commit af4a3ad: [Conf] Move all to rbl

Vsevolod Stakhov vsevolod at highsecure.ru
Mon Sep 2 15:56:07 UTC 2019


Author: Vsevolod Stakhov
Date: 2019-09-02 16:36:45 +0100
URL: https://github.com/rspamd/rspamd/commit/af4a3addb0c025b3ccff39396475c96a71c56536

[Conf] Move all to rbl

---
 conf/modules.d/emails.conf     |  45 +-----------
 conf/modules.d/rbl.conf        | 161 +++++++++++++++++++++++++++++++++++++++++
 conf/modules.d/surbl.conf      |  16 +---
 conf/scores.d/surbl_group.conf |  78 ++++++++++----------
 4 files changed, 202 insertions(+), 98 deletions(-)

diff --git a/conf/modules.d/emails.conf b/conf/modules.d/emails.conf
index 8511eed2b..dab752e2a 100644
--- a/conf/modules.d/emails.conf
+++ b/conf/modules.d/emails.conf
@@ -1,48 +1,5 @@
-# Please don't modify this file as your changes might be overwritten with
-# the next update.
-#
-# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
-# parameters defined on the top level
-#
-# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
-# parameters defined on the top level
-#
-# For specific modules or configuration you can also modify
-# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
-# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
-#
-# See https://rspamd.com/doc/tutorials/writing_rules.html for details
-
+# Deprecated! Use rbl module
 emails {
-  rules {
-    RSPAMD_EMAILBL {
-      delimiter = ".";
-      encoding = "base32";
-      hashlen = 32;
-      dnsbl = "email.rspamd.com";
-      check_replyto = true;
-      hash = "blake2";
-      returncodes = {
-        RSPAMD_EMAILBL = "127.0.0.2";
-      }
-    }
-    MSBL_EBL {
-      dnsbl = "ebl.msbl.org";
-      domain_only = false;
-      check_replyto = true;
-      hash = "sha1";
-      returncodes = {
-        MSBL_EBL = [
-          "127.0.0.2",
-          "127.0.0.3"
-        ];
-        MSBL_EBL_GREY = [
-          "127.0.1.2",
-          "127.0.1.3"
-        ];
-      }
-    }
-  }
   .include(try=true,priority=5) "${DBDIR}/dynamic/emails.conf"
   .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/emails.conf"
   .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/emails.conf"
diff --git a/conf/modules.d/rbl.conf b/conf/modules.d/rbl.conf
index f8f8d02a1..d6919b655 100644
--- a/conf/modules.d/rbl.conf
+++ b/conf/modules.d/rbl.conf
@@ -159,6 +159,167 @@ rbl {
         DWL_DNSWL_BLOCKED = "127.0.0.255";
       }
     }
+    # Old emails module
+    RSPAMD_EMAILBL {
+      ignore_defaults = true;
+      emails_delimiter = ".";
+      hash_type = "base32";
+      hash_len = 32;
+      rbl = "email.rspamd.com";
+      replyto = true;
+      hash = "blake2";
+      returncodes = {
+        RSPAMD_EMAILBL = "127.0.0.2";
+      }
+    }
+    MSBL_EBL {
+      ignore_defaults = true;
+      rbl = "ebl.msbl.org";
+      emails_domainonly = false;
+      replyto = true;
+      hash = "sha1";
+      returncodes = {
+        MSBL_EBL = [
+          "127.0.0.2",
+          "127.0.0.3"
+        ];
+        MSBL_EBL_GREY = [
+          "127.0.1.2",
+          "127.0.1.3"
+        ];
+      }
+    }
+    # Old SURBL module
+    "SURBL_MULTI" {
+      ignore_defaults = true;
+      rbl = "multi.surbl.org";
+      dkim = true;
+      emails = true;
+      emails_domainonly = true;
+      urls = true;
+
+      returnbits = {
+        CRACKED_SURBL = 128; # From February 2016
+        ABUSE_SURBL = 64;
+        MW_SURBL_MULTI = 16;
+        PH_SURBL_MULTI = 8;
+        SURBL_BLOCKED = 1;
+      }
+    }
+
+    "URIBL_MULTI" {
+      ignore_defaults = true;
+      rbl = "multi.uribl.com";
+      dkim = true;
+      emails = true;
+      emails_domainonly = true;
+      urls = true;
+
+      returnbits {
+        URIBL_BLOCKED = 1;
+        URIBL_BLACK = 2;
+        URIBL_GREY = 4;
+        URIBL_RED = 8;
+      }
+    }
+
+    "RSPAMD_URIBL" {
+      ignore_defaults = true;
+      rbl = "uribl.rspamd.com";
+      dkim = true;
+      emails = true;
+      emails_domainonly = true;
+      urls = true;
+      hash = 'blake2';
+      hash_len = 32;
+      hash_type = 'base32';
+
+      returncodes = {
+        RSPAMD_URIBL = [
+          "127.0.0.2",
+        ];
+      }
+    }
+
+    "DBL" {
+      ignore_defaults = true;
+      rbl = "dbl.spamhaus.org";
+      no_ip = true;
+      dkim = true;
+      emails = true;
+      emails_domainonly = true;
+      urls = true;
+
+      returncodes = {
+        # spam domain
+        DBL_SPAM = "127.0.1.2";
+        # phish domain
+        DBL_PHISH = "127.0.1.4";
+        # malware domain
+        DBL_MALWARE = "127.0.1.5";
+        # botnet C&C domain
+        DBL_BOTNET = "127.0.1.6";
+        # abused legit spam
+        DBL_ABUSE = "127.0.1.102";
+        # abused spammed redirector domain
+        DBL_ABUSE_REDIR = "127.0.1.103";
+        # abused legit phish
+        DBL_ABUSE_PHISH = "127.0.1.104";
+        # abused legit malware
+        DBL_ABUSE_MALWARE = "127.0.1.105";
+        # abused legit botnet C&C
+        DBL_ABUSE_BOTNET = "127.0.1.106";
+        # error - IP queries prohibited!
+        DBL_PROHIBIT = "127.0.1.255";
+      }
+    }
+
+    # Not enabled by default due to privacy concerns! (see also groups.d/surbl_group.conf)
+    #"SPAMHAUS_ZEN_URIBL" {
+    #  suffix = "zen.spamhaus.org";
+    #  resolve_ip = true;
+    #  check_emails = true;
+    #  ips {
+    #    URIBL_SBL = "127.0.0.2";
+    #    URIBL_SBL_CSS = "127.0.0.3";
+    #    URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
+    #    URIBL_PBL = ["127.0.0.10", "127.0.0.11"];
+    #    URIBL_DROP = "127.0.0.9";
+    #  }
+    #}
+
+    "SEM_URIBL_UNKNOWN" {
+      ignore_defaults = true;
+      rbl = "uribl.spameatingmonkey.net";
+      no_ip = true;
+      dkim = true;
+      emails = true;
+      emails_domainonly = true;
+      urls = true;
+      returnbits {
+        SEM_URIBL = 2;
+      }
+    }
+
+    "SEM_URIBL_FRESH15_UNKNOWN" {
+      ignore_defaults = true;
+      rbl = "fresh15.spameatingmonkey.net";
+      no_ip = true;
+      dkim = true;
+      emails = true;
+      emails_domainonly = true;
+      urls = true;
+      returnbits {
+        SEM_URIBL_FRESH15 = 2;
+      }
+    }
+
+    # Proved to be broken
+    #"RBL_SARBL_BAD" {
+    #  suffix = "public.sarbl.org";
+    #  noip   = true;
+    #  images = true;
+    #}
   }
 
   .include(try=true,priority=5) "${DBDIR}/dynamic/rbl.conf"
diff --git a/conf/modules.d/surbl.conf b/conf/modules.d/surbl.conf
index bc7f47791..a64256f10 100644
--- a/conf/modules.d/surbl.conf
+++ b/conf/modules.d/surbl.conf
@@ -1,18 +1,4 @@
-# Please don't modify this file as your changes might be overwritten with
-# the next update.
-#
-# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
-# parameters defined on the top level
-#
-# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
-# parameters defined on the top level
-#
-# For specific modules or configuration you can also modify
-# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
-# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
-#
-# See https://rspamd.com/doc/tutorials/writing_rules.html for details
-
+# Deprecated, use RBL module!
 surbl {
   whitelist = [
     "https://maps.rspamd.com/rspamd/surbl-whitelist.inc.zst",
diff --git a/conf/scores.d/surbl_group.conf b/conf/scores.d/surbl_group.conf
index 271f911c5..93befa085 100644
--- a/conf/scores.d/surbl_group.conf
+++ b/conf/scores.d/surbl_group.conf
@@ -176,43 +176,43 @@ symbols = {
         one_shot = true;
         groups = ["uribl"];
     }
-    "SPAMHAUS_ZEN_URIBL" {
-        weight = 0.0;
-        description = "Spamhaus ZEN URIBL: Filtered result";
-        groups = ["spamhaus"];
-    }
-    "URIBL_SBL" {
-        weight = 6.5;
-        description = "A domain in the message body resolves to an IP listed in Spamhaus SBL";
-        one_shot = true;
-        groups = ["v"];
-    }
-    "URIBL_SBL_CSS" {
-        weight = 6.5;
-        description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS";
-        one_shot = true;
-        groups = ["spamhaus"];
-    }
-    "URIBL_XBL" {
-        weight = 1.5;
-        description = "A domain in the message body resolves to an IP listed in Spamhaus XBL";
-        one_shot = true;
-        groups = ["spamhaus"];
-    }
-    "URIBL_PBL" {
-        weight = 0.01;
-        description = "A domain in the message body resolves to an IP listed in Spamhaus PBL";
-        groups = ["spamhaus"];
-    }
-    "URIBL_DROP" {
-        weight = 5.0;
-        description = "A domain in the message body resolves to an IP listed in Spamhaus DROP";
-        one_shot = true;
-        groups = ["spamhaus"];
-    }
-    "RBL_SARBL_BAD" {
-        weight = 2.5;
-        description = "A domain in the message body is blacklisted in SARBL";
-        one_shot = true;
-   }
+    #"SPAMHAUS_ZEN_URIBL" {
+    #    weight = 0.0;
+    #    description = "Spamhaus ZEN URIBL: Filtered result";
+    #    groups = ["spamhaus"];
+    #}
+    #"URIBL_SBL" {
+    #    weight = 6.5;
+    #    description = "A domain in the message body resolves to an IP listed in Spamhaus SBL";
+    #    one_shot = true;
+    #    groups = ["v"];
+    #}
+    #"URIBL_SBL_CSS" {
+    #   weight = 6.5;
+    #    description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS";
+    #    one_shot = true;
+    #    groups = ["spamhaus"];
+    #}
+    #"URIBL_XBL" {
+    #    weight = 1.5;
+    #    description = "A domain in the message body resolves to an IP listed in Spamhaus XBL";
+    #    one_shot = true;
+    #    groups = ["spamhaus"];
+    #}
+    #"URIBL_PBL" {
+    #    weight = 0.01;
+    #    description = "A domain in the message body resolves to an IP listed in Spamhaus PBL";
+    #    groups = ["spamhaus"];
+    #}
+    #"URIBL_DROP" {
+    #    weight = 5.0;
+    #    description = "A domain in the message body resolves to an IP listed in Spamhaus DROP";
+    #    one_shot = true;
+    #    groups = ["spamhaus"];
+    #}
+    #"RBL_SARBL_BAD" {
+    #    weight = 2.5;
+    #    description = "A domain in the message body is blacklisted in SARBL";
+    #    one_shot = true;
+    #}
 }


More information about the Commits mailing list