1antivirus { 2 clam { 3 attachments_only = false; 4 symbol = "CLAM_VIRUS"; 5 type = "clamav"; 6 servers = "127.0.0.1:{= env.PORT_CLAM =}"; 7 } 8 fprot { 9 attachments_only = false; 10 symbol = "FPROT_VIRUS"; 11 type = "fprot"; 12 servers = "127.0.0.1:{= env.PORT_FPROT =}"; 13 patterns { 14 FPROT_EICAR = "^EICAR_Test_File$"; 15 } 16 } 17 fprot_duplicate { 18 prefix = "fp_dupe"; 19 attachments_only = false; 20 symbol = "FPROT2_VIRUS_DUPLICATE_DEFAULT"; 21 type = "fprot"; 22 servers = "127.0.0.1:{= env.PORT_FPROT2_DUPLICATE =}"; 23 patterns = [ 24 {FPROT2_VIRUS_DUPLICATE_PATTERN = "^E"}, 25 {FPROT2_VIRUS_DUPLICATE_NOPE1 = "^EI", 26 FPROT2_VIRUS_DUPLICATE_NOPE2 = "^EIC", 27 FPROT2_VIRUS_DUPLICATE_NOPE3 = "^EICA", 28 FPROT2_VIRUS_DUPLICATE_NOPE4 = "^EICAR", 29 FPROT2_VIRUS_DUPLICATE_NOPE5 = "^EICAR_"} 30 ]; 31 } 32 avast { 33 attachments_only = false; 34 symbol = "AVAST_VIRUS"; 35 type = "avast"; 36 servers = "127.0.0.1:{= env.PORT_AVAST =}"; 37 } 38} 39 40multimap { 41 DNSBL_MAP { 42 type = "dnsbl"; 43 map = "rspamd.com"; 44 } 45 IP_MAP { 46 type = "ip"; 47 map = "{= env.TESTDIR =}/configs/maps/ip.list"; 48 } 49 FROM_MAP { 50 type = "from"; 51 filter = "email:domain"; 52 map = "{= env.TESTDIR =}/configs/maps/domains.list"; 53 } 54 FREEMAIL_CC { 55 type = "header"; 56 header = "Cc"; 57 filter = "email:domain"; 58 map = "{= env.TESTDIR =}/configs/maps/domains.list.2"; 59 score = 1.0; 60 } 61 REGEXP_MAP { 62 type = "from"; 63 filter = "email:addr"; 64 regexp = true; 65 map = "{= env.TESTDIR =}/configs/maps/regexp.list"; 66 } 67 DEPS_MAP { 68 type = "from"; 69 filter = "email:addr"; 70 regexp = true; 71 map = "{= env.TESTDIR =}/configs/maps/regexp.list"; 72 require_symbols = "(R_SPF_ALLOW|R_SPF_DNSFAIL) & REGEXP_MAP & !FROM_MAP"; 73 } 74 RCPT_DOMAIN { 75 type = "rcpt"; 76 filter = "email:domain"; 77 map = "{= env.TESTDIR =}/configs/maps/domains.list"; 78 } 79 RCPT_USER { 80 type = "rcpt"; 81 filter = "email:user"; 82 map = "{= env.TESTDIR =}/configs/maps/users.list"; 83 } 84 RCPT_MAP { 85 type = "rcpt"; 86 filter = "email:addr"; 87 symbols = ["SYM1"]; 88 map = "{= env.TESTDIR =}/configs/maps/multiple.list"; 89 score = 1.0; 90 } 91 RCPT_MAP_NOMULTISYM { 92 type = "rcpt"; 93 filter = "email:addr"; 94 disable_multisymbol = true; 95 map = "{= env.TESTDIR =}/configs/maps/multiple.list"; 96 score = 1.0; 97 } 98 HEADER_MAP { 99 type = "header"; 100 header = "To"; 101 filter = "email:name"; 102 map = "{= env.TESTDIR =}/configs/maps/utf.list"; 103 regexp = true; 104 } 105 HOSTNAME_MAP { 106 type = "hostname"; 107 map = "{= env.TESTDIR =}/configs/maps/domains.list"; 108 } 109 HOSTNAME_TOP_MAP { 110 type = "hostname"; 111 filter = "top"; 112 map = "{= env.TESTDIR =}/configs/maps/top.list"; 113 } 114 CDB_HOSTNAME { 115 type = "hostname"; 116 map = "cdb://{= env.TESTDIR =}/configs/maps/domains.cdb"; 117 } 118 REDIS_HOSTNAME { 119 type = "hostname"; 120 map = "redis://hostname"; 121 } 122 REDIS_HOSTNAME_EXPANSION { 123 type = "hostname"; 124 map = "redis://${ip}.