From 9a0e53350de27876bfa9bbc343eb5b943589649d Mon Sep 17 00:00:00 2001 From: bms8197 Date: Sun, 26 Mar 2023 20:38:37 +0300 Subject: [PATCH] committing changes in /etc made by "-bash" Package changes: --- logrotate.d/rspamd | 4 +- mock/centos-stream-8-aarch64.cfg | 1 + mock/centos-stream-8-ppc64le.cfg | 1 + mock/centos-stream-8-x86_64.cfg | 1 + mock/centos-stream-9-aarch64.cfg | 1 + mock/centos-stream-9-ppc64le.cfg | 1 + mock/centos-stream-9-s390x.cfg | 1 + mock/centos-stream-9-x86_64.cfg | 1 + mock/templates/centos-stream-8.tpl | 2 +- rspamd/actions.conf | 2 +- rspamd/composites.conf | 19 +- rspamd/maps.d/maillist.inc | 362 ++++++++++++-------------- rspamd/maps.d/redirectors.inc | 2 +- rspamd/maps.d/surbl-whitelist.inc | 24 +- rspamd/modules.d/arc.conf | 2 +- rspamd/modules.d/bimi.conf | 9 +- rspamd/modules.d/clickhouse.conf | 1 - rspamd/modules.d/multimap.conf | 10 +- rspamd/modules.d/rbl.conf | 40 ++- rspamd/modules.d/redis.conf | 2 +- rspamd/modules.d/spamassassin.conf | 2 +- rspamd/scores.d/content_group.conf | 7 +- rspamd/scores.d/headers_group.conf | 1 + rspamd/scores.d/mime_types_group.conf | 5 +- rspamd/scores.d/policies_group.conf | 4 - rspamd/scores.d/rbl_group.conf | 56 ++-- rspamd/scores.d/subject_group.conf | 4 +- rspamd/scores.d/surbl_group.conf | 69 +++-- rspamd/worker-proxy.inc | 9 +- 29 files changed, 316 insertions(+), 327 deletions(-) diff --git a/logrotate.d/rspamd b/logrotate.d/rspamd index f6536d0..ea1b02d 100644 --- a/logrotate.d/rspamd +++ b/logrotate.d/rspamd @@ -6,6 +6,6 @@ compress sharedscripts postrotate - export `systemctl -p MainPID show rspamd.service`; if [ -n "$MainPID" ]; then kill -USR1 $MainPID; fi + systemctl --signal=USR1 --kill-who=main kill rspamd.service 2>/dev/null || : endscript -} \ No newline at end of file +} diff --git a/mock/centos-stream-8-aarch64.cfg b/mock/centos-stream-8-aarch64.cfg index b5edbe5..4107720 100644 --- a/mock/centos-stream-8-aarch64.cfg +++ b/mock/centos-stream-8-aarch64.cfg @@ -1,3 +1,4 @@ +config_opts["koji_primary_repo"] = "centos-stream" include('templates/centos-stream-8.tpl') config_opts['root'] = 'centos-stream-8-aarch64' diff --git a/mock/centos-stream-8-ppc64le.cfg b/mock/centos-stream-8-ppc64le.cfg index 9c1dfe5..feb512c 100644 --- a/mock/centos-stream-8-ppc64le.cfg +++ b/mock/centos-stream-8-ppc64le.cfg @@ -1,3 +1,4 @@ +config_opts["koji_primary_repo"] = "centos-stream" include('templates/centos-stream-8.tpl') config_opts['root'] = 'centos-stream-8-ppc64le' diff --git a/mock/centos-stream-8-x86_64.cfg b/mock/centos-stream-8-x86_64.cfg index cd659e7..ca3b9e6 100644 --- a/mock/centos-stream-8-x86_64.cfg +++ b/mock/centos-stream-8-x86_64.cfg @@ -1,3 +1,4 @@ +config_opts["koji_primary_repo"] = "centos-stream" include('templates/centos-stream-8.tpl') config_opts['root'] = 'centos-stream-8-x86_64' diff --git a/mock/centos-stream-9-aarch64.cfg b/mock/centos-stream-9-aarch64.cfg index fc5121b..4877cbe 100644 --- a/mock/centos-stream-9-aarch64.cfg +++ b/mock/centos-stream-9-aarch64.cfg @@ -1,3 +1,4 @@ +config_opts["koji_primary_repo"] = "centos-stream" include('templates/centos-stream-9.tpl') config_opts['root'] = 'centos-stream-9-aarch64' diff --git a/mock/centos-stream-9-ppc64le.cfg b/mock/centos-stream-9-ppc64le.cfg index 7464843..7f94816 100644 --- a/mock/centos-stream-9-ppc64le.cfg +++ b/mock/centos-stream-9-ppc64le.cfg @@ -1,3 +1,4 @@ +config_opts["koji_primary_repo"] = "centos-stream" include('templates/centos-stream-9.tpl') config_opts['root'] = 'centos-stream-9-ppc64le' diff --git a/mock/centos-stream-9-s390x.cfg b/mock/centos-stream-9-s390x.cfg index 21ca5c2..a7b0484 100644 --- a/mock/centos-stream-9-s390x.cfg +++ b/mock/centos-stream-9-s390x.cfg @@ -1,3 +1,4 @@ +config_opts["koji_primary_repo"] = "centos-stream" include('templates/centos-stream-9.tpl') config_opts['root'] = 'centos-stream-9-s390x' diff --git a/mock/centos-stream-9-x86_64.cfg b/mock/centos-stream-9-x86_64.cfg index 9c0206b..ceb80d7 100644 --- a/mock/centos-stream-9-x86_64.cfg +++ b/mock/centos-stream-9-x86_64.cfg @@ -1,3 +1,4 @@ +config_opts["koji_primary_repo"] = "centos-stream" include('templates/centos-stream-9.tpl') config_opts['root'] = 'centos-stream-9-x86_64' diff --git a/mock/templates/centos-stream-8.tpl b/mock/templates/centos-stream-8.tpl index 1c3cca8..2869ba0 100644 --- a/mock/templates/centos-stream-8.tpl +++ b/mock/templates/centos-stream-8.tpl @@ -33,7 +33,7 @@ user_agent={{ user_agent }} [local] {% endif %} name=CentOS Stream $releasever - Koji Local - BUILDROOT ONLY! -baseurl=https://koji.mbox.centos.org/kojifiles/repos/dist-c{{ releasever }}-stream-build/latest/$basearch/ +baseurl=https://kojihub.stream.centos.org/kojifiles/repos/c{{ releasever }}s-build/latest/$basearch/ cost=2000 enabled=0 skip_if_unavailable=False diff --git a/rspamd/actions.conf b/rspamd/actions.conf index a141be7..8be3823 100644 --- a/rspamd/actions.conf +++ b/rspamd/actions.conf @@ -26,4 +26,4 @@ actions { .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/actions.conf" .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/actions.conf" -} \ No newline at end of file +} diff --git a/rspamd/composites.conf b/rspamd/composites.conf index e2096b2..db2cba1 100644 --- a/rspamd/composites.conf +++ b/rspamd/composites.conf @@ -45,10 +45,6 @@ composites { FORGED_MUA_MAILLIST { expression = "g:mua & -MAILLIST"; } - RBL_SPAMHAUS_XBL_ANY { - expression = "RBL_SPAMHAUS_XBL & RECEIVED_SPAMHAUS_XBL"; - description = "From and Received address are listed in Spamhaus XBL"; - } AUTH_NA { expression = "R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA"; score = 1.0; @@ -98,7 +94,7 @@ composites { } RCVD_UNAUTH_PBL { expression = "RECEIVED_PBL & !RCVD_VIA_SMTP_AUTH"; - description = "Relayed through ZEN PBL IP without sufficient authentication (possible indicating an open relay)"; + description = "Relayed through Spamhaus PBL IP without sufficient authentication (possible indicating an open relay)"; score = 2.0; policy = "leave"; } @@ -133,18 +129,16 @@ composites { policy = "leave"; } BAD_REP_POLICIES { - description = "Contains valid policies but are also marked by fuzzy/bayes/surbl/rbl"; + description = "Contains valid policies but are also marked by fuzzy/bayes/SURBL/RBL"; expression = "(~g-:policies) & (-g+:fuzzy | -g+:statistics | -g+:surbl | -g+:rbl)"; score = 0.1; } - VIOLATED_DIRECT_SPF { description = "Has no Received (or no trusted received relays) and SPF policy fails or soft fails"; expression = "(R_SPF_FAIL | R_SPF_SOFTFAIL) & (RCVD_COUNT_ZERO | RCVD_NO_TLS_LAST)"; policy = "leave"; score = 3.5; } - IP_SCORE_FREEMAIL { description = "Negate IP_SCORE when message comes from FreeMail"; expression = "FREEMAIL_FROM & SENDER_REP_SPAM"; @@ -164,12 +158,11 @@ composites { score = 7.0; group = "scams"; } - FREEMAIL_AFF { - expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & R_UNDISC_RCPT & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)"; - score = 4.0; - policy = "leave"; - description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses"; + expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & R_UNDISC_RCPT & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)"; + score = 4.0; + policy = "leave"; + description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses"; } .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf" diff --git a/rspamd/maps.d/maillist.inc b/rspamd/maps.d/maillist.inc index 97b2158..b2de86d 100644 --- a/rspamd/maps.d/maillist.inc +++ b/rspamd/maps.d/maillist.inc @@ -1,208 +1,176 @@ -usndr.com -subscribe.ru -smartsndr.com - -hh.ru -free-lance.ru -superjob.ru -rabota.ru -job.ru -odesk.com -jobinmoscow.ru - -russianpost.ru -shopotam.ru - -ebay.com +1c-bitrix.ru +360.cn +360.com +activeby.net +adobe.com +aeroflot.ru alibaba.com aliexpress.com alipay.com - -github.net -github.com -molotok.ru - -facebook.com -vk.com -odnoklassniki.ru -vkrugudruzei.ru -linkedin.com -professionali.ru -mail.mtml.ru -livejournal.com -twitter.com - -avito.ru -dmir.ru -mnogo.ru -paypal.com -roboxchange.com -sberbank.ru - -qiwi.com -qiwi.ru -osmp.ru -mobilelement.ru -rp-system.ru -quickpay.ru -rbkmoney.ru - -gosuslugi.ru -rostelecom.ru -mos.ru -gov.ru -nalog.ru -sitesoft.ru -e-moskva.ru -rosreestr.ru -roseltorg.ru -sberbank-ast.ru -etp-micex.ru -zakazrf.ru -rtstender.ru -rts-tender.ru -b2b-center.ru -yamoney.ru - -fabrikant.ru - -apple.com -dropbox.com -skype.com - -habramail.net -mamba.ru -dating.ru -topface.com - -ulmart.ru -electrozon.ru -nix.ru -ozon.ru - -beeline.ru -mts.ru -megafon.ru - -booking.com -tutu.ru -aeroflot.ru - -vedomosti.ru - -1c-bitrix.ru - -moesk.ru - -exist.ru -tks.ru -zzap.ru - -activeby.net -babysfera.ru -baby.ru - -wordpress.com - -ispsystem.net -ispsystem.com -ispsystem.ru - -naukanet.ru - -startcomca.com - -wmtransfer.com - -sipnet.ru -tario.ru - -mailgun.com -mailgun.net - -psport.ru - -returnpath.net -senderscore.net - -webnames.ru -regtime.net - -nic.ru -r01.ru -reg.ru - -ztel.ru - -youtube.com -baidu.com -yahoo.com -amazon.com -wikipedia.org -qq.com -google.co.in -live.com -taobao.com -msn.com -yahoo.co.jp -google.co.jp -weibo.com -bing.com -hao123.com -instagram.com -google.de amazon.co.jp -360.cn -tmall.com -google.co.uk -pinterest.com -google.ru -reddit.com -google.com.br -t.co -netflix.com -google.fr -sohu.com -microsoft.com -google.it -blogspot.com -tumblr.com -ok.ru -gmw.cn -imgur.com -stackoverflow.com -xvideos.com -google.com.mx -fc2.com -imdb.com -google.com.hk -amazon.de -ask.com -google.com.tr -google.ca -office.com -pornhub.com -google.co.id -soso.com -go.com -pixnet.net +amazon.com amazon.co.uk -googleusercontent.com -outbrain.com +amazon.de amazon.in +apple.com +ask.com +avito.ru +b2b-center.ru +baby.ru +babysfera.ru +baidu.com +beeline.ru +bing.com blogger.com -cnn.com -google.pl -google.com.au -360.com -xhamster.com -adobe.com -flipkart.com -microsoftonline.com -whatsapp.com -nytimes.com +blogspot.com +booking.com chase.com -wosign.com +cnn.com comodo.com comodogroup.com comodo.net +dating.ru +dmir.ru +dropbox.com +ebay.com +electrozon.ru +e-moskva.ru +etp-micex.ru +exist.ru +fabrikant.ru +facebook.com +fc2.com +flipkart.com +free-lance.ru +github.com +github.net +gmw.cn +go.com +google.ca +google.co.id +google.co.in +google.co.jp +google.com.au +google.com.br +google.com.hk +google.com.mx +google.com.tr +google.co.uk +google.de +google.fr +google.it +google.pl +google.ru +googleusercontent.com +gosuslugi.ru +gov.ru +habramail.net +hao123.com +hh.ru +imdb.com +imgur.com +instagram.com +ispsystem.com +ispsystem.net +ispsystem.ru +jobinmoscow.ru +job.ru +linkedin.com +live.com +livejournal.com +mailgun.com +mailgun.net +mail.mtml.ru +mamba.ru +megafon.ru +microsoft.com +microsoftonline.com +mnogo.ru +mobilelement.ru +moesk.ru +molotok.ru +mos.ru +msn.com +mts.ru +nalog.ru +naukanet.ru +netflix.com +nic.ru +nix.ru +nytimes.com +odesk.com +odnoklassniki.ru +office.com +ok.ru +osmp.ru +outbrain.com +ozon.ru +paypal.com +pinterest.com +pixnet.net +pornhub.com +professionali.ru +psport.ru +qiwi.com +qiwi.ru +qq.com +quickpay.ru +r01.ru +rabota.ru +rbkmoney.ru +reddit.com +reg.ru +regtime.net +returnpath.net +roboxchange.com +roseltorg.ru +rosreestr.ru +rostelecom.ru +rp-system.ru +rts-tender.ru +rtstender.ru +russianpost.ru +sberbank-ast.ru +sberbank.ru +senderscore.net +shopotam.ru +sipnet.ru +sitesoft.ru +skype.com +smartsndr.com +sohu.com +soso.com +stackoverflow.com +startcomca.com +subscribe.ru +superjob.ru +taobao.com +tario.ru +t.co +tks.ru +tmall.com +topface.com +tumblr.com +tutu.ru +twitter.com +ulmart.ru +usndr.com +vedomosti.ru +vk.com +vkrugudruzei.ru +webnames.ru +weibo.com +whatsapp.com +wikipedia.org +wmtransfer.com +wordpress.com +wosign.com +xhamster.com +xvideos.com +yahoo.co.jp +yahoo.com +yamoney.ru +youtube.com +zakazrf.ru +ztel.ru +zzap.ru diff --git a/rspamd/maps.d/redirectors.inc b/rspamd/maps.d/redirectors.inc index 812f405..c7d7f25 100644 --- a/rspamd/maps.d/redirectors.inc +++ b/rspamd/maps.d/redirectors.inc @@ -233,8 +233,8 @@ email.account.2gis.com email.mail.ostrovok.ru email.news.ostrovok.ru e.mail.ru -em.digium.com emap.ws +em.digium.com etdurl.com eweri.com exa.im diff --git a/rspamd/maps.d/surbl-whitelist.inc b/rspamd/maps.d/surbl-whitelist.inc index 401c1ce..479c929 100644 --- a/rspamd/maps.d/surbl-whitelist.inc +++ b/rspamd/maps.d/surbl-whitelist.inc @@ -34,6 +34,7 @@ americanexpress.ch americanexpress.com anadolubank.nl ancestry.com +anpdm.com anz.com anz.co.nz aol.com @@ -294,6 +295,7 @@ discovery.co.za dnbnord.lt domain.com doubleclick.com +dovecot.org dresdner-bank.de dsbbank.sr dsbl.org @@ -314,6 +316,7 @@ egroups.com e-gulfbank.com emode.com esunbank.com.tw +exacttarget.com example.com example.net example.org @@ -349,6 +352,7 @@ generali.es genevoise.ch gentoo.org geocities.com +github.com gkb.ch gmail.com gmx.net @@ -416,6 +420,7 @@ isbank.de isbank.ge isbank.iq isbankkosova.com +isc.org itau.com.br ivillage.com joingevalia.com @@ -444,6 +449,8 @@ lcl.com lcl.fr li.ru list.ru +lists.isc.org +lists.roundcube.net liveinternet.ru livejournal.com lloydsbank.com @@ -697,6 +704,7 @@ subscribe.ru sun.com suncorpbank.com.au suntrust.com +svn.apache.org swedbank.com swedbank.ee swedbank.lt @@ -707,6 +715,7 @@ swisscaution.ch swissquote.ch sydbank.dk sympatico.ca +taggedmail.com tails.nl tangerine.ca tcb-bank.com.tw @@ -726,6 +735,7 @@ top4top.ru tsbbank.co.nz tsb.co.nz tsb.co.uk +tumblr.com tux.org twitter.com ubibanca.com @@ -759,6 +769,8 @@ visa.com.br visaeurope.ch visaeurope.com viseca.ch +vistaprint.com +vistaprint.dk volksbank.de volkswagenbank.de vpbank.com @@ -813,18 +825,6 @@ zdnet.com zenithbank.com zkb.ch zugerkb.ch -vistaprint.dk -vistaprint.com -anpdm.com -dovecot.org -exacttarget.com -github.com -isc.org # list-manage1.com # grey # list-manage2.com # grey # list-manage.com # grey -lists.isc.org -lists.roundcube.net -svn.apache.org -taggedmail.com -tumblr.com \ No newline at end of file diff --git a/rspamd/modules.d/arc.conf b/rspamd/modules.d/arc.conf index 4b5682b..f26dad8 100644 --- a/rspamd/modules.d/arc.conf +++ b/rspamd/modules.d/arc.conf @@ -44,7 +44,7 @@ arc { # If false, messages from local networks are not selected for signing sign_local = false; # Symbol to add when message is signed - symbol_sign = "ARC_SIGNED"; + sign_symbol = "ARC_SIGNED"; # Whether to fallback to global config try_fallback = true; # Domain to use for ARC signing: can be "header", "envelope" or "recipient" diff --git a/rspamd/modules.d/bimi.conf b/rspamd/modules.d/bimi.conf index 63c0f71..ed7be6b 100644 --- a/rspamd/modules.d/bimi.conf +++ b/rspamd/modules.d/bimi.conf @@ -1,16 +1,17 @@ # Please don't modify this file as your changes might be overwritten with # the next update. # -# You can modify 'local.d/asn.conf' to add and merge +# You can modify 'local.d/bimi.conf' to add and merge # parameters defined inside this section # -# You can modify 'override.d/asn.conf' to strictly override all +# You can modify 'override.d/bimi.conf' to strictly override all # parameters defined inside this section # # See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories # for details # -# Module documentation can be found at https://rspamd.com/doc/modules/asn.html +# Currently there is no documentation for this module. When it is written it will +# be available at https://rspamd.com/doc/modules/bimi.html bimi { # Required attributes @@ -26,4 +27,4 @@ bimi { .include(try=true,priority=5) "${DBDIR}/dynamic/bimi.conf" .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/bimi.conf" .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/bimi.conf" -} \ No newline at end of file +} diff --git a/rspamd/modules.d/clickhouse.conf b/rspamd/modules.d/clickhouse.conf index dc176c6..5edf710 100644 --- a/rspamd/modules.d/clickhouse.conf +++ b/rspamd/modules.d/clickhouse.conf @@ -12,7 +12,6 @@ # # Module documentation can be found at https://rspamd.com/doc/modules/clickhouse.html - clickhouse { # Push update when 1000 records are collected (1000 if unset) limit = 1000; diff --git a/rspamd/modules.d/multimap.conf b/rspamd/modules.d/multimap.conf index d5cd9d2..6c4f25b 100644 --- a/rspamd/modules.d/multimap.conf +++ b/rspamd/modules.d/multimap.conf @@ -13,6 +13,15 @@ # Module documentation can be found at https://rspamd.com/doc/modules/multimap.html multimap { + redirector { + type = "url"; + filter = "tld"; + map = "https://maps.rspamd.com/rspamd/redirectors.inc.zst"; + symbol = "REDIRECTOR_URL"; + description = "The presence of a redirector in the mail"; + score = 0.0; + } + # Freemail Addresses freemail_envfrom { type = "from"; @@ -164,4 +173,3 @@ url_tld_re { symbol = "URL_MAP_RE"; } */ - diff --git a/rspamd/modules.d/rbl.conf b/rspamd/modules.d/rbl.conf index 94b3ee7..e3ece5a 100644 --- a/rspamd/modules.d/rbl.conf +++ b/rspamd/modules.d/rbl.conf @@ -23,6 +23,14 @@ rbl { "fallback+file://${CONFDIR}/maps.d/surbl-whitelist.inc" ]; + attached_maps = [ + { + selector_alias = "surbl_hashbl_map", + description = "SURBL hashbl map", + url = "regexp;http://sa-update.surbl.org/rspamd/surbl-hashbl-map.inc", + } + ] + rbls { spamhaus { @@ -38,8 +46,7 @@ rbl { returncodes { SPAMHAUS_SBL = "127.0.0.2"; SPAMHAUS_CSS = "127.0.0.3"; - SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5", - "127.0.0.6", "127.0.0.7"]; + SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"]; SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"]; SPAMHAUS_DROP = "127.0.0.9"; SPAMHAUS_BLOCKED_OPENRESOLVER = "127.255.255.254"; @@ -170,6 +177,7 @@ rbl { RSPAMD_EMAILBL = "127.0.0.2"; } } + MSBL_EBL { ignore_whitelist = true; ignore_defaults = true; @@ -189,7 +197,7 @@ rbl { ]; } } - # Old SURBL module + "SURBL_MULTI" { ignore_defaults = true; rbl = "multi.surbl.org"; @@ -198,7 +206,7 @@ rbl { exclude_users = false; returnbits = { - CRACKED_SURBL = 128; # From February 2016 + CRACKED_SURBL = 128; ABUSE_SURBL = 64; MW_SURBL_MULTI = 16; PH_SURBL_MULTI = 8; @@ -206,6 +214,23 @@ rbl { } } + SURBL_HASHBL { + rbl = "hashbl.surbl.org"; + ignore_defaults = true; + random_monitored = true, + # TODO: make limit more configurable maybe? + selector = "specific_urls_filter_map('surbl_hashbl_map', {limit = 10}).apply_methods('get_host', 'get_path').join_tables('/')", + hash = 'md5'; + hash_len = 32; + returncodes = { + SURBL_HASHBL_PHISH = "127.0.0.8"; + SURBL_HASHBL_MALWARE = "127.0.0.16"; + SURBL_HASHBL_ABUSE = "127.0.0.64"; + SURBL_HASHBL_CRACKED = "127.0.0.128"; + SURBL_HASHBL_EMAIL = "127.0.1.%d+"; + } + } + "URIBL_MULTI" { ignore_defaults = true; rbl = "multi.uribl.com"; @@ -309,13 +334,6 @@ rbl { SEM_URIBL_FRESH15 = 2; } } - - # Proved to be broken - #"RBL_SARBL_BAD" { - # suffix = "public.sarbl.org"; - # noip = true; - # images = true; - #} } .include(try=true,priority=5) "${DBDIR}/dynamic/rbl.conf" diff --git a/rspamd/modules.d/redis.conf b/rspamd/modules.d/redis.conf index 9fec0a2..eb430cb 100644 --- a/rspamd/modules.d/redis.conf +++ b/rspamd/modules.d/redis.conf @@ -23,4 +23,4 @@ redis { .include(try=true,priority=5) "${DBDIR}/dynamic/redis.conf" .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/redis.conf" .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/redis.conf" -} \ No newline at end of file +} diff --git a/rspamd/modules.d/spamassassin.conf b/rspamd/modules.d/spamassassin.conf index 0544430..79f7527 100644 --- a/rspamd/modules.d/spamassassin.conf +++ b/rspamd/modules.d/spamassassin.conf @@ -23,4 +23,4 @@ spamassassin { .include(try=true,priority=5) "${DBDIR}/dynamic/spamassassin.conf" .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/spamassassin.conf" .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/spamassassin.conf" -} \ No newline at end of file +} diff --git a/rspamd/scores.d/content_group.conf b/rspamd/scores.d/content_group.conf index 56255be..88b4765 100644 --- a/rspamd/scores.d/content_group.conf +++ b/rspamd/scores.d/content_group.conf @@ -35,18 +35,17 @@ symbols = { } "PDF_LONG_TRAILER" { weight = 0.2; - description = "There is an PDF with a long trailer"; + description = "There is an PDF with a long trailer in the message"; one_shot = true; } "PDF_MANY_OBJECTS" { weight = 0; - description = "There is a PDF file with too many objects"; + description = "There is a PDF with too many objects in the message"; one_shot = true; } "PDF_TIMEOUT" { weight = 0; - description = "There is a PDF file that caused timeout in processing"; + description = "There is a PDF in the message that caused timeout in processing"; one_shot = true; } } - diff --git a/rspamd/scores.d/headers_group.conf b/rspamd/scores.d/headers_group.conf index 56a8f7f..c9b078c 100644 --- a/rspamd/scores.d/headers_group.conf +++ b/rspamd/scores.d/headers_group.conf @@ -16,6 +16,7 @@ # See https://rspamd.com/doc/tutorials/writing_rules.html for details description = "Various headers checks"; + max_score = 8.0; symbols = { diff --git a/rspamd/scores.d/mime_types_group.conf b/rspamd/scores.d/mime_types_group.conf index 2453ba6..268709e 100644 --- a/rspamd/scores.d/mime_types_group.conf +++ b/rspamd/scores.d/mime_types_group.conf @@ -16,9 +16,8 @@ # See https://rspamd.com/doc/tutorials/writing_rules.html for details description = "Mime attachments rules"; -# Define some limit for this group -max_score = 10.0; +max_score = 10.0; symbols = { "MIME_GOOD" { @@ -76,4 +75,4 @@ symbols = { description = "Filename with known obscured unicode characters"; one_shot = true; } -} \ No newline at end of file +} diff --git a/rspamd/scores.d/policies_group.conf b/rspamd/scores.d/policies_group.conf index ee3d0bb..4a8bdb6 100644 --- a/rspamd/scores.d/policies_group.conf +++ b/rspamd/scores.d/policies_group.conf @@ -124,25 +124,21 @@ symbols = { description = "ARC checks success"; groups = ["arc"]; } - "ARC_REJECT" { weight = 1.0; description = "ARC checks failed"; groups = ["arc"]; } - "ARC_INVALID" { weight = 0.5; description = "ARC structure invalid"; groups = ["arc"]; } - "ARC_DNSFAIL" { weight = 0.0; description = "ARC DNS error"; groups = ["arc"]; } - "ARC_NA" { weight = 0.0; description = "ARC signature absent"; diff --git a/rspamd/scores.d/rbl_group.conf b/rspamd/scores.d/rbl_group.conf index 653ae80..e24d7d1 100644 --- a/rspamd/scores.d/rbl_group.conf +++ b/rspamd/scores.d/rbl_group.conf @@ -21,7 +21,7 @@ symbols = { "DNSWL_BLOCKED" { weight = 0.0; - description = "Resolver blocked due to excessive queries"; + description = "https://www.dnswl.org: Resolver blocked due to excessive queries"; groups = ["dnswl", "blocked"]; } "RCVD_IN_DNSWL" { @@ -52,12 +52,12 @@ symbols = { "DWL_DNSWL_BLOCKED" { weight = 0.0; - description = "Resolver blocked due to excessive queries (dwl)"; + description = "https://www.dnswl.org: Resolver blocked due to excessive queries (DWL)"; groups = ["dnswl", "blocked"]; } "DWL_DNSWL" { weight = 0.0; - description = "Unrecognised result from https://www.dnswl.org (dwl)"; + description = "Unrecognised result from https://www.dnswl.org (DWL)"; groups = ["dnswl"]; } "DWL_DNSWL_NONE" { @@ -88,89 +88,85 @@ symbols = { } "RBL_SPAMHAUS_SBL" { weight = 4.0; - description = "From address is listed in ZEN SBL"; + description = "From address is listed in Spamhaus SBL"; groups = ["spamhaus"]; } "RBL_SPAMHAUS_CSS" { weight = 2.0; - description = "From address is listed in ZEN CSS"; + description = "From address is listed in Spamhaus CSS"; groups = ["spamhaus"]; } "RBL_SPAMHAUS_XBL" { weight = 4.0; - description = "From address is listed in ZEN XBL"; - groups = ["spamhaus"]; - } - "RBL_SPAMHAUS_XBL_ANY" { - weight = 4.0; - description = "From or received address is listed in ZEN XBL (any list)"; + description = "From address is listed in Spamhaus XBL"; groups = ["spamhaus"]; } "RBL_SPAMHAUS_PBL" { weight = 2.0; - description = "From address is listed in ZEN PBL (ISP list)"; + description = "From address is listed in Spamhaus PBL"; groups = ["spamhaus"]; } "RBL_SPAMHAUS_DROP" { weight = 7.0; - description = "From address is listed in ZEN DROP BL"; + description = "From address is listed in Spamhaus DROP"; groups = ["spamhaus"]; } "RBL_SPAMHAUS_BLOCKED_OPENRESOLVER" { weight = 0.0; description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; - groups = ["spamhaus"]; + groups = ["spamhaus", "blocked"]; } "RBL_SPAMHAUS_BLOCKED" { weight = 0.0; description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; - groups = ["spamhaus"]; + groups = ["spamhaus", "blocked"]; } "RECEIVED_SPAMHAUS_SBL" { weight = 3.0; - description = "Received address is listed in ZEN SBL"; + description = "Received address is listed in Spamhaus SBL"; groups = ["spamhaus"]; one_shot = true; } "RECEIVED_SPAMHAUS_CSS" { weight = 1.0; - description = "Received address is listed in ZEN CSS"; + description = "Received address is listed in Spamhaus CSS"; groups = ["spamhaus"]; one_shot = true; } "RECEIVED_SPAMHAUS_XBL" { - weight = 3.0; + weight = 1.0; description = "Received address is listed in ZEN XBL"; groups = ["spamhaus"]; one_shot = true; } "RECEIVED_SPAMHAUS_PBL" { weight = 0.0; - description = "Received address is listed in ZEN PBL (ISP list)"; + description = "Received address is listed in Spamhaus PBL"; groups = ["spamhaus"]; one_shot = true; } "RECEIVED_SPAMHAUS_DROP" { weight = 6.0; - description = "Received address is listed in ZEN DROP BL"; + description = "Received address is listed in Spamhaus DROP"; groups = ["spamhaus"]; one_shot = true; } "RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER" { weight = 0.0; description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; - groups = ["spamhaus"]; + groups = ["spamhaus", "blocked"]; } "RECEIVED_SPAMHAUS_BLOCKED" { weight = 0.0; description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; - groups = ["spamhaus"]; + groups = ["spamhaus", "blocked"]; } "RBL_SENDERSCORE" { weight = 2.0; description = "From address is listed in senderscore.com BL"; } + "MAILSPIKE" { weight = 0.0; description = "Unrecognised result from Mailspike"; @@ -183,37 +179,37 @@ symbols = { } "RBL_MAILSPIKE_WORST" { weight = 2.0; - description = "From address is listed in RBL - worst possible reputation"; + description = "From address is listed in Mailspike RBL - worst possible reputation"; groups = ["mailspike"]; } "RBL_MAILSPIKE_VERYBAD" { weight = 1.5; - description = "From address is listed in RBL - very bad reputation"; + description = "From address is listed in Mailspike RBL - very bad reputation"; groups = ["mailspike"]; } "RBL_MAILSPIKE_BAD" { weight = 1.0; - description = "From address is listed in RBL - bad reputation"; + description = "From address is listed in Mailspike RBL - bad reputation"; groups = ["mailspike"]; } "RWL_MAILSPIKE_POSSIBLE" { weight = 0.0; - description = "From address is listed in RWL - possibly legit"; + description = "From address is listed in Mailspike RWL - possibly legit"; groups = ["mailspike"]; } "RWL_MAILSPIKE_GOOD" { weight = -0.1; - description = "From address is listed in RWL - good reputation"; + description = "From address is listed in Mailspike RWL - good reputation"; groups = ["mailspike"]; } "RWL_MAILSPIKE_VERYGOOD" { weight = -0.2; - description = "From address is listed in RWL - very good reputation"; + description = "From address is listed in Mailspike RWL - very good reputation"; groups = ["mailspike"]; } "RWL_MAILSPIKE_EXCELLENT" { weight = -0.4; - description = "From address is listed in RWL - excellent reputation"; + description = "From address is listed in Mailspike RWL - excellent reputation"; groups = ["mailspike"]; } @@ -236,7 +232,7 @@ symbols = { "RBL_NIXSPAM" { weight = 4.0; - description = "From address is listed in NiX Spam (http://www.dnsbl.manitu.net/)"; + description = "From address is listed in NiX Spam (https://www.nixspam.net/)"; } "RBL_BLOCKLISTDE" { diff --git a/rspamd/scores.d/subject_group.conf b/rspamd/scores.d/subject_group.conf index 3e47161..1cc2e0c 100644 --- a/rspamd/scores.d/subject_group.conf +++ b/rspamd/scores.d/subject_group.conf @@ -17,7 +17,7 @@ description = "Subject filters"; +max_score = 6.0; + symbols = { } - -max_score = 6.0; \ No newline at end of file diff --git a/rspamd/scores.d/surbl_group.conf b/rspamd/scores.d/surbl_group.conf index 34064a1..de7e2ce 100644 --- a/rspamd/scores.d/surbl_group.conf +++ b/rspamd/scores.d/surbl_group.conf @@ -22,41 +22,41 @@ max_score = 12.5; symbols = { "SURBL_BLOCKED" { weight = 0.0; - description = "SURBL: blocked by policy/overusage"; + description = "SURBL: query blocked by policy/overusage"; one_shot = true; groups = ["surblorg", "blocked"]; } "PH_SURBL_MULTI" { weight = 5.5; - description = "SURBL: Phishing sites"; + description = "A domain in the message is listed in SURBL as phishing"; one_shot = true; groups = ["surblorg", "phishing"]; } "MW_SURBL_MULTI" { weight = 5.5; - description = "SURBL: Malware sites"; + description = "A domain in the message is listed in SURBL as malware"; one_shot = true; groups = ["surblorg"]; } "ABUSE_SURBL" { weight = 5.5; - description = "SURBL: ABUSE"; + description = "A domain in the message is listed in SURBL as abused"; one_shot = true; groups = ["surblorg"]; } "CRACKED_SURBL" { weight = 4.0; - description = "SURBL: cracked site"; + description = "A domain in the message is listed in as SURBL cracked"; one_shot = true; groups = ["surblorg"]; } + "RSPAMD_URIBL" { weight = 4.5; description = "Rspamd uribl, bl.rspamd.com"; one_shot = true; groups = ["rspamdbl"]; } - "RSPAMD_EMAILBL" { weight = 2.5; description = "Rspamd emailbl, bl.rspamd.com"; @@ -66,101 +66,101 @@ symbols = { "MSBL_EBL" { weight = 7.5; - description = "MSBL emailbl"; + description = "MSBL emailbl (https://www.msbl.org/)"; one_shot = true; groups = ["ebl"]; } "MSBL_EBL_GREY" { weight = 0.5; # TODO: test it - description = "MSBL emailbl grey list"; + description = "MSBL emailbl grey list (https://www.msbl.org/)"; one_shot = true; groups = ["ebl"]; } "SEM_URIBL_UNKNOWN" { weight = 0.0; - description = "Spameatingmonkey uribl: unknown result"; + description = "Unrecognised result from Spameatingmonkey URIBL"; one_shot = true; groups = ["sem"]; } "SEM_URIBL" { weight = 3.5; - description = "Spameatingmonkey uribl"; + description = "A domain in the message is listed in Spameatingmonkey URIBL"; one_shot = true; groups = ["sem"]; } "SEM_URIBL_FRESH15_UNKNOWN" { weight = 0.0; - description = "Spameatingmonkey Fresh15 uribl: unknown result"; + description = "Unrecognised result from Spameatingmonkey Fresh15 URIBL"; one_shot = true; groups = ["sem"]; } "SEM_URIBL_FRESH15" { weight = 3.0; - description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)"; + description = "A domain in the message is listed in Spameatingmonkey Fresh15 URIBL (registered in the past 15 days, .AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US only)"; one_shot = true; groups = ["sem"]; } "DBL" { weight = 0.0; - description = "DBL unknown result"; + description = "Unrecognised result from Spamhaus DBL"; one_shot = true; groups = ["spamhaus"]; } "DBL_SPAM" { weight = 6.5; - description = "DBL uribl spam"; + description = "A domain in the message is listed in Spamhaus DBL as spam"; one_shot = true; groups = ["spamhaus"]; } "DBL_PHISH" { weight = 6.5; - description = "DBL uribl phishing"; + description = "A domain in the message is listed in Spamhaus DBL as phishing"; one_shot = true; groups = ["spamhaus"]; } "DBL_MALWARE" { weight = 6.5; - description = "DBL uribl malware"; + description = "A domain in the message is listed in Spamhaus DBL as malware"; one_shot = true; groups = ["spamhaus"]; } "DBL_BOTNET" { weight = 5.5; - description = "DBL uribl botnet C&C domain"; + description = "A domain in the message is listed in Spamhaus DBL as botnet C&C"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE" { weight = 6.5; - description = "DBL uribl abused legit spam"; + description = "A domain in the message is listed in Spamhaus DBL as abused legit spam"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_REDIR" { weight = 1.5; - description = "DBL uribl abused spammed redirector domain"; + description = "A domain in the message is listed in Spamhaus DBL as spammed redirector domain"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_PHISH" { weight = 7.5; - description = "DBL uribl abused legit phish"; + description = "A domain in the message is listed in Spamhaus DBL as abused legit phish"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_MALWARE" { weight = 7.5; - description = "DBL uribl abused legit malware"; + description = "A domain in the message is listed in Spamhaus DBL as abused legit malware"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_BOTNET" { weight = 5.5; - description = "DBL uribl abused legit botnet C&C"; + description = "A domain in the message is listed in Spamhaus DBL as abused legit botnet C&C"; one_shot = true; groups = ["spamhaus"]; } @@ -174,48 +174,50 @@ symbols = { weight = 0.0; description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; one_shot = true; - groups = ["spamhaus"]; + groups = ["spamhaus", "blocked"]; } "DBL_BLOCKED" { weight = 0.0; description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; one_shot = true; - groups = ["spamhaus"]; + groups = ["spamhaus", "blocked"]; } + "URIBL_MULTI" { weight = 0.0; - description = "uribl.com: unrecognised result"; + description = "Unrecognised result from URIBL.com"; one_shot = true; groups = ["uribl"]; } "URIBL_BLOCKED" { weight = 0.0; - description = "uribl.com: query refused"; + description = "URIBL.com: query refused, likely due to policy/overusage"; one_shot = true; groups = ["uribl", "blocked"]; } "URIBL_BLACK" { weight = 7.5; - description = "uribl.com black url"; + description = "A domain in the message is listed in URIBL.com black"; one_shot = true; groups = ["uribl"]; } "URIBL_RED" { weight = 3.5; - description = "uribl.com red url"; + description = "A domain in the message is listed in URIBL.com red"; one_shot = true; groups = ["uribl"]; } "URIBL_GREY" { weight = 1.5; - description = "uribl.com grey url"; + description = "A domain in the message is listed in URIBL.com grey"; one_shot = true; groups = ["uribl"]; } + "SPAMHAUS_ZEN_URIBL" { ignore = true; weight = 0.0; - description = "Spamhaus ZEN URIBL: Filtered result"; + description = "Unrecognised result from Spamhaus ZEN URIBL"; one_shot = true; groups = ["spamhaus"]; } @@ -229,7 +231,7 @@ symbols = { "URIBL_SBL_CSS" { ignore = true; weight = 6.5; - description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS"; + description = "A domain in the message body resolves to an IP listed in Spamhaus CSS"; one_shot = true; groups = ["spamhaus"]; } @@ -254,9 +256,4 @@ symbols = { one_shot = true; groups = ["spamhaus"]; } - #"RBL_SARBL_BAD" { - # weight = 2.5; - # description = "A domain in the message body is blacklisted in SARBL"; - # one_shot = true; - #} } diff --git a/rspamd/worker-proxy.inc b/rspamd/worker-proxy.inc index 96417e3..7f67238 100644 --- a/rspamd/worker-proxy.inc +++ b/rspamd/worker-proxy.inc @@ -13,7 +13,14 @@ # Module documentation: https://rspamd.com/doc/workers/rspamd_proxy.html milter = yes; # Enable milter mode -timeout = 120s; # Needed for Milter usually + +# This timeout is mostly specific to the milter mode. +# Please also bear in mind that if this timeout is longer than `task_timeout`, +# your messages might be processed for much longer due to this timeout (this is +# true for self-scan mode). +# If this behaviour is not desired, then it is recommended to reduce and adjust this +# value accordingly +timeout = 60s; upstream "local" { default = yes;