Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to whitelist IP addresses or domains in Rspamd

Whitelist IP addresses based on pre-filter policy

/etc/rspamd/local.d/multimap.conf:

  IP_WHITELIST {
      type = "ip";
      prefilter = true;
      map = "/${LOCAL_CONFDIR}/local.d/ip_whitelist.map";
      action = "accept";
  }

/etc/rspamd/local.d/ip_whitelist.map:

  192.168.122.3
  192.168.122.4

Lower spam score of e-mails with a certain domain name (post-filter mode)

/etc/rspamd/local.d/multimap.conf:

  WHITELIST_SENDER_DOMAIN {
      type = "from";
      filter = "email:domain";
      map = "/etc/rspamd/local.d/whitelist.sender.domain.map";
      score = -6.0
  }

/etc/rspamd/local.d/whitelist.sender.domain.map:

  meinedomain.tld
  anderedomain.tld
@hiandras
Copy link

hiandras commented Mar 12, 2019

Hi,

In: /etc/rspamd/local.d/multimap.conf
the prefilter = "true";
should be prefilter = true;
(without quotation marks).

That is how it worked for me. (Version 1.8.3)
Regards,
hiandras

@pannal
Copy link

pannal commented Mar 14, 2019

Sorry for the slight offtopic:

Does the rspamc learn_ham only train the bayes filter or does it actually add some whitelisting on its own?

I've just had an email where bayes was 100% sure it wasn't spam, but their other parameters were so bad, it was marked as spam. Does learn_ham help here?

@echodreamz
Copy link

echodreamz commented Apr 7, 2020

Can the same basic principle be applied for blacklisting IPs?

@ThomasLeister
Copy link
Author

ThomasLeister commented Apr 12, 2020

Can the same basic principle be applied for blacklisting IPs?

Yes, have a look here: https://gist.github.com/kvaps/25507a87dc287e6a620e1eec2d60ebc1

@ThomasLeister
Copy link
Author

ThomasLeister commented Apr 12, 2020

I've just had an email where bayes was 100% sure it wasn't spam, but their other parameters were so bad, it was marked as spam. Does learn_ham help here?

No, the learning process does only affect the bayesian filter. If the other parameters were too bad, you can create whitelist that server or tune the corresponding check weight.

@Gerben-W
Copy link

Gerben-W commented May 19, 2020

I have setup these Whitelist filters, but in the whitelist sender domain file only the first entry is being filtered. The other ones do not seem te get the lower score. Am I doing something wrong?

My config:
/etc/rspamd/local.d/multimap.conf

# Whitelists
local_wl_domain {
        type = "from";
        filter = "email:domain";
        map = "$CONFDIR/local.d/local_wl_domain.map";
        symbol = "LOCAL_WL_DOMAIN";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_DOMAIN";
}
local_wl_from {
        type = "from";
        filter = "email:domain:tld";
        map = "$CONFDIR/local.d/local_wl_from.map";
        symbol = "LOCAL_WL_FROM";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_FROM";
}
local_wl_ip {
        type = "ip";
        map = "$CONFDIR/local.d/local_wl_ip.map";
        symbol = "LOCAL_WL_IP";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_IP";
}
local_wl_rcpt {
        type = "rcpt";
        map = "$CONFDIR/local.d/local_wl_rcpt.map";
        symbol = "LOCAL_WL_RCPT";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_RCPT";
}


/etc/rspamd/local.d/local_wl_domain.map

domain1.com
n.domain2.com
e.domain3.com
domain4.org

@sirio81
Copy link

sirio81 commented Dec 10, 2020

Hi, does /etc/rspamd/local.d/ip_whitelist.map accept cidr notation? I.e. 192.168.122.0/24

@TonyGravagno
Copy link

TonyGravagno commented Jan 7, 2021

@javimox
Copy link

javimox commented Mar 27, 2021

HI @Gerben-W,

You have there regex = true; but your file local_wl_domain.map does not look like regexp (eg. dots must be escaped). Either remove regex from your multimap or convert the entries of the map to regex.

eg: match email using regex:
/^user@example\.com$/i

I have setup these Whitelist filters, but in the whitelist sender domain file only the first entry is being filtered. The other ones do not seem te get the lower score. Am I doing something wrong?

My config:
/etc/rspamd/local.d/multimap.conf

# Whitelists
local_wl_domain {
        type = "from";
        filter = "email:domain";
        map = "$CONFDIR/local.d/local_wl_domain.map";
        symbol = "LOCAL_WL_DOMAIN";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_DOMAIN";
}
local_wl_from {
        type = "from";
        filter = "email:domain:tld";
        map = "$CONFDIR/local.d/local_wl_from.map";
        symbol = "LOCAL_WL_FROM";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_FROM";
}
local_wl_ip {
        type = "ip";
        map = "$CONFDIR/local.d/local_wl_ip.map";
        symbol = "LOCAL_WL_IP";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_IP";
}
local_wl_rcpt {
        type = "rcpt";
        map = "$CONFDIR/local.d/local_wl_rcpt.map";
        symbol = "LOCAL_WL_RCPT";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_RCPT";
}

/etc/rspamd/local.d/local_wl_domain.map

domain1.com
n.domain2.com
e.domain3.com
domain4.org

@sneak
Copy link

sneak commented May 31, 2021

Is it okay to put v6 IPs in the ip_whitelist.map? Should they be put in brackets?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment