Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to whitelist IP addresses or domains in Rspamd

Whitelist IP addresses based on pre-filter policy

/etc/rspamd/local.d/multimap.conf:

  IP_WHITELIST {
      type = "ip";
      prefilter = true;
      map = "/${LOCAL_CONFDIR}/local.d/ip_whitelist.map";
      action = "accept";
  }

/etc/rspamd/local.d/ip_whitelist.map:

  192.168.122.3
  192.168.122.4

Lower spam score of e-mails with a certain domain name (post-filter mode)

/etc/rspamd/local.d/multimap.conf:

  WHITELIST_SENDER_DOMAIN {
      type = "from";
      filter = "email:domain";
      map = "/etc/rspamd/local.d/whitelist.sender.domain.map";
      score = -6.0
  }

/etc/rspamd/local.d/whitelist.sender.domain.map:

  meinedomain.tld
  anderedomain.tld
@hiandras

This comment has been minimized.

Copy link

@hiandras hiandras commented Mar 12, 2019

Hi,

In: /etc/rspamd/local.d/multimap.conf
the prefilter = "true";
should be prefilter = true;
(without quotation marks).

That is how it worked for me. (Version 1.8.3)
Regards,
hiandras

@pannal

This comment has been minimized.

Copy link

@pannal pannal commented Mar 14, 2019

Sorry for the slight offtopic:

Does the rspamc learn_ham only train the bayes filter or does it actually add some whitelisting on its own?

I've just had an email where bayes was 100% sure it wasn't spam, but their other parameters were so bad, it was marked as spam. Does learn_ham help here?

@echodreamz

This comment has been minimized.

Copy link

@echodreamz echodreamz commented Apr 7, 2020

Can the same basic principle be applied for blacklisting IPs?

@ThomasLeister

This comment has been minimized.

Copy link
Owner Author

@ThomasLeister ThomasLeister commented Apr 12, 2020

Can the same basic principle be applied for blacklisting IPs?

Yes, have a look here: https://gist.github.com/kvaps/25507a87dc287e6a620e1eec2d60ebc1

@ThomasLeister

This comment has been minimized.

Copy link
Owner Author

@ThomasLeister ThomasLeister commented Apr 12, 2020

I've just had an email where bayes was 100% sure it wasn't spam, but their other parameters were so bad, it was marked as spam. Does learn_ham help here?

No, the learning process does only affect the bayesian filter. If the other parameters were too bad, you can create whitelist that server or tune the corresponding check weight.

@Gerben-W

This comment has been minimized.

Copy link

@Gerben-W Gerben-W commented May 19, 2020

I have setup these Whitelist filters, but in the whitelist sender domain file only the first entry is being filtered. The other ones do not seem te get the lower score. Am I doing something wrong?

My config:
/etc/rspamd/local.d/multimap.conf

# Whitelists
local_wl_domain {
        type = "from";
        filter = "email:domain";
        map = "$CONFDIR/local.d/local_wl_domain.map";
        symbol = "LOCAL_WL_DOMAIN";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_DOMAIN";
}
local_wl_from {
        type = "from";
        filter = "email:domain:tld";
        map = "$CONFDIR/local.d/local_wl_from.map";
        symbol = "LOCAL_WL_FROM";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_FROM";
}
local_wl_ip {
        type = "ip";
        map = "$CONFDIR/local.d/local_wl_ip.map";
        symbol = "LOCAL_WL_IP";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_IP";
}
local_wl_rcpt {
        type = "rcpt";
        map = "$CONFDIR/local.d/local_wl_rcpt.map";
        symbol = "LOCAL_WL_RCPT";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_RCPT";
}


/etc/rspamd/local.d/local_wl_domain.map

domain1.com
n.domain2.com
e.domain3.com
domain4.org

@sirio81

This comment has been minimized.

Copy link

@sirio81 sirio81 commented Dec 10, 2020

Hi, does /etc/rspamd/local.d/ip_whitelist.map accept cidr notation? I.e. 192.168.122.0/24

@TonyGravagno

This comment has been minimized.

@javimox

This comment has been minimized.

Copy link

@javimox javimox commented Mar 27, 2021

HI @Gerben-W,

You have there regex = true; but your file local_wl_domain.map does not look like regexp (eg. dots must be escaped). Either remove regex from your multimap or convert the entries of the map to regex.

eg: match email using regex:
/^user@example\.com$/i

I have setup these Whitelist filters, but in the whitelist sender domain file only the first entry is being filtered. The other ones do not seem te get the lower score. Am I doing something wrong?

My config:
/etc/rspamd/local.d/multimap.conf

# Whitelists
local_wl_domain {
        type = "from";
        filter = "email:domain";
        map = "$CONFDIR/local.d/local_wl_domain.map";
        symbol = "LOCAL_WL_DOMAIN";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_DOMAIN";
}
local_wl_from {
        type = "from";
        filter = "email:domain:tld";
        map = "$CONFDIR/local.d/local_wl_from.map";
        symbol = "LOCAL_WL_FROM";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_FROM";
}
local_wl_ip {
        type = "ip";
        map = "$CONFDIR/local.d/local_wl_ip.map";
        symbol = "LOCAL_WL_IP";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_IP";
}
local_wl_rcpt {
        type = "rcpt";
        map = "$CONFDIR/local.d/local_wl_rcpt.map";
        symbol = "LOCAL_WL_RCPT";
        regex = true;
        prefilter = true;
        score = -6.0;
        description = "Whitelist map for LOCAL_WL_RCPT";
}

/etc/rspamd/local.d/local_wl_domain.map

domain1.com
n.domain2.com
e.domain3.com
domain4.org
@sneak

This comment has been minimized.

Copy link

@sneak sneak commented May 31, 2021

Is it okay to put v6 IPs in the ip_whitelist.map? Should they be put in brackets?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment