-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrspamd_multimap.conf.master
More file actions
155 lines (131 loc) · 5.58 KB
/
rspamd_multimap.conf.master
File metadata and controls
155 lines (131 loc) · 5.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
ISPC_WHITELIST_IP {
group = "ISPConfig";
description = "Whitelisted ip address.";
type = "ip";
map = [ "$LOCAL_CONFDIR/local.d/maps.d/ip_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/ip_whitelist.inc.local" ];
prefilter = "true";
action = "accept";
}
# ISPC_BLACKLIST_IP: Postfix blocks blacklisted IP's, no need to configure those here.
ISPC_WHITELIST_ENVFROM {
group = "ISPConfig";
description = "Whitelisted sender address.";
type = "selector";
selector = "from('smtp')";
map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_whitelist.inc.local" ];
score = -7.0;
}
# ISPC_BLACKLIST_ENVFROM: Postfix blocks blacklisted senders, no need to configure those here.
ISPC_WHITELIST_ENVFROM_DOMAIN {
group = "ISPConfig";
description = "Whitelisted sender domain.";
type = "selector";
selector = "from('smtp'):domain";
map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.local" ];
score = -7.0;
}
# ISPC_BLACKLIST_ENVFROM_DOMAIN: Postfix blocks blacklisted sender domains, no need to configure those here.
ISPC_WHITELIST_FROM {
group = "ISPConfig";
description = "From: header address in sender whitelist.";
type = "selector";
selector = "from('mime')";
map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_whitelist.inc.local" ];
# trivial to spoof so primarily used via composite expression in force_actions.conf
score = -1.0;
}
ISPC_BLACKLIST_FROM {
group = "ISPConfig";
description = "From: header address in sender blacklist.";
type = "selector";
selector = "from('mime')";
map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_blacklist.inc.local" ];
score = 12.0;
}
ISPC_WHITELIST_FROM_DOMAIN {
group = "ISPConfig";
description = "From: header domain in sender whitelist.";
type = "selector";
selector = "from('mime'):domain";
map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.local" ];
# trivial to spoof so primarily used via composite expression in force_actions.conf
score = -1.0;
}
ISPC_BLACKLIST_FROM_DOMAIN {
group = "ISPConfig";
description = "From: header domain in sender blacklist.";
type = "selector";
selector = "from('mime'):domain";
map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_blacklist.inc.local" ];
score = 12.0;
}
ISPC_BLACKLIST_REPLYTO {
group = "ISPConfig";
description = "Reply-To: header address in sender blacklist.";
type = "header";
header = "Reply-To";
filter = "email";
map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_blacklist.inc.local" ];
score = 12.0;
}
ISPC_BLACKLIST_REPLYTO_DOMAIN {
group = "ISPConfig";
description = "Reply-To: header domain in sender blacklist.";
type = "header";
header = "Reply-To";
filter = "email:domain";
map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_blacklist.inc.local" ];
score = 12.0;
}
# Reminder: test if whitelisted sender bypasses dkim signing for sender
# Reminder: test if whitelisted recipient address bypasses dkim signing for sender
ISPC_WHITELIST_ENVRCPT {
group = "ISPConfig";
description = "Whitelisted recipient address.";
type = "selector";
selector = "rcpts('smtp')";
map = [ "$LOCAL_CONFDIR/local.d/maps.d/recipient_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/recipient_whitelist.inc.local" ];
score = -7.0;
}
# ISPC_BLACKLIST_ENVRCPT: Postfix blocks blacklisted recipients, no need to configure those here.
ISPC_WHITELIST_ENVRCPT_DOMAIN {
group = "ISPConfig";
description = "Whitelisted recipient domain.";
type = "selector";
selector = "rcpts('smtp'):domain";
map = [ "$LOCAL_CONFDIR/local.d/maps.d/recipient_domain_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/recipient_domain_whitelist.inc.local" ];
score = -7.0;
}
# ISPC_BLACKLIST_ENVRCPT_DOMAIN: Postfix blocks blacklisted recipient domains, no need to configure those here.
# ISPC_WHITELIST_TO: headers are trivial to forge, no whitelisting based on them
ISPC_BLACKLIST_TO {
group = "ISPConfig";
description = "To:/Cc: header address in recipient blacklist.";
type = "selector";
selector = "rcpts('mime')";
map = [ "$LOCAL_CONFDIR/local.d/maps.d/recipient_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/recipient_blacklist.inc.local" ];
score = 12.0;
}
# ISPC_WHITELIST_TO_DOMAIN: headers are trivial to forge, no whitelisting based on them
ISPC_BLACKLIST_TO_DOMAIN {
group = "ISPConfig";
description = "To:/Cc: header domain in recipient blacklist.";
type = "selector";
selector = "rcpts('mime'):domain";
map = [ "$LOCAL_CONFDIR/local.d/maps.d/recipient_domain_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/recipient_domain_blacklist.inc.local" ];
score = 12.0;
}
# Invaluement.com Service Provider DNSBLs
# from https://rspamd.com/doc/configuration/selectors.html
INVALUEMENT_SENDGRID_ID {
type = "selector";
selector = 'header("X-SG-EID").id;from("smtp","orig").regexp("/^<?bounces\+(\d+)\-[^@]+@/i").last';
map = "https://www.invaluement.com/spdata/sendgrid-id-dnsbl.txt";
score = 6.0;
}
INVALUEMENT_SENDGRID_DOMAIN {
type = "selector";
selector = 'header("X-SG-EID").id;from("smtp","orig"):domain.get_tld';
map = "https://www.invaluement.com/spdata/sendgrid-envelopefromdomain-dnsbl.txt";
score = 6.0;
}