options = { filters = [ "dkim", "regexp"] url_tld = "{= env.URL_TLD =}" pidfile = "{= env.TMPDIR =}/rspamd.pid" lua_path = "{= env.INSTALLROOT =}/share/rspamd/lib/?.lua" explicit_modules = ["settings", "bayes_expiry"]; dns { nameserver = ["8.8.8.8", "8.8.4.4"]; retransmits = 10; timeout = 2s; fake_records = [{ # ed25519 name = "test._domainkey.example.com"; type = txt; replies = ["k=ed25519; p=yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y="]; }, { name = "brisbane._domainkey.football.example.com"; type = txt; replies = ["v=DKIM1; k=ed25519; p=11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo="]; }, { name = "test._domainkey.football.example.com"; type = txt; replies = ["v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkHlOQoBTzWRiGs5V6NpP3idY6Wk08a5qhdR6wy5bdOKb2jLQiY/J16JYi0Qvx/byYzCNb3W91y3FutACDfzwQ/BC/e/8uBsCR+yz1Lxj+PL6lHvqMKrM3rG4hstT5QjvHO9PzoxZyVYLzBfO2EeC3Ip3G+2kryOTIKT+l/K4w3QIDAQAB"], }, { name = "dkim._domainkey.cacophony.za.org", type = "txt"; replies = ["v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXtxBE5IiNRMcq2/lc2zErfdCvDFyQNBnMjbOjBQrPST2k4fdGbtpe5Iu5uS01Met+dAEf94XL8I0hwmYw+n70PP834zfJGi2egwGqrakpaWsCDPvIJZLkxJCJKQRA/zrQ622uEXdvYixVbsEGVw7U4wAGSmT5rU2eU1y63AlOlQIDAQAB"]; }, { name = "eddsa._domainkey.cacophony.za.org", type = "txt"; replies = ["v=DKIM1; k=ed25519; p=+nU+aC33ICeS4zx8VUjFYCtxj0fRbHWQn2gP2hTkm9w="]; }, { name = "dkim._domainkey.invalid.za.org", type = "txt"; replies = ["v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEEXmNGQq7PUrr9Mg4UakTFHgXBCy2DOztkrZm+0OrVWtiRzGluxBkbOWTBwuU3/Yw97yTphBMQxzWFN603/f/KPAQcF/Lc1l+6kmIBBxNXjjGuOK/3PYKZVntUdKmqcQBYfnHdzH2Tohbuyx1a7xqnv6VSChqQrZU4CwkeT3+eQIDAQAB"]; }, { name = "eddsa._domainkey.invalid.za.org", type = "txt"; replies = ["v=DKIM1; k=ed25519; p=Wkkrp5DJTvknDMGWYv8vm3p3sZjiQp03LZo80RregY8="]; }, { name = "dkim._domainkey.rspamd.com", type = "txt"; replies = ["v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCd/XhZBEGGAss48lEuMmwZv9lOFf6FTllBiQ3sPhdTpDdIPaW9TInW7iYnYD/bXHeVxYAyD/sKhYk6+qGBRu10rEi+iyPvLCIED+Boq0tEQosuKuV6Fjoomb+QhZY9KdjyZTjsrFPZ+wCkUY/30uTmpX2SwSqyxxlK0pUIsRgMAQIDAQAB"]; }, { name = "_dmarc.rspamd.com", type = "txt"; rcode = 'norec'; }, { name = "dkim._domainkey.highsecure.ru", type = "txt"; replies = ["p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDK4ZQYky30GH0Ak9OQ1fv3IdFNbpOtpa4S/PR20ZLgPXfd/FCA//ztUmu7kHlELI+/+4f8W+xX0oZlOc/cFxhopRjXZMlSsQqmWOZ40/GxWFBtcqafKu78FCqO7URqZUmMCM5Jlp4zt/yzH3dbYNG3i5PVlB5QtQnZvY+dvBL3dwIDAQAB"]; }, { name = "_dmarc.cacophony.za.org", type = "txt"; replies = ["v=DMARC1; p=none; sp=reject"]; }, { name = "_dmarc.my.mom.za.org", type = "txt"; replies = ["v=DMARC1; p=reject"]; }, { name = "example.net", type = "txt"; replies = ["v=spf1 -all"]; }, { name = "fail4.org.org.za", type = "txt"; replies = ["v=spf1 redirect=asdfsfewewrredfs"]; }, { name = "_dmarc.reject.cacophony.za.org", type = "txt"; replies = ["v=DMARC1; p=reject"]; }, { name = "spf.cacophony.za.org", type = "txt"; replies = ["v=spf1 ip4:8.8.4.4 -all"]; }, { name = "fail7.org.org.za", type = "a"; rcode = 'norec'; }, { name = "fail6.org.org.za", type = "txt"; replies = ["v=spf1 ip4:8.8.8.8 mx -all"]; }, { name = "fail6.org.org.za", type = "mx"; rcode = 'norec'; }, { name = "fail7.org.org.za", type = "aaaa"; rcode = 'norec'; }, { name = "_dmarc.quarantine.cacophony.za.org", type = "txt"; replies = ["v=DMARC1; p=quarantine"]; }, { name = "_dmarc.yo.mom.za.org", type = "txt"; replies = ["v=DMARC1; p=reject; aspf=s; adkim=s;"]; }, { name = "yo.mom.za.org", type = "txt"; replies = ["v=spf1 ip4:37.48.67.26 -all"]; }, { name = "testdkim._domainkey.mom.za.org", type = "txt"; replies = ["v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3v4VPE1QMHUzsMRbC8VzXNq82mDjiv9Gi1NB/YYC+vIYZT+sE/Uxnr0Clk8C2jgzEr3jcxgQEWZfMtEEg/EfEJvh4SrXWv9c0gw1EEfxKxX9i+r8yBQtc/EWospWVDkhF2lAvQAK1lV1ZiU7psJ6fh1CI39uZyWdAktZzWLf0zQIDAQAB"]; }, { name = "_dmarc.rspamd.tk", type = "txt"; replies = ["bio=a263adeab8acdcdb8b89e127b67d696061fdfbee"]; }, # For unknown dkim tags { name = "18457.62be233b.k2206._domainkey.taugh.com"; type = "txt"; replies = ["v=DKIM1; h=sha256; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLwxxLlZJ+uU3SctsQ2pjq6K0xyjhmvlIfWWGxRLxVpwyLPaNCUJNDnP0d0Fk+HQXub1T6R22T79L9yGQEZuHrD8MxchBKO++ywk7HOd1LvhweeKPUiXD03Dda54svQ2hnT7MQBFU92CWXoD0BRs9QPMyCC2QiZk0IwB1rK9sClOCjOdOH1mT1Oz8XObUqT3Nd6Oi7LSppyoMzYg4TEkmyiz0c34uiXOkqZwonf2V6+s/v/1/fz4dH6hgnn2cHLnjGmzmiKQgs8lJNMjhfI4sIzg26xNb4wCTVlggP6zDr7lxe9DZuTRcP5/tSI6ihDO/zc+7HmG83EIkqgqllI6IQIDAQAB ; n=Signing=20key=20at=20https://www.iecc.com/dkimkeys/k2206 ;"]; }, { name = "fail2.org.org.za", type = "txt"; replies = ["v=spf1 ip4:8.8.4.4 include:www.dnssec-failed.org -all"]; }, { name = "fail3.org.org.za", type = "txt"; replies = ["v=spf1 ip4:8.8.8.8 include:total.barf -all"]; }, { name = "mom.za.org", type = "txt"; replies = ["v=spf1 ip4:37.48.67.26 -all"]; }, { name = "testdkim._domainkey.asdf.rspamd.tk", # testdkim._domainkey.asdf.rspamd.tk is an alias for rspamd.tk type = "txt"; replies = ["bio=a263adeab8acdcdb8b89e127b67d696061fdfbee"]; }, { name = "testdkim._domainkey.rspamd.tk", # testdkim._domainkey.rspamd.tk is an alias for rspamd.tk type = "txt"; replies = ["bio=a263adeab8acdcdb8b89e127b67d696061fdfbee"]; }, { name = "pass1.org.org.za", type = "txt"; replies = ["v=spf1 include:pass2.org.org.za -all"]; }, { name = "95.142.99.88.in-addr.arpa", type = "ptr"; replies = ["mail.highsecure.ru"]; }, { name = "mail.highsecure.ru", type = "a"; replies = ["88.99.142.95"]; }, { name = "mail.highsecure.ru", type = "aaaa"; rcode = 'norec'; }, { name = "1.0.66.128.in-addr.arpa", type = "ptr"; rcode = 'nxdomain'; }, { name = "182.216.85.209.in-addr.arpa", type = "ptr"; replies = ["mail-qt0-f182.google.com"]; }, { name = "crazyspf.cacophony.za.org", type = "txt"; replies = ["v=spf1 ptr:cacophony.za.org ptr:rspamd.com ptr:yahoo.com ptr:yahoo.net ptr:highsecure.ru -all"]; }, { name = "pass2.org.org.za", type = "txt"; replies = ["v=spf1 ip4:8.8.8.8 -all"]; }, { name = "_dmarc.yoni.za.org", type = "txt"; replies = ["v=DMARC1; p=reject; sp=none;"]; }, { name = "fail10.org.org.za", type = "txt"; replies = ["v=spf1 redirect=fail5.org.org.za"]; }, { name = "fail11.org.org.za", type = "txt"; replies = ["v=sPF1 ip4:8.8.8.8 -all"]; }, { name = "fail5.org.org.za", type = "txt"; replies = ["v=spf1 OMGBARF"]; }, { name = "fail7.org.org.za", type = "txt"; replies = ["v=spf1 ip4:8.8.8.8 a -all"]; }, { name = "trusted.com", type = "txt"; replies = ["v=spf1 ip4:192.168.1.1"]; }, { name = "external.com", type = "txt"; replies = ["v=spf1 ip4:37.48.67.26"]; }, { name = "co.za", type = "txt"; rcode = 'norec'; }, { name = "testdkim1._domainkey.yoni.za.org", type = "txt"; replies = ["v=DKIM1; k=rsa; p=BARF"]; }, { name = "_dmarc.yoni.za.net", type = "txt"; replies = ["v=DMARC1; p=none; sp=quarantine"]; }, { name = "za", type = "txt"; replies = ["Top-level domain for South Africa"]; }, { name = "_dmarc.foo.yoni.za.org", type = "txt"; rcode = 'nxdomain'; }, { name = "_dmarc.foo.cacophony.za.org", type = "txt"; rcode = 'nxdomain'; }, { name = "_dmarc.foo.yoni.za.net", type = "txt"; rcode = 'nxdomain'; }, { name = "_dmarc.dnssec-failed.org", type = "txt"; rcode = 'timeout'; }, { name = "_dmarc.example.com", type = "txt"; rcode = 'nxdomain'; }, { name = "_dmarc.zero_pct.com", type = "txt"; replies = ["v=DMARC1; p=reject; sp=quarantine; pct=0"]; }, { name = "example.com", type = "txt"; replies = ["$Id: example.com 4415 2015-08-24 20:12:23Z davids $", "v=spf1 -all"]; }, { name = "example.com", type = "a"; replies = ["93.184.216.34"]; }, { name = "testdkim1._domainkey.dnssec-failed.org", type = "txt"; rcode = 'timeout'; }, { name = "total.barf", type = "txt"; rcode = 'nxdomain'; }, { name = "_dmarc.foo.cacophony.za.org", type = "txt"; rcode = 'nxdomain'; }, { name = "zzzzaaaa", type = "txt"; rcode = 'nxdomain'; }, { name = "asdfsfewewrredfs", type = "txt"; rcode = 'nxdomain'; }, { name = "95.142.99.88.asn.rspamd.com", type = "txt"; replies = ["24940|88.99.0.0/16|DE|ripencc|"]; }, { name = "2.a.d.1.1.d.e.f.f.f.0.0.4.5.0.5.d.6.2.0.6.b.a.a.8.c.7.0.1.0.a.2.asn6.rspamd.com", type = "txt"; replies = ["20857|2a01:7c8::/32|NL|ripencc|"]; }, { name = "2.a.d.1.1.d.e.f.f.f.0.0.4.5.0.5.d.6.2.0.6.b.a.a.8.c.7.0.1.0.a.2.rspamd.com", type = "txt"; rcode = 'nxdomain'; }, { name = "2.a.d.1.1.d.e.f.f.f.0.0.4.5.0.5.d.6.2.0.6.b.a.a.8.c.7.0.1.0.a.2.rspamd.com", type = "a"; rcode = 'nxdomain'; }, { name = "rspamd.com", type = "txt"; replies = ["v=spf1 mx -all"]; }, { name = "rspamd.com", type = "mx"; replies = ["10 mail.highsecure.ru"]; }, { name = "95.142.99.88.rspamd.com", type = "a"; rcode = 'norec'; }, { name = "95.142.99.88.rspamd.com", type = "aaaa"; rcode = 'norec'; }, { name = "2.0.0.127.rspamd.com", type = "a"; replies = ["127.0.0.1"]; }, { name = "8.8.8.8.asn.rspamd.com", type = "txt"; replies = ["15169|8.8.8.0/24|US|arin|"]; }, { name = "8.8.8.8.asn.rspamd.com", type = "a"; rcode = 'nxdomain'; }, { name = "10.0.1.10.asn.rspamd.com", type = "txt"; rcode = 'nxdomain'; }, { name = "10.0.1.10.asn.rspamd.com", type = "a"; rcode = 'nxdomain'; }, { name = "10.0.1.11.asn.rspamd.com", type = "txt"; rcode = 'nxdomain'; }, { name = "10.0.1.11.asn.rspamd.com", type = "a"; rcode = 'nxdomain'; }, { name = "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.rspamd.com", type = "a"; rcode = 'nxdomain'; }, { name = "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.rspamd.com", type = "a"; rcode = 'nxdomain'; }, { name = "test.com", type = "txt"; replies = [""]; }, { name = "other.com", type = "txt"; rcode = 'norec'; }, { name = "bob", type = "txt"; rcode = 'nxdomain'; }, { name = "mail.highsecure.ru", type = "aaaa"; rcode = 'norec'; }, { name = "mail.highsecure.ru", type = "a"; replies = ["88.99.142.95"]; }, { name = "4.3.2.1.rspamd.com", type = "a"; rcode = 'nxdomain'; }, { name = "4.3.2.1.asn.rspamd.com", type = "txt"; rcode = 'nxdomain'; }, { name = "1.0.0.127.rspamd.com", type = "a"; rcode = 'nxdomain'; }, { name = "114.47.228.46.rspamd.com", type = "a"; rcode = 'nxdomain'; }, { name = "114.47.228.46.asn.rspamd.com", type = "txt"; replies = ["34010|46.228.40.0/21|GB|ripencc|"]; }, { name = "10.0.1.10.rspamd.com", type = "a"; rcode = 'nxdomain'; }, { name = "10.0.1.11.rspamd.com", type = "a"; rcode = 'nxdomain'; }, { name = "other.org", type = "txt"; rcode = 'norec'; }, { name = "8.8.8.8.rspamd.com", type = "a"; rcode = 'nxdomain'; }, { name = "rspamd.tk", type = "txt"; replies = ["bio=a263adeab8acdcdb8b89e127b67d696061fdfbee"]; }, { name = "fail1.org.org.za", type = "txt"; replies = ["v=spf1 redirect=www.dnssec-failed.org"]; }, { name = "www.dnssec-failed.org", type = "txt"; rcode = 'timeout'; }, { name = "www.dnssec-failed.org", type = "mx"; rcode = 'timeout'; }, { name = "www.dnssec-failed.org", type = "a"; rcode = 'timeout'; }, { name = "www.dnssec-failed.org", type = "aaaa"; rcode = 'norec'; }, { name = "cacophony.za.org", type = "txt"; replies = ["v=spf1 redirect=asdfsfewewrredfs"]; }, { name = "fail9.org.org.za", type = "txt"; replies = ["v=spf1 ip4:8.8.8.8 mx:www.dnssec-failed.org -all"]; }, { name = "fail8.org.org.za", type = "txt"; replies = ["v=spf1 ip4:8.8.8.8 a:www.dnssec-failed.org -all"]; }, { name = "1.2.3.4.fake.rbl"; type = "a"; replies = ["127.0.0.2"]; }, { name = "2.2.3.4.fake.rbl"; type = "a"; replies = ["127.0.0.10"]; }, { name = "3.2.3.4.fake.rbl"; type = "a"; replies = ["127.0.0.2", "127.0.0.3"]; }, { name = "4.2.3.4.fake.rbl"; type = "a"; replies = ["127.0.0.2"]; }, { name = "4.2.3.4.fake.wl"; type = "a"; replies = ["127.0.0.2"]; }, { name = "4.3.2.1.fake.rbl"; type = "a"; rcode = 'nxdomain'; }, { name = "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.fake.rbl"; type = "a"; replies = ["127.0.0.2"]; }, { name = "131.193.18.151.fake.rbl"; type = "a"; replies = ["127.0.0.3"]; }, # SURBL tests { name = "rciuosbadgpq6b5wt436nhgnwzmfh9w9.test.uribl"; type = a; replies = ["127.0.0.2"]; }, { # testtest.com name = "rcf1ecxtxrrpfncqzsdaiezjkf7f1rzz.test.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "jhcszdsmo3wuj5mp8t38kdisdmr3ib3q.test.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "g9ifs3q39oh5jwru94cj7ffaqd6rfyq6.test.