Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to whitelist IP addresses or domains in Rspamd

Whitelist IP addresses based on pre-filter policy

/etc/rspamd/local.d/multimap.conf:

  IP_WHITELIST {
      type = "ip";
      prefilter = true;
      map = "/${LOCAL_CONFDIR}/local.d/ip_whitelist.map";
      action = "accept";
  }

/etc/rspamd/local.d/ip_whitelist.map:

  192.168.122.3
  192.168.122.4

Lower spam score of e-mails with a certain domain name (post-filter mode)

/etc/rspamd/local.d/multimap.conf:

  WHITELIST_SENDER_DOMAIN {
      type = "from";
      filter = "email:domain";
      map = "/etc/rspamd/local.d/whitelist.sender.domain.map";
      score = -6.0
  }

/etc/rspamd/local.d/whitelist.sender.domain.map:

  meinedomain.tld
  anderedomain.tld
@hiandras

This comment has been minimized.

Copy link

hiandras commented Mar 12, 2019

Hi,

In: /etc/rspamd/local.d/multimap.conf
the prefilter = "true";
should be prefilter = true;
(without quotation marks).

That is how it worked for me. (Version 1.8.3)
Regards,
hiandras

@pannal

This comment has been minimized.

Copy link

pannal commented Mar 14, 2019

Sorry for the slight offtopic:

Does the rspamc learn_ham only train the bayes filter or does it actually add some whitelisting on its own?

I've just had an email where bayes was 100% sure it wasn't spam, but their other parameters were so bad, it was marked as spam. Does learn_ham help here?

@echodreamz

This comment has been minimized.

Copy link

echodreamz commented Apr 7, 2020

Can the same basic principle be applied for blacklisting IPs?

@ThomasLeister

This comment has been minimized.

Copy link
Owner Author

ThomasLeister commented Apr 12, 2020

Can the same basic principle be applied for blacklisting IPs?

Yes, have a look here: https://gist.github.com/kvaps/25507a87dc287e6a620e1eec2d60ebc1

@ThomasLeister

This comment has been minimized.

Copy link
Owner Author

ThomasLeister commented Apr 12, 2020

I've just had an email where bayes was 100% sure it wasn't spam, but their other parameters were so bad, it was marked as spam. Does learn_ham help here?

No, the learning process does only affect the bayesian filter. If the other parameters were too bad, you can create whitelist that server or tune the corresponding check weight.

@Gerben-W

This comment has been minimized.

Copy link

Gerben-W commented May 19, 2020

I have setup these Whitelist filters, but in the whitelist sender domain file only the first entry is being filtered. The other ones do not seem te get the lower score. Am I doing something wrong?

My config:
/etc/rspamd/local.d/multimap.conf

# Whitelists
local_wl_domain {
        type = "from";
        filter = "email:domain";
        map = "$CONFDIR/local.d/local_wl_domain.map";
        symbol = "LOCAL_WL_DOMAIN";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_DOMAIN";
}
local_wl_from {
        type = "from";
        filter = "email:domain:tld";
        map = "$CONFDIR/local.d/local_wl_from.map";
        symbol = "LOCAL_WL_FROM";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_FROM";
}
local_wl_ip {
        type = "ip";
        map = "$CONFDIR/local.d/local_wl_ip.map";
        symbol = "LOCAL_WL_IP";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_IP";
}
local_wl_rcpt {
        type = "rcpt";
        map = "$CONFDIR/local.d/local_wl_rcpt.map";
        symbol = "LOCAL_WL_RCPT";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_RCPT";
}


/etc/rspamd/local.d/local_wl_domain.map

domain1.com
n.domain2.com
e.domain3.com
domain4.org

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.