {
+ rules {
+ }
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/surbl.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/surbl.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/surbl.conf"
+}
diff --git a/conf/modules.d/trie.conf b/conf/modules.d/trie.conf
new file mode 100644
index 0000000..9a1e1ca
--- /dev/null
+++ b/conf/modules.d/trie.conf
@@ -0,0 +1,37 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/trie.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/trie.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/trie.html
+
+trie {
+ # Each subsection defines a single rule with associated symbol
+ # This config defines no tries leaving this module efficiently disabled by default
+# SYMBOL1 {
+# # Define rules in the file (it is *NOT* a map)
+# file = "/some/path";
+# # Raw rules search within the whole undecoded messages
+# raw = true;
+# # If we have multiple occurrences of strings from this rule
+# # then we insert a symbol multiple times
+# multi = true;
+# }
+# SYMBOL2 {
+# patterns = [
+# "pattern1",
+# "pattern2",
+# "pattern3"
+# ]
+# }
+ .include(try=true,priority=5) "${DBDIR}/dynamic/trie.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/trie.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/trie.conf"
+}
diff --git a/conf/modules.d/url_redirector.conf b/conf/modules.d/url_redirector.conf
new file mode 100644
index 0000000..da3b5bb
--- /dev/null
+++ b/conf/modules.d/url_redirector.conf
@@ -0,0 +1,27 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/url_redirector.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/url_redirector.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/url_redirector.html
+
+url_redirector {
+ expire = 1d; # 1 day by default
+ timeout = 10; # 10 seconds by default
+ nested_limit = 1; # How many redirects to follow
+ #proxy = "http://example.com:3128"; # Send request through proxy
+ key_prefix = "rdr:"; # default hash name
+ check_ssl = false; # check ssl certificates
+ max_size = 10k; # maximum body to process
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/url_redirector.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/url_redirector.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/url_redirector.conf"
+}
diff --git a/conf/modules.d/whitelist.conf b/conf/modules.d/whitelist.conf
new file mode 100644
index 0000000..a4b39aa
--- /dev/null
+++ b/conf/modules.d/whitelist.conf
@@ -0,0 +1,66 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/whitelist.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/whitelist.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/whitelist.html
+
+whitelist {
+ rules {
+ "WHITELIST_SPF" = {
+ valid_spf = true;
+ domains = [
+ "$LOCAL_CONFDIR/local.d/maps.d/spf_whitelist.inc.local",
+ "${DBDIR}/spf_whitelist.inc.local",
+ "fallback+file://${CONFDIR}/maps.d/spf_whitelist.inc"
+ ];
+ score = -1.0
+ inverse_symbol = "BLACKLIST_SPF";
+ }
+
+ "WHITELIST_DKIM" = {
+ valid_dkim = true;
+ domains = [
+ "$LOCAL_CONFDIR/local.d/maps.d/dkim_whitelist.inc.local",
+ "${DBDIR}/dkim_whitelist.inc.local",
+ "fallback+file://${CONFDIR}/maps.d/dkim_whitelist.inc"
+ ];
+ score = -1.0;
+ inverse_symbol = "BLACKLIST_DKIM";
+ }
+ "WHITELIST_SPF_DKIM" = {
+ valid_spf = true;
+ valid_dkim = true;
+ domains = [
+ "https://maps.rspamd.com/rspamd/spf_dkim_whitelist.inc.zst",
+ "$LOCAL_CONFDIR/local.d/maps.d/spf_dkim_whitelist.inc.local",
+ "${DBDIR}/spf_dkim_whitelist.inc.local",
+ "fallback+file://${CONFDIR}/maps.d/spf_dkim_whitelist.inc"
+ ];
+ score = -3.0;
+ inverse_symbol = "BLACKLIST_SPF_DKIM";
+ }
+ "WHITELIST_DMARC" = {
+ valid_dmarc = true;
+ domains = [
+ "https://maps.rspamd.com/rspamd/dmarc_whitelist_new.inc.zst",
+ "$LOCAL_CONFDIR/local.d/maps.d/dmarc_whitelist.inc.local",
+ "${DBDIR}/dmarc_whitelist.inc.local",
+ "fallback+file://${CONFDIR}/maps.d/dmarc_whitelist.inc"
+ ];
+ score = -7.0;
+ inverse_symbol = "BLACKLIST_DMARC";
+ }
+ }
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/whitelist.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/whitelist.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/whitelist.conf"
+}