${principal_recipient_domain}"; 125 } 126 REDIS_IPADDR { 127 type = "ip"; 128 map = "redis://ipaddr"; 129 } 130 REDIS_FROMADDR { 131 type = "from"; 132 filter = "email:addr"; 133 map = "redis://emailaddr"; 134 } 135 REDIS_URL_TLD { 136 type = "url"; 137 map = "redis://hostname"; 138 filter = "tld"; 139 } 140 REDIS_URL_RE_FULL { 141 type = "url"; 142 map = "redis://fullurlre"; 143 filter = "full:regexp:/(html)$/"; 144 } 145 REDIS_URL_FULL { 146 type = "url"; 147 map = "redis://fullurl"; 148 filter = "full"; 149 } 150 REDIS_URL_PHISHED { 151 type = "url"; 152 map = "redis://phishedurl"; 153 filter = "is_phished"; 154 } 155 REDIS_URL_RE_TLD { 156 type = "url"; 157 map = "redis://tldre"; 158 filter = "tld:regexp:/(net)$/"; 159 } 160 REDIS_URL_RE_PLAIN { 161 type = "url"; 162 map = "redis://urlre"; 163 filter = "regexp:/^(www)/"; 164 } 165 REDIS_URL_NOFILTER { 166 type = "url"; 167 map = "redis://urlnofilter"; 168 } 169 REDIS_COUNTRY { 170 type = "country"; 171 map = "redis://cc"; 172 } 173 REDIS_ASN { 174 type = "asn"; 175 map = "redis://asn"; 176 } 177 REDIS_ASN_FILTERED { 178 type = "mempool"; 179 variable = "asn"; 180 map = "redis://asn"; 181 filter = "regexp:/^([0-9]).*/"; 182 } 183 RCVD_TEST_01 { 184 type = "received"; 185 max_pos = 1; 186 map = "{= env.TESTDIR =}/configs/maps/rcvd.list"; 187 } 188 RCVD_TEST_02 { 189 type = "received"; 190 min_pos = -1; 191 map = "{= env.TESTDIR =}/configs/maps/rcvd.list"; 192 } 193 RCVD_TEST_REDIS_01 { 194 type = "received"; 195 map = "redis://RCVD_TEST"; 196 } 197 RCVD_AUTHED_ONE { 198 type = "received"; 199 map = "{= env.TESTDIR =}/configs/maps/rcvd2.list"; 200 flags = ["authenticated"]; 201 nflags = ["ssl"]; 202 } 203 RCVD_AUTHED_TWO { 204 type = "received"; 205 map = "{= env.TESTDIR =}/configs/maps/rcvd2.list"; 206 flags = ["authenticated", "ssl"]; 207 } 208 COMBINED_MAP_AND { 209 type = "combined"; 210 rules { 211 ip = { 212 type = "radix"; 213 map = "{= env.TESTDIR =}/configs/maps/ip.list"; 214 selector = "ip"; 215 } 216 from { 217 map = "{= env.TESTDIR =}/configs/maps/domains.list"; 218 selector = "from:domain"; 219 } 220 } 221 expression = "from & ip"; 222 score = 10; 223 prefilter = true; 224 } 225 COMBINED_MAP_OR { 226 type = "combined"; 227 rules { 228 ip = { 229 type = "radix"; 230 map = "{= env.TESTDIR =}/configs/maps/ip.list"; 231 selector = "ip"; 232 } 233 from { 234 map = "{= env.TESTDIR =}/configs/maps/domains.list"; 235 selector = "from:domain"; 236 } 237 } 238 expression = "from || ip" 239 } 240} 241 242rbl { 243 rbls { 244 fake { 245 from = true; 246 ipv4 = true; 247 ipv6 = true; 248 rbl = "fake.rbl"; 249 symbol = "FAKE_RBL_UNKNOWN"; 250 received = true; 251 symbols_prefixes = { 252 received = 'FAKE_RECEIVED_RBL', 253 from = 'FAKE_RBL', 254 } 255 unknown = true; 256 returncodes = { 257 "CODE_2" = "127.0.0.2"; 258 "CODE_3" = "127.0.0.3"; 259 } 