diff options
Diffstat (limited to '')
87 files changed, 8570 insertions, 0 deletions
diff --git a/conf/actions.conf b/conf/actions.conf new file mode 100644 index 0000000..8be3823 --- /dev/null +++ b/conf/actions.conf @@ -0,0 +1,29 @@ +# Actions settings +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/actions.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/actions.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# See also https://rspamd.com/doc/faq.html#what-are-rspamd-actions for actions definition + +actions { + reject = 15; # Reject when reaching this score + add_header = 6; # Add header when reaching this score + greylist = 4; # Apply greylisting when reaching this score (will emit `soft reject action`) + + #unknown_weight = 1.0; # Enable if need to set score for all symbols implicitly + # Each new symbol is added multiplied by gf^N, where N is the number of spammy symbols + #grow_factor = 1.1; + # Set rewrite subject to this value (%s is replaced by the original subject) + #subject = "***SPAM*** %s" + + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/actions.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/actions.conf" +} diff --git a/conf/cgp.inc b/conf/cgp.inc new file mode 100644 index 0000000..436713c --- /dev/null +++ b/conf/cgp.inc @@ -0,0 +1,17 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# This file defines some specific settings that are applicable merely when using +# CommuniGate Pro MTA and it's specific integration + +arc { + sign_networks = [127.2.4.7]; +} + +dkim_signing { + sign_networks = [127.2.4.7]; +} + +options { + local_addrs = [127.2.4.7]; +} diff --git a/conf/common.conf b/conf/common.conf new file mode 100644 index 0000000..023fd51 --- /dev/null +++ b/conf/common.conf @@ -0,0 +1,40 @@ +# A common rspamd configuration file (should never ever be changed) +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +lua = "$RULESDIR/rspamd.lua" + +.include "$CONFDIR/metrics.conf" +.include "$CONFDIR/actions.conf" +.include "$CONFDIR/groups.conf" +.include "$CONFDIR/composites.conf" + +.include "$CONFDIR/statistic.conf" + +.include "$CONFDIR/modules.conf" + +# Include users settings +.include "$CONFDIR/settings.conf" + +# User local settings +.include(try=true) "$LOCAL_CONFDIR/rspamd.conf.local" +.include(try=true,priority=10) "$LOCAL_CONFDIR/rspamd.conf.local.override" +.include(try=true,priority=10) "$LOCAL_CONFDIR/rspamd.conf.override" + +modules { + path = "${PLUGINSDIR}"; + fallback_path = "${SHAREDIR}/lua"; # Legacy path + try_path = "${LOCAL_CONFDIR}/plugins.d/"; # User plugins +} diff --git a/conf/composites.conf b/conf/composites.conf new file mode 100644 index 0000000..e38d64e --- /dev/null +++ b/conf/composites.conf @@ -0,0 +1,193 @@ +# Composites setup +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/composites.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/composites.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# See https://rspamd.com/doc/tutorials/writing_rules.html and +# https://rspamd.com/doc/configuration/composites.html for details + +composites { + + SHORT_PART_BAD_HEADERS { + expression = "MISSING_ESSENTIAL_HEADERS & SINGLE_SHORT_PART"; + group = "blankspam"; + policy = "leave"; + score = 7.0; + } + FORGED_RECIPIENTS_MAILLIST { + expression = "FORGED_RECIPIENTS & -MAILLIST"; + } + FORGED_SENDER_MAILLIST { + expression = "FORGED_SENDER & -MAILLIST"; + } + FORGED_SENDER_FORWARDING { + expression = "FORGED_SENDER & g:forwarding"; + description = "Forged sender, but message is forwarded"; + policy = "remove_weight"; + } + SPF_FAIL_FORWARDING { + expression = "g:forwarding & (R_SPF_SOFTFAIL | R_SPF_FAIL)"; + policy = "remove_weight"; + } + DMARC_POLICY_ALLOW_WITH_FAILURES { + expression = "DMARC_POLICY_ALLOW & (R_SPF_SOFTFAIL | R_SPF_FAIL | R_DKIM_REJECT)"; + policy = "remove_weight"; + } + FORGED_RECIPIENTS_FORWARDING { + expression = "FORGED_RECIPIENTS & g:forwarding"; + policy = "remove_weight"; + } + FORGED_SENDER_VERP_SRS { + expression = "FORGED_SENDER & (ENVFROM_PRVS | ENVFROM_VERP)"; + } + FORGED_MUA_MAILLIST { + expression = "g:mua & -MAILLIST"; + } + AUTH_NA { + expression = "R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA"; + score = 1.0; + policy = "remove_weight"; + description = "Authenticating message via SPF/DKIM/DMARC/ARC not available"; + } + AUTH_NA_OR_FAIL { + expression = "!(R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA) & (R_DKIM_NA | R_DKIM_TEMPFAIL | R_DKIM_PERMFAIL) & (R_SPF_NA | R_SPF_DNSFAIL) & DMARC_NA & (ARC_NA | ARC_DNSFAIL)"; + score = 1.0; + policy = "remove_weight"; + description = "No authenticating method SPF/DKIM/DMARC/ARC was successful"; + } + BOUNCE_NO_AUTH { + expression = "(AUTH_NA | AUTH_NA_OR_FAIL) & (BOUNCE | SUBJ_BOUNCE_WORDS)"; + score = 1.0; + } + DKIM_MIXED { + expression = "-R_DKIM_ALLOW & (R_DKIM_TEMPFAIL | R_DKIM_PERMFAIL | R_DKIM_REJECT)" + policy = "remove_weight"; + } + APPLE_MAILER_COMMON { + description = "Message was sent by 'Apple Mail' and has common symbols in place"; + expression = "APPLE_MAILER & MV_CASE"; + } + APPLE_IOS_MAILER_COMMON { + description = "Message was sent by 'Apple iOS Mail' and has common symbols in place"; + expression = "APPLE_IOS_MAILER & (MV_CASE | MIME_MA_MISSING_TEXT)"; + } + HACKED_WP_PHISHING { + expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | CRACKED_SURBL | PH_SURBL_MULTI | DBL_PHISH | DBL_ABUSE_PHISH | URIBL_BLACK | PHISHED_OPENPHISH | PHISHED_PHISHTANK)"; + description = "Phish message sent by hacked Wordpress instance"; + policy = "leave"; + } + COMPROMISED_ACCT_BULK { + expression = "(HAS_XOIP | RCVD_FROM_SMTP_AUTH) & DCC_BULK"; + description = "Likely to be from a compromised account"; + score = 3.0; + policy = "leave"; + } + UNDISC_RCPTS_BULK { + expression = "DCC_BULK & (MISSING_TO | R_UNDISC_RCPT)"; + description = "Missing or undisclosed recipients with a bulk signature"; + score = 3.0; + policy = "leave"; + } + RCVD_UNAUTH_PBL { + expression = "RECEIVED_SPAMHAUS_PBL & !RCVD_VIA_SMTP_AUTH"; + description = "Relayed through Spamhaus PBL IP without sufficient authentication (possibly indicating an open relay)"; + score = 2.0; + policy = "leave"; + } + RCVD_DKIM_ARC_DNSWL_MED { + expression = "(R_DKIM_ALLOW | ARC_ALLOW) & RCVD_IN_DNSWL_MED"; + description = "Sufficiently DKIM/ARC signed and received from IP with medium trust at DNSWL"; + score = -0.5; + policy = "leave"; + } + RCVD_DKIM_ARC_DNSWL_HI { + expression = "(R_DKIM_ALLOW | ARC_ALLOW) & RCVD_IN_DNSWL_HI"; + description = "Sufficiently DKIM/ARC signed and received from IP with high trust at DNSWL"; + score = -1.0; + policy = "leave"; + } + AUTOGEN_PHP_SPAMMY { + expression = "(HAS_X_POS | HAS_PHPMAILER_SIG | HAS_X_PHP_SCRIPT) & (SUBJECT_ENDS_QUESTION | SUBJECT_ENDS_EXCLAIM | MANY_INVISIBLE_PARTS)"; + description = "Message was generated by PHP script and contains some spam indicators"; + score = 1.0; + policy = "leave"; + } + PHISH_EMOTION { + expression = "(PHISHING | DBL_PHISH | PHISHED_OPENPHISH | PHISHED_PHISHTANK) & (SUBJECT_ENDS_QUESTION | SUBJECT_ENDS_EXCLAIM)"; + description = "Phish message with subject trying to address users emotion"; + score = 1.0; + policy = "leave"; + } + HAS_ANON_DOMAIN { + expression = "HAS_GUC_PROXY_URI | URIBL_RED | DBL_ABUSE_REDIR | HAS_ONION_URI"; + description = "Contains one or more domains trying to disguise owner/destination"; + score = 0.1; + policy = "leave"; + } + BAD_REP_POLICIES { + description = "Contains valid policies but are also marked by fuzzy/bayes/SURBL/RBL"; + expression = "(~g-:policies) & (-g+:fuzzy | -g+:statistics | -g+:surbl | -g+:rbl)"; + score = 0.1; + } + VIOLATED_DIRECT_SPF { + description = "Has no Received (or no trusted received relays) and SPF policy fails or soft fails"; + expression = "(R_SPF_FAIL | R_SPF_SOFTFAIL) & (RCVD_COUNT_ZERO | RCVD_NO_TLS_LAST)"; + policy = "leave"; + score = 3.5; + } + IP_SCORE_FREEMAIL { + description = "Negate IP_SCORE when message comes from FreeMail"; + expression = "FREEMAIL_FROM & SENDER_REP_SPAM"; + score = 0.0; + policy = "remove_weight"; + } + BROKEN_HEADERS_MAILLIST { + description = "Negate BROKEN_HEADERS when message comes via some mailing list"; + expression = "BROKEN_HEADERS & -MAILLIST"; + score = 0.0; + policy = "remove_weight"; + } + LEAKED_PASSWORD_SCAM { + description = "Contains BTC wallet address and scam patterns"; + expression = "BITCOIN_ADDR & (LEAKED_PASSWORD_SCAM_RE | R_MIXED_CHARSET | R_EMPTY_IMAGE)"; + policy = "leave"; + score = 7.0; + group = "scams"; + } + FREEMAIL_AFF { + expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & (TO_DN_RECIPIENTS | R_UNDISC_RCPT) & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM | SUBJECT_HAS_CURRENCY)"; + score = 4.0; + policy = "leave"; + description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses"; + } + REDIRECTOR_URL_ONLY { + expression = "HFILTER_URL_ONLY & REDIRECTOR_URL"; + score = 1.0; + policy = "leave"; + description = "Message only contains a redirector URL"; + } + THREAD_HIJACKING_FROM_INJECTOR { + expression = "FAKE_REPLY & RCVD_VIA_SMTP_AUTH & (!RECEIVED_SPAMHAUS_PBL | RECEIVED_SPAMHAUS_XBL | RECEIVED_SPAMHAUS_SBL)"; + score = 2.0; + policy = "leave"; + description = "Fake reply exhibiting characteristics of being injected into a compromised mail server, possibly e-mail thread hijacking"; + group = "compromised_hosts"; + } + SUSPICIOUS_URL_IN_SUSPICIOUS_MESSAGE { + expression = "(REDIRECTOR_URL | HAS_ANON_DOMAIN | HAS_IPFS_GATEWAY_URL) & (-g+:fuzzy | -g+:statistics | -g+:surbl | -g+:rbl)"; + score = 1.0; + policy = "leave"; + description = "Message contains redirector, anonymous or IPFS gateway URL and is marked by fuzzy/bayes/SURBL/RBL"; + } + + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf" +} diff --git a/conf/groups.conf b/conf/groups.conf new file mode 100644 index 0000000..2aeb4ed --- /dev/null +++ b/conf/groups.conf @@ -0,0 +1,126 @@ +# Symbols groups setup +# Each individual group lives in scores.d/<GROUPNAME> +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/groups.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/groups.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# See also: https://rspamd.com/doc/faq.html#how-to-change-score-for-some-symbol + +group "headers" { + .include "$CONFDIR/scores.d/headers_group.conf" + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/headers_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/headers_group.conf" +} + +group "subject" { + .include "$CONFDIR/scores.d/subject_group.conf" + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/subject_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/subject_group.conf" +} + +group "mua" { + .include "$CONFDIR/scores.d/mua_group.conf" + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/mua_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/mua_group.conf" +} + +group "rbl" { + .include "$CONFDIR/scores.d/rbl_group.conf" + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/rbl_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/rbl_group.conf" +} + +group "statistics" { + .include "$CONFDIR/scores.d/statistics_group.conf" + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/statistics_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/statistics_group.conf" +} + +group "fuzzy" { + .include "$CONFDIR/scores.d/fuzzy_group.conf" + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/fuzzy_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/fuzzy_group.conf" +} + +# SPF + DKIM + DMARC + ARC +group "policies" { + .include "$CONFDIR/scores.d/policies_group.conf" + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/policies_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/policies_group.conf" +} + +group "whitelist" { + .include "$CONFDIR/scores.d/whitelist_group.conf" + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/whitelist_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/whitelist_group.conf" +} + +group "surbl" { + .include "$CONFDIR/scores.d/surbl_group.conf" + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/surbl_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/surbl_group.conf" +} + +group "phishing" { + .include "$CONFDIR/scores.d/phishing_group.conf" + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/phishing_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/phishing_group.conf" +} + +group "hfilter" { + .include "$CONFDIR/scores.d/hfilter_group.conf" + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/hfilter_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/hfilter_group.conf" +} + +group "mime_types" { + .include "$CONFDIR/scores.d/mime_types_group.conf" + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/mime_types_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/mime_types_group.conf" +} + +# Used to limit maximum score +group "excessqp" { + max_score = 2.4; + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/excessqp_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/excessqp_group.conf" +} +group "excessb64" { + max_score = 3.0; + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/excessb64_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/excessb64_group.conf" +} + +# Not defined by default +group "neural" { + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/neural_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/neural_group.conf" +} + +group "antivirus" { + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/antivirus_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/antivirus_group.conf" +} + +group "external_services" { + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/external_services_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/external_services_group.conf" +} + +group "content" { + .include "$CONFDIR/scores.d/content_group.conf" + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/content_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/content_group.conf" +} + +.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/groups.conf" +.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/groups.conf" diff --git a/conf/lang_detection.inc b/conf/lang_detection.inc new file mode 100644 index 0000000..16bfa3f --- /dev/null +++ b/conf/lang_detection.inc @@ -0,0 +1,28 @@ +# Language detection configuration +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/lang_detection.inc' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/lang_detection.inc' to strictly override all +# parameters defined inside this section + +# Path to the languages shared data +# languages = "${SHAREDIR}/languages" + +# Limit in words to treat text as short for language detection +# short_text_limit = 10 + +# Enable only specific languages +# languages_enable = ["en", "de"] + +# Disable specific languages +# languages_disable = ["fr", "es"] + +# Use the following fasttext model for language detection (if Fasttext support is compiled in) +# fasttext_model = "${SHAREDIR}/languages/fasttext_model.ftz" + +# Prefer fasttext over all other methods +# prefer_fasttext = true; + diff --git a/conf/logging.inc b/conf/logging.inc new file mode 100644 index 0000000..00dba39 --- /dev/null +++ b/conf/logging.inc @@ -0,0 +1,35 @@ +# Logging configuration +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/logging.inc' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/logging.inc' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Relevant documentation: https://rspamd.com/doc/configuration/logging.html + +level = "info"; +log_format =<<EOD +id: <$mid>,$if_qid{ qid: <$>,}$if_ip{ ip: $,}$if_user{ user: $,}$if_smtp_from{ from: <$>,} +(default: $is_spam ($action): [$scores] [$symbols_scores_params]), +len: $len, time: $time_real, dns req: $dns_req, +digest: <$digest>$if_smtp_rcpts{, rcpts: <$>}$if_mime_rcpts{, mime_rcpts: <$>}$if_filename{, file: $}$if_forced_action{, forced: $}$if_settings_id{, settings_id: $} +EOD + + +# Show statistics for regular expressions +log_re_cache = true; + +# Can be used for console logging +color = false; + +# Log with microseconds resolution +log_usec = false; + +# Enable debug for specific modules (e.g. `debug_modules = ["dkim", "re_cache"];`) +debug_modules = [] diff --git a/conf/maps.d/dmarc_whitelist.inc b/conf/maps.d/dmarc_whitelist.inc new file mode 100644 index 0000000..ca8c214 --- /dev/null +++ b/conf/maps.d/dmarc_whitelist.inc @@ -0,0 +1,70 @@ +# Domains with valid DMARC and DKIM +# These domains come from some top visited sites that have restrictive dmarc policy + +4chan.org +adp.com +advice.hmrc.gov.uk +airbnb.com +airtel.in +alibaba.com +aliexpress.com +alipay.com +americanexpress.com +avg.com +avito.ru +badoo.com +battle.net +beeline.ru +booking.com +box.com +chase.com +consultant.ru +dhl.com +emarsys.com +esetnod32.ru +evernote.com +facebook.com +facebookmail.com +fedex.com +force.com +garant.ru +gosuslugi.ru +hh.ru +hmrc.gov.uk +instagram.com +linkedin.com +livejournal.com +lufthansa-group.com +mackeeper.com +megafon.ru +mercadolibre.com.ar +mercadolivre.com.br +messenger.com +mvideo.ru +neobux.com +netflix.com +newegg.com +nic.ru +paypal.com +pch.com +pinterest.com +rostelecom.ru +rt.ru +sberbank.ru +sportmaster.ru +squarespace.com +subscribe.ru +superjob.ru +twitter.com +uber.com +ulmart.ru +ups.com +usps.com +utair.ru +verizonwireless.com +vk.com +vkrugudruzei.ru +westernunion.com +whatsapp.com +zendesk.com +zomato.com diff --git a/conf/maps.d/maillist.inc b/conf/maps.d/maillist.inc new file mode 100644 index 0000000..b2de86d --- /dev/null +++ b/conf/maps.d/maillist.inc @@ -0,0 +1,176 @@ +1c-bitrix.ru +360.cn +360.com +activeby.net +adobe.com +aeroflot.ru +alibaba.com +aliexpress.com +alipay.com +amazon.co.jp +amazon.com +amazon.co.uk +amazon.de +amazon.in +apple.com +ask.com +avito.ru +b2b-center.ru +baby.ru +babysfera.ru +baidu.com +beeline.ru +bing.com +blogger.com +blogspot.com +booking.com +chase.com +cnn.com +comodo.com +comodogroup.com +comodo.net +dating.ru +dmir.ru +dropbox.com +ebay.com +electrozon.ru +e-moskva.ru +etp-micex.ru +exist.ru +fabrikant.ru +facebook.com +fc2.com +flipkart.com +free-lance.ru +github.com +github.net +gmw.cn +go.com +google.ca +google.co.id +google.co.in +google.co.jp +google.com.au +google.com.br +google.com.hk +google.com.mx +google.com.tr +google.co.uk +google.de +google.fr +google.it +google.pl +google.ru +googleusercontent.com +gosuslugi.ru +gov.ru +habramail.net +hao123.com +hh.ru +imdb.com +imgur.com +instagram.com +ispsystem.com +ispsystem.net +ispsystem.ru +jobinmoscow.ru +job.ru +linkedin.com +live.com +livejournal.com +mailgun.com +mailgun.net +mail.mtml.ru +mamba.ru +megafon.ru +microsoft.com +microsoftonline.com +mnogo.ru +mobilelement.ru +moesk.ru +molotok.ru +mos.ru +msn.com +mts.ru +nalog.ru +naukanet.ru +netflix.com +nic.ru +nix.ru +nytimes.com +odesk.com +odnoklassniki.ru +office.com +ok.ru +osmp.ru +outbrain.com +ozon.ru +paypal.com +pinterest.com +pixnet.net +pornhub.com +professionali.ru +psport.ru +qiwi.com +qiwi.ru +qq.com +quickpay.ru +r01.ru +rabota.ru +rbkmoney.ru +reddit.com +reg.ru +regtime.net +returnpath.net +roboxchange.com +roseltorg.ru +rosreestr.ru +rostelecom.ru +rp-system.ru +rts-tender.ru +rtstender.ru +russianpost.ru +sberbank-ast.ru +sberbank.ru +senderscore.net +shopotam.ru +sipnet.ru +sitesoft.ru +skype.com +smartsndr.com +sohu.com +soso.com +stackoverflow.com +startcomca.com +subscribe.ru +superjob.ru +taobao.com +tario.ru +t.co +tks.ru +tmall.com +topface.com +tumblr.com +tutu.ru +twitter.com +ulmart.ru +usndr.com +vedomosti.ru +vk.com +vkrugudruzei.ru +webnames.ru +weibo.com +whatsapp.com +wikipedia.org +wmtransfer.com +wordpress.com +wosign.com +xhamster.com +xvideos.com +yahoo.co.jp +yahoo.com +yamoney.ru +youtube.com +zakazrf.ru +ztel.ru +zzap.ru diff --git a/conf/maps.d/mid.inc b/conf/maps.d/mid.inc new file mode 100644 index 0000000..aeb5454 --- /dev/null +++ b/conf/maps.d/mid.inc @@ -0,0 +1,22 @@ +# Known invalid or missed Message-IDs +# 'domain' 'Message-ID regexp' + +alibaba.com /^[a-f0-9]{8}(?:-[a-f0-9]{4}){3}-[a-f0-9]{12}-0$/ +aliexpress.com /^(?:(?:[0-9]{14,15}|[a-z]{4}UTT_[0-9]{5,6}_(?:[0-9]{8}_)?)[$])?[a-f0-9]{32}$/ +beeline.ru /^<[A-z0-9+]{18}>$/ +noreply.esphere.ru +noreply.etprf.ru +rkn.gov.ru +garant.ru +is-zakupki.com +mirtesen.ru +fcod.nalog.ru +otc.ru +qiwi.ru +client.rostelecom.ru +sberbank-ast.ru +crm.taxcom.ru +wildberries.ru /^[a-f0-9]{8}(?:-[a-f0-9]{4}){3}-[a-f0-9]{12}$/ +promo.wildberries.ru /^[A-F0-9]{8}(?:-[A-F0-9]{4}){3}-[A-F0-9]{12}$/ +taxi.yandex.ru /^[a-f0-9]{32}$/ +online.zcts.ru diff --git a/conf/maps.d/mime_types.inc b/conf/maps.d/mime_types.inc new file mode 100644 index 0000000..7dd5d89 --- /dev/null +++ b/conf/maps.d/mime_types.inc @@ -0,0 +1,1538 @@ +# perl -ne 'if(/([^\d.\s\[o][^\d.\[\]\s\/A-Z]{3,}\/[^\s\/]+)/) { print "$1 0\n"; }' +application/1d-interleaved-parityfec 0 +application/3gpdash-qoe-report+xml 0 +application/3gpp-ims+xml 0 +application/A2L 0 +application/AML 0 +application/ATF 0 +application/ATFX 0 +application/ATXML 0 +application/CALS-1840 0 +application/CDFX+XML 0 +application/CEA 0 +application/CSTAdata+xml 0 +application/DCD 0 +application/DII 0 +application/DIT 0 +application/EDI-X12 0 +application/EDI-consent 0 +application/EDIFACT 0 +application/EmergencyCallData.Comment+xml 0 +application/EmergencyCallData.DeviceInfo+xml 0 +application/EmergencyCallData.ProviderInfo+xml 0 +application/EmergencyCallData.ServiceInfo+xml 0 +application/EmergencyCallData.SubscriberInfo+xml 0 +application/H224 0 +application/IOTP 0 +application/ISUP 0 +application/LXF 0 +application/MF4 0 +application/ODA 0 +application/ODX 0 +application/PDX 0 +application/QSIG 0 +application/SGML 0 +application/activemessage 0 +application/alto-costmap+json 0 +application/alto-costmapfilter+json 0 +application/alto-directory+json 0 +application/alto-endpointcost+json 0 +application/alto-endpointcostparams+json 0 +application/alto-endpointprop+json 0 +application/alto-endpointpropparams+json 0 +application/alto-error+json 0 +application/alto-networkmap+json 0 +application/alto-networkmapfilter+json 0 +application/andrew-inset 0 +application/applefile 0 +application/atom+xml 0 +application/atomcat+xml 0 +application/atomdeleted+xml 0 +application/atomicmail 0 +application/atomsvc+xml 0 +application/auth-policy+xml 0 +application/bacnet-xdd+zip 0 +application/batch-SMTP 0 +application/beep+xml 0 +application/calendar+json 0 +application/calendar+xml 0 +application/call-completion 0 +application/cbor 0 +application/ccmp+xml 0 +application/ccxml+xml 0 +application/cdmi-capability 0 +application/cdmi-container 0 +application/cdmi-domain 0 +application/cdmi-object 0 +application/cdmi-queue 0 +application/cdni 0 +application/cea-2018+xml 0 +application/cellml+xml 0 +application/cfw 0 +application/cms 0 +application/cnrp+xml 0 +application/coap-group+json 0 +application/commonground 0 +application/conference-info+xml 0 +application/cpl+xml 0 +application/csrattrs 0 +application/csta+xml 0 +application/csvm+json 0 +application/cybercash 0 +application/dash+xml 0 +application/dashdelta 0 +application/davmount+xml 0 +application/dca-rft 0 +application/dec-dx 0 +application/dialog-info+xml 0 +application/dicom 0 +application/dns 0 +application/dskpp+xml 0 +application/dssc+der 0 +application/dssc+xml 0 +application/dvcs 0 +application/ecmascript 0 +application/emotionml+xml 0 +application/encaprtp 0 +application/epp+xml 0 +application/epub+zip 0 +application/eshop 0 +application/example 0 +application/fastinfoset 0 +application/fastsoap 0 +application/fdt+xml 0 +application/fits 0 +application/font-sfnt 0 +application/font-tdpfr 0 +application/font-woff 0 +application/framework-attributes+xml 0 +application/gzip 0 +application/held+xml 0 +application/http 0 +application/hyperstudio 0 +application/ibe-key-request+xml 0 +application/ibe-pkg-reply+xml 0 +application/ibe-pp-data 0 +application/ics 0 +application/iges 0 +application/im-iscomposing+xml 0 +application/index 0 +application/index-obj 0 +application/index.cmd 0 +application/index.response 0 +application/index.vnd 0 +application/inkml+xml 0 +application/ipfix 0 +application/ipp 0 +application/its+xml 0 +application/javascript 0 +application/jose 0 +application/jose+json 0 +application/jrd+json 0 +application/json 0 +application/json-patch+json 0 +application/json-seq 0 +application/jwk+json 0 +application/jwk-set+json 0 +application/jwt 0 +application/kpml-request+xml 0 +application/kpml-response+xml 0 +application/ld+json 0 +application/link-format 0 +application/load-control+xml 0 +application/lost+xml 0 +application/lostsync+xml 0 +application/mac-binhex40 0 +application/macwriteii 0 +application/mads+xml 0 +application/marc 0 +application/marcxml+xml 0 +application/mathematica 0 +application/mbms-associated-procedure-description+xml 0 +application/mbms-deregister+xml 0 +application/mbms-envelope+xml 0 +application/mbms-msk+xml 0 +application/mbms-msk-response+xml 0 +application/mbms-protection-description+xml 0 +application/mbms-reception-report+xml 0 +application/mbms-register+xml 0 +application/mbms-register-response+xml 0 +application/mbms-schedule+xml 0 +application/mbms-user-service-description+xml 0 +application/mbox 0 +application/media-policy-dataset+xml 0 +application/media_control+xml 0 +application/mediaservercontrol+xml 0 +application/merge-patch+json 0 +application/metalink4+xml 0 +application/mets+xml 0 +application/mikey 0 +application/mods+xml 0 +application/moss-keys 0 +application/moss-signature 0 +application/mosskey-data 0 +application/mosskey-request 0 +application/mp21 0 +application/mp4 0 +application/mpeg4-generic 0 +application/mpeg4-iod 0 +application/mpeg4-iod-xmt 0 +application/mrb-consumer+xml 0 +application/mrb-publish+xml 0 +application/msc-ivr+xml 0 +application/msc-mixer+xml 0 +application/msword 0 +application/mxf 0 +application/nasdata 0 +application/news-checkgroups 0 +application/news-groupinfo 0 +application/news-transmission 0 +application/nlsml+xml 0 +application/nss 0 +application/ocsp-request 0 +application/ocsp-response 0 +application/octet-stream 0 +application/oebps-package+xml 0 +application/ogg 0 +application/oxps 0 +application/p2p-overlay+xml 0 +application/patch-ops-error+xml 0 +application/pdf 0 +application/pgp-encrypted 0 +application/pgp-keys 0 +application/pgp-signature 0 +application/pidf+xml 0 +application/pidf-diff+xml 0 +application/pkcs10 0 +application/pkcs12 0 +application/pkcs7-mime -1 +application/pkcs7-signature -1 +application/pkcs8 0 +application/pkix-attr-cert 0 +application/pkix-cert 0 +application/pkix-crl 0 +application/pkix-pkipath 0 +application/pkixcmp 0 +application/pls+xml 0 +application/poc-settings+xml 0 +application/postscript 0 +application/ppsp-tracker+json 0 +application/provenance+xml 0 +application/prs.alvestrand.titrax-sheet 0 +application/prs.cww 0 +application/prs.hpub+zip 0 +application/prs.nprend 0 +application/prs.plucker 0 +application/prs.rdf-xml-crypt 0 +application/prs.xsf+xml 0 +application/pskc+xml 0 +application/raptorfec 0 +application/rdap+json 0 +application/rdf+xml 0 +application/reginfo+xml 0 +application/relax-ng-compact-syntax 0 +application/remote-printing 0 +application/reputon+json 0 +application/resource-lists+xml 0 +application/resource-lists-diff+xml 0 +application/rfc+xml 0 +application/riscos 0 +application/rlmi+xml 0 +application/rls-services+xml 0 +application/rpki-ghostbusters 0 +application/rpki-manifest 0 +application/rpki-roa 0 +application/rpki-updown 0 +application/rtf 0 +application/rtploopback 0 +application/rtx 0 +application/samlassertion+xml 0 +application/samlmetadata+xml 0 +application/sbml+xml 0 +application/scaip+xml 0 +application/scim+json 0 +application/scvp-cv-request 0 +application/scvp-cv-response 0 +application/scvp-vp-request 0 +application/scvp-vp-response 0 +application/sdp 0 +application/sep+xml 0 +application/sep-exi 0 +application/session-info 0 +application/set-payment 0 +application/set-payment-initiation 0 +application/set-registration 0 +application/set-registration-initiation 0 +application/sgml-open-catalog 0 +application/shf+xml 0 +application/sieve 0 +application/simple-filter+xml 0 +application/simple-message-summary 0 +application/simpleSymbolContainer 0 +application/slate 0 +application/smil+xml 0 +application/smpte336m 0 +application/soap+fastinfoset 0 +application/soap+xml 0 +application/spirits-event+xml 0 +application/sql 0 +application/srgs 0 +application/srgs+xml 0 +application/sru+xml 0 +application/ssml+xml 0 +application/tamp-apex-update 0 +application/tamp-apex-update-confirm 0 +application/tamp-community-update 0 +application/tamp-community-update-confirm 0 +application/tamp-error 0 +application/tamp-sequence-adjust 0 +application/tamp-sequence-adjust-confirm 0 +application/tamp-status-query 0 +application/tamp-status-response 0 +application/tamp-update 0 +application/tamp-update-confirm 0 +application/tei+xml 0 +application/thraud+xml 0 +application/timestamp-query 0 +application/timestamp-reply 0 +application/timestamped-data 0 +application/ttml+xml 0 +application/tve-trigger 0 +application/ulpfec 0 +application/urc-grpsheet+xml 0 +application/urc-ressheet+xml 0 +application/urc-targetdesc+xml 0 +application/urc-uisocketdesc+xml 0 +application/vcard+json 0 +application/vcard+xml 0 +application/vemmi 0 +application/vnd-acucobol 0 +application/vnd-curl 0 +application/vnd-dart 0 +application/vnd-dxr 0 +application/vnd-fdf 0 +application/vnd-mif 0 +application/vnd-sema 0 +application/vnd-wap-wmlc 0 +application/vnd.3M.Post-it-Notes 0 +application/vnd.3gpp-prose+xml 0 +application/vnd.3gpp-prose-pc3ch+xml 0 +application/vnd.3gpp.SRVCC-info+xml 0 +application/vnd.3gpp.access-transfer-events+xml 0 +application/vnd.3gpp.bsf+xml 0 +application/vnd.3gpp.mid-call+xml 0 +application/vnd.3gpp.pic-bw-large 0 +application/vnd.3gpp.pic-bw-small 0 +application/vnd.3gpp.pic-bw-var 0 +application/vnd.3gpp.sms 0 +application/vnd.3gpp.srvcc-ext+xml 0 +application/vnd.3gpp.state-and-event-info+xml 0 +application/vnd.3gpp.ussd+xml 0 +application/vnd.3gpp2.bcmcsinfo+xml 0 +application/vnd.3gpp2.sms 0 +application/vnd.3gpp2.tcap 0 +application/vnd.FloGraphIt 0 +application/vnd.HandHeld-Entertainment+xml 0 +application/vnd.Kinar 0 +application/vnd.MFER 0 +application/vnd.Mobius.DAF 0 +application/vnd.Mobius.DIS 0 +application/vnd.Mobius.MBK 0 +application/vnd.Mobius.MQY 0 +application/vnd.Mobius.MSL 0 +application/vnd.Mobius.PLC 0 +application/vnd.Mobius.TXF 0 +application/vnd.Quark.QuarkXPress 0 +application/vnd.SimTech-MindMapper 0 +application/vnd.accpac.simply.aso 0 +application/vnd.accpac.simply.imp 0 +application/vnd.acucorp 0 +application/vnd.adobe.flash-movie 0 +application/vnd.adobe.formscentral.fcdt 0 +application/vnd.adobe.fxp 0 +application/vnd.adobe.partial-upload 0 +application/vnd.adobe.xdp+xml 0 +application/vnd.adobe.xfdf 0 +application/vnd.aether.imp 0 +application/vnd.ah-barcode 0 +application/vnd.ahead.space 0 +application/vnd.airzip.filesecure.azf 0 +application/vnd.airzip.filesecure.azs 0 +application/vnd.americandynamics.acc 0 +application/vnd.amiga.ami 0 +application/vnd.amundsen.maze+xml 0 +application/vnd.anki 0 +application/vnd.anser-web-certificate-issue-initiation 0 +application/vnd.antix.game-component 0 +application/vnd.apache.thrift.binary 0 +application/vnd.apache.thrift.compact 0 +application/vnd.apache.thrift.json 0 +application/vnd.api+json 0 +application/vnd.apple.installer+xml 0 +application/vnd.apple.mpegurl 0 +application/vnd.arastra.swi 0 +application/vnd.aristanetworks.swi 0 +application/vnd.artsquare 0 +application/vnd.astraea-software.iota 0 +application/vnd.audiograph 0 +application/vnd.autopackage 0 +application/vnd.avistar+xml 0 +application/vnd.balsamiq.bmml+xml 0 +application/vnd.balsamiq.bmpr 0 +application/vnd.bekitzur-stech+json 0 +application/vnd.biopax.rdf+xml 0 +application/vnd.blueice.multipass 0 +application/vnd.bluetooth.ep.oob 0 +application/vnd.bluetooth.le.oob 0 +application/vnd.bmi 0 +application/vnd.businessobjects 0 +application/vnd.cab-jscript 0 +application/vnd.canon-cpdl 0 +application/vnd.canon-lips 0 +application/vnd.cendio.thinlinc.clientconf 0 +application/vnd.century-systems.tcp_stream 0 +application/vnd.chemdraw+xml 0 +application/vnd.chipnuts.karaoke-mmd 0 +application/vnd.cinderella 0 +application/vnd.cirpack.isdn-ext 0 +application/vnd.citationstyles.style+xml 0 +application/vnd.claymore 0 +application/vnd.cloanto.rp9 0 +application/vnd.clonk.c4group 0 +application/vnd.cluetrust.cartomobile-config 0 +application/vnd.cluetrust.cartomobile-config-pkg 0 +application/vnd.coffeescript 0 +application/vnd.collection+json 0 +application/vnd.collection.doc+json 0 +application/vnd.collection.next+json 0 +application/vnd.commerce-battelle 0 +application/vnd.commonspace 0 +application/vnd.contact.cmsg 0 +application/vnd.cosmocaller 0 +application/vnd.crick.clicker 0 +application/vnd.crick.clicker.keyboard 0 +application/vnd.crick.clicker.palette 0 +application/vnd.crick.clicker.template 0 +application/vnd.crick.clicker.wordbank 0 +application/vnd.criticaltools.wbs+xml 0 +application/vnd.ctc-posml 0 +application/vnd.ctct.ws+xml 0 +application/vnd.cups-pdf 0 +application/vnd.cups-postscript 0 +application/vnd.cups-ppd 0 +application/vnd.cups-raster 0 +application/vnd.cups-raw 0 +application/vnd.cyan.dean.root+xml 0 +application/vnd.cybank 0 +application/vnd.data-vision.rdz 0 +application/vnd.debian.binary-package 0 +application/vnd.dece-zip 0 +application/vnd.dece.data 0 +application/vnd.dece.ttml+xml 0 +application/vnd.dece.unspecified 0 +application/vnd.denovo.fcselayout-link 0 +application/vnd.desmume-movie 0 +application/vnd.dir-bi.plate-dl-nosuffix 0 +application/vnd.dm.delegation+xml 0 +application/vnd.dna 0 +application/vnd.document+json 0 +application/vnd.dolby.mobile.1 0 +application/vnd.dolby.mobile.2 0 +application/vnd.doremir.scorecloud-binary-document 0 +application/vnd.dpgraph 0 +application/vnd.dreamfactory 0 +application/vnd.drive+json 0 +application/vnd.dtg.local 0 +application/vnd.dtg.local-html 0 +application/vnd.dtg.local.flash 0 +application/vnd.dvb.ait 0 +application/vnd.dvb.dvbj 0 +application/vnd.dvb.esgcontainer 0 +application/vnd.dvb.ipdcdftnotifaccess 0 +application/vnd.dvb.ipdcesgaccess 0 +application/vnd.dvb.ipdcesgaccess2 0 +application/vnd.dvb.ipdcesgpdd 0 +application/vnd.dvb.ipdcroaming 0 +application/vnd.dvb.iptv.alfec-base 0 +application/vnd.dvb.iptv.alfec-enhancement 0 +application/vnd.dvb.notif-aggregate-root+xml 0 +application/vnd.dvb.notif-container+xml 0 +application/vnd.dvb.notif-generic+xml 0 +application/vnd.dvb.notif-ia-msglist+xml 0 +application/vnd.dvb.notif-ia-registration-request+xml 0 +application/vnd.dvb.notif-ia-registration-response+xml 0 +application/vnd.dvb.notif-init+xml 0 +application/vnd.dvb.pfr 0 +application/vnd.dvb_service 0 +application/vnd.dynageo 0 +application/vnd.dzr 0 +application/vnd.easykaraoke.cdgdownload 0 +application/vnd.ecdis-update 0 +application/vnd.ecowin.chart 0 +application/vnd.ecowin.filerequest 0 +application/vnd.ecowin.fileupdate 0 +application/vnd.ecowin.series 0 +application/vnd.ecowin.seriesrequest 0 +application/vnd.ecowin.seriesupdate 0 +application/vnd.emclient.accessrequest+xml 0 +application/vnd.enliven 0 +application/vnd.enphase.envoy 0 +application/vnd.eprints.data+xml 0 +application/vnd.epson.esf 0 +application/vnd.epson.msf 0 +application/vnd.epson.quickanime 0 +application/vnd.epson.salt 0 +application/vnd.epson.ssf 0 +application/vnd.ericsson.quickcall 0 +application/vnd.eszigno3+xml 0 +application/vnd.etsi.aoc+xml 0 +application/vnd.etsi.asic-e+zip 0 +application/vnd.etsi.asic-s+zip 0 +application/vnd.etsi.cug+xml 0 +application/vnd.etsi.iptvcommand+xml 0 +application/vnd.etsi.iptvdiscovery+xml 0 +application/vnd.etsi.iptvprofile+xml 0 +application/vnd.etsi.iptvsad-bc+xml 0 +application/vnd.etsi.iptvsad-cod+xml 0 +application/vnd.etsi.iptvsad-npvr+xml 0 +application/vnd.etsi.iptvservice+xml 0 +application/vnd.etsi.iptvsync+xml 0 +application/vnd.etsi.iptvueprofile+xml 0 +application/vnd.etsi.mcid+xml 0 +application/vnd.etsi.mheg5 0 +application/vnd.etsi.overload-control-policy-dataset+xml 0 +application/vnd.etsi.pstn+xml 0 +application/vnd.etsi.sci+xml 0 +application/vnd.etsi.simservs+xml 0 +application/vnd.etsi.timestamp-token 0 +application/vnd.etsi.tsl+xml 0 +application/vnd.etsi.tsl.der 0 +application/vnd.eudora.data 0 +application/vnd.ezpix-album 0 +application/vnd.ezpix-package 0 +application/vnd.f-secure.mobile 0 +application/vnd.fastcopy-disk-image 0 +application/vnd.fdsn.mseed 0 +application/vnd.fdsn.seed 0 +application/vnd.ffsns 0 +application/vnd.filmit.zfc 0 +application/vnd.fints 0 +application/vnd.firemonkeys.cloudcell 0 +application/vnd.fluxtime.clip 0 +application/vnd.font-fontforge-sfd 0 +application/vnd.framemaker 0 +application/vnd.frogans.fnc 0 +application/vnd.frogans.ltf 0 +application/vnd.fsc.weblaunch 0 +application/vnd.fujitsu.oasys 0 +application/vnd.fujitsu.oasys2 0 +application/vnd.fujitsu.oasys3 0 +application/vnd.fujitsu.oasysgp 0 +application/vnd.fujitsu.oasysprs 0 +application/vnd.fujixerox.ART-EX 0 +application/vnd.fujixerox.ART4 0 +application/vnd.fujixerox.HBPL 0 +application/vnd.fujixerox.ddd 0 +application/vnd.fujixerox.docuworks 0 +application/vnd.fujixerox.docuworks.binder 0 +application/vnd.fujixerox.docuworks.container 0 +application/vnd.fut-misnet 0 +application/vnd.fuzzysheet 0 +application/vnd.genomatix.tuxedo 0 +application/vnd.geo+json 0 +application/vnd.geocube+xml 0 +application/vnd.geogebra.file 0 +application/vnd.geogebra.tool 0 +application/vnd.geometry-explorer 0 +application/vnd.geonext 0 +application/vnd.geoplan 0 +application/vnd.geospace 0 +application/vnd.gerber 0 +application/vnd.globalplatform.card-content-mgt 0 +application/vnd.globalplatform.card-content-mgt-response 0 +application/vnd.gmx 0 +application/vnd.google-earth.kml+xml 0 +application/vnd.google-earth.kmz 0 +application/vnd.gov.sk.e-form+xml 0 +application/vnd.gov.sk.e-form+zip 0 +application/vnd.gov.sk.xmldatacontainer+xml 0 +application/vnd.grafeq 0 +application/vnd.gridmp 0 +application/vnd.groove-account 0 +application/vnd.groove-help 0 +application/vnd.groove-identity-message 0 +application/vnd.groove-injector 0 +application/vnd.groove-tool-message 0 +application/vnd.groove-tool-template 0 +application/vnd.groove-vcard 0 +application/vnd.hal+json 0 +application/vnd.hal+xml 0 +application/vnd.hbci 0 +application/vnd.hcl-bireports 0 +application/vnd.hdt 0 +application/vnd.heroku+json 0 +application/vnd.hhe.lesson-player 0 +application/vnd.hp-HPGL 0 +application/vnd.hp-PCL 0 +application/vnd.hp-PCLXL 0 +application/vnd.hp-hpid 0 +application/vnd.hp-hps 0 +application/vnd.hp-jlyt 0 +application/vnd.httphone 0 +application/vnd.hydrostatix.sof-data 0 +application/vnd.hyperdrive+json 0 +application/vnd.hzn-3d-crossword 0 +application/vnd.ibm.MiniPay 0 +application/vnd.ibm.afplinedata 0 +application/vnd.ibm.electronic-media 0 +application/vnd.ibm.modcap 0 +application/vnd.ibm.rights-management 0 +application/vnd.ibm.secure-container 0 +application/vnd.iccprofile 0 +application/vnd.ieee.1905 0 +application/vnd.igloader 0 +application/vnd.immervision-ivp 0 +application/vnd.immervision-ivu 0 +application/vnd.ims.imsccv1p1 0 +application/vnd.ims.imsccv1p2 0 +application/vnd.ims.imsccv1p3 0 +application/vnd.ims.lis.v2.result+json 0 +application/vnd.ims.lti.v2.toolconsumerprofile+json 0 +application/vnd.ims.lti.v2.toolproxy+json 0 +application/vnd.ims.lti.v2.toolproxy.id+json 0 +application/vnd.ims.lti.v2.toolsettings+json 0 +application/vnd.ims.lti.v2.toolsettings.simple+json 0 +application/vnd.informedcontrol.rms+xml 0 +application/vnd.infotech.project 0 +application/vnd.infotech.project+xml 0 +application/vnd.innopath.wamp.notification 0 +application/vnd.insors.igm 0 +application/vnd.intercon.formnet 0 +application/vnd.intergeo 0 +application/vnd.intertrust.digibox 0 +application/vnd.intertrust.nncp 0 +application/vnd.intu.qbo 0 +application/vnd.intu.qfx 0 +application/vnd.iptc.g2.catalogitem+xml 0 +application/vnd.iptc.g2.conceptitem+xml 0 +application/vnd.iptc.g2.knowledgeitem+xml 0 +application/vnd.iptc.g2.newsitem+xml 0 +application/vnd.iptc.g2.newsmessage+xml 0 +application/vnd.iptc.g2.packageitem+xml 0 +application/vnd.iptc.g2.planningitem+xml 0 +application/vnd.ipunplugged.rcprofile 0 +application/vnd.irepository.package+xml 0 +application/vnd.is-xpr 0 +application/vnd.isac.fcs 0 +application/vnd.jam 0 +application/vnd.japannet-directory-service 0 +application/vnd.japannet-jpnstore-wakeup 0 +application/vnd.japannet-payment-wakeup 0 +application/vnd.japannet-registration 0 +application/vnd.japannet-registration-wakeup 0 +application/vnd.japannet-setstore-wakeup 0 +application/vnd.japannet-verification 0 +application/vnd.japannet-verification-wakeup 0 +application/vnd.jcp.javame.midlet-rms 0 +application/vnd.jisp 0 +application/vnd.joost.joda-archive 0 +application/vnd.jsk.isdn-ngn 0 +application/vnd.kahootz 0 +application/vnd.kde.karbon 0 +application/vnd.kde.kchart 0 +application/vnd.kde.kformula 0 +application/vnd.kde.kivio 0 +application/vnd.kde.kontour 0 +application/vnd.kde.kpresenter 0 +application/vnd.kde.kspread 0 +application/vnd.kde.kword 0 +application/vnd.kenameaapp 0 +application/vnd.kidspiration 0 +application/vnd.koan 0 +application/vnd.kodak-descriptor 0 +application/vnd.las.las+xml 0 +application/vnd.liberty-request+xml 0 +application/vnd.llamagraphics.life-balance.desktop 0 +application/vnd.llamagraphics.life-balance.exchange+xml 0 +application/vnd.lotus-1-2-3 0 +application/vnd.lotus-approach 0 +application/vnd.lotus-freelance 0 +application/vnd.lotus-notes 0 +application/vnd.lotus-organizer 0 +application/vnd.lotus-screencam 0 +application/vnd.lotus-wordpro 0 +application/vnd.macports.portpkg 0 +application/vnd.mapbox-vector-tile 0 +application/vnd.marlin.drm.actiontoken+xml 0 +application/vnd.marlin.drm.conftoken+xml 0 +application/vnd.marlin.drm.license+xml 0 +application/vnd.marlin.drm.mdcf 0 +application/vnd.mason+json 0 +application/vnd.maxmind.maxmind-db 0 +application/vnd.mcd 0 +application/vnd.medcalcdata 0 +application/vnd.mediastation.cdkey 0 +application/vnd.meridian-slingshot 0 +application/vnd.mfmp 0 +application/vnd.micro+json 0 +application/vnd.micrografx-igx 0 +application/vnd.micrografx.flo 0 +application/vnd.microsoft.portable-executable 0 +application/vnd.miele+json 0 +application/vnd.minisoft-hp3000-save 0 +application/vnd.mitsubishi.misty-guard.trustweb 0 +application/vnd.mophun.application 0 +application/vnd.mophun.certificate 0 +application/vnd.motorola.flexsuite 0 +application/vnd.motorola.flexsuite.adsi 0 +application/vnd.motorola.flexsuite.fis 0 +application/vnd.motorola.flexsuite.gotap 0 +application/vnd.motorola.flexsuite.kmr 0 +application/vnd.motorola.flexsuite.ttc 0 +application/vnd.motorola.flexsuite.wem 0 +application/vnd.motorola.iprm 0 +application/vnd.mozilla.xul+xml 0 +application/vnd.ms-3mfdocument 0 +application/vnd.ms-PrintDeviceCapabilities+xml 0 +application/vnd.ms-artgalry 0 +application/vnd.ms-asf 0 +application/vnd.ms-cab-compressed 0 +application/vnd.ms-excel 0 +application/vnd.ms-excel.addin.macroEnabled.12 0 +application/vnd.ms-excel.sheet.binary.macroEnabled.12 0 +application/vnd.ms-excel.sheet.macroEnabled.12 0 +application/vnd.ms-excel.template.macroEnabled.12 0 +application/vnd.ms-fontobject 0 +application/vnd.ms-htmlhelp 0 +application/vnd.ms-ims 0 +application/vnd.ms-lrm 0 +application/vnd.ms-office.activeX+xml 0 +application/vnd.ms-officetheme 0 +application/vnd.ms-playready.initiator+xml 0 +application/vnd.ms-powerpoint 0 +application/vnd.ms-powerpoint.addin.macroEnabled.12 0 +application/vnd.ms-powerpoint.presentation.macroEnabled.12 0 +application/vnd.ms-powerpoint.slide.macroEnabled.12 0 +application/vnd.ms-powerpoint.slideshow.macroEnabled.12 0 +application/vnd.ms-powerpoint.template.macroEnabled.12 0 +application/vnd.ms-project 0 +application/vnd.ms-tnef 0 +application/vnd.ms-windows.devicepairing 0 +application/vnd.ms-windows.nwprinting.oob 0 +application/vnd.ms-windows.printerpairing 0 +application/vnd.ms-windows.wsd.oob 0 +application/vnd.ms-wmdrm.lic-chlg-req 0 +application/vnd.ms-wmdrm.lic-resp 0 +application/vnd.ms-wmdrm.meter-chlg-req 0 +application/vnd.ms-wmdrm.meter-resp 0 +application/vnd.ms-word.document.macroEnabled.12 0 +application/vnd.ms-word.template.macroEnabled.12 0 +application/vnd.ms-works 0 +application/vnd.ms-wpl 0 +application/vnd.ms-xpsdocument 0 +application/vnd.msa-disk-image 0 +application/vnd.mseq 0 +application/vnd.msign 0 +application/vnd.multiad.creator 0 +application/vnd.multiad.creator.cif 0 +application/vnd.music-niff 0 +application/vnd.musician 0 +application/vnd.muvee.style 0 +application/vnd.mynfc 0 +application/vnd.ncd.control 0 +application/vnd.ncd.reference 0 +application/vnd.nervana 0 +application/vnd.netfpx 0 +application/vnd.neurolanguage.nlu 0 +application/vnd.nintendo.nitro.rom 0 +application/vnd.nintendo.snes.rom 0 +application/vnd.nitf 0 +application/vnd.noblenet-directory 0 +application/vnd.noblenet-sealer 0 +application/vnd.noblenet-web 0 +application/vnd.nokia.catalogs 0 +application/vnd.nokia.conml+wbxml 0 +application/vnd.nokia.conml+xml 0 +application/vnd.nokia.iSDS-radio-presets 0 +application/vnd.nokia.iptv.config+xml 0 +application/vnd.nokia.landmark+wbxml 0 +application/vnd.nokia.landmark+xml 0 +application/vnd.nokia.landmarkcollection+xml 0 +application/vnd.nokia.n-gage.ac+xml 0 +application/vnd.nokia.n-gage.data 0 +application/vnd.nokia.n-gage.symbian.install 0 +application/vnd.nokia.ncd 0 +application/vnd.nokia.pcd+wbxml 0 +application/vnd.nokia.pcd+xml 0 +application/vnd.nokia.radio-preset 0 +application/vnd.nokia.radio-presets 0 +application/vnd.novadigm.EDM 0 +application/vnd.novadigm.EDX 0 +application/vnd.novadigm.EXT 0 +application/vnd.ntt-local.content-share 0 +application/vnd.ntt-local.file-transfer 0 +application/vnd.ntt-local.ogw_remote-access 0 +application/vnd.ntt-local.sip-ta_remote 0 +application/vnd.ntt-local.sip-ta_tcp_stream 0 +application/vnd.oasis.opendocument.chart 0 +application/vnd.oasis.opendocument.chart-template 0 +application/vnd.oasis.opendocument.database 0 +application/vnd.oasis.opendocument.formula 0 +application/vnd.oasis.opendocument.formula-template 0 +application/vnd.oasis.opendocument.graphics 0 +application/vnd.oasis.opendocument.graphics-template 0 +application/vnd.oasis.opendocument.image 0 +application/vnd.oasis.opendocument.image-template 0 +application/vnd.oasis.opendocument.presentation 0 +application/vnd.oasis.opendocument.presentation-template 0 +application/vnd.oasis.opendocument.spreadsheet 0 +application/vnd.oasis.opendocument.spreadsheet-template 0 +application/vnd.oasis.opendocument.text 0 +application/vnd.oasis.opendocument.text-master 0 +application/vnd.oasis.opendocument.text-template 0 +application/vnd.oasis.opendocument.text-web 0 +application/vnd.obn 0 +application/vnd.oftn.l10n+json 0 +application/vnd.oipf.contentaccessdownload+xml 0 +application/vnd.oipf.contentaccessstreaming+xml 0 +application/vnd.oipf.cspg-hexbinary 0 +application/vnd.oipf.dae.svg+xml 0 +application/vnd.oipf.dae.xhtml+xml 0 +application/vnd.oipf.mippvcontrolmessage+xml 0 +application/vnd.oipf.pae.gem 0 +application/vnd.oipf.spdiscovery+xml 0 +application/vnd.oipf.spdlist+xml 0 +application/vnd.oipf.ueprofile+xml 0 +application/vnd.oipf.userprofile+xml 0 +application/vnd.olpc-sugar 0 +application/vnd.oma-scws-config 0 +application/vnd.oma-scws-http-request 0 +application/vnd.oma-scws-http-response 0 +application/vnd.oma.bcast.associated-procedure-parameter+xml 0 +application/vnd.oma.bcast.drm-trigger+xml 0 +application/vnd.oma.bcast.imd+xml 0 +application/vnd.oma.bcast.ltkm 0 +application/vnd.oma.bcast.notification+xml 0 +application/vnd.oma.bcast.provisioningtrigger 0 +application/vnd.oma.bcast.sgboot 0 +application/vnd.oma.bcast.sgdd+xml 0 +application/vnd.oma.bcast.sgdu 0 +application/vnd.oma.bcast.simple-symbol-container 0 +application/vnd.oma.bcast.smartcard-trigger+xml 0 +application/vnd.oma.bcast.sprov+xml 0 +application/vnd.oma.bcast.stkm 0 +application/vnd.oma.cab-address-book+xml 0 +application/vnd.oma.cab-feature-handler+xml 0 +application/vnd.oma.cab-pcc+xml 0 +application/vnd.oma.cab-subs-invite+xml 0 +application/vnd.oma.cab-user-prefs+xml 0 +application/vnd.oma.dcd 0 +application/vnd.oma.dcdc 0 +application/vnd.oma.dd2+xml 0 +application/vnd.oma.drm.risd+xml 0 +application/vnd.oma.group-usage-list+xml 0 +application/vnd.oma.pal+xml 0 +application/vnd.oma.poc.detailed-progress-report+xml 0 +application/vnd.oma.poc.final-report+xml 0 +application/vnd.oma.poc.groups+xml 0 +application/vnd.oma.poc.invocation-descriptor+xml 0 +application/vnd.oma.poc.optimized-progress-report+xml 0 +application/vnd.oma.push 0 +application/vnd.oma.scidm.messages+xml 0 +application/vnd.oma.xcap-directory+xml 0 +application/vnd.omads-email+xml 0 +application/vnd.omads-file+xml 0 +application/vnd.omads-folder+xml 0 +application/vnd.omaloc-supl-init 0 +application/vnd.openblox.game+xml 0 +application/vnd.openblox.game-binary 0 +application/vnd.openeye.oeb 0 +application/vnd.openxmlformats-officedocument.custom-properties+xml 0 +application/vnd.openxmlformats-officedocument.customXmlProperties+xml 0 +application/vnd.openxmlformats-officedocument.drawing+xml 0 +application/vnd.openxmlformats-officedocument.drawingml.chart+xml 0 +application/vnd.openxmlformats-officedocument.drawingml.chartshapes+xml 0 +application/vnd.openxmlformats-officedocument.drawingml.diagramColors+xml 0 +application/vnd.openxmlformats-officedocument.drawingml.diagramData+xml 0 +application/vnd.openxmlformats-officedocument.drawingml.diagramLayout+xml 0 +application/vnd.openxmlformats-officedocument.drawingml.diagramStyle+xml 0 +application/vnd.openxmlformats-officedocument.extended-properties+xml 0 +application/vnd.openxmlformats-officedocument.presentationml-template 0 +application/vnd.openxmlformats-officedocument.presentationml.commentAuthors+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.comments+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.handoutMaster+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.notesMaster+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.notesSlide+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.presProps+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.presentation 0 +application/vnd.openxmlformats-officedocument.presentationml.presentation.main+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.slide 0 +application/vnd.openxmlformats-officedocument.presentationml.slide+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.slideMaster+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.slideUpdateInfo+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.slideshow 0 +application/vnd.openxmlformats-officedocument.presentationml.slideshow.main+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.tableStyles+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.tags+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.template.main+xml 0 +application/vnd.openxmlformats-officedocument.presentationml.viewProps+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml-template 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.calcChain+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.chartsheet+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.comments+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.connections+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.dialogsheet+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.externalLink+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.pivotCacheDefinition+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.pivotCacheRecords+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.pivotTable+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.queryTable+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.revisionHeaders+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.revisionLog+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.sharedStrings+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.sheet 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.main+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.sheetMetadata+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.styles+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.table+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.tableSingleCells+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.template.main+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.userNames+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.volatileDependencies+xml 0 +application/vnd.openxmlformats-officedocument.spreadsheetml.worksheet+xml 0 +application/vnd.openxmlformats-officedocument.theme+xml 0 +application/vnd.openxmlformats-officedocument.themeOverride+xml 0 +application/vnd.openxmlformats-officedocument.vmlDrawing 0 +application/vnd.openxmlformats-officedocument.wordprocessingml-template 0 +application/vnd.openxmlformats-officedocument.wordprocessingml.comments+xml 0 +application/vnd.openxmlformats-officedocument.wordprocessingml.document 0 +application/vnd.openxmlformats-officedocument.wordprocessingml.document.glossary+xml 0 +application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml 0 +application/vnd.openxmlformats-officedocument.wordprocessingml.endnotes+xml 0 +application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml 0 +application/vnd.openxmlformats-officedocument.wordprocessingml.footer+xml 0 +application/vnd.openxmlformats-officedocument.wordprocessingml.footnotes+xml 0 +application/vnd.openxmlformats-officedocument.wordprocessingml.numbering+xml 0 +application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml 0 +application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml 0 +application/vnd.openxmlformats-officedocument.wordprocessingml.template.main+xml 0 +application/vnd.openxmlformats-officedocument.wordprocessingml.webSettings+xml 0 +application/vnd.openxmlformats-package.core-properties+xml 0 +application/vnd.openxmlformats-package.digital-signature-xmlsignature+xml 0 +application/vnd.openxmlformats-package.relationships+xml 0 +application/vnd.oracle.resource+json 0 +application/vnd.orange.indata 0 +application/vnd.osa.netdeploy 0 +application/vnd.osgeo.mapguide.package 0 +application/vnd.osgi.bundle 0 +application/vnd.osgi.dp 0 +application/vnd.osgi.subsystem 0 +application/vnd.otps.ct-kip+xml 0 +application/vnd.oxli.countgraph 0 +application/vnd.pagerduty+json 0 +application/vnd.palm 0 +application/vnd.panoply 0 +application/vnd.paos+xml 0 +application/vnd.pawaafile 0 +application/vnd.pcos 0 +application/vnd.pg.format 0 +application/vnd.pg.osasli 0 +application/vnd.piaccess.application-licence 0 +application/vnd.picsel 0 +application/vnd.pmi.widget 0 +application/vnd.poc.group-advertisement+xml 0 +application/vnd.pocketlearn 0 +application/vnd.powerbuilder6 0 +application/vnd.powerbuilder6-s 0 +application/vnd.powerbuilder7 0 +application/vnd.powerbuilder7-s 0 +application/vnd.powerbuilder75 0 +application/vnd.powerbuilder75-s 0 +application/vnd.preminet 0 +application/vnd.previewsystems.box 0 +application/vnd.proteus.magazine 0 +application/vnd.publishare-delta-tree 0 +application/vnd.pvi.ptid1 0 +application/vnd.pwg-multiplexed 0 +application/vnd.pwg-xhtml-print+xml 0 +application/vnd.qualcomm.brew-app-res 0 +application/vnd.quobject-quoxdocument 0 +application/vnd.radisys.moml+xml 0 +application/vnd.radisys.msml+xml 0 +application/vnd.radisys.msml-audit+xml 0 +application/vnd.radisys.msml-audit-conf+xml 0 +application/vnd.radisys.msml-audit-conn+xml 0 +application/vnd.radisys.msml-audit-dialog+xml 0 +application/vnd.radisys.msml-audit-stream+xml 0 +application/vnd.radisys.msml-conf+xml 0 +application/vnd.radisys.msml-dialog+xml 0 +application/vnd.radisys.msml-dialog-base+xml 0 +application/vnd.radisys.msml-dialog-fax-detect+xml 0 +application/vnd.radisys.msml-dialog-fax-sendrecv+xml 0 +application/vnd.radisys.msml-dialog-group+xml 0 +application/vnd.radisys.msml-dialog-speech+xml 0 +application/vnd.radisys.msml-dialog-transform+xml 0 +application/vnd.rainstor.data 0 +application/vnd.rapid 0 +application/vnd.realvnc.bed 0 +application/vnd.recordare.musicxml 0 +application/vnd.recordare.musicxml+xml 0 +application/vnd.renlearn.rlprint 0 +application/vnd.rig.cryptonote 0 +application/vnd.route66.link66+xml 0 +application/vnd.rs-274x 0 +application/vnd.ruckus.download 0 +application/vnd.s3sms 0 +application/vnd.sailingtracker.track 0 +application/vnd.sbm.cid 0 +application/vnd.sbm.mid2 0 +application/vnd.scribus 0 +application/vnd.sealed-doc 0 +application/vnd.sealed-eml 0 +application/vnd.sealed-mht 0 +application/vnd.sealed-ppt 0 +application/vnd.sealed-tiff 0 +application/vnd.sealed-xls 0 +application/vnd.sealed.3df 0 +application/vnd.sealed.csf 0 +application/vnd.sealed.net 0 +application/vnd.sealedmedia.softseal-html 0 +application/vnd.sealedmedia.softseal-pdf 0 +application/vnd.seemail 0 +application/vnd.semd 0 +application/vnd.semf 0 +application/vnd.shana.informed.formdata 0 +application/vnd.shana.informed.formtemplate 0 +application/vnd.shana.informed.interchange 0 +application/vnd.shana.informed.package 0 +application/vnd.siren+json 0 +application/vnd.smaf 0 +application/vnd.smart.notebook 0 +application/vnd.smart.teacher 0 +application/vnd.software602.filler.form+xml 0 +application/vnd.software602.filler.form-xml-zip 0 +application/vnd.solent.sdkm+xml 0 +application/vnd.spotfire.dxp 0 +application/vnd.spotfire.sfs 0 +application/vnd.sss-cod 0 +application/vnd.sss-dtf 0 +application/vnd.sss-ntf 0 +application/vnd.stepmania.package 0 +application/vnd.stepmania.stepchart 0 +application/vnd.street-stream 0 +application/vnd.sun.wadl+xml 0 +application/vnd.sus-calendar 0 +application/vnd.svd 0 +application/vnd.swiftview-ics 0 +application/vnd.syncml+xml 0 +application/vnd.syncml.dm+wbxml 0 +application/vnd.syncml.dm+xml 0 +application/vnd.syncml.dm.notification 0 +application/vnd.syncml.dmddf+wbxml 0 +application/vnd.syncml.dmddf+xml 0 +application/vnd.syncml.dmtnds+wbxml 0 +application/vnd.syncml.dmtnds+xml 0 +application/vnd.syncml.ds.notification 0 +application/vnd.tao.intent-module-archive 0 +application/vnd.tcpdump.pcap 0 +application/vnd.tmd.mediaflex.api+xml 0 +application/vnd.tml 0 +application/vnd.tmobile-livetv 0 +application/vnd.trid.tpt 0 +application/vnd.triscape.mxs 0 +application/vnd.trueapp 0 +application/vnd.truedoc 0 +application/vnd.ubisoft.webplayer 0 +application/vnd.ufdl 0 +application/vnd.uiq.theme 0 +application/vnd.umajin 0 +application/vnd.unity 0 +application/vnd.uoml+xml 0 +application/vnd.uplanet.alert 0 +application/vnd.uplanet.alert-wbxml 0 +application/vnd.uplanet.bearer-choice 0 +application/vnd.uplanet.bearer-choice-wbxml 0 +application/vnd.uplanet.cacheop 0 +application/vnd.uplanet.cacheop-wbxml 0 +application/vnd.uplanet.channel 0 +application/vnd.uplanet.channel-wbxml 0 +application/vnd.uplanet.list 0 +application/vnd.uplanet.list-wbxml 0 +application/vnd.uplanet.listcmd 0 +application/vnd.uplanet.listcmd-wbxml 0 +application/vnd.uplanet.signal 0 +application/vnd.uri-map 0 +application/vnd.valve.source.material 0 +application/vnd.vcx 0 +application/vnd.vd-study 0 +application/vnd.vectorworks 0 +application/vnd.verimatrix.vcas 0 +application/vnd.vidsoft.vidconference 0 +application/vnd.visio 0 +application/vnd.visionary 0 +application/vnd.vividence.scriptfile 0 +application/vnd.vsf 0 +application/vnd.wap-slc 0 +application/vnd.wap-wbxml 0 +application/vnd.wap.sic 0 +application/vnd.wap.wmlscriptc 0 +application/vnd.webturbo 0 +application/vnd.wfa.p2p 0 +application/vnd.wfa.wsc 0 +application/vnd.windows.devicepairing 0 +application/vnd.wmc 0 +application/vnd.wmf.bootstrap 0 +application/vnd.wolfram.mathematica 0 +application/vnd.wolfram.mathematica.package 0 +application/vnd.wolfram.player 0 +application/vnd.wordperfect 0 +application/vnd.wqd 0 +application/vnd.wrq-hp3000-labelled 0 +application/vnd.wt.stf 0 +application/vnd.wv.csp+wbxml 0 +application/vnd.wv.csp+xml 0 +application/vnd.wv.ssp+xml 0 +application/vnd.xacml+json 0 +application/vnd.xara 0 +application/vnd.xfdl 0 +application/vnd.xfdl.webform 0 +application/vnd.xmi+xml 0 +application/vnd.xmpie.cpkg 0 +application/vnd.xmpie.dpkg 0 +application/vnd.xmpie.plan 0 +application/vnd.xmpie.ppkg 0 +application/vnd.xmpie.xlim 0 +application/vnd.yamaha.hv-dic 0 +application/vnd.yamaha.hv-script 0 +application/vnd.yamaha.hv-voice 0 +application/vnd.yamaha.openscoreformat 0 +application/vnd.yamaha.openscoreformat.osfpvg+xml 0 +application/vnd.yamaha.remote-setup 0 +application/vnd.yamaha.smaf-audio 0 +application/vnd.yamaha.smaf-phrase 0 +application/vnd.yamaha.through-ngn 0 +application/vnd.yamaha.tunnel-udpencap 0 +application/vnd.yaoweme 0 +application/vnd.yellowriver-custom-menu 0 +application/vnd.zul 0 +application/vnd.zzazz.deck+xml 0 +application/voicexml+xml 0 +application/vq-rtcpxr 0 +application/watcherinfo+xml 0 +application/whoispp-query 0 +application/whoispp-response 0 +application/wita 0 +application/wordperfect5.1 0 +application/wsdl+xml 0 +application/wspolicy+xml 0 +application/x-msdownload 0 +application/x-pkcs12 0 +application/x-www-form-urlencoded 0 +application/x-tar 0 +application/x-x509-ca-cert 0 +application/x-zip-compressed 0 +application/x400-bp 0 +application/xacml+xml 0 +application/xcap-att+xml 0 +application/xcap-caps+xml 0 +application/xcap-diff+xml 0 +application/xcap-el+xml 0 +application/xcap-error+xml 0 +application/xcap-ns+xml 0 +application/xcon-conference-info+xml 0 +application/xcon-conference-info-diff+xml 0 +application/xenc+xml 0 +application/xhtml+xml 0 +application/xml 0 +application/xml-dtd 0 +application/xml-external-parsed-entity 0 +application/xml-patch+xml 0 +application/xmpp+xml 0 +application/xop+xml 0 +application/xv+xml 0 +application/yang 0 +application/yin+xml 0 +application/zip 0 +application/zlib 0 +audio/1d-interleaved-parityfec 0 +audio/32kadpcm 0 +audio/3gpp 0 +audio/3gpp2 0 +audio/AMR 0 +audio/AMR-WB 0 +audio/ATRAC-ADVANCED-LOSSLESS 0 +audio/ATRAC-X 0 +audio/ATRAC3 0 +audio/BV16 0 +audio/BV32 0 +audio/CN 0 +audio/DAT12 0 +audio/DV 0 +audio/DVI4 0 +audio/EVRC 0 +audio/EVRC-QCP 0 +audio/EVRC0 0 +audio/EVRC1 0 +audio/EVRCB 0 +audio/EVRCB0 0 +audio/EVRCB1 0 +audio/EVRCNW 0 +audio/EVRCNW0 0 +audio/EVRCNW1 0 +audio/EVRCWB 0 +audio/EVRCWB0 0 +audio/EVRCWB1 0 +audio/EVS 0 +audio/G711-0 0 +audio/G719 0 +audio/G722 0 +audio/G7221 0 +audio/G723 0 +audio/G726-16 0 +audio/G726-24 0 +audio/G726-32 0 +audio/G726-40 0 +audio/G728 0 +audio/G729 0 +audio/G729D 0 +audio/G729E 0 +audio/GSM 0 +audio/GSM-EFR 0 +audio/GSM-HR-08 0 +audio/L16 0 +audio/L20 0 +audio/L24 0 +audio/L8 0 +audio/LPC 0 +audio/MP4A-LATM 0 +audio/MPA 0 +audio/PCMA 0 +audio/PCMA-WB 0 +audio/PCMU 0 +audio/PCMU-WB 0 +audio/RED 0 +audio/SMV 0 +audio/SMV-QCP 0 +audio/SMV0 0 +audio/UEMCLIP 0 +audio/VDVI 0 +audio/VMR-WB 0 +audio/ac3 0 +audio/amr-wb+ 0 +audio/aptx 0 +audio/asc 0 +audio/basic 0 +audio/clearmode 0 +audio/dls 0 +audio/dsr-es201108 0 +audio/dsr-es202050 0 +audio/dsr-es202211 0 +audio/dsr-es202212 0 +audio/eac3 0 +audio/encaprtp 0 +audio/example 0 +audio/fwdred 0 +audio/iLBC 0 +audio/ip-mr_v2.5 0 +audio/mobile-xmf 0 +audio/mp4 0 +audio/mpa-robust 0 +audio/mpeg 0 +audio/mpeg4-generic 0 +audio/ogg 0 +audio/opus 0 +audio/prs.sid 0 +audio/qcelp 0 +audio/raptorfec 0 +audio/rtp-enc-aescm128 0 +audio/rtp-midi 0 +audio/rtploopback 0 +audio/rtx 0 +audio/sp-midi 0 +audio/speex 0 +audio/t140c 0 +audio/t38 0 +audio/telephone-event 0 +audio/tone 0 +audio/ulpfec 0 +audio/vnd.3gpp.iufp 0 +audio/vnd.4SB 0 +audio/vnd.CELP 0 +audio/vnd.audiokoz 0 +audio/vnd.cisco.nse 0 +audio/vnd.cmles.radio-events 0 +audio/vnd.cns.anp1 0 +audio/vnd.cns.inf1 0 +audio/vnd.dece.audio 0 +audio/vnd.digital-winds 0 +audio/vnd.dlna.adts 0 +audio/vnd.dolby.heaac.1 0 +audio/vnd.dolby.heaac.2 0 +audio/vnd.dolby.mlp 0 +audio/vnd.dolby.mps 0 +audio/vnd.dolby.pl2 0 +audio/vnd.dolby.pl2x 0 +audio/vnd.dolby.pl2z 0 +audio/vnd.dolby.pulse.1 0 +audio/vnd.dra 0 +audio/vnd.dts 0 +audio/vnd.dts.hd 0 +audio/vnd.dvb.file 0 +audio/vnd.everad.plj 0 +audio/vnd.hns.audio 0 +audio/vnd.lucent.voice 0 +audio/vnd.ms-playready.media.pya 0 +audio/vnd.nokia.mobile-xmf 0 +audio/vnd.nortel.vbk 0 +audio/vnd.nuera.ecelp4800 0 +audio/vnd.nuera.ecelp7470 0 +audio/vnd.nuera.ecelp9600 0 +audio/vnd.octel.sbc 0 +audio/vnd.rhetorex.32kadpcm 0 +audio/vnd.rip 0 +audio/vnd.sealedmedia.softseal-mpeg 0 +audio/vnd.vmx.cvsd 0 +audio/vorbis 0 +audio/vorbis-config 0 +image/bmp 0 +image/cgm 0 +image/example 0 +image/fits 0 +image/g3fax 0 +image/gif 0 +image/jp2 0 +image/jpeg 0 +image/jpm 0 +image/jpx 0 +image/naplps 0 +image/png 0 +image/prs.btif 0 +image/prs.pti 0 +image/pwg-raster 0 +image/t38 0 +image/tiff 0 +image/tiff-fx 0 +image/vnd-djvu 0 +image/vnd-svf 0 +image/vnd-wap-wbmp 0 +image/vnd.adobe.photoshop 0 +image/vnd.airzip.accelerator.azv 0 +image/vnd.cns.inf2 0 +image/vnd.dece.graphic 0 +image/vnd.dvb.subtitle 0 +image/vnd.dwg 0 +image/vnd.dxf 0 +image/vnd.fastbidsheet 0 +image/vnd.fpx 0 +image/vnd.fst 0 +image/vnd.fujixerox.edmics-mmr 0 +image/vnd.fujixerox.edmics-rlc 0 +image/vnd.globalgraphics.pgb 0 +image/vnd.microsoft.icon 0 +image/vnd.mix 0 +image/vnd.mozilla.apng 0 +image/vnd.ms-modi 0 +image/vnd.net-fpx 0 +image/vnd.radiance 0 +image/vnd.sealed-png 0 +image/vnd.sealedmedia.softseal-gif 0 +image/vnd.sealedmedia.softseal-jpg 0 +image/vnd.tencent.tap 0 +image/vnd.valve.source.texture 0 +image/vnd.xiff 0 +image/vnd.zbrush.pcx 0 +image/wmf 0 +image/x-wmf 0 +message/CPIM 0 +message/delivery-status 0 +message/disposition-notification 0 +message/example 0 +message/feedback-report 0 +message/global 0 +message/global-delivery-status 0 +message/global-disposition-notification 0 +message/global-headers 0 +message/http 0 +message/imdn+xml 0 +message/news 0 +message/rfc822 0 +message/rfc822-headers 0 +message/s-http 0 +message/sip 0 +message/sipfrag 0 +message/tracking-status 0 +message/vnd.si.simp 0 +message/vnd.wfa.wsc 0 +model/example 0 +model/iges 0 +model/vnd-dwf 0 +model/vnd.collada+xml 0 +model/vnd.flatland.3dml 0 +model/vnd.gdl 0 +model/vnd.gs-gdl 0 +model/vnd.gtw 0 +model/vnd.moml+xml 0 +model/vnd.mts 0 +model/vnd.opengex 0 +model/vnd.parasolid.transmit-binary 0 +model/vnd.parasolid.transmit-text 0 +model/vnd.valve.source.compiled-map 0 +model/vnd.vtu 0 +model/x3d+fastinfoset 0 +model/x3d+xml 0 +model/x3d-vrml 0 +multipart/alternative -1 +multipart/mixed -1 +multipart/appledouble 2 +multipart/byteranges 2 +multipart/encrypted -2 +multipart/example 2 +multipart/form-data 2 +multipart/header-set 2 +multipart/related -1 +multipart/report 0 +multipart/signed -2 +multipart/voice-message 2 +multipart/x-mixed-replace 2 +text/1d-interleaved-parityfec 0 +text/RED 0 +text/SGML 0 +text/cache-manifest 0 +text/calendar 0 +text/css 0 +text/csv 0 +text/csv-schema 0 +text/directory 0 +text/dns 0 +text/encaprtp 0 +text/example 0 +text/fwdred 0 +text/grammar-ref-list 0 +text/html 0 +text/jcr-cnd 0 +text/markdown 0 +text/mizar 0 +text/n3 0 +text/parameters 0 +text/provenance-notation 0 +text/prs.fallenstein.rst 0 +text/prs.lines.tag 0 +text/plain -1 +text/raptorfec 0 +text/rfc822-headers 0 +text/rtf 0 +text/rtp-enc-aescm128 0 +text/rtploopback 0 +text/rtx 0 +text/t140 0 +text/tab-separated-values 0 +text/troff 0 +text/turtle 0 +text/ulpfec 0 +text/uri-list 0 +text/vcard 0 +text/vnd-a 0 +text/vnd-curl 0 +text/vnd.DMClientScript 0 +text/vnd.IPTC.NITF 0 +text/vnd.IPTC.NewsML 0 +text/vnd.abc 0 +text/vnd.debian.copyright 0 +text/vnd.dvb.subtitle 0 +text/vnd.esmertec.theme-descriptor 0 +text/vnd.fly 0 +text/vnd.fmi.flexstor 0 +text/vnd.graphviz 0 +text/vnd.in3d.3dml 0 +text/vnd.in3d.spot 0 +text/vnd.latex-z 0 +text/vnd.motorola.reflex 0 +text/vnd.ms-mediapackage 0 +text/vnd.net2phone.commcenter.command 0 +text/vnd.radisys.msml-basic-layout 0 +text/vnd.si.uricatalogue 0 +text/vnd.sun.j2me.app-descriptor 0 +text/vnd.trolltech.linguist 0 +text/vnd.wap-wml 0 +text/vnd.wap.si 0 +text/vnd.wap.sl 0 +text/vnd.wap.wmlscript 0 +text/xml 0 +text/xml-external-parsed-entity 0 +text/x-vcard 0 +video/1d-interleaved-parityfec 0 +video/3gpp 0 +video/3gpp-tt 0 +video/3gpp2 0 +video/BMPEG 0 +video/BT656 0 +video/CelB 0 +video/DV 0 +video/H261 0 +video/H263 0 +video/H263-1998 0 +video/H263-2000 0 +video/H264 0 +video/H264-RCDO 0 +video/H264-SVC 0 +video/H265 0 +video/JPEG 0 +video/MP1S 0 +video/MP2P 0 +video/MP2T 0 +video/MP4V-ES 0 +video/MPV 0 +video/SMPTE292M 0 +video/VP8 0 +video/encaprtp 0 +video/example 0 +video/iso.segment 0 +video/jpeg2000 0 +video/mj2 0 +video/mp4 0 +video/mpeg4-generic 0 +video/nv 0 +video/ogg 0 +video/pointer 0 +video/quicktime 0 +video/raptorfec 0 +video/rtp-enc-aescm128 0 +video/rtploopback 0 +video/rtx 0 +video/ulpfec 0 +video/vc1 0 +video/vnd-mpegurl 0 +video/vnd-vivo 0 +video/vnd.CCTV 0 +video/vnd.dece-mp4 0 +video/vnd.dece.hd 0 +video/vnd.dece.mobile 0 +video/vnd.dece.pd 0 +video/vnd.dece.sd 0 +video/vnd.dece.video 0 +video/vnd.directv-mpeg 0 +video/vnd.directv.mpeg-tts 0 +video/vnd.dlna.mpeg-tts 0 +video/vnd.dvb.file 0 +video/vnd.fvt 0 +video/vnd.hns.video 0 +video/vnd.iptvforum.1dparityfec-1010 0 +video/vnd.iptvforum.1dparityfec-2005 0 +video/vnd.iptvforum.2dparityfec-1010 0 +video/vnd.iptvforum.2dparityfec-2005 0 +video/vnd.iptvforum.ttsavc 0 +video/vnd.iptvforum.ttsmpeg2 0 +video/vnd.motorola.video 0 +video/vnd.motorola.videop 0 +video/vnd.ms-playready.media.pyv 0 +video/vnd.nokia.interleaved-multimedia 0 +video/vnd.nokia.videovoip 0 +video/vnd.objectvideo 0 +video/vnd.radgamettools.bink 0 +video/vnd.radgamettools.smacker 0 +video/vnd.sealed-swf 0 +video/vnd.sealed.mpeg1 0 +video/vnd.sealed.mpeg4 0 +video/vnd.sealedmedia.softseal-mov 0 +video/vnd.uvvu-mp4 0 diff --git a/conf/maps.d/redirectors.inc b/conf/maps.d/redirectors.inc new file mode 100644 index 0000000..c7d7f25 --- /dev/null +++ b/conf/maps.d/redirectors.inc @@ -0,0 +1,1045 @@ +000d.ru +0845.com +0c.ru +0lv.ru +0pen.me +0rz.tw +10r.us +123url.org +140.uz +17q.com +1c-bitrix.ru +1cl.in +1ink.in +1ink.ru +1iny.com +1lik.net +1link.in +1url.com +1url.in +1-url.net +1-url.ru +2big.at +2dwww.com +2.gp +2it.info +2.ly +2mb.eu +2qu.ru +2sms.ru +2tu.me +2tu.us +2url.org +307.to +3fw.ru +3le.ru +3.ly +3.vu +3x.si +4.gg +4job.ru +4.ly +4ms.me +4p5.com +4ry.ru +4sq.com +4u.gd +4url.cc +4url.tk +5.gp +5link.tk +5pl.us +5url.net +5z8.info +6fr.ru +6.ly +6pn.com +6url.com +6yo.org +70.ru +74job.ru +7.ly +7ly.ru +7pisem.ru +7ruh.com +7ry.us +7xu.org +8.ly +8q.ro +9mp.com +9-n.org +9xi.ru +a1.tc +a2k.in +aa.cx +aafter.us +abe5.com +access.im +action-emails.ru +ad4.us +adf.ly +adjix.com +adsbeta.net +ad.vu +afx.cc +a.gg +ah.ae +aipro.ru +airs.ru +aka-url.com +alic.at +all.fuseurl.com +allshort.ru +all-top.ru +alturl.com +a.md +amzn.to +a.nf +apeurl.com +api.m3653.net +apsense.cc +apu.sh +ar.gy +arm.in +arst.ch +atiny.me +atto.co.za +atu.ca +autodesk.com +avast.com +avoo.net +azc.cc +b23.ru +b2l.me +backupurl.com +bacn.me +bai.lu +bcool.bz +bezurl.com +bi.gl +binged.it +bin.nu +bitby.net +bit.do +bit.gy +bit.ly +bitly.com +biturl.net +bit.uz +bizj.us +bloat.me +bmu.li +boi.re +bq.ro +bravo.ly +briefurl.pl +bsa.ly +bsndsy.ru +budurl.com +bun.ru +bu.tt +byst.ro +byyb.net +bz9.com +campaign-services.directcrm.ru +canurl.com +capello.linkatty.com +capourl.com +care2share.tk +cbs.so +cbuz.com +cctv.ws +cd.vg +cektkp.com +cha.la +chilp.it +chzb.gr +cjb.net +cjt99.tk +clck.ru +cliccami.info +click2.info +click.email4customers.com +click.emailinfo.mail.hpe.com +click.icptrack.com +click-me.us +clickthru.ca +clickv.tk +cli.gs +clkit.co +cl.lk +cl.ly +clme.ru +cloakreferer.com +clockurl.com +clop.in +cms.im +cmylink.com +cnect.us +comyonet.com +conta.cc +coolestone.com +cort.as +cortas.elpais.com +cot.ag +cowurl.com +cp.bitrix.ru +cr.am +createurl.com +crks.me +crlf.ru +crop.im +crum.pl +ctvr.us +cug.kr +cut4.me +cut.by +cuthut.com +cutt.us +d2u.us +d8z.ru +dai.ly +da.lc +ddp.net +decenturl.com +delivr.com +dev0.ru +dft.ba +digbig.com +di.gd +digg.com +digidns.net +din.gy +directtrafficlink.com +disq.us +dld.bz +dlvr.it +dmanalytics1.com +doiop.com +do.my +dopen.us +dot.tk +dr2.biz +driz.ru +dr.tl +durlz.info +easyuri.com +easyurl.jp +easyurl.net +eepurl.com +ej.uz +elurl.com +email.account.2gis.com +email.mail.ostrovok.ru +email.news.ostrovok.ru +e.mail.ru +emap.ws +em.digium.com +etdurl.com +eweri.com +exa.im +f1ru.net +fa.by +fanta.linkatty.com +fav.me +fbi.pp.ua +fb.me +fbshare.me +fff.to +ff.im +ffs.cc +fi.gd +fire.to +firsturl.de +firsturl.net +fishurl.ru +flane.info +flavr.be +flic.kr +flq.us +flx.im +fly2.ws +folo.me +fo.my +fon.gs +forex-trade.be +fqav.com +freak.to +freepl.us +free-redirect.tk +freeurl.me +free-url-redirection.com.ru +fur.ly +fuseurl.com +fuzzy.to +fwd4.me +fwds.me +fwib.net +fyad.org +fyn.im +g00.me +gadaf.fi +game-url.com +gentleurl.net +geteml.com +getlink.info +get.sh +get.tf +gho.co +gig140.com +gizmo.do +gl.am +glink.co +gltw.ru +gmetzner.de +gmy.su +gnu.su +go2-url.com +go.9nl.com +go9.us +goandgrab.info +gog.tc +go.it +go-links.net +golook.at +go.ly +good.ly +goo.gl +goo.pm +go.qb.by +goshrink.com +gosite.in +goto.pattayacitythailand.com +gourl.ca +gourl.gr +gourl.it +go-url.ru +go.usa.gov +gri.bz +g.ro.lt +gtgg.us +g.ua +gu.ma +gurl.es +haqm.com +hex.io +hhvx.com +hiderefer.com +hijw.com +hi.kg +hit.kg +hj.to +hlurl.com +hmm.ph +ho.io +hop.clickbank.net +hopclicks.com +ho.pe +hop.kz +href.in +hsblinks.com +htxt.it +hubb.me +huff.to +hulu.com +hurl.me +hurl.ws +huuk.net +hvmnd.org +i2h.de +i5.be +icanhaz.com +idek.net +idelink.com +ifree.kz +ih3.ru +ikeafamilynews.ru +ilix.in +ilnk.me +informer.ru +innogam.es +ino.me +int.kz +ipsha.ru +ir.pe +is.gd +is.gs +issuu.com +itshrunk.com +its.my +iurlz.com +ix.lt +ixr.be +j3w.it +ja.cx +jdem.cz +jewi.sh +jijr.com +jmb.tw +j.mp +jom.la +joo.ru +just.as +juu.cc +keep2.me +kickurl.com +kipq.com +kisaurl.com +ki.tl +kl.am +klck.me +klik.sihitam.com +klx.co +knb.im +kon.tl +kore.us +korta.nu +kqon.com +kr1n.ru +krunchd.com +krz.ch +ktzr.us +l24.cm +l3ss.me +l9k.net +lat.ms +lavvs.com +lcut.us +leeturl.net +leto.tk +liip.to +liltext.com +lin.io +link2me.ru +link.ac +linkbee.com +linkbun.ch +linkcash.biz +linkde.info +linkee.com +link.hhut.ru +linkl.ru +link.mail.e.glavbukh-mail.ru +link.rengo.ru +link.sendsay.ru +linkslash.ca +linkunion.de +linkx.me +linkyy.com +linkzip.net +lip.tc +li.ru +list-manage1.com +list-manage2.com +list-manage.com +little.im +littleurl.net +liurl.cn +livehoster.org +llinks.net +ln0.ru +ln4.me +lnk.by +lnk.cm +lnk.co +lnkd.in +lnk.gd +lnk.in +lnk.ly +lnk.ms +lnks.it +lnk.sk +lnkstts.com +lnkurl.com +ln-s.net +ln-s.ru +loh.ru +loo.gl +lovebyt.es +low.cc +l.pr +lr.tc +lru.jp +lrwk.com +ltos.ru +lt.tl +lul.es +lurl.no +lx2.net +ly9.net +m4u.in +m7a.org +macte.ch +mail.rambler.ru +mandrillapp.com +mash.to +mee.la +merky.de +metamark.net +micurl.com +migre.me +miliuner.com +miniurl.com +miniurl.net.ru +miniurl.pl +minu.me +minurl.fr +minyurl.net +minyurl.org +mislead.in +miud.in +mixe.me +mke.me +mlcampaignru.com +mlsendru.com +mmt.su +mobotix-news.com +mo.by +moby.to +mockurl.com +moourl.com +mp77.com +mrte.ch +mtp.pl +mty.in +mug.gs +murl.kz +mvp.im +mylink4u.info +mylink.to +myloc.me +myooo.info +mypaqe.com +mypl.us +mytinyurl.net +myurl.in +myurl.si +myxx.me +mzan.si +n3n.in +n3r.ru +nbc.co +nblo.gs +nbold.com +ne1.net +netgod.tk +neuf.tk +newhotlink.com +nexturl.ru +nicesharing.com +nik.im +niurl.com +nl.cr +nn.nf +no1.in +no.io +nonameno.com +normalurl.com +notlong.com +not.my +now.am +n.pr +nsfw.in +nutshellurl.com +nxy.in +nyti.ms +oc1.us +oeeq.com +oiurl.com +o.ly +omf.gd +om.ly +omoikane.net +on.cnn.com +on.mktw.net +oogyah.com +oork.com +opurl.us +orbita.co.il +orz.se +ourgplus.at +out.houseofgaga.ru +ovr.me +ow.ly +o-x.fr +p1.fr +pathto.net +pb8.ru +pburl.com +pcw.ro +pduda.mobi +pechkincensor.ru +pechkinspy.ru +peeep.us +peekurl.com +pendek.in +penting.web.id +pfat.de +pho.se +phpm.ru +php-ru.info +pi90.com +picourl.ru +piks.nl +ping.fm +pli.gs +plink.es +plo.cc +ploshadka.ru +plugin.name +plusphp.com +p.ly +pnt.me +pobierz-film.tk +politi.co +ponyurl.com +poo.pr +post.ly +pot.vg +pp.gg +ppt.cc +pra.im +privacy-surf.com +proext.com +professionali.ru +profile.to +prourl.de +ptiturl.com +p.tl +pub.vitrue.com +punyurl.com +purl.org +pvh.me +pw.ly +pxlz.org +py6.ru +pygmyurl.com +pysper.com +q32.ru +qick.ws +qid.in +qkr.cc +qlnk.net +qlql.ru +qnh.pl +qr.cx +qr.ee +qrf.in +qr.net +qru.ru +qte.me +qtwk.com +quik.in +qurl.com +qu.tc +qz.bz +rb6.me +r.delphicomponent.ru +rdrct.us +rdr.to +read.bi +readthis.ca +reallytinyurl.com +redir.ec +redirectingat.com +redirects.ca +redirect.subscribe.ru +redire.ru +redirx.com +reduc.in +referer.us +retweet.cc +retwt.me +reurl.org +rhwm.eu +rickroll.it +r.im +ri.ms +riz.gd +rlu.ru +rmse.ru +rnd.ru +romb.su +r-ss.de +rt.nu +rubyurl.com +ru.ly +rurl.org +rurl.ru +rurls.ru +rustech.org +rww.tw +s0bu.ru +s0e.ru +s4c.in +s7y.us +s8.hk +safe.mn +saf.li +sami.24.gg +sayabit.com +s.coop +scurtare-url.hi2.ro +sdut.us +securityexpert.ru +securl.ru +sendgrid.net +sendit.in +sendsay.ru +sendurl.info +sg4d.com +sg-url.tk +shadyurl.com +share.flocktory.com +shar.es +shink.de +shiturl.com +shli.de +shorl.com +shortb.net +shorten.im +shorten.ws +short.ie +short.im +shortlinks.co.uk +short-me.com +shortner.com +shortn.me +short.nr +short.su +short.to +shorturl.asia +shorturl.com +short-url.co.uk +shorturls.co.uk +shortz.me +shout.to +show.my +shrinkee.com +shrinkify.com +shrinkr.com +shrten.com +shrt.fr +shrtl.com +shrt.st +shrunkin.com +shx.in +simplesite.com +simurl.com +sitefwd.com +sk9.pl +slate.me +sli.su +slki.ru +sl.to +smallr.com +smallurl.in +smallurl.ru +smalur.com +s-m.co +smsh.me +smurl.ca +smurl.name +sn9.ru +sn.im +snipr.com +snipurl.com +snurl.com +softlinemail.ru +sokrati.ru +somexyz.com +song.ly +sorturl.net +so.vg +sp2.ro +spedr.com +speed-tester.info +sq6.ru +srclick.ru +srcom.net +srnk.net +srs.li +srtn.me +starts.com +starturl.com +stat-pulse.com +stnx.at +stump.ws +su.ly +su.pr +surl.co.uk +surl.hu +surl.me +surs.nl +susurl.com +swturl.com +t1ny.net +ta.gd +ta.gg +tagiturl.com +taourl.com +tbd.ly +t.cn +t.co +tcrn.ch +techto.us +tez.co +tgl.net +tgr.me +tgr.ph +th8.us +thexyz.org +thinfi.com +th.ly +thnlnk.com +thurl.in +tie.ly +tighturl.com +tin.cc +tiniuri.com +tiny9.com +tinyarro.ws +tiny.by +tiny.cc +tinyit.cc +tinylink.ca +tinylink.in +tiny.ly +tiny.pl +tiny.ps +tinyuri.ca +tinyurl.com +tinyurl.ru +tki.me +tldr.in +tl.gd +t.lh.com +tlim.ru +tllg.net +tmi.me +tnij.org +tny.com +tny.tc +to8.cc +togoto.us +to.je +to.ly +toma.ai +tos.co +totc.us +tourl.fr +toysr.us +tozm.com +tpm.ly +tra.kz +trg.li +trii.us +tr.im +trimurl.me +trunc.it +trusteml.com +tty.su +tuckinfo.com +tux-pla.net +tvsl.eu +tweet.ms +tweez.me +twhub.com +twirl.at +twitclicks.com +twitter.com +twitterurl.net +twiturl.de +twiu.ru +twurl.cc +twurl.nl +tyny.me +u2s.in +u76.org +ub0.cc +u.info-mg.ru +ukril.ru +ulk.me +ulmart.ru +ulo.me +ulu.lu +u.mavrev.com +umenytt.se +unfake.it +u.nu +updating.me +ur1.ca +ur3.us +ural-tender.ru +url2.ru +url360.me +url3.ru +url4.eu +url4.ru +url4t.com +url5.ru +url66.com +urla.ru +url.az +url.b24.am +urlbit.us +urlborg.com +urlbrief.com +urlcantik.com +urlclick.ru +url.cn +urlcorta.es +url.co.uk +urlcover.com +urlcut.com +urldefender.com +urldepo.ru +url.dflix.net +urlel.com +urlenco.de +urle.us +url.g4team.com +urlgator.com +urlgeo.me +urlg.in +url-go.com +urlgo.ru +url.ie +urlin.it +urlink.eu +urli.nl +urlite.de +url.lotpatrol.com +urlmint.com +url.mk.ua +urlms.com +urloid.com +urloo.com +urlot.com +urlredo.com +urlscott.com +urls.co.za +url.shinri.biz +urlshorteningservicefortwitter.com +urlshort.me +urls.im +urlsim.com +urlsnip.com +urlsp.in +urlsqueeze.com +urls.vg +urltwit.com +urlu.ms +urlus.ru +url.vsofte.ru +urlx.ie +urlxs.fr +ur.ly +url.yanclex.com +urlz.at +urlzen.com +url-zip.com +urlz.ro +usat.ly +use.my +u.to +uud.in +uuu.su +uww.me +uyurl.com +vani.sh +vash-repetitor.ru +vb.ly +vc8.net +vgn.am +view.my +vk.cc +vl.am +vll.me +vog.me +vovka.com +vst.tv +w3t.org +w55.de +wa.la +wapo.st +wapurl.co.uk +warble.co +webformyself.com +weblist.kharkov.ua +weburl.me +weeclix.com +wez.su +whspr.it +widg.me +wik.ro +wipi.es +wlatcy-moch.tk +wlink.me.uk +wmturls.com +wom.im +wowurl.com +wp.me +wp.nu +wurl.in +wurl.us +wuw.su +ww.tl +www.clickmeeting.com +www.grandstreamnetworks.ru +wz.ae +x2t.com +xaa.su +xav.cc +xcqv.com +xcs.me +xd5.net +xdvn.net +xew.co +xops.fr +xp.cm +xr.com +xrl.in +xrls.tk +xrl.us +x-url.com +xurl.es +xurl.jp +x.vu +xvx.su +xw6.com +xxsurl.de +xxw.me +y.ahoo.it +yatuc.com +ydn.ru +ye.pe +yep.it +yfrog.com +yhoo.it +yi.pe +yiyd.com +ysu.me +yuarel.com +yurl.in +y-url.ru +yurl.ru +z0p.de +z2z.ca +zapt.in +zazi.me +zcom.us +zebratelecom.ru +zeep.in +zi.ma +zi.mu +zio.in +zipmyurl.com +zolp.net +zrps.info +zti.me +zud.me +zurl.ws +zxc9.com +zzang.kr +zz.gd diff --git a/conf/maps.d/spf_dkim_whitelist.inc b/conf/maps.d/spf_dkim_whitelist.inc new file mode 100644 index 0000000..fe0ddbb --- /dev/null +++ b/conf/maps.d/spf_dkim_whitelist.inc @@ -0,0 +1,233 @@ +# Domains with valid SPF and DKIM + +4chan.org +6pm.com +about.com +addthis.com +adf.ly +adobe.com +adp.com +adschemist.com +airbnb.com +airtel.in +alibaba.com +aliexpress.com 2.0 +alipay.com 2.0 +allrecipes.com +amazon.ca +amazon.cn +amazon.co.jp +amazon.com +amazon.co.uk +amazon.de +amazon.es +amazon.fr +amazon.in +amazon.it +amazon.ru +americanexpress.com +ancestry.com +android.com +apple.com +asana.com +att.com +autohome.com.cn +avg.com +aweber.com +badoo.com +bankofamerica.com +basecamp.com +battle.net +bet365.com +biglobe.ne.jp +bitly.com +bleacherreport.com +blogger.com +bloomberg.com +booking.com +box.com +bt.com +capitalone.com +cdiscount.com +change.org +chase.com +cisco.com +citi.com +constantcontact.com +costco.com +craigslist.org +custhelp.com +dell.com +delta.com +diply.com +discovercard.com +disqus.com +dropbox.com +drweb.com +ebay.ca +ebay.com +ebay.com.au +ebay.co.uk +ebay.de +ebay.fr +ebay.in +ebay.it +ebay.ru +etsy.com +evernote.com +expedia.com +facebook.com +fedex.com +fidelity.com +fishki.net +flickr.com +flirchi.com +force.com +freepik.com +gap.com +gawker.com +github.com 2.0 +gizmodo.com +godaddy.com +googleadservices.com +googleusercontent.com +groupon.com +hdfcbank.com +hgtv.com +hh.ru +hm.com +houzz.com +hubspot.com +icicibank.com +icloud.com +ign.com +imgur.com +immobilienscout24.de +indeed.com +indiatimes.com +infusionsoft.com +instagram.com +intel.com +irctc.co.in +kayak.com +kickstarter.com +kijiji.ca +kotaku.com +letsencrypt.org +libero.it +lifehacker.com +likes.com +linkedin.com +linux.com +list-manage.com +mackeeper.com +mailchimp.com +mashable.com +match.com +mercadolibre.com.ar +mercadolivre.com.br +messenger.com +microsoft.com +microsoftonline.com +moikrug.ru +mts.ru +neobux.com +netflix.com +newegg.com +nhk.or.jp +nifty.com +nikkeibp.co.jp +nyaa.se +nytimes.com +odnoklassniki.ru +ok.ru +olx.ua +overstock.com +ozon.ru +ozon.travel +pandora.com +paypal.ca +paypal.cn +paypal.com +paypal.com +paypal.co.uk +paypal.de +paypal.es +paypal.fr +paypal.it +paypal.ru +paytm.com +pch.com +pinterest.com +porn.com +priceline.com +qq.com +quora.com +rakuten.co.jp +reddit.com +researchgate.net +salesforce.com +sciencedirect.com +shopify.com +slack.com +slideshare.net +so-net.ne.jp +southwest.com +spotify.com +springer.com +squarespace.com +stalker.com +steampowered.com +stumbleupon.com +surveymonkey.com +swagbucks.com +taboola.com +taleo.net +taobao.com +target.com +taringa.net +taxi.yandex.ru +tele2.ru +thekitchn.com +tokopedia.com +trello.com +tribunnews.com +trulia.com +tumblr.com +twitter.com +ultimate-guitar.com +ups.com +usaa.com +usbank.com +usps.com +verizon.com +verizonwireless.com +vimeo.com +vine.co +vk.com +vmware.com +vtb24.ru +wahoofitness.com +walmart.com +wav.tv +wellsfargo.com +whatsapp.com +wikia.com +wikimedia.org +wikipedia.org +wildberries.ru +wix.com +wordpress.com +wordpress.org +wp.com +xuite.net +xvideos.com +yelp.com +youtube.com +yts.to +zappos.com +zendesk.com +zippyshare.com +zomato.com +zulily.com +zwift.com diff --git a/conf/maps.d/surbl-whitelist.inc b/conf/maps.d/surbl-whitelist.inc new file mode 100644 index 0000000..479c929 --- /dev/null +++ b/conf/maps.d/surbl-whitelist.inc @@ -0,0 +1,830 @@ +126.com +163.com +1gost.info +1stnationalbank.com +2o7.net +365online.com +4at1.com +53.com +5iantlavalamp.com +abl.com.pk +about.com +accessbankplc.com +adelphia.net +adib.ae +adobe.com +agora-inc.com +agoramedia.com +aibgb.co.uk +aib.ie +airdriesavingsbank.com +akamai.net +akamaitech.net +aldermore.co.uk +alexa.com +alliancebank.com.my +alliancefg.com +alliantcreditunion.com +alliantcreditunion.org +allianz.de +allybank.com +alterna.ca +amazon.com +americanexpress.ch +americanexpress.com +anadolubank.nl +ancestry.com +anpdm.com +anz.com +anz.co.nz +aol.com +apache.org +apple.com +arbuthnotlatham.co.uk +arcamax.com +asb.co.nz +ask.com +astrology.com +atdmt.com +att.net +authorize.net +autorambler.ru +axisbank.co.in +axisbank.com +b2bbank.com +baaderbank.de +baidu.com +baloise.ch +baml.com +banamex.com +bancanetbsc.do +bancanetsantacruz.com.do +bancapulia.it +bancarios.com +bancastato.ch +bancatransilvania.ro +bancobase.com +bancobic.ao +bancobic.pt +bancobpi.pt +banco.bradesco +bancobrasil.com.br +bancochile.cl +bancochile.com +bancoestado.cl +bancofalabella.cl +bancofalabella.com.co +bancofalabella.pe +bancomer.com +bancopopolare.it +bancopostaclick.it +bancoposta.it +bancosantander.es +bancovotorantimcartoes.com.br +bank24.ru +bankalhabib.com +bankaustria.at +bank.barclays.co.uk +bankbgzbnpparibas.pl +bankcardservices.co.uk +bankcomm.com +bankcoop.ch +bankiabancapersonal.es +bankia.com +bankia.es +bankinter.com +bankinter.es +bankmutual.com +bankofamerica.com +bankofcanada.ca +bankofchina.com +bankofcyprus.com +bankofindia.co.nz +bankofireland.com +bank-of-ireland.co.uk +bankofirelanduk.com +bankofoklahoma.com +bankofscotland.co.uk +banksinarmas.com +bankvonroll.ch +bankwest.com.au +banque-casino.fr +banquepopulaire.fr +banquescotia.com +barclaycard.co.uk +barclaycard.de +barclaycard.es +barclays.com +barclays.co.uk +barclayspartnerfinance.com +barclays.sc +barodanzltd.co.nz +basler.ch +bbandt.com +bbc.co.uk +bcentral.com +bci.cl +bcp.com.pe +bcv.ch +bcvs.ch +bekb.ch +bellevue.ch +bellsouth.net +bendigobank.com.au +berliner-bank.de +berliner-sparkasse.de +bfanet.ao +bfi0.com +bgfi.com +bgfionline.com +bgzbnpparibas.pl +billmelater.com +bing.com +bkb.ch +bk.rw +bks.at +blkb.ch +bmocm.com +bmo.com +bmogam.com +bmoharris.com +bmoharrisprivatebankingonline.com +bmoinvestorline.com +bmonesbittburns.com +bnl.it +bnpparibas.com +bnpparibas.fr +boc.cnnz +bonuscard.ch +bpe-gruposantander.com +bpi.pt +bpostbank.be +bradescardonline.com.br +bradesco.com.br +bradescoseguranca.com.br +bridgetrack.com +bridgewaterbank.ca +bsibank.com +btrl.ro +bt-trade.ro +businessonline-boi.com +bzbank.ch +ca-cib.com +ca-egypt.com +cafbank.org +cafe24.com +cafonline.org +caisse-epargne.com +caisse-epargne.fr +caixabank.com +caixa.gov.br +cajasur.es +camsonline.com +canadiandirect.com +capitalone360.com +capitalone.com +capitaloneonline.co.uk +capitecbank.co.za +cariparma.it +carrefour-banque.fr +cartabcc.it +cartabccpos.it +cartasi.it +ca-suisse.com +catalunyacaixa.com +cbg.gm +cbonline.co.uk +cembra.ch +cenbank.org +centralbank.ae +charitybank.org +charter.net +chase.com +chebanca.it +chinatrust.com.tw +cial.ch +cibc.com +cic.ch +cimbclicks.com.my +citibank.ae +citibank.co.in +citibank.com +citibank.co.uk +citibankonline.com +citibusiness.com +citicards.com +citi.com +citi.co.nz +citi.eu +citigroup.com +citizensbank.ca +citizensbank.com +civibank.com +civibank.it +cjb.net +classmates.com +clickbank.net +closebrothers.com +closebrothers.co.uk +clubsc.ch +cnet.com +cnn.com +colpatria.com +colpatria.com.co +comcast.net +com.com +commbank.com.au +commerzbank.com +commerzbank.de +com.ne.kr +coopbank.dk +co-operativebank.co.uk +cornerbanca.ch +cornercard.ch +cornercard.com +corner.ch +corporate-ir.net +cosycard.ch +coutts.com +cox.net +craigslist.org +credit-agricole.com +credit-agricole.fr +creditagricole.rs +credit-suisse.com +cs.com +css.ch +ctbcbank.com +ctfs.com +custhelp.com +cwbank.com +cwbankgroup.com +cwt.ca +cybg.com +danskebankas.lt +danskebank.com +danskebank.co.uk +danskebank.de +danskebank.dk +danskebank.ee +danskebank.fi +danskebank.ie +danskebank.no +datatrans.biz +datatrans.ch +daum.net +db.com +dbs.com +dd.se +debian.org +dell.com +demirbank.kg +denizbank.com +desjardins.ca +desjardins.com +deutschebank.be +deutschebank.co.nz +deutsche-bank.de +diamondbank.com +dibpak.com +directnic.com +directtrack.com +discovercard.com +discover.com +discovery.co.za +dnbnord.lt +domain.com +doubleclick.com +dovecot.org +dresdner-bank.de +dsbbank.sr +dsbl.org +duncanlawrie.com +earthlink.net +easybank.at +easylnk.com +ebay.com +ebay.co.uk +ebay.de +ebayimg.com +ebaystatic.com +ecobank.com +edgesuite.net +ediets.com +edwardjones.com +egroups.com +e-gulfbank.com +emode.com +esunbank.com.tw +exacttarget.com +example.com +example.net +example.org +excite.com +facebook.com +fedex.com +fednetbank.com +fidelity.com +fidor.de +finance.com +finansbank.com.tr +finasta.lt +fineco.it +firstbankcard.com +firstmerit.com +firstnational.com +firstnationalmerchantsolutions.com +firsttrustbank.co.uk +flickr.com +fnbc.ca +fnb.co.za +fnb-online.com +freebsd.org +free.fr +friuladria.it +f-secure.com +garantibank.eu +garantibank.nl +garanti.com.tr +gazprombank.ch +gazprombank.ru +generali.es +genevoise.ch +gentoo.org +geocities.com +github.com +gkb.ch +gmail.com +gmx.net +go.com +godaddy.com +googleadservices.com +google.co.in +google.com +google.it +google.ru +granitbank.hu +grisoft.com +gtbank.com +halifax.co.uk +hallmark.com +handelsbanken.se +harrodsbank.co.uk +hbl.com +hblibank.com +hblibank.com.pk +hdfcbank.com +heartland.co.nz +hellenicbank.com +hinet.net +hkbea.com +hlb.com.kh +hlb.com.my +hoaresbank.co.uk +home.barclays +hongleongconnect.com.kh +hongleongconnect.com.vn +hongleongconnect.my +hotbar.com +hotmail.com +hotpop.com +hp.com +hsbc.com +hsbc.com.ar +hsbc.com.hk +hsbc.co.nz +hsbc.co.uk +hypovereinsbank.co.uk +hypovereinsbank.de +ibm.com +icbcnz.com +icicibank.co.in +icicibank.com +icicibankprivatebanking.com +icorner.ch +icscards.de +icscards.nl +incredimail.com +ing.be +ing.com +ing-diba.de +ingdirect.ca +ing.lu +ing.nl +ingvysyabank.com +interac.ca +investorplace.com +iobnet.co.in +isbank.com.tr +isbank.de +isbank.ge +isbank.iq +isbankkosova.com +isc.org +itau.com.br +ivillage.com +joingevalia.com +jpmchase.com +jpmorgan.com +jsafrasarasin.com +julianhodgebank.com +juliusbaer.com +juno.com +jyskebank.dk +kantonalbank.ch +kernel.org +key.com +kiwibank.co.nz +kotak.com +kredytbank.pl +kreissparkasse-schwalm-eder.de +ksklb.de +kutxabank.es +laboralkutxa.com +lacaixa.cat +lacaixa.es +laurentianbank.ca +lbb.de +lcl.com +lcl.fr +li.ru +list.ru +lists.isc.org +lists.roundcube.net +liveinternet.ru +livejournal.com +lloydsbank.com +lloydsbankcommercial.com +lloydsbankinggroup.com +lloydstsb.ch +lloydstsb.co.uk +lombardodier.com +loydsbank.com +lycos.com +m7z.net +mac.com +macromedia.com +maerki-baumann.ch +mail.com +mail.ru +mailscanner.info +mandtbank.com +manulifebank.ca +manulifebankselect.ca +manulife.com +manulifeone.ca +marketwatch.com +mashreqbank.com +mastercard.com +maybank2u.com +maybank2u.com.my +mcafee.com +mchsi.com +mdmbank.com +mechanicsbank.com +medbank.lt +messagelabs.com +metrobankdirect.com +metrobankonline.co.uk +microsoft.com +migbank.com +migrosbank.ch +military.com +mindspring.com +mit.edu +mizuhobank.co.jp +mmwarburg.lu +monster.com +montepio.pt +morganstanley.com +mozilla.com +mps.it +ms.com +msn.com +mufg.jp +myonlineresourcecenter.com +myonlineservices.ch +myspace.com +nate.com +nationalesuisse.ch +nationwide-communications.co.uk +nationwide.co.uk +nationwide-service.co.uk +natwest.com +navyfederal.org +nbc.ca +netflix.com +netscape.com +netscape.net +netzero.net +newyorkfed.org +nibl.com.np +nod32.com +nordea.fi +nordea.lt +nordfynsbank.dk +norisbank.de +norman.com +notenstein.ch +nuvisionfederal.com +nytimes.com +oceanbank.com +onlinesbi.com +openoffice.org +openxmlformats.org +optonline.net +orchardbank.com +osdn.com +ostsaechsische-sparkasse-dresden.de +overstock.com +pacbell.net +pandasoftware.com +passport.com +paylife.at +paypal.be +paypal-brasil.com.br +paypal.ca +paypal.ch +paypal.co.il +paypal.com +paypal.com.au +paypal.com.br +paypal-communication.com +paypal-community.com +paypal.com.mx +paypal.com.pt +paypal.co.uk +paypal-customerfeedback.com +paypal.de +paypal-deutschland.de +paypal.dk +paypal.es +paypal-exchanges.com +paypal.fr +paypal.it +paypal-marketing.co.uk +paypal-marketing.pl +paypal.net +paypal.nl +paypal.no +paypal-notify.com +paypal-now.com +paypalobjects.com +paypal-opwaarderen.nl +paypal-pages.com +paypal.pt +paypal.ru +paypal.se +paypal-search.com +paypal-shopping.co.uk +paypal-techsupport.com +pbebank.com +pcfinancial.ca +peoplepc.com +permanenttsb.ie +plaxo.com +pnc.com +popolarevicenza.it +postbank.de +postepay.it +postfinancearena.ch +postfinance.ch +postfinance.info +price.ru +prodigy.net +publicislamicbank.com.my +rabobank.com +rabobank.co.nz +rabobank.nl +radaruol.com.br +rahnbodmer.ch +raiffeisenbank.rs +raiffeisen.ch +raiffeisen.hu +raiffeisen.li +raiffeisen.ru +rambler-co.ru +rambler.ru +raphaelsbank.com +rbc.com +rbcroyalbank.com +rbs.co.uk +rbssecure.co.uk +rbsworldpay.com +rcb.at rcb.at +real.com +recordbank.be +redhat.com +rediff.com +regiobank.nl +regions.com +regionsnet.com +renasantbank.com +rhbgroup.com +rogersbank.com +rogers.com +rothschildbank.com +rothschild.com +royalbank.com +rr.com +sagepay.com +sagepay.co.uk +sainsburysbank.co.uk +samba.com +santander.cl +santander.com +santander.com.br +santander.com.mx +santandercorretora.com.br +santander.co.uk +santanderesfera.com.br +santandersantiago.cl +sarasin.ch +sbcglobal.net +sberbank.ch +sbs.net.nz +sc.com +schoellerbank.at +scotiabank.ca +scotiabank.com +scotiamocatta.com +scotiaonline.com +s.de +sec.gov +securetrustbank.com +service-sparkasse.de +serviciobancomer.com +sf.net +shawbrook.co.uk +shaw.ca +shkb.ch +shockwave.com +six-group.com +six-payment-services.com +skrill.com +sls-direkt.de +smithbarney.com +snb.ch snb.ch +snsbank.nl +societegenerale.fr +sourceforge.net +spamcop.net +sparda-a.de +sparda-bank-hamburg.de +sparda-b.de +sparda-bw.de +sparda-h.de +sparda-hessen.de +sparda-m.de +sparda-ms.de +sparda-n.de +sparda-ostbayern.de +sparda-sw.de +sparda-verband.de +sparda-west.de +sparkasse.at +sparkasse-bank-malta.com +sparkasse-bielefeld.de +sparkasseblog.de +sparkasse-bochum.de +sparkasse.ch +sparkasse.de +sparkasse-gera-greiz.de +sparkasse-hamm.de +sparkasse-heidelberg.de +sparkasse-ingolstadt.de +sparkasse-mittelthueringen.de +speedera.net +sportsline.com +standardbank.com +standardbank.co.za +standardchartered.com.gh +standardchartered.com.my +subscribe.ru +sun.com +suncorpbank.com.au +suntrust.com +svn.apache.org +swedbank.com +swedbank.ee +swedbank.lt +swedbank.lu +swedbank.se +swisscanto.ch +swisscaution.ch +swissquote.ch +sydbank.dk +sympatico.ca +taggedmail.com +tails.nl +tangerine.ca +tcb-bank.com.tw +tdbank.com +tdcommercialbanking.com +telus.net +terra.com.br +tescobank.com +ticketmaster.com +tinyurl.com +tiscali.co.uk +tns-counter.ru +tom.com +tone.co.nz +t-online.de +top4top.ru +tsbbank.co.nz +tsb.co.nz +tsb.co.uk +tumblr.com +tux.org +twitter.com +ubibanca.com +ubs.com +ulsterbankanytimebanking.co.uk +ulsterbank.co.uk +unibancoconnect.pt +unibanco.pt +unicreditbank.lt +unicredit.eu +unicreditgroup.eu +unicredit.it +unionbankcameroon.com +unionbank.com +unity.co.uk +uob.com.sg +uobgroup.com +uol.com.br +ups.com +usbank.com +valianttrust.com +vaudoise.ch +venetobanca.it +venetobanka.al +verizon.net +versabank.com +videobank.it +virginmoney.com +visa.com.ar +visa.com.br +visaeurope.ch +visaeurope.com +viseca.ch +vistaprint.com +vistaprint.dk +volksbank.de +volkswagenbank.de +vpbank.com +vr.de +vwbank.de +w3.org +wachovia.com +walmart.com +wamu.com +wanadoo.fr +washingtonpost.com +weatherbug.com +weatherbys.co.uk +web.de +webshots.com +webtv.net +wegelin.ch +wellsfargo.com +wellsfargoemail.com +westernunion.ca +westernunion.com +westernunion.fr +westernunion.se +westpac.com.au +westpac.co.nz +wir.ch +wordpress.com +worldbank.org +worldpay.com +wsj.com +wvb.de +xmlsoap.org +yacht.nl +yahoo.ca +yahoo.co.jp +yahoo.co.kr +yahoo.com +yahoo.com.br +yahoo.co.uk +yahoogroups.com +yandex.net +yandex.ru +ybonline.co.uk +yimg.com +yopi.de +yorkshirebank.co.uk +yourbankcard.com +yoursite.com +youtube.com +zagbank.ca +zdnet.com +zenithbank.com +zkb.ch +zugerkb.ch +# list-manage1.com # grey +# list-manage2.com # grey +# list-manage.com # grey diff --git a/conf/metrics.conf b/conf/metrics.conf new file mode 100644 index 0000000..9c4358f --- /dev/null +++ b/conf/metrics.conf @@ -0,0 +1,24 @@ +# Metrics settings +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +# DEPRECATION WARNING!! +# This file is deprecated since 1.7 +# Please use actions.conf and groups.conf files instead +metric { + name = "default"; + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/metrics.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/metrics.conf" +} diff --git a/conf/modules.conf b/conf/modules.conf new file mode 100644 index 0000000..b37da06 --- /dev/null +++ b/conf/modules.conf @@ -0,0 +1,17 @@ +# A common rspamd configuration file (should never ever be changed) +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +.include(glob=true) "${CONFDIR}/modules.d/*.conf"
\ No newline at end of file diff --git a/conf/modules.d/antivirus.conf b/conf/modules.d/antivirus.conf new file mode 100644 index 0000000..b172288 --- /dev/null +++ b/conf/modules.d/antivirus.conf @@ -0,0 +1,58 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/antivirus.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/antivirus.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/antivirus.html + +antivirus { + # multiple scanners could be checked, for each we create a configuration block with an arbitrary name + #clamav { + # If set force this action if any virus is found (default unset: no action is forced) + # action = "reject"; + # message = '${SCANNER}: virus found: "${VIRUS}"'; + # Scan mime_parts separately - otherwise the complete mail will be transferred to AV Scanner + #scan_mime_parts = true; + # Scanning Text is suitable for some av scanner databases (e.g. Sanesecurity) + #scan_text_mime = false; + #scan_image_mime = false; + # If `max_size` is set, messages > n bytes in size are not scanned + #max_size = 20000000; + # symbol to add (add it to metric if you want non-zero weight) + #symbol = "CLAM_VIRUS"; + # type of scanner: "clamav", "fprot", "sophos" or "savapi" + #type = "clamav"; + # For "savapi" you must also specify the following variable + #product_id = 12345; + # You can enable logging for clean messages + #log_clean = true; + # servers to query (if port is unspecified, scanner-specific default is used) + # can be specified multiple times to pool servers + # can be set to a path to a unix socket + # Enable this in local.d/antivirus.conf + #servers = "127.0.0.1:3310"; + # if `patterns` is specified virus name will be matched against provided regexes and the related + # symbol will be yielded if a match is found. If no match is found, default symbol is yielded. + #patterns { + # symbol_name = "pattern"; + # JUST_EICAR = '^Eicar-Test-Signature$'; + #} + #patterns_fail { + # symbol_name = "pattern"; + #CLAM_PROTOCOL_ERROR = '^unhandled response'; + #} + # `whitelist` points to a map of signature names. Hits on these signatures are ignored. + #whitelist = "/etc/rspamd/antivirus.wl"; + #} + + .include(try=true,priority=5) "${DBDIR}/dynamic/antivirus.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/antivirus.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/antivirus.conf" +} diff --git a/conf/modules.d/arc.conf b/conf/modules.d/arc.conf new file mode 100644 index 0000000..f26dad8 --- /dev/null +++ b/conf/modules.d/arc.conf @@ -0,0 +1,72 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/arc.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/arc.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/arc.html + + +# To configure this module, please also check the following document: +# https://rspamd.com/doc/tutorials/scanning_outbound.html and +# https://rspamd.com/doc/modules/arc.html + +# To enable this module define the following attributes: +# path = "${DBDIR}/arc/$domain.$selector.key"; +# OR +# domain { ... }, if you use per-domain conf +# OR +# set `use_redis=true;` and define redis servers + +arc { + # If false, messages with empty envelope from are not signed + allow_envfrom_empty = true; + # If true, envelope/header domain mismatch is ignored + allow_hdrfrom_mismatch = true; + # If true, multiple from headers are allowed (but only first is used) + allow_hdrfrom_multiple = false; + # If true, username does not need to contain matching domain + allow_username_mismatch = false; + # Default path to key, can include '$domain' and '$selector' variables + #path = "${DBDIR}/arc/$domain.$selector.key"; + # Default selector to use + selector = "arc"; + # If false, messages from authenticated users are not selected for signing + sign_authenticated = false; + # If false, inbound messages are not selected for signing + sign_inbound = true; + # If false, messages from local networks are not selected for signing + sign_local = false; + # Symbol to add when message is signed + sign_symbol = "ARC_SIGNED"; + # Whether to fallback to global config + try_fallback = true; + # Domain to use for ARC signing: can be "header", "envelope" or "recipient" + use_domain = "recipient"; + # Whether to normalise domains to eSLD + use_esld = true; + # Whether to get keys from Redis + use_redis = false; + # Hash for ARC keys in Redis + key_prefix = "ARC_KEYS"; + + # Domain specific settings + #domain { + # example.com { + # # Private key path + # path = "${DBDIR}/arc/example.key"; + # # Selector + # selector = "ds"; + # } + #} + + .include(try=true,priority=5) "${DBDIR}/dynamic/arc.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/arc.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/arc.conf" +} diff --git a/conf/modules.d/asn.conf b/conf/modules.d/asn.conf new file mode 100644 index 0000000..61efd52 --- /dev/null +++ b/conf/modules.d/asn.conf @@ -0,0 +1,29 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/asn.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/asn.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/asn.html + +asn { + # Provider: just "rspamd" for now + provider_type = "rspamd"; + # Provider-specific configuration + provider_info { + ip4 = "asn.rspamd.com"; + ip6 = "asn6.rspamd.com"; + } + # If defined, insert symbol with lookup results + # symbol = "ASN"; + + .include(try=true,priority=5) "${DBDIR}/dynamic/asn.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/asn.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/asn.conf" +} diff --git a/conf/modules.d/aws_s3.conf b/conf/modules.d/aws_s3.conf new file mode 100644 index 0000000..5d78148 --- /dev/null +++ b/conf/modules.d/aws_s3.conf @@ -0,0 +1,27 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/aws_s3.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/aws_s3.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/aws_s3.html + +aws_s3 { + # Required attributes + #s3_bucket = 'xxx'; + s3_region = 'us-east-1'; + s3_host = 's3.amazonaws.com'; + #s3_secret_key = 'xxx'; + #s3_key_id = 'xxx'; + # Enable in local.d/aws_s3.conf + enabled = false; + .include(try=true,priority=5) "${DBDIR}/dynamic/aws_s3.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/aws_s3.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/aws_s3.conf" +} diff --git a/conf/modules.d/bimi.conf b/conf/modules.d/bimi.conf new file mode 100644 index 0000000..ed7be6b --- /dev/null +++ b/conf/modules.d/bimi.conf @@ -0,0 +1,30 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/bimi.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/bimi.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Currently there is no documentation for this module. When it is written it will +# be available at https://rspamd.com/doc/modules/bimi.html + +bimi { + # Required attributes + #helper_url = "http://127.0.0.1:3030", + helper_timeout = 5s; + helper_sync = true; + vmc_only = true; + redis_prefix = 'rs_bimi'; + redis_min_expiry = 24h; + + # Enable in local.d/bimi.conf + enabled = false; + .include(try=true,priority=5) "${DBDIR}/dynamic/bimi.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/bimi.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/bimi.conf" +} diff --git a/conf/modules.d/chartable.conf b/conf/modules.d/chartable.conf new file mode 100644 index 0000000..849c8bd --- /dev/null +++ b/conf/modules.d/chartable.conf @@ -0,0 +1,21 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/chartable.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/chartable.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/chartable.html + +chartable { + threshold = 0.300000; + symbol = "R_MIXED_CHARSET"; + .include(try=true,priority=5) "${DBDIR}/dynamic/chartable.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/chartable.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/chartable.conf" +} diff --git a/conf/modules.d/clickhouse.conf b/conf/modules.d/clickhouse.conf new file mode 100644 index 0000000..5edf710 --- /dev/null +++ b/conf/modules.d/clickhouse.conf @@ -0,0 +1,59 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/clickhouse.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/clickhouse.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/clickhouse.html + +clickhouse { + # Push update when 1000 records are collected (1000 if unset) + limit = 1000; + # IP:port of Clickhouse server + # server = "localhost:8123"; + # Timeout to wait for response (5 seconds if unset) + timeout = 5; + # How many bits of sending IP to mask in logs for IPv4 (19 if unset) + ipmask = 19; + # How many bits of sending IP to mask in logs for IPv6 (48 if unset) + ipmask6 = 48; + # Record URL paths? (default false) + full_urls = false; + # This parameter points to a map of domain names + # If a message has a domain in this map in From: header and DKIM signature, + # record general metadata in a table named after the domain + #from_tables = "/etc/rspamd/clickhouse_from.map"; + # These are symbols of other checks in Rspamd + # Set these if you use non-default symbol names (unlikely) + #bayes_spam_symbols = ["BAYES_SPAM"]; + #bayes_ham_symbols = ["BAYES_HAM"]; + #fann_symbols = ["FANN_SCORE"]; + #fuzzy_symbols = ["FUZZY_DENIED"]; + #whitelist_symbols = ["WHITELIST_DKIM", "WHITELIST_SPF_DKIM", "WHITELIST_DMARC"]; + #dkim_allow_symbols = ["R_DKIM_ALLOW"]; + #dkim_reject_symbols = ["R_DKIM_REJECT"]; + #dmarc_allow_symbols = ["DMARC_POLICY_ALLOW"]; + #dmarc_reject_symbols = ["DMARC_POLICY_REJECT", "DMARC_POLICY_QUARANTINE"]; + + #retention { + # # disabled by default + # enable = true; + # # drop | detach, please refer to ClickHouse docs for details + # # http://clickhouse-docs.readthedocs.io/en/latest/query_language/queries.html#manipulations-with-partitions-and-parts + # method = "drop"; + # # how many month the data should be kept in ClickHouse + # period_months = 3; + # # how often run the cleanup process + # run_every = "7d"; + #} + + .include(try=true,priority=5) "${DBDIR}/dynamic/clickhouse.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/clickhouse.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/clickhouse.conf" +} diff --git a/conf/modules.d/dcc.conf b/conf/modules.d/dcc.conf new file mode 100644 index 0000000..22ca600 --- /dev/null +++ b/conf/modules.d/dcc.conf @@ -0,0 +1,28 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/dcc.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/dcc.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/dcc.html + +dcc { + + enabled = false; + + # Define local socket or TCP servers in upstreams syntax + # When sockets and servers are definined - servers is used! + socket = "/var/dcc/dccifd"; # Unix socket + #servers = "127.0.0.1:10045" # OR TCP upstreams + timeout = 2s; # Timeout to wait for checks + + .include(try=true,priority=5) "${DBDIR}/dynamic/dcc.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/dcc.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/dcc.conf" +} diff --git a/conf/modules.d/dkim.conf b/conf/modules.d/dkim.conf new file mode 100644 index 0000000..689ecd2 --- /dev/null +++ b/conf/modules.d/dkim.conf @@ -0,0 +1,25 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/dkim.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/dkim.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/dkim.html + +dkim { + dkim_cache_size = 2k; + dkim_cache_expire = 1d; + time_jitter = 6h; + trusted_only = false; + skip_multi = false; + + .include(try=true,priority=5) "${DBDIR}/dynamic/dkim.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/dkim.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/dkim.conf" +} diff --git a/conf/modules.d/dkim_signing.conf b/conf/modules.d/dkim_signing.conf new file mode 100644 index 0000000..42cb0e2 --- /dev/null +++ b/conf/modules.d/dkim_signing.conf @@ -0,0 +1,77 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/dkim_signing.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/dkim_signing.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details + + +# To configure this module, please also check the following document: +# https://rspamd.com/doc/tutorials/scanning_outbound.html and +# https://rspamd.com/doc/modules/dkim_signing.html + +# To enable this module define the following attributes: +# path = "/var/lib/rspamd/dkim/$domain.$selector.key"; +# OR +# domain { ... }, if you use per-domain conf +# OR +# set `use_redis=true;` and define redis servers + +dkim_signing { + # If false, messages with empty envelope from are not signed + allow_envfrom_empty = true; + # If true, envelope/header domain mismatch is ignored + allow_hdrfrom_mismatch = false; + # If true, multiple from headers are allowed (but only first is used) + allow_hdrfrom_multiple = false; + # If true, username does not need to contain matching domain + allow_username_mismatch = false; + # Default path to key, can include '$domain' and '$selector' variables + #path = "/var/lib/rspamd/dkim/$domain.$selector.key"; + # Default selector to use + selector = "dkim"; + # If false, messages from authenticated users are not selected for signing + sign_authenticated = true; + # If false, messages from local networks are not selected for signing + sign_local = true; + # Symbol to add when message is signed + symbol = "DKIM_SIGNED"; + # Whether to fallback to global config + try_fallback = true; + # Domain to use for DKIM signing: can be "header" or "envelope" + use_domain = "header"; + # Whether to normalise domains to eSLD + use_esld = true; + # Whether to get keys from Redis + use_redis = false; + # Hash for DKIM keys in Redis + key_prefix = "DKIM_KEYS"; + + # Domain specific settings + #domain { + # example.com { + # selectors [ + # { # Private key path + # path = "/var/lib/rspamd/dkim/example.key"; + # # Selector + # selector = "ds"; + # }, + # { # multiple dkim signature + # path = "/var/lib/rspamd/dkim/eddsa.key"; + # selector = "eddsa"; + # } + # ] + # } + #} + + + + .include(try=true,priority=5) "${DBDIR}/dynamic/dkim_signing.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/dkim_signing.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/dkim_signing.conf" +} diff --git a/conf/modules.d/dmarc.conf b/conf/modules.d/dmarc.conf new file mode 100644 index 0000000..d487041 --- /dev/null +++ b/conf/modules.d/dmarc.conf @@ -0,0 +1,19 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/dmarc.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/dmarc.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/dmarc.html + +dmarc { + .include(try=true,priority=5) "${DBDIR}/dynamic/dmarc.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/dmarc.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/dmarc.conf" +} diff --git a/conf/modules.d/elastic.conf b/conf/modules.d/elastic.conf new file mode 100644 index 0000000..8056023 --- /dev/null +++ b/conf/modules.d/elastic.conf @@ -0,0 +1,35 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/elastic.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/elastic.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/elastic.html + +elastic { + # Push update when 10 records are collected (10 if unset) + limit = 10; + # IP:port of Elasticsearch server + #server = "localhost:9200"; + # Timeout to wait for response (5 seconds if unset) + timeout = 5; + # Elasticsearch template file (json format) + #template_file = "${SHAREDIR}/elastic/rspamd_template.json"; + # Kibana prebuild visualizations and dashboard template (json format) + #kibana_file = "${SHAREDIR}/elastic/kibana.json"; + # Elasticsearch index name pattern + index_pattern = "rspamd-%Y.%m.%d"; + # Dump debug information + debug = false; + # Import kibana template + import_kibana = false; + .include(try=true,priority=5) "${DBDIR}/dynamic/elastic.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/elastic.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/elastic.conf" +} diff --git a/conf/modules.d/emails.conf b/conf/modules.d/emails.conf new file mode 100644 index 0000000..19f750f --- /dev/null +++ b/conf/modules.d/emails.conf @@ -0,0 +1,8 @@ +# Deprecated, preserved for compatibility purposes! Use rbl module +# Module documentation https://rspamd.com/doc/modules/rbl.html + +emails { + .include(try=true,priority=5) "${DBDIR}/dynamic/emails.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/emails.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/emails.conf" +} diff --git a/conf/modules.d/external_relay.conf b/conf/modules.d/external_relay.conf new file mode 100644 index 0000000..7d52ced --- /dev/null +++ b/conf/modules.d/external_relay.conf @@ -0,0 +1,22 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/external_relay.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/external_relay.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/external_relay.html + +external_relay { + # This module is default-disabled + enabled = false; + + .include(try=true,priority=5) "${DBDIR}/dynamic/external_relay.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/external_relay.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/external_relay.conf" +} diff --git a/conf/modules.d/external_services.conf b/conf/modules.d/external_services.conf new file mode 100644 index 0000000..549c7d7 --- /dev/null +++ b/conf/modules.d/external_services.conf @@ -0,0 +1,92 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/external_services.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/external_services.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/external_services.html + +external_services { + oletools { + # If set force this action if any virus is found (default unset: no action is forced) + # action = "reject"; + # If set, then rejection message is set to this value (mention single quotes) + # If `max_size` is set, messages > n bytes in size are not scanned + # max_size = 20000000; + # log_clean = true; + # servers = "127.0.0.1:10050"; + # cache_expire = 86400; + # scan_mime_parts = true; + # extended = false; + # if `patterns` is specified virus name will be matched against provided regexes and the related + # symbol will be yielded if a match is found. If no match is found, default symbol is yielded. + patterns { + # symbol_name = "pattern"; + } + # mime-part regex matching in content-type or filename + mime_parts_filter_regex { + #GEN1 = "application\/octet-stream"; + DOC2 = "application\/msword"; + DOC3 = "application\/vnd\.ms-word.*"; + XLS = "application\/vnd\.ms-excel.*"; + PPT = "application\/vnd\.ms-powerpoint.*"; + GEN2 = "application\/vnd\.openxmlformats-officedocument.*"; + } + # Mime-Part filename extension matching (no regex) + mime_parts_filter_ext { + doc = "doc"; + dot = "dot"; + docx = "docx"; + dotx = "dotx"; + docm = "docm"; + dotm = "dotm"; + xls = "xls"; + xlt = "xlt"; + xla = "xla"; + xlsx = "xlsx"; + xltx = "xltx"; + xlsm = "xlsm"; + xltm = "xltm"; + xlam = "xlam"; + xlsb = "xlsb"; + ppt = "ppt"; + pot = "pot"; + pps = "pps"; + ppa = "ppa"; + pptx = "pptx"; + potx = "potx"; + ppsx = "ppsx"; + ppam = "ppam"; + pptm = "pptm"; + potm = "potm"; + ppsm = "ppsm"; + } + # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned. + whitelist = "/etc/rspamd/antivirus.wl"; + } + dcc { + # If set force this action if any virus is found (default unset: no action is forced) + # action = "reject"; + # If set, then rejection message is set to this value (mention single quotes) + # If `max_size` is set, messages > n bytes in size are not scanned + max_size = 20000000; + #servers = "127.0.0.1:10045"; + # if `patterns` is specified virus name will be matched against provided regexes and the related + # symbol will be yielded if a match is found. If no match is found, default symbol is yielded. + patterns { + # symbol_name = "pattern"; + } + # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned. + whitelist = "/etc/rspamd/antivirus.wl"; + } + + .include(try=true,priority=5) "${DBDIR}/dynamic/external_services.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/external_services.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/external_services.conf" +} diff --git a/conf/modules.d/force_actions.conf b/conf/modules.d/force_actions.conf new file mode 100644 index 0000000..a753066 --- /dev/null +++ b/conf/modules.d/force_actions.conf @@ -0,0 +1,22 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/force_actions.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/force_actions.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/force_actions.html + +force_actions { + + # Refer to https://rspamd.com/doc/modules/force_actions.html for information on configuration + + .include(try=true,priority=5) "${DBDIR}/dynamic/force_actions.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/force_actions.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/force_actions.conf" +} diff --git a/conf/modules.d/forged_recipients.conf b/conf/modules.d/forged_recipients.conf new file mode 100644 index 0000000..b480bb1 --- /dev/null +++ b/conf/modules.d/forged_recipients.conf @@ -0,0 +1,22 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/forged_recipients.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/forged_recipients.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/forged_recipients.html + +forged_recipients { + symbol_sender = "FORGED_SENDER"; + symbol_rcpt = "FORGED_RECIPIENTS"; + + .include(try=true,priority=5) "${DBDIR}/dynamic/forged_recipients.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/forged_recipients.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/forged_recipients.conf" +} diff --git a/conf/modules.d/fuzzy_check.conf b/conf/modules.d/fuzzy_check.conf new file mode 100644 index 0000000..73e280f --- /dev/null +++ b/conf/modules.d/fuzzy_check.conf @@ -0,0 +1,49 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/fuzzy_check.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/fuzzy_check.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/fuzzy_check.html + +fuzzy_check { + min_bytes = 1k; # Since small parts and small attachments causes too many FP + timeout = 2s; + retransmits = 1; + rule "rspamd.com" { + algorithm = "mumhash"; + servers = "round-robin:fuzzy1.rspamd.com:11335,fuzzy2.rspamd.com:11335"; + encryption_key = "icy63itbhhni8bq15ntp5n5symuixf73s1kpjh6skaq4e7nx5fiy"; + symbol = "FUZZY_UNKNOWN"; + mime_types = ["*"]; + max_score = 20.0; + read_only = yes; + skip_unknown = yes; + short_text_direct_hash = true; # If less than min_length then use direct hash + min_length = 64; # Minimum words count to consider shingles + fuzzy_map = { + FUZZY_DENIED { + max_score = 20.0; + flag = 1; + } + FUZZY_PROB { + max_score = 10.0; + flag = 2; + } + FUZZY_WHITE { + max_score = 2.0; + flag = 3; + } + } + } + # Include dynamic conf for the rule + .include(try=true,priority=5) "${DBDIR}/dynamic/fuzzy_check.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/fuzzy_check.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/fuzzy_check.conf" +} diff --git a/conf/modules.d/greylist.conf b/conf/modules.d/greylist.conf new file mode 100644 index 0000000..fde9cc0 --- /dev/null +++ b/conf/modules.d/greylist.conf @@ -0,0 +1,35 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/greylist.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/greylist.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/greylisting.html + +greylist { + # Search "example.com" and "mail.example.com" for "mx.out.mail.example.com": + whitelist_domains_url = [ + "$LOCAL_CONFDIR/local.d/greylist-whitelist-domains.inc", + "$LOCAL_CONFDIR/local.d/maps.d/greylist-whitelist-domains.inc", + ]; + + expire = 1d; # 1 day by default + timeout = 5min; # 5 minutes by default + key_prefix = "rg"; # default hash name + max_data_len = 10k; # default data limit to hash + message = "Try again later"; # default greylisted message + #symbol = "GREYLIST"; # Symbol to insert + action = "soft reject"; # default greylisted action + ipv4_mask = 19; # Mask bits for ipv4 + ipv6_mask = 64; # Mask bits for ipv6 + + .include(try=true,priority=5) "${DBDIR}/dynamic/greylist.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/greylist.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/greylist.conf" +} diff --git a/conf/modules.d/hfilter.conf b/conf/modules.d/hfilter.conf new file mode 100644 index 0000000..36d5f47 --- /dev/null +++ b/conf/modules.d/hfilter.conf @@ -0,0 +1,26 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/hfilter.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/hfilter.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/hfilter.html + +hfilter { + helo_enabled = true; + hostname_enabled = true; + url_enabled = true; + from_enabled = true; + rcpt_enabled = true; + mid_enabled = false; + + .include(try=true,priority=5) "${DBDIR}/dynamic/hfilter.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/hfilter.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/hfilter.conf" +} diff --git a/conf/modules.d/history_redis.conf b/conf/modules.d/history_redis.conf new file mode 100644 index 0000000..0d1c7f6 --- /dev/null +++ b/conf/modules.d/history_redis.conf @@ -0,0 +1,25 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/history_redis.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/history_redis.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/history_redis.html + +history_redis { + #servers = 127.0.0.1:6379; # Redis server to store history + key_prefix = "rs_history"; # Default key name + nrows = 200; # Default rows limit + compress = true; # Use zstd compression when storing data in redis + subject_privacy = false; # subject privacy is off + + .include(try=true,priority=5) "${DBDIR}/dynamic/history_redis.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/history_redis.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/history_redis.conf" +} diff --git a/conf/modules.d/http_headers.conf b/conf/modules.d/http_headers.conf new file mode 100644 index 0000000..51e5b82 --- /dev/null +++ b/conf/modules.d/http_headers.conf @@ -0,0 +1,22 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/http_headers.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/http_headers.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/http_headers.html + +http_headers { + # This module is default-disabled + enabled = false; + + .include(try=true,priority=5) "${DBDIR}/dynamic/http_headers.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/http_headers.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/http_headers.conf" +} diff --git a/conf/modules.d/known_senders.conf b/conf/modules.d/known_senders.conf new file mode 100644 index 0000000..80b9239 --- /dev/null +++ b/conf/modules.d/known_senders.conf @@ -0,0 +1,31 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/known_senders.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/known_senders.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/known_senders.html + +known_senders { + # This module is default-disabled + enabled = false; + + # Domains to track senders + domains = "https://maps.rspamd.com/freemail/free.txt.zst"; + # Maximum number of elements + max_senders = 100000; + # Maximum time to live (when not using bloom filters) + max_ttl = 30d; + # Use bloom filters (must be enabled in Redis as a plugin) + use_bloom = false; + + .include(try=true,priority=5) "${DBDIR}/dynamic/known_senders.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/known_senders.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/known_senders.conf" +}
\ No newline at end of file diff --git a/conf/modules.d/maillist.conf b/conf/modules.d/maillist.conf new file mode 100644 index 0000000..3ddd0a6 --- /dev/null +++ b/conf/modules.d/maillist.conf @@ -0,0 +1,20 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/maillist.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/maillist.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/maillist.html + +maillist { + symbol = "MAILLIST"; + .include(try=true,priority=5) "${DBDIR}/dynamic/maillist.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/maillist.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/maillist.conf" +} diff --git a/conf/modules.d/metadata_exporter.conf b/conf/modules.d/metadata_exporter.conf new file mode 100644 index 0000000..cd62be5 --- /dev/null +++ b/conf/modules.d/metadata_exporter.conf @@ -0,0 +1,24 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/metadata_exporter.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/metadata_exporter.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/metadata_exporter.html + +metadata_exporter { + + # Refer to https://rspamd.com/doc/modules/metadata_exporter.html for information on configuration + rules { + } + + .include(try=true,priority=5) "${DBDIR}/dynamic/metadata_exporter.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/metadata_exporter.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/metadata_exporter.conf" +} diff --git a/conf/modules.d/metric_exporter.conf b/conf/modules.d/metric_exporter.conf new file mode 100644 index 0000000..8edce1d --- /dev/null +++ b/conf/modules.d/metric_exporter.conf @@ -0,0 +1,21 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/metric_exporter.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/metric_exporter.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/metric_exporter.html +metric_exporter { + + # Refer to https://rspamd.com/doc/modules/metric_exporter.html for information on configuration + + .include(try=true,priority=5) "${DBDIR}/dynamic/metric_exporter.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/metric_exporter.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/metric_exporter.conf" +} diff --git a/conf/modules.d/mid.conf b/conf/modules.d/mid.conf new file mode 100644 index 0000000..e214a71 --- /dev/null +++ b/conf/modules.d/mid.conf @@ -0,0 +1,28 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/mid.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/mid.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/mid.html + +mid = { + source = { + url = [ + "https://maps.rspamd.com/rspamd/mid.inc.zst", + "$LOCAL_CONFDIR/local.d/maps.d/mid.inc", + "$LOCAL_CONFDIR/local.d/mid.inc", + "fallback+file://${CONFDIR}/maps.d/mid.inc" + ]; + } + + .include(try=true,priority=5) "${DBDIR}/dynamic/mid.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/mid.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/mid.conf" +} diff --git a/conf/modules.d/milter_headers.conf b/conf/modules.d/milter_headers.conf new file mode 100644 index 0000000..eafdaed --- /dev/null +++ b/conf/modules.d/milter_headers.conf @@ -0,0 +1,29 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/milter_headers.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/milter_headers.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/milter_headers.html + +milter_headers { + + # Refer to https://rspamd.com/doc/modules/milter_headers.html for information on configuration + + use = []; + + # Compatibility + .include(try=true,priority=5) "${DBDIR}/dynamic/rmilter_headers.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/rmilter_headers.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/rmilter_headers.conf" + + .include(try=true,priority=5) "${DBDIR}/dynamic/milter_headers.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/milter_headers.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/milter_headers.conf" +} diff --git a/conf/modules.d/mime_types.conf b/conf/modules.d/mime_types.conf new file mode 100644 index 0000000..1f67595 --- /dev/null +++ b/conf/modules.d/mime_types.conf @@ -0,0 +1,41 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/mime_types.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/mime_types.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/mime_types.html + +mime_types { + file = [ + "https://maps.rspamd.com/rspamd/mime_types.inc.zst", + "$LOCAL_CONFDIR/local.d/maps.d/mime_types.inc.local", + "${DBDIR}/mime_types.inc.local", + "fallback+file://${CONFDIR}/maps.d/mime_types.inc" + ] + + # Match specific extensions to specific content types + extension_map = { + html = "text/html"; + txt = [ + "message/disposition-notification", + "text/plain", + "text/rfc822-headers" + ]; + pdf = [ + "application/octet-stream", + "application/pdf", + "application/x-pdf" + ]; + } + + .include(try=true,priority=5) "${DBDIR}/dynamic/mime_types.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/mime_types.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/mime_types.conf" +} diff --git a/conf/modules.d/multimap.conf b/conf/modules.d/multimap.conf new file mode 100644 index 0000000..b707ddf --- /dev/null +++ b/conf/modules.d/multimap.conf @@ -0,0 +1,182 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/multimap.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/multimap.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/multimap.html + +multimap { + redirector { + type = "url"; + filter = "tld"; + map = "https://maps.rspamd.com/rspamd/redirectors.inc.zst"; + symbol = "REDIRECTOR_URL"; + description = "The presence of a redirector in the mail"; + score = 0.0; + one_shot = true; + } + + # Freemail Addresses + freemail_envfrom { + type = "from"; + filter = "email:domain"; + map = "https://maps.rspamd.com/freemail/free.txt.zst"; + symbol = "FREEMAIL_ENVFROM"; + description = "Envelope From is a Freemail address"; + score = 0.0; + } + + freemail_envrcpt { + type = "rcpt"; + filter = "email:domain"; + map = "https://maps.rspamd.com/freemail/free.txt.zst"; + symbol = "FREEMAIL_ENVRCPT"; + description = "Envelope Recipient is a Freemail address"; + score = 0.0; + one_shot = true; + } + + freemail_from { + type = "header"; + header = "from"; + filter = "email:domain"; + map = "https://maps.rspamd.com/freemail/free.txt.zst"; + symbol = "FREEMAIL_FROM"; + description = "From is a Freemail address"; + score = 0.0; + } + + freemail_to { + type = "header"; + header = "To"; + filter = "email:domain"; + map = "https://maps.rspamd.com/freemail/free.txt.zst"; + symbol = "FREEMAIL_TO"; + description = "To is a Freemail address"; + score = 0.0; + one_shot = true; + } + + freemail_cc { + type = "header"; + header = "Cc"; + filter = "email:domain"; + map = "https://maps.rspamd.com/freemail/free.txt.zst"; + symbol = "FREEMAIL_CC"; + description = "To is a Freemail address"; + score = 0.0; + one_shot = true; + } + + freemail_replyto { + type = "header"; + header = "Reply-To"; + filter = "email:domain"; + map = "https://maps.rspamd.com/freemail/free.txt.zst"; + symbol = "FREEMAIL_REPLYTO"; + description = "Reply-To is a Freemail address"; + score = 0.0; + } + + # Disposable Addresses + disposable_envfrom { + type = "from"; + filter = "email:domain"; + map = "https://maps.rspamd.com/freemail/disposable.txt.zst"; + symbol = "DISPOSABLE_ENVFROM"; + description = "Envelope From is a Disposable e-mail address"; + score = 0.0; + } + + disposable_envrcpt { + type = "rcpt"; + filter = "email:domain"; + map = "https://maps.rspamd.com/freemail/disposable.txt.zst"; + symbol = "DISPOSABLE_ENVRCPT"; + description = "Envelope Recipient is a Disposable e-mail address"; + score = 0.0; + one_shot = true; + } + + disposable_from { + type = "header"; + header = "from"; + filter = "email:domain"; + map = "https://maps.rspamd.com/freemail/disposable.txt.zst"; + symbol = "DISPOSABLE_FROM"; + description = "From a Disposable e-mail address"; + score = 0.0; + } + + disposable_to { + type = "header"; + header = "To"; + filter = "email:domain"; + map = "https://maps.rspamd.com/freemail/disposable.txt.zst"; + symbol = "DISPOSABLE_TO"; + description = "To a disposable e-mail address"; + score = 0.0; + one_shot = true; + } + + disposable_cc { + type = "header"; + header = "Cc"; + filter = "email:domain"; + map = "https://maps.rspamd.com/freemail/disposable.txt.zst"; + symbol = "DISPOSABLE_CC"; + description = "To a disposable e-mail address"; + score = 0.0; + one_shot = true; + } + + disposable_replyto { + type = "header"; + header = "Reply-To"; + filter = "email:domain"; + map = "https://maps.rspamd.com/freemail/disposable.txt.zst"; + symbol = "DISPOSABLE_REPLYTO"; + description = "Reply-To a disposable e-mail address"; + score = 0.0; + } + + .include(try=true,priority=5) "${DBDIR}/dynamic/multimap.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/multimap.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/multimap.conf" +} + +/* Example setup +sender_from_whitelist_user { + type = "from"; + filter = "email:user"; + map = "file:///tmp/from.map"; + symbol = "SENDER_FROM_WHITELIST_USER"; + action = "accept"; # Prefilter mode +} +sender_from_regexp { + type = "header"; + header = "from"; + filter = 'regexp:/.*@/'; + map = "file:///tmp/from_re.map"; + symbol = "SENDER_FROM_REGEXP"; +} +url_map { + type = "url"; + filter = "tld"; + map = "file:///tmp/url.map"; + symbol = "URL_MAP"; +} +url_tld_re { + type = "url"; + filter = 'tld:regexp:/\.[^.]+$/'; # Extracts the last component of URL + map = "file:///tmp/url.map"; + symbol = "URL_MAP_RE"; +} +*/ diff --git a/conf/modules.d/mx_check.conf b/conf/modules.d/mx_check.conf new file mode 100644 index 0000000..2068fc5 --- /dev/null +++ b/conf/modules.d/mx_check.conf @@ -0,0 +1,43 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/mx_check.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/mx_check.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/mx_check.html + +# This module is *DISABLED* by default +# If you need to enable it, then define the following line in +# local.d/mx_check.conf: +# +# enabled = true; +# +# You also need to define redis servers for this module + +mx_check { + # connection timeout in seconds + timeout = 1.0; + # symbol yielded if no MX is connectable + symbol_bad_mx = "MX_INVALID"; + # symbol yielded if no MX is found + symbol_no_mx = "MX_MISSING"; + # symbol yielded if MX is connectable + symbol_good_mx = "MX_GOOD"; + # lifetime of redis cache - 1 day by default + expire = 86400; + # prefix used for redis key + key_prefix = "rmx"; + + # !!! Disabled by default !!! + enabled = false; + + .include(try=true,priority=5) "${DBDIR}/dynamic/mx_check.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/mx_check.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/mx_check.conf" +} diff --git a/conf/modules.d/neural.conf b/conf/modules.d/neural.conf new file mode 100644 index 0000000..2ab0cbe --- /dev/null +++ b/conf/modules.d/neural.conf @@ -0,0 +1,35 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/neural.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/neural.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/neural.html + +neural { + #servers = 127.0.0.1:6379; # Redis server to store learning data and ANN + + train { + max_trains = 1k; # Number of trains per epoch + max_usages = 20; # Number of learn iterations while ANN data is valid + learning_rate = 0.01; # Rate of learning (Torch only) + max_iterations = 25; # Maximum iterations of learning (Torch only) + } + + timeout = 20; # Increase redis timeout + + # Legacy support + .include(try=true,priority=5) "${DBDIR}/dynamic/fann_redis.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/fann_redis.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/fann_redis.conf" + + .include(try=true,priority=5) "${DBDIR}/dynamic/neural.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/neural.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/neural.conf" +} diff --git a/conf/modules.d/once_received.conf b/conf/modules.d/once_received.conf new file mode 100644 index 0000000..ab07492 --- /dev/null +++ b/conf/modules.d/once_received.conf @@ -0,0 +1,26 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/once_received.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/once_received.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/once_received.html + +once_received { + good_host = "mail"; + bad_host = "static"; + bad_host = "dynamic"; + symbol_strict = "ONCE_RECEIVED_STRICT"; + symbol = "ONCE_RECEIVED"; + symbol_mx = "DIRECT_TO_MX"; + + .include(try=true,priority=5) "${DBDIR}/dynamic/once_received.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/once_received.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/once_received.conf" +} diff --git a/conf/modules.d/p0f.conf b/conf/modules.d/p0f.conf new file mode 100644 index 0000000..049d4fe --- /dev/null +++ b/conf/modules.d/p0f.conf @@ -0,0 +1,45 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/p0f.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/p0f.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/p0f.html + +p0f { + # Disable module by default + enabled = false; + + # Path to the unix socket that p0f listens on + socket = '/var/run/p0f.sock'; + + # Connection timeout + timeout = 5s; + + # If defined, insert symbol with lookup results + symbol = 'P0F'; + + # Patterns to match against results returned by p0f + # Symbol will be yielded on OS string, link type or distance matches + patterns = { + WINDOWS = '^Windows.*'; + #DSL = '^DSL$'; + #DISTANCE10 = '^distance:10$'; + } + + # Cache lifetime in seconds (default - 2 hours) + expire = 7200; + + # Cache key prefix + prefix = 'p0f'; + + .include(try=true,priority=5) "${DBDIR}/dynamic/p0f.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/p0f.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/p0f.conf" +} diff --git a/conf/modules.d/phishing.conf b/conf/modules.d/phishing.conf new file mode 100644 index 0000000..a6531e6 --- /dev/null +++ b/conf/modules.d/phishing.conf @@ -0,0 +1,48 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/phishing.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/phishing.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/phishing.html + +phishing { + symbol = "PHISHING"; + # Disabled by default + openphish_enabled = false; + openphish_premium = false; + openphish_map = "https://www.openphish.com/feed.txt"; + # Phishtank is disabled by default in the module, so let's enable it here explicitly + phishtank_enabled = true; + + # List of excluded hosts from checks over openphish, phishtank and generic_service + phishing_feed_exclusion_symbol = "PHISHED_EXCLUDED"; + # Disabled by default + phishing_feed_exclusion_enabled = false; + phishing_feed_exclusion_map = "$LOCAL_CONFDIR/local.d/maps.d/phishing_feed_exclusion.inc"; + + # Make exclusions for known redirectors and domains + exceptions = { + REDIRECTOR_FALSE = [ + "https://maps.rspamd.com/rspamd/redirectors.inc.zst", + "$LOCAL_CONFDIR/local.d/maps.d/redirectors.inc", + "$LOCAL_CONFDIR/local.d/redirectors.inc", + "fallback+file://${CONFDIR}/maps.d/redirectors.inc" + ]; + PHISHED_WHITELISTED = [ + "glob;https://maps.rspamd.com/rspamd/phishing_whitelist.inc.zst", + "glob;$LOCAL_CONFDIR/local.d/maps.d/phishing_whitelist.inc", + "glob;$LOCAL_CONFDIR/local.d/phishing_whitelist.inc", + ]; + }; + + .include(try=true,priority=5) "${DBDIR}/dynamic/phishing.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/phishing.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/phishing.conf" +} diff --git a/conf/modules.d/ratelimit.conf b/conf/modules.d/ratelimit.conf new file mode 100644 index 0000000..d1a91d3 --- /dev/null +++ b/conf/modules.d/ratelimit.conf @@ -0,0 +1,44 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/ratelimit.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/ratelimit.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/ratelimit.html + +ratelimit { + #rates { + # Predefined ratelimit + #to = { + # bucket = { + # burst = 100; + # rate = 0.01666666666666666666; # leak 1 message per minute + # } + #} + # or define it with selector + #other_limit_alt = { + # selector = 'rcpts:addr.take_n(5)'; + # bucket = { + # burst = 100; + # rate = "1 / 1m"; # leak 1 message per minute + # } + #} + #} + # If symbol is specified, then it is inserted *instead* of setting result to soft reject + #symbol = "R_RATELIMIT"; + + # If info_symbol is specified, then it is inserted next to set the result + #info_symbol = "R_RATELIMIT_INFO"; + + whitelisted_rcpts = "postmaster,mailer-daemon"; + + .include(try=true,priority=5) "${DBDIR}/dynamic/ratelimit.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/ratelimit.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/ratelimit.conf" +} diff --git a/conf/modules.d/rbl.conf b/conf/modules.d/rbl.conf new file mode 100644 index 0000000..79dfc84 --- /dev/null +++ b/conf/modules.d/rbl.conf @@ -0,0 +1,347 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/rbl.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/rbl.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/rbl.html + +rbl { + default_exclude_users = true; + default_unknown = true; + + url_whitelist = [ + "https://maps.rspamd.com/rspamd/surbl-whitelist.inc.zst", + "$LOCAL_CONFDIR/local.d/maps.d/surbl-whitelist.inc.local", + "${DBDIR}/surbl-whitelist.inc.local", + "fallback+file://${CONFDIR}/maps.d/surbl-whitelist.inc" + ]; + + attached_maps = [ + { + selector_alias = "surbl_hashbl_map", + description = "SURBL hashbl map", + url = "regexp;http://sa-update.surbl.org/rspamd/surbl-hashbl-map.inc", + } + ] + + rbls { + + spamhaus { + symbol = "SPAMHAUS"; # Augmented by prefixes + rbl = "zen.spamhaus.org"; + # Check types + checks = ['received', 'from']; + + symbols_prefixes = { + received = 'RECEIVED', + from = 'RBL', + } + returncodes { + SPAMHAUS_SBL = "127.0.0.2"; + SPAMHAUS_CSS = "127.0.0.3"; + SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"]; + SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"]; + SPAMHAUS_DROP = "127.0.0.9"; + SPAMHAUS_BLOCKED_OPENRESOLVER = "127.255.255.254"; + SPAMHAUS_BLOCKED= "127.255.255.255"; + } + } + + mailspike { + symbol = "MAILSPIKE"; + rbl = "rep.mailspike.net"; + is_whitelist = true; + checks = ['from']; + whitelist_exception = "MAILSPIKE"; + whitelist_exception = "RWL_MAILSPIKE_GOOD"; + whitelist_exception = "RWL_MAILSPIKE_NEUTRAL"; + whitelist_exception = "RWL_MAILSPIKE_POSSIBLE"; + whitelist_exception = "RBL_MAILSPIKE_WORST"; + whitelist_exception = "RBL_MAILSPIKE_VERYBAD"; + whitelist_exception = "RBL_MAILSPIKE_BAD"; + returncodes { + RBL_MAILSPIKE_WORST = "127.0.0.10"; + RBL_MAILSPIKE_VERYBAD = "127.0.0.11"; + RBL_MAILSPIKE_BAD = "127.0.0.12"; + RWL_MAILSPIKE_NEUTRAL = ["127.0.0.16", "127.0.0.15", "127.0.0.14", "127.0.0.13"]; + RWL_MAILSPIKE_POSSIBLE = "127.0.0.17"; + RWL_MAILSPIKE_GOOD = "127.0.0.18"; + RWL_MAILSPIKE_VERYGOOD = "127.0.0.19"; + RWL_MAILSPIKE_EXCELLENT = "127.0.0.20"; + } + } + + senderscore { + symbol = "RBL_SENDERSCORE"; + checks = ['from']; + rbl = "bl.score.senderscore.com"; + } + + sem { + symbol = "RBL_SEM"; + rbl = "bl.spameatingmonkey.net"; + ipv6 = false; + checks = ['from']; + } + + semIPv6 { + symbol = "RBL_SEM_IPV6"; + rbl = "bl.ipv6.spameatingmonkey.net"; + ipv4 = false; + ipv6 = true; + checks = ['from']; + } + + dnswl { + symbol = "RCVD_IN_DNSWL"; + rbl = "list.dnswl.org"; + ipv6 = true; + checks = ['from', 'received']; + is_whitelist = true; + returncodes_matcher = "luapattern"; + whitelist_exception = "RCVD_IN_DNSWL"; + whitelist_exception = "RCVD_IN_DNSWL_NONE"; + whitelist_exception = "RCVD_IN_DNSWL_LOW"; + whitelist_exception = "DNSWL_BLOCKED"; + returncodes { + RCVD_IN_DNSWL_NONE = ["127%.0%.%d%.0", "127%.0%.[02-9]%d%.0", "127%.0%.1[1-9]%.0", "127%.0%.[12]%d%d%.0"]; + RCVD_IN_DNSWL_LOW = ["127%.0%.%d%.1", "127%.0%.[02-9]%d%.1", "127%.0%.1[1-9]%.1", "127%.0%.[12]%d%d%.1"]; + RCVD_IN_DNSWL_MED = ["127%.0%.%d%.2", "127%.0%.[02-9]%d%.2", "127%.0%.1[1-9]%.2", "127%.0%.[12]%d%d%.2"]; + RCVD_IN_DNSWL_HI = ["127%.0%.%d%.3", "127%.0%.[02-9]%d%.3", "127%.0%.1[1-9]%.3", "127%.0%.[12]%d%d%.3"]; + DNSWL_BLOCKED = ["127%.0%.0%.255", "127%.0%.10%.%d+"]; + } + } + + # Provided by https://virusfree.cz + virusfree { + symbol = "RBL_VIRUSFREE_UNKNOWN"; + rbl = "bip.virusfree.cz"; + ipv6 = true; + checks = ['from']; + returncodes { + RBL_VIRUSFREE_BOTNET = "127.0.0.2"; + } + } + + nixspam { + symbol = "RBL_NIXSPAM"; + rbl = "ix.dnsbl.manitu.net"; + ipv6 = true; + checks = ['from']; + } + + blocklistde { + symbols_prefixes = { + received = 'RECEIVED', + from = 'RBL', + } + symbol = "BLOCKLISTDE"; + rbl = "bl.blocklist.de"; + checks = ['from', 'received']; + } + + # Dkim whitelist + dnswl_dwl { + symbol = "DWL_DNSWL"; + rbl = "dwl.dnswl.org"; + checks = ['dkim']; + ignore_whitelist = true; + returncodes_matcher = "luapattern"; + unknown = false; + + returncodes { + DWL_DNSWL_NONE = ["127%.0%.%d%.0", "127%.0%.[02-9]%d%.0", "127%.0%.1[1-9]%.0", "127%.0%.[12]%d%d%.0"]; + DWL_DNSWL_LOW = ["127%.0%.%d%.1", "127%.0%.[02-9]%d%.1", "127%.0%.1[1-9]%.1", "127%.0%.[12]%d%d%.1"]; + DWL_DNSWL_MED = ["127%.0%.%d%.2", "127%.0%.[02-9]%d%.2", "127%.0%.1[1-9]%.2", "127%.0%.[12]%d%d%.2"]; + DWL_DNSWL_HI = ["127%.0%.%d%.3", "127%.0%.[02-9]%d%.3", "127%.0%.1[1-9]%.3", "127%.0%.[12]%d%d%.3"]; + DWL_DNSWL_BLOCKED = ["127%.0%.0%.255", "127%.0%.10%.%d+"]; + } + } + + RSPAMD_EMAILBL { + ignore_whitelist = true; + ignore_url_whitelist = true; + ignore_defaults = true; + exclude_users = false; + emails_delimiter = "."; + hash_format = "base32"; + hash_len = 32; + rbl = "email.rspamd.com"; + checks = ['emails', 'replyto']; + hash = "blake2"; + returncodes = { + RSPAMD_EMAILBL = "127.0.0.2"; + } + } + + MSBL_EBL { + ignore_whitelist = true; + ignore_url_whitelist = true; + ignore_defaults = true; + exclude_users = false; + rbl = "ebl.msbl.org"; + checks = ['emails', 'replyto']; + emails_domainonly = false; + hash = "sha1"; + returncodes = { + MSBL_EBL = [ + "127.0.0.2", + "127.0.0.3" + ]; + MSBL_EBL_GREY = [ + "127.0.1.2", + "127.0.1.3" + ]; + } + } + + "SURBL_MULTI" { + ignore_defaults = true; + rbl = "multi.surbl.org"; + checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls']; + emails_domainonly = true; + exclude_users = false; + + returnbits = { + CRACKED_SURBL = 128; + ABUSE_SURBL = 64; + MW_SURBL_MULTI = 16; + PH_SURBL_MULTI = 8; + SURBL_BLOCKED = 1; + } + } + + SURBL_HASHBL { + rbl = "hashbl.surbl.org"; + ignore_defaults = true; + random_monitored = true, + # TODO: make limit more configurable maybe? + selector = "specific_urls_filter_map('surbl_hashbl_map', {limit = 10}).apply_methods('get_host', 'get_path').join_tables('/')", + hash = 'md5'; + hash_len = 32; + returncodes_matcher = "luapattern"; + returncodes = { + SURBL_HASHBL_PHISH = "127.0.0.8"; + SURBL_HASHBL_MALWARE = "127.0.0.16"; + SURBL_HASHBL_ABUSE = "127.0.0.64"; + SURBL_HASHBL_CRACKED = "127.0.0.128"; + SURBL_HASHBL_EMAIL = "127.0.1.%d+"; + } + } + + "URIBL_MULTI" { + ignore_defaults = true; + rbl = "multi.uribl.com"; + checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls']; + emails_domainonly = true; + exclude_users = false; + + returnbits { + URIBL_BLOCKED = 1; + URIBL_BLACK = 2; + URIBL_GREY = 4; + URIBL_RED = 8; + } + } + + "RSPAMD_URIBL" { + ignore_defaults = true; + rbl = "uribl.rspamd.com"; + checks = ['emails', 'dkim', 'urls']; + emails_domainonly = true; + hash = 'blake2'; + hash_len = 32; + hash_format = 'base32'; + exclude_users = false; + + returncodes = { + RSPAMD_URIBL = [ + "127.0.0.2", + ]; + } + } + + "DBL" { + ignore_defaults = true; + rbl = "dbl.spamhaus.org"; + no_ip = true; + checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls']; + emails_domainonly = true; + exclude_users = false; + + returncodes = { + # spam domain + DBL_SPAM = "127.0.1.2"; + # phish domain + DBL_PHISH = "127.0.1.4"; + # malware domain + DBL_MALWARE = "127.0.1.5"; + # botnet C&C domain + DBL_BOTNET = "127.0.1.6"; + # abused legit spam + DBL_ABUSE = "127.0.1.102"; + # abused spammed redirector domain + DBL_ABUSE_REDIR = "127.0.1.103"; + # abused legit phish + DBL_ABUSE_PHISH = "127.0.1.104"; + # abused legit malware + DBL_ABUSE_MALWARE = "127.0.1.105"; + # abused legit botnet C&C + DBL_ABUSE_BOTNET = "127.0.1.106"; + # error - IP queries prohibited! + DBL_PROHIBIT = "127.0.1.255"; + # issue #3074 + DBL_BLOCKED_OPENRESOLVER = "127.255.255.254"; + DBL_BLOCKED = "127.255.255.255"; + } + } + + # Not enabled by default due to privacy concerns! (see also groups.d/surbl_group.conf) + "SPAMHAUS_ZEN_URIBL" { + enabled = false; + rbl = "zen.spamhaus.org"; + checks = ['emails']; + resolve_ip = true; + returncodes = { + URIBL_SBL = "127.0.0.2"; + URIBL_SBL_CSS = "127.0.0.3"; + URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"]; + URIBL_PBL = ["127.0.0.10", "127.0.0.11"]; + URIBL_DROP = "127.0.0.9"; + } + } + + "SEM_URIBL_UNKNOWN" { + ignore_defaults = true; + rbl = "uribl.spameatingmonkey.net"; + no_ip = true; + checks = ['emails', 'dkim', 'urls']; + emails_domainonly = true; + returnbits { + SEM_URIBL = 2; + } + } + + "SEM_URIBL_FRESH15_UNKNOWN" { + ignore_defaults = true; + rbl = "fresh15.spameatingmonkey.net"; + no_ip = true; + checks = ['emails', 'dkim', 'urls']; + emails_domainonly = true; + returnbits { + SEM_URIBL_FRESH15 = 2; + } + } + } + + .include(try=true,priority=5) "${DBDIR}/dynamic/rbl.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/rbl.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/rbl.conf" +} diff --git a/conf/modules.d/redis.conf b/conf/modules.d/redis.conf new file mode 100644 index 0000000..24948b1 --- /dev/null +++ b/conf/modules.d/redis.conf @@ -0,0 +1,27 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/redis.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/redis.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# See https://rspamd.com/doc/configuration/redis.html + +redis { + #servers = "127.0.0.1"; # Read servers (unless write_servers are unspecified) + #servers = "master-slave:127.0.0.1,10.0.1.1"; + #write_servers = "127.0.0.1"; # Servers to write data + #disabled_modules = ["ratelimit"]; # List of modules that should not use redis from this section + #timeout = 1s; + #db = "0"; + #username = "some_username"; + #password = "some_password"; + .include(try=true,priority=5) "${DBDIR}/dynamic/redis.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/redis.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/redis.conf" +} diff --git a/conf/modules.d/regexp.conf b/conf/modules.d/regexp.conf new file mode 100644 index 0000000..f7d5921 --- /dev/null +++ b/conf/modules.d/regexp.conf @@ -0,0 +1,21 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/regexp.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/regexp.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/regexp.html + +regexp { + max_size = 1M; + + .include(try=true,priority=5) "${DBDIR}/dynamic/regexp.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/regexp.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/regexp.conf" +} diff --git a/conf/modules.d/replies.conf b/conf/modules.d/replies.conf new file mode 100644 index 0000000..a1a85df --- /dev/null +++ b/conf/modules.d/replies.conf @@ -0,0 +1,30 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/replies.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/replies.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/replies.html + +replies { + # This setting is non-default & is required to be set + # Redis servers to use + #servers = "localhost"; + # This setting is non-default & may be desirable + #action = "no action"; + # These are default settings you may want to change + expire = 86400; + key_prefix = "rr"; + message = "Message is reply to one we originated"; + symbol = "REPLY"; + + .include(try=true,priority=5) "${DBDIR}/dynamic/replies.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/replies.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/replies.conf" +} diff --git a/conf/modules.d/reputation.conf b/conf/modules.d/reputation.conf new file mode 100644 index 0000000..fe9d5f7 --- /dev/null +++ b/conf/modules.d/reputation.conf @@ -0,0 +1,30 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/reputation.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/reputation.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/reputation.html + +reputation { +# rules { +# SPF_REPUTATION = { +# selector { +# type = "spf"; +# } +# backend { +# type = "redis"; +# } +# symbol = "SPF_REPUTATION"; +# } +# } + .include(try=true,priority=5) "${DBDIR}/dynamic/reputation.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/reputation.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/reputation.conf" +} diff --git a/conf/modules.d/rspamd_update.conf b/conf/modules.d/rspamd_update.conf new file mode 100644 index 0000000..1b998b2 --- /dev/null +++ b/conf/modules.d/rspamd_update.conf @@ -0,0 +1,26 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/rspamd_update.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/rspamd_update.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/rspamd_update.html + +# This module is disabled by default, please don't enable it unless you know +# what are you doing! + +rspamd_update { + rules = "sign+https://updates.rspamd.com/rspamd-${BRANCH_VERSION}.ucl"; + key = "qxuogdh5eghytji1utkkte1dn3n81c3y5twe61uzoddzwqzuxxyb"; + enabled = false; # Disable this module by default + + .include(try=true,priority=5) "${DBDIR}/dynamic/rspamd_update.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/rspamd_update.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/rspamd_update.conf" +} diff --git a/conf/modules.d/spamassassin.conf b/conf/modules.d/spamassassin.conf new file mode 100644 index 0000000..79f7527 --- /dev/null +++ b/conf/modules.d/spamassassin.conf @@ -0,0 +1,26 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/spamassassin.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/spamassassin.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/spamassassin.html + +spamassassin { + # This config defines no SA files leaving this module efficiently disabled by default + #ruleset = "/path/to/file"; + # Limit search size to 100 kilobytes for all regular expressions + #match_limit = 100k; + # Those regexp atoms will not be passed through hyperscan: + #pcre_only = ["RULE1", "__RULE2"]; + + .include(try=true,priority=5) "${DBDIR}/dynamic/spamassassin.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/spamassassin.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/spamassassin.conf" +} diff --git a/conf/modules.d/spamtrap.conf b/conf/modules.d/spamtrap.conf new file mode 100644 index 0000000..d0e70f6 --- /dev/null +++ b/conf/modules.d/spamtrap.conf @@ -0,0 +1,53 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/spamtrap.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/spamtrap.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/spamtrap.html + +# This module is *DISABLED* by default +# If you need to enable it, then define the following line in +# local.d/spamtrap.conf: +# +# enabled = true; +# +# You also need to define redis servers for this module + +spamtrap { + # Optionally set an action + #action = "no action"; + # A map file containing regexp entries for spamtrap emails and domains + #map = file://$LOCAL_CONFDIR/local.d/maps.d/spamtrap.map + # Name of the symbol + #symbol = "SPAMTRAP"; + # A score for this module + #score = 0.0; + # Flag to enable fuzzy learning + learn_fuzzy = false; + # Flag to enable bayes spam learning + learn_spam = false; + # Fuzzy flag + #fuzzy_flag = 1; + # Fuzzy weight + #fuzzy_weight = 10.0; + # Redis key prefix + #key_prefix = 'sptr_'; + # Skip spamtrap checks for authorized users + #check_authed = false; + # Skip spamtrap checks for local networks + #check_local = false; + + # !!! Disabled by default !!! + enabled = false; + + .include(try=true,priority=5) "${DBDIR}/dynamic/spamtrap.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/spamtrap.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/spamtrap.conf" +} diff --git a/conf/modules.d/spf.conf b/conf/modules.d/spf.conf new file mode 100644 index 0000000..c4284bc --- /dev/null +++ b/conf/modules.d/spf.conf @@ -0,0 +1,22 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/spf.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/spf.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/spf.html +spf { + spf_cache_size = 2k; + spf_cache_expire = 1d; + + .include(try=true,priority=5) "${DBDIR}/dynamic/spf.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/spf.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/spf.conf" + +} diff --git a/conf/modules.d/surbl.conf b/conf/modules.d/surbl.conf new file mode 100644 index 0000000..89b8842 --- /dev/null +++ b/conf/modules.d/surbl.conf @@ -0,0 +1,9 @@ +# Deprecated, use RBL module! +surbl { + rules { + } + + .include(try=true,priority=5) "${DBDIR}/dynamic/surbl.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/surbl.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/surbl.conf" +} diff --git a/conf/modules.d/trie.conf b/conf/modules.d/trie.conf new file mode 100644 index 0000000..9a1e1ca --- /dev/null +++ b/conf/modules.d/trie.conf @@ -0,0 +1,37 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/trie.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/trie.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/trie.html + +trie { + # Each subsection defines a single rule with associated symbol + # This config defines no tries leaving this module efficiently disabled by default +# SYMBOL1 { +# # Define rules in the file (it is *NOT* a map) +# file = "/some/path"; +# # Raw rules search within the whole undecoded messages +# raw = true; +# # If we have multiple occurrences of strings from this rule +# # then we insert a symbol multiple times +# multi = true; +# } +# SYMBOL2 { +# patterns = [ +# "pattern1", +# "pattern2", +# "pattern3" +# ] +# } + .include(try=true,priority=5) "${DBDIR}/dynamic/trie.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/trie.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/trie.conf" +} diff --git a/conf/modules.d/url_redirector.conf b/conf/modules.d/url_redirector.conf new file mode 100644 index 0000000..da3b5bb --- /dev/null +++ b/conf/modules.d/url_redirector.conf @@ -0,0 +1,27 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/url_redirector.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/url_redirector.