Skip to content

Commit 7bbf870

Browse files
jnorelljnorell
committed
rspamd: add Reply-To rules for sender blacklist
1 parent e27a978 commit 7bbf870

File tree

2 files changed

+26
-1
lines changed

2 files changed

+26
-1
lines changed

install/tpl/rspamd_force_actions.conf.master

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,15 @@
11
rules {
22

3+
# ISPConfig whitelist/blacklist passthrough actions
4+
# (always combine authentication tests (dkim/spf) with sender whitelisting).
5+
36
ISPC_WHITELIST_SENDER {
47
expression = "(ISPC_WHITELIST_ENVFROM and (R_DKIM_ALLOW or R_SPF_ALLOW)) or (ISPC_WHITELIST_FROM and R_DKIM_ALLOW) and !CLAM_VIRUS and !JUST_EICAR";
58
action = "no action";
69
}
710

811
ISPC_BLACKLIST_SENDER {
9-
expression = "(ISPC_BLACKLIST_FROM or ISPC_BLACKLIST_FROM_DOMAIN) and R_DKIM_ALLOW and !ISPC_WHITELIST_SENDER and !ISPC_WHITELIST_SENDER_DOMAIN and !ISPC_WHITELIST_RECIPIENT";
12+
expression = "(ISPC_BLACKLIST_FROM or ISPC_BLACKLIST_FROM_DOMAIN or ISPC_BLACKLIST_REPLYTO or ISPC_BLACKLIST_REPLYTO_DOMAIN) and !ISPC_WHITELIST_SENDER and !ISPC_WHITELIST_SENDER_DOMAIN and !ISPC_WHITELIST_RECIPIENT";
1013
action = "reject";
1114
}
1215

@@ -15,6 +18,8 @@ rules {
1518
action = "no action";
1619
}
1720

21+
# test multiple recipients, does forced action only apply to the whitelisted recipient or all?
22+
# if all, combine this with RCPT_COUNT_ONE
1823
ISPC_WHITELIST_RECIPIENT {
1924
expression = "ISPC_WHITELIST_ENVRCPT and !CLAM_VIRUS and !JUST_EICAR";
2025
action = "no action";

install/tpl/rspamd_multimap.conf.master

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,26 @@ ISPC_BLACKLIST_FROM_DOMAIN {
6969
score = 12.0;
7070
}
7171

72+
ISPC_BLACKLIST_REPLYTO {
73+
group = "ISPConfig";
74+
description = "Reply-To: header address in sender blacklist.";
75+
type = "header";
76+
header = "Reply-To";
77+
filter = "email";
78+
map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_blacklist.inc.local" ];
79+
score = 12.0;
80+
}
81+
82+
ISPC_BLACKLIST_REPLYTO_DOMAIN {
83+
group = "ISPConfig";
84+
description = "Reply-To: header domain in sender blacklist.";
85+
type = "header";
86+
header = "Reply-To";
87+
filter = "email:domain";
88+
map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_blacklist.inc.local" ];
89+
score = 12.0;
90+
}
91+
7292
# Reminder: test if whitelisted sender bypasses dkim signing for sender
7393
# Reminder: test if whitelisted recipient address bypasses dkim signing for sender
7494

0 commit comments

Comments
 (0)