[Rspamd-Users] map setup with multimap

Mon Apr 6 18:57:58 UTC 2020

Here they are…
please note, some maps are empty, as they are not being used yet, just configured for future needs.

==> blacklist.sender.domain.map <==
# this map accepts regexp also
# matches mail server domain smtp.domain.tld to block specific server names.
mail.n.convertkit.com

==> country_bl.map <==
# country code XX for given IP matched by ASN
AD
AE
RU

==> filename.map <==
exe
arj
scr
lnk
bat

==> ip_whitelist.map <==
# empty but essentially an IP per line

==> keyword_bl.map <==
/loan/
/\s+[13][a-km-zA-HJ-NP-Z1-9]{25,34}/ #Bitcoin crap

==> whitelist.sender.domain.map <==
whitelist.tld
another.tld

/Nihad
On 6 Apr 2020, 20.20 +0200, Durga Prasad Malyala <dp.malyala at gmail.com>, wrote:
> On Sun, 5 Apr 2020 at 03:07, David Mehler <dave.mehler at gmail.com> wrote:
> >
> > Hello,
> >
> > Thanks for these configurations, do you have an example of each of these maps?
> >
> > Thanks.
> > Dave.
> >
> >
> > On 4/4/20, Nihad @ RSPAMD maillist via Users <users at lists.rspamd.com> wrote:
> > > This is list of "local.d/multimap.conf" …
> > >
> > > They are quite simple, but they work, and cover your needs, I believe. They
> > > do work for me.
> > > in regard to "tdl" what i do is i check ASN record for country. I find this,
> > > more correct than just blocking tdl. as many spammers do not have reverse
> > > dns records, only IP’s … ASN checks for country origins of an IP, and
> > > therefore catches more spam… imho.
> > >
> > >
> > > WHITELIST_SENDER_DOMAIN {
> > > type = "header";
> > > header = "from";
> > > filter = "email:domain";
> > > map = "/etc/rspamd/local.d/whitelist.sender.domain.map";
> > > score = -12.0;
> > > regexp = true;
> > > }
> > >
> > > BLACKLIST_SENDER_DOMAIN {
> > > type = "from";
> > > filter = "email:domain";
> > > map = "/etc/rspamd/local.d/blacklist.sender.domain.map";
> > > score = 12.0;
> > > action = "reject";
> > > message = "Requested action not taken: mailbox unavailable";
> > > regexp = true;
> > > }
> > >
> > > IP_WHITELIST {
> > > type = "ip";
> > > map = "${LOCAL_CONFDIR}/local.d/ip_whitelist.map";
> > > action = "accept";
> > > }
> > >
> > >
> > > COUNTRY_BL {
> > > type = "country";
> > > map = "${LOCAL_CONFDIR}/local.d/country_bl.map";
> > > score = 12;
> > > description = "List of countries with heavy spam usage";
> > > message = "Requested action not taken: mailbox unavailable";
> > > action = "reject";
> > > }
> > >
> > > KEYWORD_BL {
> > > type = "content";
> > > map = "${LOCAL_CONFDIR}/local.d/keyword_bl.map";
> > > score = 5;
> > > filter = "text";
> > > # filter = "body";
> > > description = "List of words that will trigger higher score, for spammy
> > > messages";
> > > message ="Seems like you are trying to spam me … ";
> > > regexp = true;
> > > }
> > >
> > >
> > >
> > >
> > > /Nihad
> > > On 4 Apr 2020, 17.41 +0200, David Mehler <dave.mehler at gmail.com>, wrote:
> > > > Hello,
> > > >
> > > > I'm using the latest rspamd 2.5 on a FreeBSD system. I'm wanting
> > > > clarification on various map setups as I'd like to add features to my
> > > > setup. Also if anyone has examples of these i'd appreciate it as I'm
> > > > understanding that most of these maps are regex which my knowledge is
> > > > rutimentary at best.
> > > >
> > > > I'm wanting to check the from: header for suspicious activity, like
> > > > things coming from my local machine even though they're external,
> > > > signs of obvious header forgeries things like that.
> > > >
> > > > I've got a top-level domain map which blocks tlds that I don't want to
> > > > see. Can I get a sanity check on this? An example tld should be a
> > > > case-insensitive check:
> > > >
> > > > /\.xyz$/i
> > > >
> > > > The next two are a block for specific subjects I don't want to see as
> > > > an example viagra and a block for specific body content, content being
> > > > words I don't want to see messages about or messages in alternate
> > > > languages or character sets or that have known spamminesses.
> > > >
> > > > Suggestions welcome.
> > > > Thanks.
> > > > Dave.
> > > > --
> > > > Users mailing list
> > > > Users at lists.rspamd.com
> > > > https://lists.rspamd.com/mailman/listinfo/users
> > > --
> > > Users mailing list
> > > Users at lists.rspamd.com
> > > https://lists.rspamd.com/mailman/listinfo/users
> > >
> > --
> > Users mailing list
> > Users at lists.rspamd.com
> > https://lists.rspamd.com/mailman/listinfo/users
>
> Hi,
> Can you share example of each of these maps?
> Regards/DP
> --
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users