bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

committing changes in /etc made by "-bash"

Browse Source 
Package changes:
This commit is contained in:
Bogdan Stoica
2023-03-26 20:38:37 +03:00
parent cc404f64a0
commit 9a0e53350d
29 changed files with 316 additions and 327 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
logrotate.d/rspamd
View File

@@ -6,6 +6,6 @@
compress
sharedscripts
postrotate
export `systemctl -p MainPID show rspamd.service`; if [ -n "$MainPID" ]; then kill -USR1 $MainPID; fi
systemctl --signal=USR1 --kill-who=main kill rspamd.service 2>/dev/null || :
endscript
}

1
mock/centos-stream-8-aarch64.cfg
View File

@@ -1,3 +1,4 @@
config_opts["koji_primary_repo"] = "centos-stream"
include('templates/centos-stream-8.tpl')
config_opts['root'] = 'centos-stream-8-aarch64'

1
mock/centos-stream-8-ppc64le.cfg
View File

@@ -1,3 +1,4 @@
config_opts["koji_primary_repo"] = "centos-stream"
include('templates/centos-stream-8.tpl')
config_opts['root'] = 'centos-stream-8-ppc64le'

1
mock/centos-stream-8-x86_64.cfg
View File

@@ -1,3 +1,4 @@
config_opts["koji_primary_repo"] = "centos-stream"
include('templates/centos-stream-8.tpl')
config_opts['root'] = 'centos-stream-8-x86_64'

1
mock/centos-stream-9-aarch64.cfg
View File

@@ -1,3 +1,4 @@
config_opts["koji_primary_repo"] = "centos-stream"
include('templates/centos-stream-9.tpl')
config_opts['root'] = 'centos-stream-9-aarch64'

1
mock/centos-stream-9-ppc64le.cfg
View File

@@ -1,3 +1,4 @@
config_opts["koji_primary_repo"] = "centos-stream"
include('templates/centos-stream-9.tpl')
config_opts['root'] = 'centos-stream-9-ppc64le'

1
mock/centos-stream-9-s390x.cfg
View File

@@ -1,3 +1,4 @@
config_opts["koji_primary_repo"] = "centos-stream"
include('templates/centos-stream-9.tpl')
config_opts['root'] = 'centos-stream-9-s390x'

1
mock/centos-stream-9-x86_64.cfg
View File

@@ -1,3 +1,4 @@
config_opts["koji_primary_repo"] = "centos-stream"
include('templates/centos-stream-9.tpl')
config_opts['root'] = 'centos-stream-9-x86_64'

2
mock/templates/centos-stream-8.tpl
View File

@@ -33,7 +33,7 @@ user_agent={{ user_agent }}
[local]
{% endif %}
name=CentOS Stream $releasever - Koji Local - BUILDROOT ONLY!
baseurl=https://koji.mbox.centos.org/kojifiles/repos/dist-c{{ releasever }}-stream-build/latest/$basearch/
baseurl=https://kojihub.stream.centos.org/kojifiles/repos/c{{ releasever }}s-build/latest/$basearch/
cost=2000
enabled=0
skip_if_unavailable=False

19
rspamd/composites.conf
View File

@@ -45,10 +45,6 @@ composites {
FORGED_MUA_MAILLIST {
expression = "g:mua & -MAILLIST";
}
RBL_SPAMHAUS_XBL_ANY {
expression = "RBL_SPAMHAUS_XBL & RECEIVED_SPAMHAUS_XBL";
description = "From and Received address are listed in Spamhaus XBL";
}
AUTH_NA {
expression = "R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA";
score = 1.0;
@@ -98,7 +94,7 @@ composites {
}
RCVD_UNAUTH_PBL {
expression = "RECEIVED_PBL & !RCVD_VIA_SMTP_AUTH";
description = "Relayed through ZEN PBL IP without sufficient authentication (possible indicating an open relay)";
description = "Relayed through Spamhaus PBL IP without sufficient authentication (possible indicating an open relay)";
score = 2.0;
policy = "leave";
}
@@ -133,18 +129,16 @@ composites {
policy = "leave";
}
BAD_REP_POLICIES {
description = "Contains valid policies but are also marked by fuzzy/bayes/surbl/rbl";
description = "Contains valid policies but are also marked by fuzzy/bayes/SURBL/RBL";
expression = "(~g-:policies) & (-g+:fuzzy | -g+:statistics | -g+:surbl | -g+:rbl)";
score = 0.1;
}
VIOLATED_DIRECT_SPF {
description = "Has no Received (or no trusted received relays) and SPF policy fails or soft fails";
expression = "(R_SPF_FAIL | R_SPF_SOFTFAIL) & (RCVD_COUNT_ZERO | RCVD_NO_TLS_LAST)";
policy = "leave";
score = 3.5;
}
IP_SCORE_FREEMAIL {
description = "Negate IP_SCORE when message comes from FreeMail";
expression = "FREEMAIL_FROM & SENDER_REP_SPAM";
@@ -164,12 +158,11 @@ composites {
score = 7.0;
group = "scams";
}
FREEMAIL_AFF {
expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & R_UNDISC_RCPT & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)";
score = 4.0;
policy = "leave";
description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";
expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & R_UNDISC_RCPT & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)";
score = 4.0;
policy = "leave";
description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";
}
.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"

362
rspamd/maps.d/maillist.inc
View File

@@ -1,208 +1,176 @@
usndr.com
subscribe.ru
smartsndr.com
hh.ru
free-lance.ru
superjob.ru
rabota.ru
job.ru
odesk.com
jobinmoscow.ru
russianpost.ru
shopotam.ru
ebay.com
1c-bitrix.ru
360.cn
360.com
activeby.net
adobe.com
aeroflot.ru
alibaba.com
aliexpress.com
alipay.com
github.net
github.com
molotok.ru
facebook.com
vk.com
odnoklassniki.ru
vkrugudruzei.ru
linkedin.com
professionali.ru
mail.mtml.ru
livejournal.com
twitter.com
avito.ru
dmir.ru
mnogo.ru
paypal.com
roboxchange.com
sberbank.ru
qiwi.com
qiwi.ru
osmp.ru
mobilelement.ru
rp-system.ru
quickpay.ru
rbkmoney.ru
gosuslugi.ru
rostelecom.ru
mos.ru
gov.ru
nalog.ru
sitesoft.ru
e-moskva.ru
rosreestr.ru
roseltorg.ru
sberbank-ast.ru
etp-micex.ru
zakazrf.ru
rtstender.ru
rts-tender.ru
b2b-center.ru
yamoney.ru
fabrikant.ru
apple.com
dropbox.com
skype.com
habramail.net
mamba.ru
dating.ru
topface.com
ulmart.ru
electrozon.ru
nix.ru
ozon.ru
beeline.ru
mts.ru
megafon.ru
booking.com
tutu.ru
aeroflot.ru
vedomosti.ru
1c-bitrix.ru
moesk.ru
exist.ru
tks.ru
zzap.ru
activeby.net
babysfera.ru
baby.ru
wordpress.com
ispsystem.net
ispsystem.com
ispsystem.ru
naukanet.ru
startcomca.com
wmtransfer.com
sipnet.ru
tario.ru
mailgun.com
mailgun.net
psport.ru
returnpath.net
senderscore.net
webnames.ru
regtime.net
nic.ru
r01.ru
reg.ru
ztel.ru
youtube.com
baidu.com
yahoo.com
amazon.com
wikipedia.org
qq.com
google.co.in
live.com
taobao.com
msn.com
yahoo.co.jp
google.co.jp
weibo.com
bing.com
hao123.com
instagram.com
google.de
amazon.co.jp
360.cn
tmall.com
google.co.uk
pinterest.com
google.ru
reddit.com
google.com.br
t.co
netflix.com
google.fr
sohu.com
microsoft.com
google.it
blogspot.com
tumblr.com
ok.ru
gmw.cn
imgur.com
stackoverflow.com
xvideos.com
google.com.mx
fc2.com
imdb.com
google.com.hk
amazon.de
ask.com
google.com.tr
google.ca
office.com
pornhub.com
google.co.id
soso.com
go.com
pixnet.net
amazon.com
amazon.co.uk
googleusercontent.com
outbrain.com
amazon.de
amazon.in
apple.com
ask.com
avito.ru
b2b-center.ru
baby.ru
babysfera.ru
baidu.com
beeline.ru
bing.com
blogger.com
cnn.com
google.pl
google.com.au
360.com
xhamster.com
adobe.com
flipkart.com
microsoftonline.com
whatsapp.com
nytimes.com
blogspot.com
booking.com
chase.com
wosign.com
cnn.com
comodo.com
comodogroup.com
comodo.net
dating.ru
dmir.ru
dropbox.com
ebay.com
electrozon.ru
e-moskva.ru
etp-micex.ru
exist.ru
fabrikant.ru
facebook.com
fc2.com
flipkart.com
free-lance.ru
github.com
github.net
gmw.cn
go.com
google.ca
google.co.id
google.co.in
google.co.jp
google.com.au
google.com.br
google.com.hk
google.com.mx
google.com.tr
google.co.uk
google.de
google.fr
google.it
google.pl
google.ru
googleusercontent.com
gosuslugi.ru
gov.ru
habramail.net
hao123.com
hh.ru
imdb.com
imgur.com
instagram.com
ispsystem.com
ispsystem.net
ispsystem.ru
jobinmoscow.ru
job.ru
linkedin.com
live.com
livejournal.com
mailgun.com
mailgun.net
mail.mtml.ru
mamba.ru
megafon.ru
microsoft.com
microsoftonline.com
mnogo.ru
mobilelement.ru
moesk.ru
molotok.ru
mos.ru
msn.com
mts.ru
nalog.ru
naukanet.ru
netflix.com
nic.ru
nix.ru
nytimes.com
odesk.com
odnoklassniki.ru
office.com
ok.ru
osmp.ru
outbrain.com
ozon.ru
paypal.com
pinterest.com
pixnet.net
pornhub.com
professionali.ru
psport.ru
qiwi.com
qiwi.ru
qq.com
quickpay.ru
r01.ru
rabota.ru
rbkmoney.ru
reddit.com
reg.ru
regtime.net
returnpath.net
roboxchange.com
roseltorg.ru
rosreestr.ru
rostelecom.ru
rp-system.ru
rts-tender.ru
rtstender.ru
russianpost.ru
sberbank-ast.ru
sberbank.ru
senderscore.net
shopotam.ru
sipnet.ru
sitesoft.ru
skype.com
smartsndr.com
sohu.com
soso.com
stackoverflow.com
startcomca.com
subscribe.ru
superjob.ru
taobao.com
tario.ru
t.co
tks.ru
tmall.com
topface.com
tumblr.com
tutu.ru
twitter.com
ulmart.ru
usndr.com
vedomosti.ru
vk.com
vkrugudruzei.ru
webnames.ru
weibo.com
whatsapp.com
wikipedia.org
wmtransfer.com
wordpress.com
wosign.com
xhamster.com
xvideos.com
yahoo.co.jp
yahoo.com
yamoney.ru
youtube.com
zakazrf.ru
ztel.ru
zzap.ru

2
rspamd/maps.d/redirectors.inc
View File

@@ -233,8 +233,8 @@ email.account.2gis.com
email.mail.ostrovok.ru
email.news.ostrovok.ru
e.mail.ru
em.digium.com
emap.ws
em.digium.com
etdurl.com
eweri.com
exa.im

24
rspamd/maps.d/surbl-whitelist.inc
View File

@@ -34,6 +34,7 @@ americanexpress.ch
americanexpress.com
anadolubank.nl
ancestry.com
anpdm.com
anz.com
anz.co.nz
aol.com
@@ -294,6 +295,7 @@ discovery.co.za
dnbnord.lt
domain.com
doubleclick.com
dovecot.org
dresdner-bank.de
dsbbank.sr
dsbl.org
@@ -314,6 +316,7 @@ egroups.com
e-gulfbank.com
emode.com
esunbank.com.tw
exacttarget.com
example.com
example.net
example.org
@@ -349,6 +352,7 @@ generali.es
genevoise.ch
gentoo.org
geocities.com
github.com
gkb.ch
gmail.com
gmx.net
@@ -416,6 +420,7 @@ isbank.de
isbank.ge
isbank.iq
isbankkosova.com
isc.org
itau.com.br
ivillage.com
joingevalia.com
@@ -444,6 +449,8 @@ lcl.com
lcl.fr
li.ru
list.ru
lists.isc.org
lists.roundcube.net
liveinternet.ru
livejournal.com
lloydsbank.com
@@ -697,6 +704,7 @@ subscribe.ru
sun.com
suncorpbank.com.au
suntrust.com
svn.apache.org
swedbank.com
swedbank.ee
swedbank.lt
@@ -707,6 +715,7 @@ swisscaution.ch
swissquote.ch
sydbank.dk
sympatico.ca
taggedmail.com
tails.nl
tangerine.ca
tcb-bank.com.tw
@@ -726,6 +735,7 @@ top4top.ru
tsbbank.co.nz
tsb.co.nz
tsb.co.uk
tumblr.com
tux.org
twitter.com
ubibanca.com
@@ -759,6 +769,8 @@ visa.com.br
visaeurope.ch
visaeurope.com
viseca.ch
vistaprint.com
vistaprint.dk
volksbank.de
volkswagenbank.de
vpbank.com
@@ -813,18 +825,6 @@ zdnet.com
zenithbank.com
zkb.ch
zugerkb.ch
vistaprint.dk
vistaprint.com
anpdm.com
dovecot.org
exacttarget.com
github.com
isc.org
# list-manage1.com # grey
# list-manage2.com # grey
# list-manage.com # grey
lists.isc.org
lists.roundcube.net
svn.apache.org
taggedmail.com
tumblr.com

2
rspamd/modules.d/arc.conf
View File

@@ -44,7 +44,7 @@ arc {
# If false, messages from local networks are not selected for signing
sign_local = false;
# Symbol to add when message is signed
symbol_sign = "ARC_SIGNED";
sign_symbol = "ARC_SIGNED";
# Whether to fallback to global config
try_fallback = true;
# Domain to use for ARC signing: can be "header", "envelope" or "recipient"

7
rspamd/modules.d/bimi.conf
View File

@@ -1,16 +1,17 @@
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
# You can modify 'local.d/asn.conf' to add and merge
# You can modify 'local.d/bimi.conf' to add and merge
# parameters defined inside this section
#
# You can modify 'override.d/asn.conf' to strictly override all
# You can modify 'override.d/bimi.conf' to strictly override all
# parameters defined inside this section
#
# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
# for details
#
# Module documentation can be found at https://rspamd.com/doc/modules/asn.html
# Currently there is no documentation for this module. When it is written it will
# be available at https://rspamd.com/doc/modules/bimi.html
bimi {
# Required attributes

1
rspamd/modules.d/clickhouse.conf
View File

@@ -12,7 +12,6 @@
#
# Module documentation can be found at https://rspamd.com/doc/modules/clickhouse.html
clickhouse {
# Push update when 1000 records are collected (1000 if unset)
limit = 1000;

10
rspamd/modules.d/multimap.conf
View File

@@ -13,6 +13,15 @@
# Module documentation can be found at https://rspamd.com/doc/modules/multimap.html
multimap {
redirector {
type = "url";
filter = "tld";
map = "https://maps.rspamd.com/rspamd/redirectors.inc.zst";
symbol = "REDIRECTOR_URL";
description = "The presence of a redirector in the mail";
score = 0.0;
}
# Freemail Addresses
freemail_envfrom {
type = "from";
@@ -164,4 +173,3 @@ url_tld_re {
symbol = "URL_MAP_RE";
}
*/

40
rspamd/modules.d/rbl.conf
View File

@@ -23,6 +23,14 @@ rbl {
"fallback+file://${CONFDIR}/maps.d/surbl-whitelist.inc"
];
attached_maps = [
{
selector_alias = "surbl_hashbl_map",
description = "SURBL hashbl map",
url = "regexp;http://sa-update.surbl.org/rspamd/surbl-hashbl-map.inc",
}
]
rbls {
spamhaus {
@@ -38,8 +46,7 @@ rbl {
returncodes {
SPAMHAUS_SBL = "127.0.0.2";
SPAMHAUS_CSS = "127.0.0.3";
SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5",
"127.0.0.6", "127.0.0.7"];
SPAMHAUS_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
SPAMHAUS_PBL = ["127.0.0.10", "127.0.0.11"];
SPAMHAUS_DROP = "127.0.0.9";
SPAMHAUS_BLOCKED_OPENRESOLVER = "127.255.255.254";
@@ -170,6 +177,7 @@ rbl {
RSPAMD_EMAILBL = "127.0.0.2";
}
}
MSBL_EBL {
ignore_whitelist = true;
ignore_defaults = true;
@@ -189,7 +197,7 @@ rbl {
];
}
}
# Old SURBL module
"SURBL_MULTI" {
ignore_defaults = true;
rbl = "multi.surbl.org";
@@ -198,7 +206,7 @@ rbl {
exclude_users = false;
returnbits = {
CRACKED_SURBL = 128; # From February 2016
CRACKED_SURBL = 128;
ABUSE_SURBL = 64;
MW_SURBL_MULTI = 16;
PH_SURBL_MULTI = 8;
@@ -206,6 +214,23 @@ rbl {
}
}
SURBL_HASHBL {
rbl = "hashbl.surbl.org";
ignore_defaults = true;
random_monitored = true,
# TODO: make limit more configurable maybe?
selector = "specific_urls_filter_map('surbl_hashbl_map', {limit = 10}).apply_methods('get_host', 'get_path').join_tables('/')",
hash = 'md5';
hash_len = 32;
returncodes = {
SURBL_HASHBL_PHISH = "127.0.0.8";
SURBL_HASHBL_MALWARE = "127.0.0.16";
SURBL_HASHBL_ABUSE = "127.0.0.64";
SURBL_HASHBL_CRACKED = "127.0.0.128";
SURBL_HASHBL_EMAIL = "127.0.1.%d+";
}
}
"URIBL_MULTI" {
ignore_defaults = true;
rbl = "multi.uribl.com";
@@ -309,13 +334,6 @@ rbl {
SEM_URIBL_FRESH15 = 2;
}
}
# Proved to be broken
#"RBL_SARBL_BAD" {
# suffix = "public.sarbl.org";
# noip = true;
# images = true;
#}
}
.include(try=true,priority=5) "${DBDIR}/dynamic/rbl.conf"

7
rspamd/scores.d/content_group.conf
View File

@@ -35,18 +35,17 @@ symbols = {
}
"PDF_LONG_TRAILER" {
weight = 0.2;
description = "There is an PDF with a long trailer";
description = "There is an PDF with a long trailer in the message";
one_shot = true;
}
"PDF_MANY_OBJECTS" {
weight = 0;
description = "There is a PDF file with too many objects";
description = "There is a PDF with too many objects in the message";
one_shot = true;
}
"PDF_TIMEOUT" {
weight = 0;
description = "There is a PDF file that caused timeout in processing";
description = "There is a PDF in the message that caused timeout in processing";
one_shot = true;
}
}

1
rspamd/scores.d/headers_group.conf
View File

@@ -16,6 +16,7 @@
# See https://rspamd.com/doc/tutorials/writing_rules.html for details
description = "Various headers checks";
max_score = 8.0;
symbols = {

3
rspamd/scores.d/mime_types_group.conf
View File

@@ -16,9 +16,8 @@
# See https://rspamd.com/doc/tutorials/writing_rules.html for details
description = "Mime attachments rules";
# Define some limit for this group
max_score = 10.0;
max_score = 10.0;
symbols = {
"MIME_GOOD" {

4
rspamd/scores.d/policies_group.conf
View File

@@ -124,25 +124,21 @@ symbols = {
description = "ARC checks success";
groups = ["arc"];
}
"ARC_REJECT" {
weight = 1.0;
description = "ARC checks failed";
groups = ["arc"];
}
"ARC_INVALID" {
weight = 0.5;
description = "ARC structure invalid";
groups = ["arc"];
}
"ARC_DNSFAIL" {
weight = 0.0;
description = "ARC DNS error";
groups = ["arc"];
}
"ARC_NA" {
weight = 0.0;
description = "ARC signature absent";

56
rspamd/scores.d/rbl_group.conf
View File

@@ -21,7 +21,7 @@ symbols = {
"DNSWL_BLOCKED" {
weight = 0.0;
description = "Resolver blocked due to excessive queries";
description = "https://www.dnswl.org: Resolver blocked due to excessive queries";
groups = ["dnswl", "blocked"];
}
"RCVD_IN_DNSWL" {
@@ -52,12 +52,12 @@ symbols = {
"DWL_DNSWL_BLOCKED" {
weight = 0.0;
description = "Resolver blocked due to excessive queries (dwl)";
description = "https://www.dnswl.org: Resolver blocked due to excessive queries (DWL)";
groups = ["dnswl", "blocked"];
}
"DWL_DNSWL" {
weight = 0.0;
description = "Unrecognised result from https://www.dnswl.org (dwl)";
description = "Unrecognised result from https://www.dnswl.org (DWL)";
groups = ["dnswl"];
}
"DWL_DNSWL_NONE" {
@@ -88,89 +88,85 @@ symbols = {
}
"RBL_SPAMHAUS_SBL" {
weight = 4.0;
description = "From address is listed in ZEN SBL";
description = "From address is listed in Spamhaus SBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_CSS" {
weight = 2.0;
description = "From address is listed in ZEN CSS";
description = "From address is listed in Spamhaus CSS";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_XBL" {
weight = 4.0;
description = "From address is listed in ZEN XBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_XBL_ANY" {
weight = 4.0;
description = "From or received address is listed in ZEN XBL (any list)";
description = "From address is listed in Spamhaus XBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_PBL" {
weight = 2.0;
description = "From address is listed in ZEN PBL (ISP list)";
description = "From address is listed in Spamhaus PBL";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_DROP" {
weight = 7.0;
description = "From address is listed in ZEN DROP BL";
description = "From address is listed in Spamhaus DROP";
groups = ["spamhaus"];
}
"RBL_SPAMHAUS_BLOCKED_OPENRESOLVER" {
weight = 0.0;
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
groups = ["spamhaus"];
groups = ["spamhaus", "blocked"];
}
"RBL_SPAMHAUS_BLOCKED" {
weight = 0.0;
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
groups = ["spamhaus"];
groups = ["spamhaus", "blocked"];
}
"RECEIVED_SPAMHAUS_SBL" {
weight = 3.0;
description = "Received address is listed in ZEN SBL";
description = "Received address is listed in Spamhaus SBL";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_CSS" {
weight = 1.0;
description = "Received address is listed in ZEN CSS";
description = "Received address is listed in Spamhaus CSS";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_XBL" {
weight = 3.0;
weight = 1.0;
description = "Received address is listed in ZEN XBL";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_PBL" {
weight = 0.0;
description = "Received address is listed in ZEN PBL (ISP list)";
description = "Received address is listed in Spamhaus PBL";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_DROP" {
weight = 6.0;
description = "Received address is listed in ZEN DROP BL";
description = "Received address is listed in Spamhaus DROP";
groups = ["spamhaus"];
one_shot = true;
}
"RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER" {
weight = 0.0;
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
groups = ["spamhaus"];
groups = ["spamhaus", "blocked"];
}
"RECEIVED_SPAMHAUS_BLOCKED" {
weight = 0.0;
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
groups = ["spamhaus"];
groups = ["spamhaus", "blocked"];
}
"RBL_SENDERSCORE" {
weight = 2.0;
description = "From address is listed in senderscore.com BL";
}
"MAILSPIKE" {
weight = 0.0;
description = "Unrecognised result from Mailspike";
@@ -183,37 +179,37 @@ symbols = {
}
"RBL_MAILSPIKE_WORST" {
weight = 2.0;
description = "From address is listed in RBL - worst possible reputation";
description = "From address is listed in Mailspike RBL - worst possible reputation";
groups = ["mailspike"];
}
"RBL_MAILSPIKE_VERYBAD" {
weight = 1.5;
description = "From address is listed in RBL - very bad reputation";
description = "From address is listed in Mailspike RBL - very bad reputation";
groups = ["mailspike"];
}
"RBL_MAILSPIKE_BAD" {
weight = 1.0;
description = "From address is listed in RBL - bad reputation";
description = "From address is listed in Mailspike RBL - bad reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_POSSIBLE" {
weight = 0.0;
description = "From address is listed in RWL - possibly legit";
description = "From address is listed in Mailspike RWL - possibly legit";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_GOOD" {
weight = -0.1;
description = "From address is listed in RWL - good reputation";
description = "From address is listed in Mailspike RWL - good reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_VERYGOOD" {
weight = -0.2;
description = "From address is listed in RWL - very good reputation";
description = "From address is listed in Mailspike RWL - very good reputation";
groups = ["mailspike"];
}
"RWL_MAILSPIKE_EXCELLENT" {
weight = -0.4;
description = "From address is listed in RWL - excellent reputation";
description = "From address is listed in Mailspike RWL - excellent reputation";
groups = ["mailspike"];
}
@@ -236,7 +232,7 @@ symbols = {
"RBL_NIXSPAM" {
weight = 4.0;
description = "From address is listed in NiX Spam (http://www.dnsbl.manitu.net/)";
description = "From address is listed in NiX Spam (https://www.nixspam.net/)";
}
"RBL_BLOCKLISTDE" {

4
rspamd/scores.d/subject_group.conf
View File

@@ -17,7 +17,7 @@
description = "Subject filters";
max_score = 6.0;
symbols = {
}
max_score = 6.0;

69
rspamd/scores.d/surbl_group.conf
View File

@@ -22,41 +22,41 @@ max_score = 12.5;
symbols = {
"SURBL_BLOCKED" {
weight = 0.0;
description = "SURBL: blocked by policy/overusage";
description = "SURBL: query blocked by policy/overusage";
one_shot = true;
groups = ["surblorg", "blocked"];
}
"PH_SURBL_MULTI" {
weight = 5.5;
description = "SURBL: Phishing sites";
description = "A domain in the message is listed in SURBL as phishing";
one_shot = true;
groups = ["surblorg", "phishing"];
}
"MW_SURBL_MULTI" {
weight = 5.5;
description = "SURBL: Malware sites";
description = "A domain in the message is listed in SURBL as malware";
one_shot = true;
groups = ["surblorg"];
}
"ABUSE_SURBL" {
weight = 5.5;
description = "SURBL: ABUSE";
description = "A domain in the message is listed in SURBL as abused";
one_shot = true;
groups = ["surblorg"];
}
"CRACKED_SURBL" {
weight = 4.0;
description = "SURBL: cracked site";
description = "A domain in the message is listed in as SURBL cracked";
one_shot = true;
groups = ["surblorg"];
}
"RSPAMD_URIBL" {
weight = 4.5;
description = "Rspamd uribl, bl.rspamd.com";
one_shot = true;
groups = ["rspamdbl"];
}
"RSPAMD_EMAILBL" {
weight = 2.5;
description = "Rspamd emailbl, bl.rspamd.com";
@@ -66,101 +66,101 @@ symbols = {
"MSBL_EBL" {
weight = 7.5;
description = "MSBL emailbl";
description = "MSBL emailbl (https://www.msbl.org/)";
one_shot = true;
groups = ["ebl"];
}
"MSBL_EBL_GREY" {
weight = 0.5; # TODO: test it
description = "MSBL emailbl grey list";
description = "MSBL emailbl grey list (https://www.msbl.org/)";
one_shot = true;
groups = ["ebl"];
}
"SEM_URIBL_UNKNOWN" {
weight = 0.0;
description = "Spameatingmonkey uribl: unknown result";
description = "Unrecognised result from Spameatingmonkey URIBL";
one_shot = true;
groups = ["sem"];
}
"SEM_URIBL" {
weight = 3.5;
description = "Spameatingmonkey uribl";
description = "A domain in the message is listed in Spameatingmonkey URIBL";
one_shot = true;
groups = ["sem"];
}
"SEM_URIBL_FRESH15_UNKNOWN" {
weight = 0.0;
description = "Spameatingmonkey Fresh15 uribl: unknown result";
description = "Unrecognised result from Spameatingmonkey Fresh15 URIBL";
one_shot = true;
groups = ["sem"];
}
"SEM_URIBL_FRESH15" {
weight = 3.0;
description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)";
description = "A domain in the message is listed in Spameatingmonkey Fresh15 URIBL (registered in the past 15 days, .AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US only)";
one_shot = true;
groups = ["sem"];
}
"DBL" {
weight = 0.0;
description = "DBL unknown result";
description = "Unrecognised result from Spamhaus DBL";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_SPAM" {
weight = 6.5;
description = "DBL uribl spam";
description = "A domain in the message is listed in Spamhaus DBL as spam";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_PHISH" {
weight = 6.5;
description = "DBL uribl phishing";
description = "A domain in the message is listed in Spamhaus DBL as phishing";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_MALWARE" {
weight = 6.5;
description = "DBL uribl malware";
description = "A domain in the message is listed in Spamhaus DBL as malware";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_BOTNET" {
weight = 5.5;
description = "DBL uribl botnet C&C domain";
description = "A domain in the message is listed in Spamhaus DBL as botnet C&C";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE" {
weight = 6.5;
description = "DBL uribl abused legit spam";
description = "A domain in the message is listed in Spamhaus DBL as abused legit spam";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_REDIR" {
weight = 1.5;
description = "DBL uribl abused spammed redirector domain";
description = "A domain in the message is listed in Spamhaus DBL as spammed redirector domain";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_PHISH" {
weight = 7.5;
description = "DBL uribl abused legit phish";
description = "A domain in the message is listed in Spamhaus DBL as abused legit phish";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_MALWARE" {
weight = 7.5;
description = "DBL uribl abused legit malware";
description = "A domain in the message is listed in Spamhaus DBL as abused legit malware";
one_shot = true;
groups = ["spamhaus"];
}
"DBL_ABUSE_BOTNET" {
weight = 5.5;
description = "DBL uribl abused legit botnet C&C";
description = "A domain in the message is listed in Spamhaus DBL as abused legit botnet C&C";
one_shot = true;
groups = ["spamhaus"];
}
@@ -174,48 +174,50 @@ symbols = {
weight = 0.0;
description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
one_shot = true;
groups = ["spamhaus"];
groups = ["spamhaus", "blocked"];
}
"DBL_BLOCKED" {
weight = 0.0;
description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
one_shot = true;
groups = ["spamhaus"];
groups = ["spamhaus", "blocked"];
}
"URIBL_MULTI" {
weight = 0.0;
description = "uribl.com: unrecognised result";
description = "Unrecognised result from URIBL.com";
one_shot = true;
groups = ["uribl"];
}
"URIBL_BLOCKED" {
weight = 0.0;
description = "uribl.com: query refused";
description = "URIBL.com: query refused, likely due to policy/overusage";
one_shot = true;
groups = ["uribl", "blocked"];
}
"URIBL_BLACK" {
weight = 7.5;
description = "uribl.com black url";
description = "A domain in the message is listed in URIBL.com black";
one_shot = true;
groups = ["uribl"];
}
"URIBL_RED" {
weight = 3.5;
description = "uribl.com red url";
description = "A domain in the message is listed in URIBL.com red";
one_shot = true;
groups = ["uribl"];
}
"URIBL_GREY" {
weight = 1.5;
description = "uribl.com grey url";
description = "A domain in the message is listed in URIBL.com grey";
one_shot = true;
groups = ["uribl"];
}
"SPAMHAUS_ZEN_URIBL" {
ignore = true;
weight = 0.0;
description = "Spamhaus ZEN URIBL: Filtered result";
description = "Unrecognised result from Spamhaus ZEN URIBL";
one_shot = true;
groups = ["spamhaus"];
}
@@ -229,7 +231,7 @@ symbols = {
"URIBL_SBL_CSS" {
ignore = true;
weight = 6.5;
description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS";
description = "A domain in the message body resolves to an IP listed in Spamhaus CSS";
one_shot = true;
groups = ["spamhaus"];
}
@@ -254,9 +256,4 @@ symbols = {
one_shot = true;
groups = ["spamhaus"];
}
#"RBL_SARBL_BAD" {
# weight = 2.5;
# description = "A domain in the message body is blacklisted in SARBL";
# one_shot = true;
#}
}

9
rspamd/worker-proxy.inc
View File

@@ -13,7 +13,14 @@
# Module documentation: https://rspamd.com/doc/workers/rspamd_proxy.html
milter = yes; # Enable milter mode
timeout = 120s; # Needed for Milter usually
# This timeout is mostly specific to the milter mode.
# Please also bear in mind that if this timeout is longer than `task_timeout`,
# your messages might be processed for much longer due to this timeout (this is
# true for self-scan mode).
# If this behaviour is not desired, then it is recommended to reduce and adjust this
# value accordingly
timeout = 60s;
upstream "local" {
default = yes;