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "xn--80arbjktj.xn--p1ai.test2.uribl"; type = a; replies = ["127.0.1.2"]; }, { name = "мойсайт.рф.test2.uribl"; type = a; replies = ["127.0.1.2"]; }, { name = "user.emailbl.com.test5.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "user.subdomain.emailbl.com.test5.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "baddomain.com.test6.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "user.subdomain.baddomain.com.test5.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "example.com.test2.uribl"; type = a; replies = ["127.0.1.2"]; }, { name = "user.example.com.test2.uribl"; type = a; replies = ["127.0.1.5"]; }, { name = "example.net.test2.uribl"; type = a; replies = ["127.0.1.4"]; }, { name = "rspamd.tk.test2.uribl"; type = a; replies = ["127.0.1.4"]; }, { name = "example.org.test3.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "example.ru.test3.uribl"; type = a; replies = ["127.0.0.12"]; }, { name = "example.ru"; type = a; replies = ["8.8.8.8", "8.8.8.9"]; }, { name = "8.8.8.8.test4.uribl"; type = a; replies = ["127.0.0.4", "127.0.0.11"]; }, { name = "uppht14nj4fsoycu3huctg9d5psx9je4.test.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "rspamd-test.com.test2.uribl"; type = a; replies = ["127.0.1.2"]; }, { name = "9.8.8.8.test4.uribl"; type = a; replies = ["127.0.0.3"]; }, { name = "4.very.dirty.sanchez.com.test7.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "clean.dirty.sanchez.com.test7.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "not.dirty.sanchez.com.test7.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "41.black.sanchez.com.test7.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "black.sanchez.com.test7.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "dirty.sanchez.com.test8.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "very.dirty.sanchez.com.test8.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "41.black.sanchez.com.test8.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "black.sanchez.com.test8.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "example.com.test9.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "example.org.test9.uribl"; type = a; replies = ["127.0.0.2"]; }, { name = "8.8.8.8.test9.uribl"; type = a; replies = ["127.0.0.2"]; }, # TODO: add IPv6 tests ]; } } logging = { type = "file", level = "debug" filename = "{= env.TMPDIR =}/rspamd.log" log_usec = true; } metric = { name = "default", actions = { reject = 100500, add_header = 50500, } unknown_weight = 1 } worker { type = normal bind_socket = "{= env.LOCAL_ADDR =}:{= env.PORT_NORMAL =}" count = 1 task_timeout = 10s; } worker { type = controller bind_socket = "{= env.LOCAL_ADDR =}:{= env.PORT_CONTROLLER =}" count = 1 secure_ip = ["127.0.0.1", "::1"]; stats_path = "{= env.TMPDIR =}/stats.ucl" } modules { path = "{= env.TESTDIR =}/../../src/plugins/lua/" } spf {} lua = "{= env.TESTDIR =}/lua/test_coverage.lua"; lua = "{= env.INSTALLROOT =}/share/rspamd/rules/rspamd.lua";