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/url_redirector.html + +url_redirector { + expire = 1d; # 1 day by default + timeout = 10; # 10 seconds by default + nested_limit = 1; # How many redirects to follow + #proxy = "http://example.com:3128"; # Send request through proxy + key_prefix = "rdr:"; # default hash name + check_ssl = false; # check ssl certificates + max_size = 10k; # maximum body to process + + .include(try=true,priority=5) "${DBDIR}/dynamic/url_redirector.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/url_redirector.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/url_redirector.conf" +} diff --git a/conf/modules.d/whitelist.conf b/conf/modules.d/whitelist.conf new file mode 100644 index 0000000..a4b39aa --- /dev/null +++ b/conf/modules.d/whitelist.conf @@ -0,0 +1,66 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/whitelist.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/whitelist.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/whitelist.html + +whitelist { + rules { + "WHITELIST_SPF" = { + valid_spf = true; + domains = [ + "$LOCAL_CONFDIR/local.d/maps.d/spf_whitelist.inc.local", + "${DBDIR}/spf_whitelist.inc.local", + "fallback+file://${CONFDIR}/maps.d/spf_whitelist.inc" + ]; + score = -1.0 + inverse_symbol = "BLACKLIST_SPF"; + } + + "WHITELIST_DKIM" = { + valid_dkim = true; + domains = [ + "$LOCAL_CONFDIR/local.d/maps.d/dkim_whitelist.inc.local", + "${DBDIR}/dkim_whitelist.inc.local", + "fallback+file://${CONFDIR}/maps.d/dkim_whitelist.inc" + ]; + score = -1.0; + inverse_symbol = "BLACKLIST_DKIM"; + } + "WHITELIST_SPF_DKIM" = { + valid_spf = true; + valid_dkim = true; + domains = [ + "https://maps.rspamd.com/rspamd/spf_dkim_whitelist.inc.zst", + "$LOCAL_CONFDIR/local.d/maps.d/spf_dkim_whitelist.inc.local", + "${DBDIR}/spf_dkim_whitelist.inc.local", + "fallback+file://${CONFDIR}/maps.d/spf_dkim_whitelist.inc" + ]; + score = -3.0; + inverse_symbol = "BLACKLIST_SPF_DKIM"; + } + "WHITELIST_DMARC" = { + valid_dmarc = true; + domains = [ + "https://maps.rspamd.com/rspamd/dmarc_whitelist_new.inc.zst", + "$LOCAL_CONFDIR/local.d/maps.d/dmarc_whitelist.inc.local", + "${DBDIR}/dmarc_whitelist.inc.local", + "fallback+file://${CONFDIR}/maps.d/dmarc_whitelist.inc" + ]; + score = -7.0; + inverse_symbol = "BLACKLIST_DMARC"; + } + } + + .include(try=true,priority=5) "${DBDIR}/dynamic/whitelist.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/whitelist.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/whitelist.conf" +} diff --git a/conf/options.inc b/conf/options.inc new file mode 100644 index 0000000..d5cf60d --- /dev/null +++ b/conf/options.inc @@ -0,0 +1,72 @@ +# Basic rspamd configuration +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/options.inc' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/options.inc' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Relevant documentation: https://rspamd.com/doc/configuration/options.html + +filters = "chartable,dkim,regexp,fuzzy_check"; +one_shot = false; +cache_file = "$DBDIR/symbols.cache"; +# How often maps are checked ( +map_watch_interval = 5min; +# Multiplier for watch interval for files +map_file_watch_multiplier = 0.1; +dynamic_conf = "$DBDIR/rspamd_dynamic"; +history_file = "$DBDIR/rspamd.history"; +check_all_filters = false; + +# Default settings +dns_max_requests = 64; +max_lua_urls = 1024; +max_urls = 10240; +max_recipients = 1024; + +dns { + timeout = 1s; + sockets = 16; + retransmits = 5; +} +tempdir = "/tmp"; +url_tld = "${SHAREDIR}/effective_tld_names.dat"; +classify_headers = [ + "User-Agent", + "X-Mailer", + "Content-Type", + "X-MimeOLE", +]; + +control_socket = "$DBDIR/rspamd.sock mode=0600"; +history_rows = 200; +explicit_modules = ["settings", "bayes_expiry"]; + +# Scan messages even if they are not MIME +allow_raw_input = true; + +# Start ignore words when reaching the following limit, so the total +# amount of words processed will not be *LIKELY more than the twice of that limit +words_decay = 600; + +# Write statistics about rspamd usage to the round-robin database +rrd = "${DBDIR}/rspamd.rrd"; + +# Write statistics for `rspamc` here +stats_file = "${DBDIR}/stats.ucl"; + +# Local networks +local_addrs = [192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, fd00::/8, 169.254.0.0/16, fe80::/10]; +hs_cache_dir = "${DBDIR}/"; + +# Timeout for messages processing (must be larger than any internal timeout used) +task_timeout = 8s; + +# Emit soft reject when timeout takes place +soft_reject_on_timeout = false; diff --git a/conf/rspamd.conf b/conf/rspamd.conf new file mode 100644 index 0000000..b05a18b --- /dev/null +++ b/conf/rspamd.conf @@ -0,0 +1,73 @@ +# System V init adopted top level configuration + +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +.include "$CONFDIR/common.conf" + +options { + pidfile = "$RUNDIR/rspamd.pid"; + .include "$CONFDIR/options.inc" + .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/options.inc" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/options.inc" +} + +lang_detection { + .include "$CONFDIR/lang_detection.inc" + .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/lang_detection.inc" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/lang_detection.inc" +} + +.include(try=true; duplicate=merge) "$CONFDIR/cgp.inc" +.include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/cgp.inc" + +logging { + type = "file"; + filename = "$LOGDIR/rspamd.log"; + .include "$CONFDIR/logging.inc" + .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/logging.inc" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/logging.inc" +} + +worker "normal" { + bind_socket = "localhost:11333"; + .include "$CONFDIR/worker-normal.inc" + .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-normal.inc" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-normal.inc" +} + +worker "controller" { + bind_socket = "localhost:11334"; + .include "$CONFDIR/worker-controller.inc" + .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-controller.inc" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-controller.inc" +} + +worker "rspamd_proxy" { + bind_socket = "localhost:11332"; + .include "$CONFDIR/worker-proxy.inc" + .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-proxy.inc" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-proxy.inc" +} + +# Local fuzzy storage is disabled by default + +worker "fuzzy" { + bind_socket = "localhost:11335"; + count = -1; # Disable by default, see #4677 for details + .include "$CONFDIR/worker-fuzzy.inc" + .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-fuzzy.inc" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-fuzzy.inc" +} diff --git a/conf/scores.d/content_group.conf b/conf/scores.d/content_group.conf new file mode 100644 index 0000000..88b4765 --- /dev/null +++ b/conf/scores.d/content_group.conf @@ -0,0 +1,51 @@ +# Content matching rules +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +description = "Content rules"; + +symbols = { + "PDF_ENCRYPTED" { + weight = 0.3; + description = "There is an encrypted PDF in the message"; + one_shot = true; + } + "PDF_JAVASCRIPT" { + weight = 0.1; + description = "There is an PDF with JavaScript in the message"; + one_shot = true; + } + "PDF_SUSPICIOUS" { + weight = 4.5; + description = "There is an PDF with suspicious properties in the message"; + one_shot = true; + } + "PDF_LONG_TRAILER" { + weight = 0.2; + description = "There is an PDF with a long trailer in the message"; + one_shot = true; + } + "PDF_MANY_OBJECTS" { + weight = 0; + description = "There is a PDF with too many objects in the message"; + one_shot = true; + } + "PDF_TIMEOUT" { + weight = 0; + description = "There is a PDF in the message that caused timeout in processing"; + one_shot = true; + } +} diff --git a/conf/scores.d/fuzzy_group.conf b/conf/scores.d/fuzzy_group.conf new file mode 100644 index 0000000..bc2f949 --- /dev/null +++ b/conf/scores.d/fuzzy_group.conf @@ -0,0 +1,37 @@ +# Fuzzy rules scores +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +description = "Fuzzy hashes group"; + +symbols = { + "FUZZY_UNKNOWN" { + weight = 5.0; + description = "Generic fuzzy hash match, bl.rspamd.com"; + } + "FUZZY_DENIED" { + weight = 12.0; + description = "Denied fuzzy hash, bl.rspamd.com"; + } + "FUZZY_PROB" { + weight = 5.0; + description = "Probable fuzzy hash, bl.rspamd.com"; + } + "FUZZY_WHITE" { + weight = -2.1; + description = "Whitelisted fuzzy hash, bl.rspamd.com"; + } +}
\ No newline at end of file diff --git a/conf/scores.d/headers_group.conf b/conf/scores.d/headers_group.conf new file mode 100644 index 0000000..c9b078c --- /dev/null +++ b/conf/scores.d/headers_group.conf @@ -0,0 +1,77 @@ +# Headers rules scores +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +description = "Various headers checks"; + +max_score = 8.0; + +symbols = { + "FORGED_SENDER" { + weight = 0.3; + description = "Sender is forged (different From: header and smtp MAIL FROM: addresses)"; + } + "R_MIXED_CHARSET" { + weight = 5.0; + description = "Mixed characters in a message"; + one_shot = true; + } + "R_MIXED_CHARSET_URL" { + weight = 7.0; + description = "Mixed characters in a URL inside message"; + one_shot = true; + } + "FORGED_RECIPIENTS" { + weight = 2.0; + description = "Recipients are not the same as RCPT TO: mail command"; + } + "FORGED_RECIPIENTS_MAILLIST" { + weight = 0.0; + description = "Recipients are not the same as RCPT TO: mail command, but a message from a maillist"; + } + "FORGED_SENDER_MAILLIST" { + weight = 0.0; + description = "Sender is not the same as MAIL FROM: envelope, but a message is from a maillist"; + } + "ONCE_RECEIVED" { + weight = 0.1; + description = "One received header in a message"; + } + "RDNS_NONE" { + weight = 1.0; + description = "Cannot resolve reverse DNS for sender's IP"; + } + "RDNS_DNSFAIL" { + weight = 0.0; + description = "PTR verification DNS error"; + } + "ONCE_RECEIVED_STRICT" { + weight = 4.0; + description = "One received header with 'bad' patterns inside"; + } + "DIRECT_TO_MX" { + weight = 0.0; + description = "Message has been directly delivered from MUA to local MX"; + } + "MAILLIST" { + weight = -0.2; + description = "Message seems to be from maillist"; + } + "BOUNCE" { + weight = -0.1; + description = "(Non) Delivery Status Notification"; + } +} diff --git a/conf/scores.d/hfilter_group.conf b/conf/scores.d/hfilter_group.conf new file mode 100644 index 0000000..09fcfcd --- /dev/null +++ b/conf/scores.d/hfilter_group.conf @@ -0,0 +1,133 @@ +# Host and connection rules scores +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +description = "SMTP envelope filter"; + +symbols = { + "HFILTER_HELO_BAREIP" { + weight = 3.0; + description = "Helo host is bare ip"; + } + "HFILTER_HELO_BADIP" { + weight = 4.5; + description = "Helo host is very bad ip"; + } + "HFILTER_HELO_1" { + weight = 0.5; + description = "Helo host checks (very low)"; + } + "HFILTER_HELO_2" { + weight = 1.0; + description = "Helo host checks (low)"; + } + "HFILTER_HELO_3" { + weight = 2.0; + description = "Helo host checks (medium)"; + } + "HFILTER_HELO_4" { + weight = 2.5; + description = "Helo host checks (hard)"; + } + "HFILTER_HELO_5" { + weight = 3.0; + description = "Helo host checks (very hard)"; + } + "HFILTER_HOSTNAME_1" { + weight = 0.5; + description = "Hostname checks (very low)"; + } + "HFILTER_HOSTNAME_2" { + weight = 1.0; + description = "Hostname checks (low)"; + } + "HFILTER_HOSTNAME_3" { + weight = 2.0; + description = "Hostname checks (medium)"; + } + "HFILTER_HOSTNAME_4" { + weight = 2.5; + description = "Hostname checks (hard)"; + } + "HFILTER_HOSTNAME_5" { + weight = 3.0; + description = "Hostname checks (very hard)"; + } + "HFILTER_HELO_NORESOLVE_MX" { + weight = 0.2; + description = "MX found in Helo and no resolve"; + } + "HFILTER_HELO_NORES_A_OR_MX" { + weight = 0.3; + description = "Helo no resolve to A or MX"; + } + "HFILTER_HELO_IP_A" { + weight = 1.0; + description = "Helo A IP != hostname IP"; + } + "HFILTER_HELO_NOT_FQDN" { + weight = 2.0; + description = "Helo not FQDN"; + } + "HFILTER_FROMHOST_NORESOLVE_MX" { + weight = 0.5; + description = "MX found in FROM host and no resolve"; + } + "HFILTER_FROMHOST_NORES_A_OR_MX" { + weight = 1.5; + description = "FROM host no resolve to A or MX"; + } + "HFILTER_FROMHOST_NOT_FQDN" { + weight = 3.0; + description = "FROM host not FQDN"; + } + "HFILTER_FROM_BOUNCE" { + weight = 0.0; + description = "Bounce message"; + } +/* + # Disabled by default + "HFILTER_MID_NORESOLVE_MX" { + weight = 0.5; + description = "MX found in Message-id host and no resolve"; + } + "HFILTER_MID_NORES_A_OR_MX" { + weight = 0.5; + name = ; + description = "Message-id host no resolve to A or MX"; + } + "HFILTER_MID_NOT_FQDN" { + weight = 0.5; + description = "Message-id host not FQDN"; + } +*/ + "HFILTER_HOSTNAME_UNKNOWN" { + weight = 2.5; + description = "Unknown client hostname (PTR or FCrDNS verification failed)"; + } + "HFILTER_RCPT_BOUNCEMOREONE" { + weight = 1.5; + description = "Message from bounce and over 1 recipient"; + } + "HFILTER_URL_ONLY" { + weight = 2.2; + description = "URL only in body"; + } + "HFILTER_URL_ONELINE" { + weight = 2.5; + description = "One line URL and text in body"; + } +} diff --git a/conf/scores.d/mime_types_group.conf b/conf/scores.d/mime_types_group.conf new file mode 100644 index 0000000..268709e --- /dev/null +++ b/conf/scores.d/mime_types_group.conf @@ -0,0 +1,78 @@ +# Mime types rules scores +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +description = "Mime attachments rules"; + +max_score = 10.0; + +symbols = { + "MIME_GOOD" { + weight = -0.1; + description = "Known content-type"; + one_shot = true; + } + "MIME_BAD" { + weight = 1.0; + description = "Known bad content-type"; + one_shot = true; + } + "MIME_UNKNOWN" { + weight = 0.1; + description = "Missing or unknown content-type"; + one_shot = true; + } + "MIME_BAD_ATTACHMENT" { + weight = 4.0; + description = "Invalid attachment mime type"; + one_shot = true; + } + "MIME_ENCRYPTED_ARCHIVE" { + weight = 2.0; + description = "Encrypted archive in a message"; + one_shot = true; + } + "MIME_OBFUSCATED_ARCHIVE" { + weight = 8.0; + description = "Archive has files with clear obfuscation signs"; + one_shot = true; + } + "MIME_EXE_IN_GEN_SPLIT_RAR" { + weight = 5.0; + description = "EXE file in RAR archive with generic split extension (e.g. .001)"; + one_shot = true; + } + "MIME_ARCHIVE_IN_ARCHIVE" { + weight = 5.0; + description = "Archive within another archive"; + one_shot = true; + } + "MIME_DOUBLE_BAD_EXTENSION" { + weight = 3.0; # This rule has dynamic weight up to 4.0 + description = "Bad extension cloaking"; + one_shot = true; + } + "MIME_BAD_EXTENSION" { + weight = 2.0; # This rule has dynamic weight up to 4.0 + description = "Bad extension"; + one_shot = true; + } + "MIME_BAD_UNICODE" { + weight = 8.0; + description = "Filename with known obscured unicode characters"; + one_shot = true; + } +} diff --git a/conf/scores.d/mua_group.conf b/conf/scores.d/mua_group.conf new file mode 100644 index 0000000..18ca013 --- /dev/null +++ b/conf/scores.d/mua_group.conf @@ -0,0 +1,25 @@ +# MUA rules scores +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +description = "MUA forgeries"; + +symbols = { + "FORGED_MUA_MAILLIST" { + weight = 0.0; + description = "Avoid false positives for FORGED_MUA_* in maillist"; + } +}
\ No newline at end of file diff --git a/conf/scores.d/phishing_group.conf b/conf/scores.d/phishing_group.conf new file mode 100644 index 0000000..54a660a --- /dev/null +++ b/conf/scores.d/phishing_group.conf @@ -0,0 +1,57 @@ +# Phishing rules scores +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +description = "Phishing in emails"; + +max_score = 10.0; + +symbols = { + "PHISHING" { + weight = 4.0; + description = "Phished URL"; + one_shot = true; + } + "PHISHED_EXCLUDED" { + weight = 0.0; + description = "Phished URL found in exclusions list"; + } + "PHISHED_OPENPHISH" { + weight = 7.0; + description = "Phished URL found in openphish.com"; + } + "PHISHED_PHISHTANK" { + weight = 7.0; + description = "Phished URL found in phishtank.com"; + } + HACKED_WP_PHISHING { + weight = 4.5; + description = "Phish message sent by hacked Wordpress instance"; + } + REDIRECTOR_FALSE { + weight = 0.0; + description = "Phishing exclusion symbol for known redirectors"; + } + URL_REDIRECTOR_NESTED { + weight = 1.0; + description = "URL redirector nested limit has been reached"; + one_shot = true; + } + PHISHED_WHITELISTED { + weight = 0.0; + description = "Phishing exclusion symbol for known exceptions"; + } +} diff --git a/conf/scores.d/policies_group.conf b/conf/scores.d/policies_group.conf new file mode 100644 index 0000000..4a8bdb6 --- /dev/null +++ b/conf/scores.d/policies_group.conf @@ -0,0 +1,147 @@ +# Policies rules scores, includes SPF, DKIM, DMARC and ARC symbols +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +description = "SPF, DKIM, DMARC, ARC"; + +symbols = { + # SPF + "R_SPF_FAIL" { + weight = 1.0; + description = "SPF verification failed"; + groups = ["spf"]; + } + "R_SPF_SOFTFAIL" { + weight = 0.0; + description = "SPF verification soft-failed"; + groups = ["spf"]; + } + "R_SPF_NEUTRAL" { + weight = 0.0; + description = "SPF policy is neutral"; + groups = ["spf"]; + } + "R_SPF_ALLOW" { + weight = -0.2; + description = "SPF verification allows sending"; + groups = ["spf"]; + } + "R_SPF_DNSFAIL" { + weight = 0.0; + description = "SPF DNS failure"; + groups = ["spf"]; + } + "R_SPF_NA" { + weight = 0.0; + description = "Missing SPF record"; + one_shot = true; + groups = ["spf"]; + } + "R_SPF_PERMFAIL" { + weight = 0.0; + description = "SPF record is malformed or persistent DNS error"; + groups = ["spf"]; + } + + # DKIM + "R_DKIM_REJECT" { + weight = 1.0; + description = "DKIM verification failed"; + one_shot = true; + groups = ["dkim"]; + } + "R_DKIM_TEMPFAIL" { + weight = 0.0; + description = "DKIM verification soft-failed"; + groups = ["dkim"]; + } + "R_DKIM_PERMFAIL" { + weight = 0.0; + description = "DKIM verification hard-failed (invalid)"; + groups = ["dkim"]; + } + "R_DKIM_ALLOW" { + weight = -0.2; + description = "DKIM verification succeed"; + one_shot = true; + groups = ["dkim"]; + } + "R_DKIM_NA" { + weight = 0.0; + description = "Missing DKIM signature"; + one_shot = true; + groups = ["dkim"]; + } + + # DMARC + "DMARC_POLICY_ALLOW" { + weight = -0.5; + description = "DMARC permit policy"; + groups = ["dmarc"]; + } + "DMARC_POLICY_ALLOW_WITH_FAILURES" { + weight = -0.5; + description = "DMARC permit policy with DKIM/SPF failure"; + groups = ["dmarc"]; + } + "DMARC_POLICY_REJECT" { + weight = 2.0; + description = "DMARC reject policy"; + groups = ["dmarc"]; + } + "DMARC_POLICY_QUARANTINE" { + weight = 1.5; + description = "DMARC quarantine policy"; + groups = ["dmarc"]; + } + "DMARC_POLICY_SOFTFAIL" { + weight = 0.1; + description = "DMARC failed"; + groups = ["dmarc"]; + } + "DMARC_NA" { + weight = 0.0; + description = "No DMARC record"; + groups = ["dmarc"]; + } + + # ARC + "ARC_ALLOW" { + weight = -1.0; + description = "ARC checks success"; + groups = ["arc"]; + } + "ARC_REJECT" { + weight = 1.0; + description = "ARC checks failed"; + groups = ["arc"]; + } + "ARC_INVALID" { + weight = 0.5; + description = "ARC structure invalid"; + groups = ["arc"]; + } + "ARC_DNSFAIL" { + weight = 0.0; + description = "ARC DNS error"; + groups = ["arc"]; + } + "ARC_NA" { + weight = 0.0; + description = "ARC signature absent"; + groups = ["arc"]; + } +} diff --git a/conf/scores.d/rbl_group.conf b/conf/scores.d/rbl_group.conf new file mode 100644 index 0000000..ef29ed2 --- /dev/null +++ b/conf/scores.d/rbl_group.conf @@ -0,0 +1,250 @@ +# RBL rules scores +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +description = "IP DNS lists"; + +symbols = { + + "DNSWL_BLOCKED" { + weight = 0.0; + description = "https://www.dnswl.org: Resolver blocked due to excessive queries"; + groups = ["dnswl", "blocked"]; + } + "RCVD_IN_DNSWL" { + weight = 0.0; + description = "Unrecognised result from https://www.dnswl.org"; + groups = ["dnswl"]; + } + "RCVD_IN_DNSWL_NONE" { + weight = 0.0; + description = "Sender listed at https://www.dnswl.org, no trust"; + groups = ["dnswl"]; + } + "RCVD_IN_DNSWL_LOW" { + weight = -0.1; + description = "Sender listed at https://www.dnswl.org, low trust"; + groups = ["dnswl"]; + } + "RCVD_IN_DNSWL_MED" { + weight = -0.2; + description = "Sender listed at https://www.dnswl.org, medium trust"; + groups = ["dnswl"]; + } + "RCVD_IN_DNSWL_HI" { + weight = -0.5; + description = "Sender listed at https://www.dnswl.org, high trust"; + groups = ["dnswl"]; + } + + "DWL_DNSWL_BLOCKED" { + weight = 0.0; + description = "https://www.dnswl.org: Resolver blocked due to excessive queries (DWL)"; + groups = ["dnswl", "blocked"]; + } + "DWL_DNSWL" { + weight = 0.0; + description = "Unrecognised result from https://www.dnswl.org (DWL)"; + groups = ["dnswl"]; + } + "DWL_DNSWL_NONE" { + weight = 0.0; + description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, no trust"; + groups = ["dnswl"]; + } + "DWL_DNSWL_LOW" { + weight = -1.0; + description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, low trust"; + groups = ["dnswl"]; + } + "DWL_DNSWL_MED" { + weight = -2.0; + description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, medium trust"; + groups = ["dnswl"]; + } + "DWL_DNSWL_HI" { + weight = -3.5; + description = "Message has a valid dkim signature originated from domain listed at https://www.dnswl.org, high trust"; + groups = ["dnswl"]; + } + + "RBL_SPAMHAUS" { + weight = 0.0; + description = "Unrecognised result from Spamhaus ZEN"; + groups = ["spamhaus"]; + } + "RBL_SPAMHAUS_SBL" { + weight = 4.0; + description = "From address is listed in Spamhaus SBL"; + groups = ["spamhaus"]; + } + "RBL_SPAMHAUS_CSS" { + weight = 2.0; + description = "From address is listed in Spamhaus CSS"; + groups = ["spamhaus"]; + } + "RBL_SPAMHAUS_XBL" { + weight = 4.0; + description = "From address is listed in Spamhaus XBL"; + groups = ["spamhaus"]; + } + "RBL_SPAMHAUS_PBL" { + weight = 2.0; + description = "From address is listed in Spamhaus PBL"; + groups = ["spamhaus"]; + } + "RBL_SPAMHAUS_DROP" { + weight = 7.0; + description = "From address is listed in Spamhaus DROP"; + groups = ["spamhaus"]; + } + "RBL_SPAMHAUS_BLOCKED_OPENRESOLVER" { + weight = 0.0; + description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; + groups = ["spamhaus", "blocked"]; + } + "RBL_SPAMHAUS_BLOCKED" { + weight = 0.0; + description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; + groups = ["spamhaus", "blocked"]; + } + "RECEIVED_SPAMHAUS_SBL" { + weight = 3.0; + description = "Received address is listed in Spamhaus SBL"; + groups = ["spamhaus"]; + one_shot = true; + } + "RECEIVED_SPAMHAUS_CSS" { + weight = 1.0; + description = "Received address is listed in Spamhaus CSS"; + groups = ["spamhaus"]; + one_shot = true; + } + "RECEIVED_SPAMHAUS_XBL" { + weight = 1.0; + description = "Received address is listed in Spamhaus XBL"; + groups = ["spamhaus"]; + one_shot = true; + } + "RECEIVED_SPAMHAUS_PBL" { + weight = 0.0; + description = "Received address is listed in Spamhaus PBL"; + groups = ["spamhaus"]; + one_shot = true; + } + "RECEIVED_SPAMHAUS_DROP" { + weight = 6.0; + description = "Received address is listed in Spamhaus DROP"; + groups = ["spamhaus"]; + one_shot = true; + } + "RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER" { + weight = 0.0; + description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; + groups = ["spamhaus", "blocked"]; + } + "RECEIVED_SPAMHAUS_BLOCKED" { + weight = 0.0; + description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; + groups = ["spamhaus", "blocked"]; + } + + "RBL_SENDERSCORE" { + weight = 2.0; + description = "From address is listed in senderscore.com BL"; + } + + "MAILSPIKE" { + weight = 0.0; + description = "Unrecognised result from Mailspike"; + groups = ["mailspike"]; + } + "RWL_MAILSPIKE_NEUTRAL" { + weight = 0.0; + description = "Neutral result from Mailspike"; + groups = ["mailspike"]; + } + "RBL_MAILSPIKE_WORST" { + weight = 2.0; + description = "From address is listed in Mailspike RBL - worst possible reputation"; + groups = ["mailspike"]; + } + "RBL_MAILSPIKE_VERYBAD" { + weight = 1.5; + description = "From address is listed in Mailspike RBL - very bad reputation"; + groups = ["mailspike"]; + } + "RBL_MAILSPIKE_BAD" { + weight = 1.0; + description = "From address is listed in Mailspike RBL - bad reputation"; + groups = ["mailspike"]; + } + "RWL_MAILSPIKE_POSSIBLE" { + weight = 0.0; + description = "From address is listed in Mailspike RWL - possibly legit"; + groups = ["mailspike"]; + } + "RWL_MAILSPIKE_GOOD" { + weight = -0.1; + description = "From address is listed in Mailspike RWL - good reputation"; + groups = ["mailspike"]; + } + "RWL_MAILSPIKE_VERYGOOD" { + weight = -0.2; + description = "From address is listed in Mailspike RWL - very good reputation"; + groups = ["mailspike"]; + } + "RWL_MAILSPIKE_EXCELLENT" { + weight = -0.4; + description = "From address is listed in Mailspike RWL - excellent reputation"; + groups = ["mailspike"]; + } + + "RBL_SEM" { + weight = 1.0; + description = "From address is listed in Spameatingmonkey RBL"; + groups = ["sem"]; + } + + "RBL_SEM_IPV6" { + weight = 1.0; + description = "From address is listed in Spameatingmonkey RBL (IPv6)"; + groups = ["sem"]; + } + + "RBL_VIRUSFREE_BOTNET" { + weight = 2.0; + description = "From address is listed in virusfree.cz BL"; + } + + "RBL_NIXSPAM" { + weight = 4.0; + description = "From address is listed in NiX Spam (https://www.nixspam.net/)"; + } + + "RBL_BLOCKLISTDE" { + weight = 4.0; + description = "From address is listed in Blocklist (https://www.blocklist.de/)"; + groups = ["blocklistde"]; + } + + "RECEIVED_BLOCKLISTDE" { + weight = 3.0; + description = "Received address is listed in Blocklist (https://www.blocklist.de/)"; + groups = ["blocklistde"]; + one_shot = true; + } +} diff --git a/conf/scores.d/statistics_group.conf b/conf/scores.d/statistics_group.conf new file mode 100644 index 0000000..b46fa7a --- /dev/null +++ b/conf/scores.d/statistics_group.conf @@ -0,0 +1,29 @@ +# Bayes and statistics rules scores +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +description = "Statistical symbols"; + +symbols = { + "BAYES_SPAM" { + weight = 5.1; + description = "Message probably spam, probability: "; + } + "BAYES_HAM" { + weight = -3.0; + description = "Message probably ham, probability: "; + } +}
