diff --git a/.etckeeper b/.etckeeper index 83ca0c0..ea8683b 100755 --- a/.etckeeper +++ b/.etckeeper @@ -4469,6 +4469,7 @@ maybe chmod 0755 'rspamd/modules.d' maybe chmod 0644 'rspamd/modules.d/antivirus.conf' maybe chmod 0644 'rspamd/modules.d/arc.conf' maybe chmod 0644 'rspamd/modules.d/asn.conf' +maybe chmod 0644 'rspamd/modules.d/aws_s3.conf' maybe chmod 0644 'rspamd/modules.d/chartable.conf' maybe chmod 0644 'rspamd/modules.d/clickhouse.conf' maybe chmod 0644 'rspamd/modules.d/dcc.conf' @@ -4477,6 +4478,7 @@ maybe chmod 0644 'rspamd/modules.d/dkim_signing.conf' maybe chmod 0644 'rspamd/modules.d/dmarc.conf' maybe chmod 0644 'rspamd/modules.d/elastic.conf' maybe chmod 0644 'rspamd/modules.d/emails.conf' +maybe chmod 0644 'rspamd/modules.d/external_relay.conf' maybe chmod 0644 'rspamd/modules.d/external_services.conf' maybe chmod 0644 'rspamd/modules.d/force_actions.conf' maybe chmod 0644 'rspamd/modules.d/forged_recipients.conf' diff --git a/rspamd/maps.d/mime_types.inc b/rspamd/maps.d/mime_types.inc index d71fa0d..c4f158d 100644 --- a/rspamd/maps.d/mime_types.inc +++ b/rspamd/maps.d/mime_types.inc @@ -1341,6 +1341,8 @@ image/vnd.tencent.tap 0 image/vnd.valve.source.texture 0 image/vnd.xiff 0 image/vnd.zbrush.pcx 0 +image/wmf 0 +image/x-wmf 0 message/CPIM 0 message/delivery-status 0 message/disposition-notification 0 diff --git a/rspamd/modules.d/aws_s3.conf b/rspamd/modules.d/aws_s3.conf new file mode 100644 index 0000000..2dd9663 --- /dev/null +++ b/rspamd/modules.d/aws_s3.conf @@ -0,0 +1,26 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/asn.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/asn.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/asn.html + +aws_s3 { + # Required attributes + #s3_bucket = 'xxx'; + s3_region = 'us-east-1'; + #s3_secret_key = 'xxx'; + #s3_key_id = 'xxx'; + # Enable in local.d/aws_s3.conf + enabled = false; + .include(try=true,priority=5) "${DBDIR}/dynamic/aws_s3.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/aws_s3.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/aws_s3.conf" +} diff --git a/rspamd/modules.d/external_relay.conf b/rspamd/modules.d/external_relay.conf new file mode 100644 index 0000000..7d52ced --- /dev/null +++ b/rspamd/modules.d/external_relay.conf @@ -0,0 +1,22 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/external_relay.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/external_relay.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/external_relay.html + +external_relay { + # This module is default-disabled + enabled = false; + + .include(try=true,priority=5) "${DBDIR}/dynamic/external_relay.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/external_relay.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/external_relay.conf" +} diff --git a/rspamd/modules.d/phishing.conf b/rspamd/modules.d/phishing.conf index d828f9f..bd2e0bd 100644 --- a/rspamd/modules.d/phishing.conf +++ b/rspamd/modules.d/phishing.conf @@ -21,13 +21,20 @@ phishing { # Phishtank is disabled by default in the module, so let's enable it here explicitly phishtank_enabled = true; - # Make exclusions for known redirectors - redirector_domains = [ - "https://maps.rspamd.com/rspamd/redirectors.inc.zst:REDIRECTOR_FALSE", - "$LOCAL_CONFDIR/local.d/maps.d/redirectors.inc:LOCAL_REDIRECTOR_FALSE", - "$LOCAL_CONFDIR/local.d/redirectors.inc:LOCAL_REDIRECTOR_FALSE", - "fallback+file://${CONFDIR}/maps.d/redirectors.inc:REDIRECTOR_FALSE" - ]; + # Make exclusions for known redirectors and domains + exceptions = { + REDIRECTOR_FALSE = [ + "https://maps.rspamd.com/rspamd/redirectors.inc.zst", + "$LOCAL_CONFDIR/local.d/maps.d/redirectors.inc", + "$LOCAL_CONFDIR/local.d/redirectors.inc", + "fallback+file://${CONFDIR}/maps.d/redirectors.inc" + ]; + PHISHED_WHITELISTED = [ + "glob;https://maps.rspamd.com/rspamd/phishing_whitelist.inc.zst", + "glob;$LOCAL_CONFDIR/local.d/maps.d/phishing_whitelist.inc", + "glob;$LOCAL_CONFDIR/local.d/phishing_whitelist.inc", + ]; + }; .include(try=true,priority=5) "${DBDIR}/dynamic/phishing.conf" .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/phishing.conf" diff --git a/rspamd/scores.d/phishing_group.conf b/rspamd/scores.d/phishing_group.conf index c7368ef..9e5c4a3 100644 --- a/rspamd/scores.d/phishing_group.conf +++ b/rspamd/scores.d/phishing_group.conf @@ -41,4 +41,8 @@ symbols = { weight = 0.0; description = "Phishing exclusion symbol for known redirectors"; } + PHISHED_WHITELISTED { + weight = 0.0; + description = "Phishing exclusion symbol for known exceptions"; + } } \ No newline at end of file diff --git a/rspamd/scores.d/policies_group.conf b/rspamd/scores.d/policies_group.conf index 5e5a83b..ee3d0bb 100644 --- a/rspamd/scores.d/policies_group.conf +++ b/rspamd/scores.d/policies_group.conf @@ -126,13 +126,13 @@ symbols = { } "ARC_REJECT" { - weight = 2.0; + weight = 1.0; description = "ARC checks failed"; groups = ["arc"]; } "ARC_INVALID" { - weight = 1.0; + weight = 0.5; description = "ARC structure invalid"; groups = ["arc"]; }