ISP/install/tpl/rspamd_force_actions.conf.master at 6082-rspamd-white-blacklist-using-multimap-module · ghzhost/ISP · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
rules {

  # ISPConfig whitelist/blacklist passthrough actions
  # (always combine authentication tests (dkim/spf) with sender whitelisting).

  ISPC_WHITELIST_SENDER {
    expression = "(ISPC_WHITELIST_ENVFROM and (R_DKIM_ALLOW or R_SPF_ALLOW)) or (ISPC_WHITELIST_FROM and R_DKIM_ALLOW) and !CLAM_VIRUS and !JUST_EICAR";
    action = "no action";
    message = "Whitelisted sender";
  }

  ISPC_BLACKLIST_SENDER {
    expression = "(ISPC_BLACKLIST_FROM or ISPC_BLACKLIST_FROM_DOMAIN or ISPC_BLACKLIST_REPLYTO or ISPC_BLACKLIST_REPLYTO_DOMAIN) and !FORCE_ACTION_ISPC_WHITELIST_SENDER and !FORCE_ACTION_ISPC_WHITELIST_SENDER_DOMAIN and !FORCE_ACTION_ISPC_WHITELIST_RECIPIENT and !FORCE_ACTION_WHITELIST_RECIPIENT_DOMAIN";
    action = "reject";
    message = "Blacklisted sender";
  }

  ISPC_WHITELIST_SENDER_DOMAIN {
    expression = "(ISPC_WHITELIST_ENVFROM_DOMAIN and (ISPC_WHITELIST_DKIM or ISPC_WHITELIST_SPF)) or (ISPC_WHITELIST_FROM_DOMAIN and ISPC_WHITELIST_DKIM) and !CLAM_VIRUS and !JUST_EICAR";
    action = "no action";
    message = "Whitelisted sender domain";
  }

# test multiple recipients, does forced action only apply to the whitelisted recipient or all?
# if all, combine this with RCPT_COUNT_ONE
# do all recipients have to be matched in whitelist for symbol to be added, or any ?
  ISPC_WHITELIST_RECIPIENT {
    expression = "ISPC_WHITELIST_ENVRCPT and !CLAM_VIRUS and !JUST_EICAR";
    action = "no action";
    message = "Whitelisted recipient";
  }

#  ISPC_TEST {
#    #expression = "ISPC_BLACKLIST_TO";
#    expression = "ISPC_WHITELIST_ENVRCPT";
#    action = "no action";
#    message = "TEST RULE";
#  }

  ISPC_BLACKLIST_RECIPIENT {
    expression = "(ISPC_BLACKLIST_TO or ISPC_BLACKLIST_TO_DOMAIN) and !FORCE_ACTION_ISPC_WHITELIST_SENDER and !FORCE_ACTION_ISPC_WHITELIST_SENDER_DOMAIN and !FORCE_ACTION_ISPC_WHITELIST_RECIPIENT and !FORCE_ACTION_WHITELIST_RECIPIENT_DOMAIN";
    action = "reject";
    message = "Blacklisted recipient";
  }

  ISPC_WHITELIST_RECIPIENT_DOMAIN {
    expression = "ISPC_WHITELIST_ENVRCPT_DOMAIN and !CLAM_VIRUS and !JUST_EICAR";
    action = "no action";
    message = "Whitelisted recipient domain";
  }

}