\ No newline at end of file diff --git a/conf/scores.d/subject_group.conf b/conf/scores.d/subject_group.conf new file mode 100644 index 0000000..1cc2e0c --- /dev/null +++ b/conf/scores.d/subject_group.conf @@ -0,0 +1,23 @@ +# Subject rules scores +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +description = "Subject filters"; + +max_score = 6.0; + +symbols = { +} diff --git a/conf/scores.d/surbl_group.conf b/conf/scores.d/surbl_group.conf new file mode 100644 index 0000000..25e8ed7 --- /dev/null +++ b/conf/scores.d/surbl_group.conf @@ -0,0 +1,259 @@ +# URIBL rules scores +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +description = "URL DNS lists"; + +max_score = 12.5; + +symbols = { + "SURBL_BLOCKED" { + weight = 0.0; + description = "SURBL: query blocked by policy/overusage"; + one_shot = true; + groups = ["surblorg", "blocked"]; + } + "PH_SURBL_MULTI" { + weight = 7.5; + description = "A domain in the message is listed in SURBL as phishing"; + one_shot = true; + groups = ["surblorg", "phishing"]; + } + "MW_SURBL_MULTI" { + weight = 7.5; + description = "A domain in the message is listed in SURBL as malware"; + one_shot = true; + groups = ["surblorg"]; + } + "ABUSE_SURBL" { + weight = 5.0; + description = "A domain in the message is listed in SURBL as abused"; + one_shot = true; + groups = ["surblorg"]; + } + "CRACKED_SURBL" { + weight = 5.0; + description = "A domain in the message is listed in SURBL as cracked"; + one_shot = true; + groups = ["surblorg"]; + } + + "RSPAMD_URIBL" { + weight = 4.5; + description = "Rspamd uribl, bl.rspamd.com"; + one_shot = true; + groups = ["rspamdbl"]; + } + "RSPAMD_EMAILBL" { + weight = 2.5; + description = "Rspamd emailbl, bl.rspamd.com"; + one_shot = true; + groups = ["rspamdbl"]; + } + + "MSBL_EBL" { + weight = 7.5; + description = "MSBL emailbl (https://www.msbl.org/)"; + one_shot = true; + groups = ["ebl"]; + } + + "MSBL_EBL_GREY" { + weight = 0.5; # TODO: test it + description = "MSBL emailbl grey list (https://www.msbl.org/)"; + one_shot = true; + groups = ["ebl"]; + } + + "SEM_URIBL_UNKNOWN" { + weight = 0.0; + description = "Unrecognised result from Spameatingmonkey URIBL"; + one_shot = true; + groups = ["sem"]; + } + "SEM_URIBL" { + weight = 3.5; + description = "A domain in the message is listed in Spameatingmonkey URIBL"; + one_shot = true; + groups = ["sem"]; + } + + "SEM_URIBL_FRESH15_UNKNOWN" { + weight = 0.0; + description = "Unrecognised result from Spameatingmonkey Fresh15 URIBL"; + one_shot = true; + groups = ["sem"]; + } + "SEM_URIBL_FRESH15" { + weight = 3.0; + description = "A domain in the message is listed in Spameatingmonkey Fresh15 URIBL (registered in the past 15 days, .AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US only)"; + one_shot = true; + groups = ["sem"]; + } + + "DBL" { + weight = 0.0; + description = "Unrecognised result from Spamhaus DBL"; + one_shot = true; + groups = ["spamhaus"]; + } + "DBL_SPAM" { + weight = 6.5; + description = "A domain in the message is listed in Spamhaus DBL as spam"; + one_shot = true; + groups = ["spamhaus"]; + } + "DBL_PHISH" { + weight = 7.5; + description = "A domain in the message is listed in Spamhaus DBL as phishing"; + one_shot = true; + groups = ["spamhaus"]; + } + "DBL_MALWARE" { + weight = 7.5; + description = "A domain in the message is listed in Spamhaus DBL as malware"; + one_shot = true; + groups = ["spamhaus"]; + } + "DBL_BOTNET" { + weight = 7.5; + description = "A domain in the message is listed in Spamhaus DBL as botnet C&C"; + one_shot = true; + groups = ["spamhaus"]; + } + "DBL_ABUSE" { + weight = 5.0; + description = "A domain in the message is listed in Spamhaus DBL as abused legit spam"; + one_shot = true; + groups = ["spamhaus"]; + } + "DBL_ABUSE_REDIR" { + weight = 5.0; + description = "A domain in the message is listed in Spamhaus DBL as spammed redirector domain"; + one_shot = true; + groups = ["spamhaus"]; + } + "DBL_ABUSE_PHISH" { + weight = 6.5; + description = "A domain in the message is listed in Spamhaus DBL as abused legit phish"; + one_shot = true; + groups = ["spamhaus"]; + } + "DBL_ABUSE_MALWARE" { + weight = 6.5; + description = "A domain in the message is listed in Spamhaus DBL as abused legit malware"; + one_shot = true; + groups = ["spamhaus"]; + } + "DBL_ABUSE_BOTNET" { + weight = 6.5; + description = "A domain in the message is listed in Spamhaus DBL as abused legit botnet C&C"; + one_shot = true; + groups = ["spamhaus"]; + } + "DBL_PROHIBIT" { + weight = 0.0; + description = "DBL uribl IP queries prohibited!"; + one_shot = true; + groups = ["spamhaus"]; + } + "DBL_BLOCKED_OPENRESOLVER" { + weight = 0.0; + description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; + one_shot = true; + groups = ["spamhaus", "blocked"]; + } + "DBL_BLOCKED" { + weight = 0.0; + description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; + one_shot = true; + groups = ["spamhaus", "blocked"]; + } + + "URIBL_MULTI" { + weight = 0.0; + description = "Unrecognised result from URIBL.com"; + one_shot = true; + groups = ["uribl"]; + } + "URIBL_BLOCKED" { + weight = 0.0; + description = "URIBL.com: query refused, likely due to policy/overusage"; + one_shot = true; + groups = ["uribl", "blocked"]; + } + "URIBL_BLACK" { + weight = 7.5; + description = "A domain in the message is listed in URIBL.com black"; + one_shot = true; + groups = ["uribl"]; + } + "URIBL_RED" { + weight = 3.5; + description = "A domain in the message is listed in URIBL.com red"; + one_shot = true; + groups = ["uribl"]; + } + "URIBL_GREY" { + weight = 1.5; + description = "A domain in the message is listed in URIBL.com grey"; + one_shot = true; + groups = ["uribl"]; + } + + "SPAMHAUS_ZEN_URIBL" { + ignore = true; + weight = 0.0; + description = "Unrecognised result from Spamhaus ZEN URIBL"; + one_shot = true; + groups = ["spamhaus"]; + } + "URIBL_SBL" { + ignore = true; + weight = 6.5; + description = "A domain in the message body resolves to an IP listed in Spamhaus SBL"; + one_shot = true; + groups = ["spamhaus"]; + } + "URIBL_SBL_CSS" { + ignore = true; + weight = 5.0; + description = "A domain in the message body resolves to an IP listed in Spamhaus CSS"; + one_shot = true; + groups = ["spamhaus"]; + } + "URIBL_XBL" { + ignore = true; + weight = 3.0; + description = "A domain in the message body resolves to an IP listed in Spamhaus XBL"; + one_shot = true; + groups = ["spamhaus"]; + } + "URIBL_PBL" { + ignore = true; + weight = 0.01; + description = "A domain in the message body resolves to an IP listed in Spamhaus PBL"; + one_shot = true; + groups = ["spamhaus"]; + } + "URIBL_DROP" { + ignore = true; + weight = 5.0; + description = "A domain in the message body resolves to an IP listed in Spamhaus DROP"; + one_shot = true; + groups = ["spamhaus"]; + } +} diff --git a/conf/scores.d/whitelist_group.conf b/conf/scores.d/whitelist_group.conf new file mode 100644 index 0000000..c0d2044 --- /dev/null +++ b/conf/scores.d/whitelist_group.conf @@ -0,0 +1,63 @@ +# Whitelist rules scores +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +description = "White lists group"; + +max_score = 10.0; + +symbols = { + "WHITELIST_SPF" { + weight = -1.0; + description = "Mail comes from the whitelisted domain and has a valid SPF policy"; + groups = ["spf"]; + } + "BLACKLIST_SPF" { + weight = 1.0; + description = "Mail comes from the whitelisted domain and has no valid SPF policy"; + groups = ["spf"]; + } + "WHITELIST_DKIM" { + weight = -1.0; + description = "Mail comes from the whitelisted domain and has a valid DKIM signature"; + groups = ["dkim"]; + } + "BLACKLIST_DKIM" { + weight = 2.0; + description = "Mail comes from the whitelisted domain and has non-valid DKIM signature"; + groups = ["dkim"]; + } + "WHITELIST_SPF_DKIM" { + weight = -3.0; + description = "Mail comes from the whitelisted domain and has valid SPF and DKIM policies"; + groups = ["spf", "dkim"]; + } + "BLACKLIST_SPF_DKIM" { + weight = 3.0; + description = "Mail comes from the whitelisted domain and has no valid SPF policy or a bad DKIM signature"; + groups = ["spf", "dkim"]; + } + "WHITELIST_DMARC" { + weight = -7.0; + description = "Mail comes from the whitelisted domain and has valid DMARC and DKIM policies"; + groups = ["dmarc", "spf", "dkim"]; + } + "BLACKLIST_DMARC" { + weight = 6.0; + description = "Mail comes from the whitelisted domain and has failed DMARC and DKIM policies"; + groups = ["dmarc", "spf", "dkim"]; + } +} diff --git a/conf/settings.conf b/conf/settings.conf new file mode 100644 index 0000000..95d71e4 --- /dev/null +++ b/conf/settings.conf @@ -0,0 +1,66 @@ +# Settings setup +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/settings.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/settings.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation: https://rspamd.com/doc/configuration/settings.html + +# If you want to use settings map, then please define something like: +# +# settings = "http://example.com/settings.json" +# +# in rspamd.conf.override + +settings { + # Some examples below (define in local.d/settings.conf without `settings {}`!) + #some_users { + # id = "some_users"; + # priority = high; + # from = "@example.com"; + # rcpt = "admin"; + # rcpt = "/user.*/"; + # ip = "172.16.0.0/16"; + # user = "@example.net"; + # request_header = { + # "MTA-Tag" = "\.example\.net$"; + # } + # apply { + # symbol1 = 10.0; + # symbol2 = 0.0; + # actions { + # reject = 100.0; + # greylist = 10.0; + # "add header" = 5.0; # Please note the space, NOT an underscore + # } + # } + # Always add these symbols when settings rule has matched + # symbols [ + # "symbol2", "symbol4" + # ] + #} + #whitelist { + # priority = low; + # rcpt = "postmaster@example.com"; + # want_spam = yes; + #} + # Disable some checks for authenticated users + #authenticated { + # priority = high; + # authenticated = yes; + # apply { + # groups_disabled = ["rbl", "spf"]; + # } + #} + # End of examples + + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/settings.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/settings.conf" +}
\ No newline at end of file diff --git a/conf/statistic.conf b/conf/statistic.conf new file mode 100644 index 0000000..0ba8302 --- /dev/null +++ b/conf/statistic.conf @@ -0,0 +1,59 @@ +# Statistics setup +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/statistic.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/statistic.conf' to strictly override all +# parameters defined inside this section +# +# If you just need to change the default bayes classifier, you can also use +# 'local.d/classifier-bayes.conf' or 'override.d/classifier-bayes.conf'. But +# never ever use both `statistic.conf` and `classifier-bayes.conf` locals files +# together! +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation: https://rspamd.com/doc/configuration/statistic.html + +classifier "bayes" { + tokenizer { + name = "osb"; + } + cache { + } + new_schema = true; # Always use new schema + store_tokens = false; # Redefine if storing of tokens is desired + signatures = false; # Store learn signatures + #per_user = true; # Enable per user classifier + min_tokens = 11; + backend = "redis"; + min_learns = 200; + + statfile { + symbol = "BAYES_HAM"; + spam = false; + } + statfile { + symbol = "BAYES_SPAM"; + spam = true; + } + learn_condition = 'return require("lua_bayes_learn").can_learn'; + + # Autolearn sample + # autolearn { + # spam_threshold = 6.0; # When to learn spam (score >= threshold and action is reject) + # junk_threshold = 4.0; # When to learn spam (score >= threshold and action is rewrite subject or add header, and has two or more positive results) + # ham_threshold = -0.5; # When to learn ham (score <= threshold and action is no action, and score is negative or has three or more negative results) + # check_balance = true; # Check spam and ham balance + # min_balance = 0.9; # Keep diff for spam/ham learns for at least this value + #} + + .include(try=true; priority=1) "$LOCAL_CONFDIR/local.d/classifier-bayes.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/classifier-bayes.conf" +} + +.include(try=true; priority=1) "$LOCAL_CONFDIR/local.d/statistic.conf" +.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/statistic.conf" diff --git a/conf/worker-controller.inc b/conf/worker-controller.inc new file mode 100644 index 0000000..1fdffff --- /dev/null +++ b/conf/worker-controller.inc @@ -0,0 +1,19 @@ +# Controller worker setup +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/worker-controller.inc' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/worker-controller.inc' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# Module documentation: https://rspamd.com/doc/workers/controller.html + +count = 1; +password = "q1"; +secure_ip = "127.0.0.1"; +secure_ip = "::1"; +static_dir = "${WWWDIR}"; diff --git a/conf/worker-fuzzy.inc b/conf/worker-fuzzy.inc new file mode 100644 index 0000000..5cf788c --- /dev/null +++ b/conf/worker-fuzzy.inc @@ -0,0 +1,22 @@ +# Fuzzy storage worker setup +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/worker-fuzzy.inc' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/worker-fuzzy.inc' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# Module documentation: https://rspamd.com/doc/workers/fuzzy_storage.html + +backend = "redis"; + +# For sqlite stuff +#backend = "sqlite"; +#hash_file = "${DBDIR}/fuzzy.db"; + +expire = 90d; +allow_update = ["localhost"];
\ No newline at end of file diff --git a/conf/worker-normal.inc b/conf/worker-normal.inc new file mode 100644 index 0000000..285a17a --- /dev/null +++ b/conf/worker-normal.inc @@ -0,0 +1,15 @@ +# Normal scanner worker setup +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/worker-normal.inc' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/worker-normal.inc' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# Module documentation: https://rspamd.com/doc/workers/normal.html + +mime = true; diff --git a/conf/worker-proxy.inc b/conf/worker-proxy.inc new file mode 100644 index 0000000..7f67238 --- /dev/null +++ b/conf/worker-proxy.inc @@ -0,0 +1,35 @@ +# Proxy worker setup +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/worker-proxy.inc' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/worker-proxy.inc' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# Module documentation: https://rspamd.com/doc/workers/rspamd_proxy.html + +milter = yes; # Enable milter mode + +# This timeout is mostly specific to the milter mode. +# Please also bear in mind that if this timeout is longer than `task_timeout`, +# your messages might be processed for much longer due to this timeout (this is +# true for self-scan mode). +# If this behaviour is not desired, then it is recommended to reduce and adjust this +# value accordingly +timeout = 60s; + +upstream "local" { + default = yes; + hosts = "localhost"; +} + +count = 1; # Do not spawn too many processes of this type +max_retries = 5; # How many times master is queried in case of failure +discard_on_reject = false; # Discard message instead of rejection +quarantine_on_reject = false; # Tell MTA to quarantine rejected messages +spam_header = "X-Spam"; # Use the specific spam header +reject_message = "Spam message rejected"; # Use custom rejection message diff --git a/config.h.in b/config.h.in new file mode 100644 index 0000000..59c70c6 --- /dev/null +++ b/config.h.in @@ -0,0 +1,416 @@ +#ifndef RSPAMD_CONFIG_H_IN +#define RSPAMD_CONFIG_H_IN + + +#cmakedefine BUILD_STATIC 1 +#cmakedefine CURL_FOUND 1 +#cmakedefine DEBUG_MODE 1 +#cmakedefine GIT_VERSION 1 +#cmakedefine GLIB_HASH_COMPAT 1 +#cmakedefine GLIB_RE_COMPAT 1 +#cmakedefine GLIB_UNISCRIPT_COMPAT 1 +#cmakedefine HAVE_ARPA_INET_H 1 +#cmakedefine HAVE_ATOMIC_BUILTINS 1 +#cmakedefine HAVE_CLOCK_GETCPUCLOCKID 1 +#cmakedefine HAVE_CLOCK_GETTIME 1 +#cmakedefine HAVE_CLOCK_PROCESS_CPUTIME_ID 1 +#cmakedefine HAVE_CLOCK_VIRTUAL 1 +#cmakedefine HAVE_CPUID_H 1 +#cmakedefine HAVE_CTYPE_H 1 +#cmakedefine HAVE_DIRENT_H 1 +#cmakedefine HAVE_DIRFD 1 +#cmakedefine HAVE_ENDIAN_H 1 +#cmakedefine HAVE_FALLOCATE 1 +#cmakedefine HAVE_FCNTL_H 1 +#cmakedefine HAVE_FETCH_H 1 +#cmakedefine HAVE_FIPS_MODE 1 +#cmakedefine HAVE_FFSLL 1 +#cmakedefine HAVE_FLOCK 1 +#cmakedefine HAVE_FPATHCONF 1 +#cmakedefine HAVE_GETPAGESIZE 1 +#cmakedefine HAVE_GLOB_H 1 +#cmakedefine HAVE_GRP_H 1 +#cmakedefine HAVE_INTTYPES_H 1 +#cmakedefine HAVE_IPV6_V6ONLY 1 +#cmakedefine HAVE_LIBGEN_H 1 +#cmakedefine HAVE_LIBUTIL_H 1 +#cmakedefine HAVE_LOCALE_H 1 +#cmakedefine HAVE_MACHINE_ENDIAN_H 1 +#cmakedefine HAVE_MAXPATHLEN 1 +#cmakedefine HAVE_FMEMOPEN 1 +#cmakedefine HAVE_MEMRCHR 1 +#cmakedefine HAVE_MKSTEMP 1 +#cmakedefine HAVE_MMAP_ANON 1 +#cmakedefine HAVE_NANOSLEEP 1 +#cmakedefine HAVE_NETDB_H 1 +#cmakedefine HAVE_NETINET_IN_H 1 +#cmakedefine HAVE_NETINET_TCP_H 1 +#cmakedefine HAVE_NFTW 1 +#cmakedefine HAVE_OCLOEXEC 1 +#cmakedefine HAVE_ONOFOLLOW 1 +#cmakedefine HAVE_OPENMEMSTREAM 1 +#cmakedefine HAVE_PATH_MAX 1 + +/* OSX has broken JIT support in PCRE, disable it */ +#cmakedefine HAVE_PCRE_JIT 1 +#cmakedefine HAVE_PCRE_JIT_FAST 1 + +#cmakedefine HAVE_PIDFILE 1 +#cmakedefine HAVE_PIDFILE_FILENO 1 +#cmakedefine HAVE_POLL_H 1 +#cmakedefine HAVE_POSIX_FALLOCATE 1 +#cmakedefine HAVE_PTHREAD_PROCESS_SHARED 1 +#cmakedefine HAVE_PWD_H 1 +#cmakedefine HAVE_RDTSC 1 +#cmakedefine HAVE_READAHEAD 1 +#cmakedefine HAVE_READPASSPHRASE_H 1 +#cmakedefine HAVE_RECVMMSG 1 +#cmakedefine HAVE_RUSAGE_SELF 1 +#cmakedefine HAVE_SA_SIGINFO 1 +#cmakedefine HAVE_SANE_SHMEM 1 +#cmakedefine HAVE_SCHED_YIELD 1 +#cmakedefine HAVE_SC_NPROCESSORS_ONLN 1 +#cmakedefine HAVE_SETPROCTITLE 1 +#cmakedefine HAVE_SIGALTSTACK 1 +#cmakedefine HAVE_SIGINFO_H 1 +#cmakedefine HAVE_SOCK_SEQPACKET 1 +#cmakedefine HAVE_SSL_TLSEXT_HOSTNAME 1 +#cmakedefine HAVE_STDBOOL_H 1 +#cmakedefine HAVE_STDINT_H 1 +#cmakedefine HAVE_STDIO_H 1 +#cmakedefine HAVE_STDLIB_H 1 +#cmakedefine HAVE_STRINGS_H 1 +#cmakedefine HAVE_STRING_H 1 +#cmakedefine HAVE_SYSLOG_H 1 +#cmakedefine HAVE_SYS_CDEFS_H 1 +#cmakedefine HAVE_SYS_ENDIAN_H 1 +#cmakedefine HAVE_SYS_EVENTFD_H 1 +#cmakedefine HAVE_SYS_FILE_H 1 +#cmakedefine HAVE_SYS_MMAN_H 1 +#cmakedefine HAVE_SYS_PARAM_H 1 +#cmakedefine HAVE_SYS_RESOURCE_H 1 +#cmakedefine HAVE_SYS_SOCKET_H 1 +#cmakedefine HAVE_SYS_STAT_H 1 +#cmakedefine HAVE_SYS_TIMEB_H 1 +#cmakedefine HAVE_SYS_TYPES_H 1 +#cmakedefine HAVE_SYS_UCONTEXT_H 1 +#cmakedefine HAVE_SYS_UIO_H 1 +#cmakedefine HAVE_SYS_UN_H 1 +#cmakedefine HAVE_SYS_WAIT_H 1 +#cmakedefine HAVE_TANH 1 +#cmakedefine HAVE_TERMIOS_H 1 +#cmakedefine HAVE_TIME_H 1 +#cmakedefine HAVE_UCONTEXT_H 1 +#cmakedefine HAVE_UNISTD_H 1 +#cmakedefine PARAM_H_HAS_BITSET 1 +#cmakedefine WITH_GPERF_TOOLS 1 +#cmakedefine WITH_HYPERSCAN 1 +#cmakedefine WITH_JEMALLOC 1 +#cmakedefine WITH_LUA 1 +#cmakedefine WITH_LUAJIT 1 +#cmakedefine WITH_PCRE2 1 +#cmakedefine WITH_SNOWBALL 1 +#cmakedefine WITH_SQLITE 1 +#cmakedefine WITH_LUA_TRACE 1 +#cmakedefine WITH_LUA_REPL 1 +#cmakedefine WITH_FASTTEXT 1 +#cmakedefine BACKWARD_ENABLE 1 + +#cmakedefine DISABLE_PTHREAD_MUTEX 1 + +/* Detect endianness */ + +#ifdef HAVE_ENDIAN_H + #include <endian.h> +#elif defined(HAVE_SYS_ENDIAN_H) + #include <sys/endian.h> +#elif defined(HAVE_MACHINE_ENDIAN_H) + #include <machine/endian.h> +#elif defined(__sun) + #include <sys/byteorder.h> + #ifndef LITTLE_ENDIAN + #define LITTLE_ENDIAN 1234 + #endif + #ifndef BIG_ENDIAN + #define BIG_ENDIAN 4321 + #endif + #ifdef _LITTLE_ENDIAN + #define BYTE_ORDER LITTLE_ENDIAN + #else + #define BYTE_ORDER BIG_ENDIAN + #endif +#endif + +#ifndef BYTE_ORDER + +#ifndef LITTLE_ENDIAN + #define LITTLE_ENDIAN 1234 +#endif +#ifndef BIG_ENDIAN + #define BIG_ENDIAN 4321 +#endif + +#if defined(__BYTE_ORDER) && __BYTE_ORDER == __BIG_ENDIAN || \ + defined(__BIG_ENDIAN__) || \ + defined(__ARMEB__) || \ + defined(__THUMBEB__) || \ + defined(__AARCH64EB__) || \ + defined(_MIBSEB) || defined(__MIBSEB) || defined(__MIBSEB__) +#define BYTE_ORDER BIG_ENDIAN +#elif defined(__BYTE_ORDER) && __BYTE_ORDER == __LITTLE_ENDIAN || \ + defined(__LITTLE_ENDIAN__) || \ + defined(__ARMEL__) || \ + defined(__THUMBEL__) || \ + defined(__AARCH64EL__) || \ + defined(_MIPSEL) || defined(__MIPSEL) || defined(__MIPSEL__) +#define BYTE_ORDER LITTLE_ENDIAN +#else +#error "I don't know what architecture this is!" +#endif + +#endif /* BYTE_ORDER */ + +#define RSPAMD_SHAREDIR "${SHAREDIR}" +#define RSPAMD_CONFDIR "${CONFDIR}" +#define RSPAMD_LOCAL_CONFDIR "${LOCAL_CONFDIR}" +#define RSPAMD_RUNDIR "${RUNDIR}" +#define RSPAMD_LOGDIR "${LOGDIR}" +#define RSPAMD_DBDIR "${DBDIR}" +#define RSPAMD_PLUGINSDIR "${PLUGINSDIR}" +#define RSPAMD_LUALIBDIR "${LUALIBDIR}" +#define RSPAMD_RULESDIR "${RULESDIR}" +#define RSPAMD_WWWDIR "${WWWDIR}" +#define RSPAMD_PREFIX "${CMAKE_INSTALL_PREFIX}" +#define RSPAMD_LIBDIR "${RSPAMD_LIBDIR}" + +#define RSPAMD_VERSION_MAJOR "${RSPAMD_VERSION_MAJOR}" +#define RSPAMD_VERSION_MINOR "${RSPAMD_VERSION_MINOR}" +#define RSPAMD_VERSION_PATCH "${RSPAMD_VERSION_PATCH}" + +#define RSPAMD_VERSION_MAJOR_NUM ${RSPAMD_VERSION_MAJOR_NUM} +#define RSPAMD_VERSION_MINOR_NUM ${RSPAMD_VERSION_MINOR_NUM} +#define RSPAMD_VERSION_PATCH_NUM ${RSPAMD_VERSION_PATCH_NUM} + +#define RSPAMD_VERSION_BRANCH "${RSPAMD_VERSION_MAJOR}" + +#if defined(GIT_VERSION) && GIT_VERSION == 1 +# define RVERSION "${RSPAMD_VERSION}" +# define RSPAMD_VERSION_FULL "${RSPAMD_VERSION}_${RSPAMD_ID}" +# define RID "${RSPAMD_ID}" +# define RSPAMD_VERSION_NUM 0x${RSPAMD_VERSION_MAJOR_NUM}${RSPAMD_VERSION_MINOR_NUM}00${RSPAMD_ID}ULL +#else +# define RSPAMD_VERSION_FULL "${RSPAMD_VERSION}" +# define RVERSION "${RSPAMD_VERSION}" +# define RSPAMD_VERSION_NUM 0x${RSPAMD_VERSION_MAJOR_NUM}${RSPAMD_VERSION_MINOR_NUM}000000000ULL +# define RID "release" +#endif + +#define RSPAMD_MASTER_SITE_URL "${RSPAMD_MASTER_SITE_URL}" + +#define MODULES_NUM ${RSPAMD_MODULES_NUM} + +/* sys/types */ +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif + +/* cdefs */ +#ifdef HAVE_SYS_CDEFS_H +#include <sys/cdefs.h> +#endif + +/* sys/param */ +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif + +/* stdint */ +#ifdef HAVE_STDINT_H +#include <stdint.h> +#elif defined(HAVE_INTTYPES_H) +#include <inttypes.h> +#endif + +/* stdbool */ +#ifdef HAVE_STDBOOL_H +#include <stdbool.h> +#endif + +/* stdlib */ +#ifdef HAVE_STDLIB_H +#include <stdlib.h> +#endif + +/* stdio */ +#ifdef HAVE_STDIO_H +#include <stdio.h> +#endif + +/* time */ +#ifdef HAVE_TIME_H +#include <time.h> +#endif + +/* string */ +#ifdef HAVE_STRING_H +#include <string.h> +#endif + +#ifdef HAVE_STRINGS_H +#include <strings.h> +#endif + +#include <errno.h> + +#include <glib.h> +#include <gmodule.h> + +#ifndef PARAM_H_HAS_BITSET +/* Bit map related macros. */ +#ifndef NBBY +# define NBBY 8 /* number of bits in a byte */ +#endif +#define setbit(a, \ + i) (((unsigned char *)(a))[(i) / NBBY] |= 1 << ((i) % NBBY)) +#define clrbit(a, \ + i) (((unsigned char *)(a))[(i) / NBBY] &= ~(1 << ((i) % NBBY))) +#define isset(a,i) \ + (((const unsigned char *)(a))[(i) / NBBY] & (1 << ((i) % NBBY))) +#define isclr(a,i) \ + ((((const unsigned char *)(a))[(i) / NBBY] & (1 << ((i) % NBBY))) == 0) +#endif + +#ifdef _MSC_VER +# define RSPAMD_PACKED(name) \ + __pragma(pack(push, 1)) struct name __pragma(pack(pop)) +#elif defined(__GNUC__) +# define RSPAMD_PACKED(name) struct __attribute__((packed)) name +#else +# define RSPAMD_PACKED(name) struct name +#endif + +#ifndef RSPAMD_ALIGNED +#if defined(_MSC_VER) +# define RSPAMD_ALIGNED(x) __declspec(align(x)) +# define RSPAMD_OPTIMIZE(x) +# define RSPAMD_ALWAYS_INLINE +# define RSPAMD_PURE_FUNCTION +#elif defined(__GNUC__) +# define RSPAMD_ALIGNED(x) __attribute__((aligned(x))) +# define RSPAMD_ALWAYS_INLINE __attribute__((always_inline)) +# define RSPAMD_PURE_FUNCTION __attribute__((pure)) +#ifndef __clang__ +# define RSPAMD_OPTIMIZE(x) __attribute__((__optimize__ (x))) +#else +# define RSPAMD_OPTIMIZE(x) +#endif +#else +/* Unknown compiler */ +# define RSPAMD_ALIGNED(x) +# define RSPAMD_OPTIMIZE(x) +# define RSPAMD_ALWAYS_INLINE +# define RSPAMD_PURE_FUNCTION +#endif +#endif + +#ifndef __cplusplus +# ifdef G_ALIGNOF +# define RSPAMD_ALIGNOF G_ALIGNOF +# else +# define RSPAMD_ALIGNOF(t) _Alignof(t) +# endif +#else +/* glib G_ALIGNOF nor C11 _Alignof are not good enough for C++, nuff said... */ +# define RSPAMD_ALIGNOF(t) alignof(t) +#endif + +/* Address sanitizer */ +#ifdef __clang__ +# if __has_feature(address_sanitizer) +/* emulate gcc's __SANITIZE_ADDRESS__ flag */ +# define __SANITIZE_ADDRESS__ +# define RSPAMD_NO_SANITIZE \ + __attribute__((no_sanitize("address", "hwaddress"))) +# else +# define RSPAMD_NO_SANITIZE +# endif +#elif defined(__GNUC__) +/* GCC based */ +# if defined(__has_attribute) +# if __has_attribute(__no_sanitize_address__) +# define RSPAMD_NO_SANITIZE __attribute__((no_sanitize_address)) +# else +# define RSPAMD_NO_SANITIZE +# endif +# else +# define RSPAMD_NO_SANITIZE +# endif +#else +# define RSPAMD_NO_SANITIZE +#endif + + +#ifndef BITSPERBYTE +# define BITSPERBYTE (NBBY * sizeof (char)) +#endif +#ifndef NBYTES +# define NBYTES(nbits) (((nbits) + BITSPERBYTE - 1) / BITSPERBYTE) +#endif + + +#ifdef __cplusplus +extern "C" { +#endif +extern uint64_t ottery_rand_uint64(void); +#define UCL_RANDOM_FUNCTION ottery_rand_uint64() +#ifdef __cplusplus +} +#endif + + +/* Disable slab allocator if jemalloc is already in the system */ +#if defined(WITH_JEMALLOC) || defined(__FreeBSD__) || \ + (defined(__NetBSD__) && __NetBSD_Version__ >= 500000000) +#if 0 + #define g_slice_alloc(sz) g_malloc(sz) + #define g_slice_alloc0(sz) g_malloc0(sz) + #define g_slice_free1(sz, p) g_free(p) +#endif +#endif + +#ifdef __cplusplus + #define RSPAMD_CONSTRUCTOR(f) \ + static void f(void) noexcept; \ + struct f##_t_ { f##_t_(void) noexcept { f(); } }; static f##_t_ f##_; \ + static void f(void) noexcept +#else +#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7) + #define RSPAMD_CONSTRUCTOR(f) \ + static void f(void) __attribute__((constructor)); \ + static void f(void) + #define RSPAMD_DESTRUCTOR(f) \ + static void f(void) __attribute__((destructor)); \ + static void f(void) +#else + /* In fact, everything else is not supported ¯\_(ツ)_/¯ */ + #error incompatible compiler found, need gcc > 2.7 or clang +#endif +#endif /* __cplusplus */ + +#ifdef __GNUC__ +#define RSPAMD_CONST_FUNCTION __attribute__ ((const)) +#else +#define RSPAMD_CONST_FUNCTION +#endif + +#ifdef __GNUC__ +#define RSPAMD_UNREACHABLE __builtin_unreachable() +#else +#define RSPAMD_UNREACHABLE abort() +#endif + +#define HAVE_OPENSSL 1 +#define HAVE_MATH_H 1 + + +#endif |