260 } 261 fake_whitelist { 262 from = true; 263 ipv4 = true; 264 ipv6 = true; 265 received = true; 266 is_whitelist = true; 267 rbl = "fake.wl"; 268 symbol = "FAKE_WL_RBL_UNKNOWN"; 269 unknown = true; 270 returncodes = { 271 "FAKE_WL_RBL_CODE_2" = "127.0.0.2"; 272 "FAKE_WL_RBL_CODE_3" = "127.0.0.3"; 273 } 274 } 275 RSPAMD_EMAILBL { 276 rbl = "test8.uribl"; 277 url_compose_map = "{= env.TESTDIR =}/configs/maps/url_compose_map_for_mails.list"; 278 ignore_defaults = true; 279 emails = true; 280 emails_domainonly = true 281 returncodes = { 282 RSPAMD_EMAILBL = "127.0.0.2"; 283 } 284 } 285 URIBL_NOCONTENT { 286 rbl = "test9.uribl"; 287 ignore_defaults = true; 288 urls = true; 289 } 290 URIBL_WITHCONTENT { 291 rbl = "test9.uribl"; 292 ignore_defaults = true; 293 urls = true; 294 content_urls = true; 295 } 296 URIBL_CONTENTONLY { 297 rbl = "test9.uribl"; 298 ignore_defaults = true; 299 content_urls = true; 300 no_ip = true; 301 } 302 RBL_SELECTOR_SINGLE { 303 rbl = "test9.uribl"; 304 ignore_defaults = true; 305 selector = "helo()"; 306 } 307 RBL_SELECTOR_MULTIPLE { 308 rbl = "test9.uribl"; 309 ignore_defaults = true; 310 selector = { 311 sel_from = "from('smtp'):domain"; 312 sel_helo = "helo()"; 313 } 314 } 315 } 316} 317 318surbl { 319 "whitelist" = [ 320 "rspamd-test.com" 321 ]; 322 rules { 323 "RSPAMD_URIBL" { 324 suffix = "test.uribl"; 325 check_dkim = true; 326 check_emails = true; 327 images = false; 328 process_script =<<EOD 329function(url, suffix) 330 local cr = require "rspamd_cryptobox_hash" 331 local h = cr.create(url):base32():sub(1, 32) 332 return string.format("%s.%s", h, suffix) 333end 334EOD; 335 } 336 "DBL" { 337 suffix = "test2.uribl"; 338 no_ip = true; 339 check_emails = true; 340 check_dkim = true; 341 ips = { 342 # spam domain 343 DBL_SPAM = "127.0.1.2"; 344 # phish domain 345 DBL_PHISH = "127.0.1.4"; 346 } 347 } 348 "URIBL_MULTI" { 349 suffix = "test3.uribl"; 350 check_dkim = true; 351 check_emails = true; 352 bits { 353 URIBL_BLOCKED = 1; 354 URIBL_BLACK = 2; 355 URIBL_GREY = 4; 356 URIBL_RED = 8; 357 } 358 } 359 "SPAMHAUS_ZEN_URIBL" { 360 suffix = "test4.uribl"; 361 resolve_ip = true; 362 check_emails = true; 363 ips { 364 URIBL_SBL = "127.0.0.2"; 365 URIBL_SBL_CSS = "127.0.0.3"; 366 URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"]; 367 URIBL_PBL = ["127.0.0.10", "127.0.0.11"]; 368 URIBL_DROP = "127.0.0.9"; 369 } 370 } 371 "RSPAMD_URIBL_IMAGES" { 372 suffix = "test.uribl"; 373 check_dkim = true; 374 check_emails = false; 375 images = true; 376 process_script =<<EOD 377 function(url, suffix) 378 local cr = require "rspamd_cryptobox_hash" 379 local h = cr.create(url):base32():sub(1, 32) 380 return string.format("%s.%s", h, suffix) 381end 382EOD; 383 } 384 "BAD_SUBDOMAIN" { 385 suffix = "test7.uribl"; 386 url_compose_map = "{= env.TESTDIR =}/configs/maps/url_compose_map.list"; 387 check_dkim = true; 388 check_emails = false; 389 } 390 } 391} 392