[Rspamd-Users] map setup with multimap

Sat Apr 4 18:34:21 UTC 2020

This is list of "local.d/multimap.conf" …

They are quite simple, but they work, and cover your needs, I believe. They do work for me.
in regard to "tdl" what i do is i check ASN record for country. I find this, more correct than just blocking tdl. as many spammers do not have reverse dns records, only IP’s … ASN checks for country origins of an IP, and therefore catches more spam… imho.

WHITELIST_SENDER_DOMAIN {
 type = "header";
 header = "from";
 filter = "email:domain";
 map = "/etc/rspamd/local.d/whitelist.sender.domain.map";
 score = -12.0;
 regexp = true;
}

BLACKLIST_SENDER_DOMAIN {
 type = "from";
 filter = "email:domain";
 map = "/etc/rspamd/local.d/blacklist.sender.domain.map";
 score = 12.0;
 action = "reject";
 message = "Requested action not taken: mailbox unavailable";
 regexp = true;
}

IP_WHITELIST {
 type = "ip";
 map = "${LOCAL_CONFDIR}/local.d/ip_whitelist.map";
 action = "accept";
}

COUNTRY_BL {
 type = "country";
 map = "${LOCAL_CONFDIR}/local.d/country_bl.map";
 score = 12;
 description = "List of countries with heavy spam usage";
 message = "Requested action not taken: mailbox unavailable";
 action = "reject";
}

KEYWORD_BL {
 type = "content";
 map = "${LOCAL_CONFDIR}/local.d/keyword_bl.map";
 score = 5;
 filter = "text";
# filter = "body";
 description = "List of words that will trigger higher score, for spammy messages";
 message ="Seems like you are trying to spam me … ";
 regexp = true;
}

/Nihad
On 4 Apr 2020, 17.41 +0200, David Mehler <dave.mehler at gmail.com>, wrote:
> Hello,
>
> I'm using the latest rspamd 2.5 on a FreeBSD system. I'm wanting
> clarification on various map setups as I'd like to add features to my
> setup. Also if anyone has examples of these i'd appreciate it as I'm
> understanding that most of these maps are regex which my knowledge is
> rutimentary at best.
>
> I'm wanting to check the from: header for suspicious activity, like
> things coming from my local machine even though they're external,
> signs of obvious header forgeries things like that.
>
> I've got a top-level domain map which blocks tlds that I don't want to
> see. Can I get a sanity check on this? An example tld should be a
> case-insensitive check:
>
> /\.xyz$/i
>
> The next two are a block for specific subjects I don't want to see as
> an example viagra and a block for specific body content, content being
> words I don't want to see messages about or messages in alternate
> languages or character sets or that have known spamminesses.
>
> Suggestions welcome.
> Thanks.
> Dave.
> --
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users