cd /etc/rspamdrspamd.conf.localtouch local_bl_from.map.inc local_bl_ip.map.inc local_bl_rcpt.map.inc \
local_wl_from.map.inc local_wl_ip.map.inc local_wl_rcpt.map.incchmod o+w local_bl_from.map.inc local_bl_ip.map.inc local_bl_rcpt.map.inc \
local_wl_from.map.inc local_wl_ip.map.inc local_wl_rcpt.map.inc| multimap { | |
| # ip - matches source IP of message (radix map) | |
| # from - matches envelope from (or header From if envelope from is absent) | |
| # rcpt - matches any of envelope rcpt or header To if envelope info is missing | |
| # header - matches any header specified (must have header = "Header-Name" configuration attribute) | |
| # dnsbl - matches source IP against some DNS blacklist (consider using RBL module for this) | |
| local_bl_ip { type = "ip"; map = "$CONFDIR/local_bl_ip.map.inc"; symbol = "LOCAL_BL_IP"; description = "Local ip blacklist";} | |
| local_bl_from { type = "from"; map = "$CONFDIR/local_bl_from.map.inc"; symbol = "LOCAL_BL_FROM"; description = "Local from blacklist";} | |
| local_bl_rcpt { type = "rcpt"; map = "$CONFDIR/local_bl_rcpt.map.inc"; symbol = "LOCAL_BL_RCPT"; description = "Local rcpt blacklist";} | |
| local_wl_ip { type = "ip"; map = "$CONFDIR/local_wl_ip.map.inc"; symbol = "LOCAL_WL_IP"; description = "Local ip whitelist";} | |
| local_wl_from { type = "from"; map = "$CONFDIR/local_wl_from.map.inc"; symbol = "LOCAL_WL_FROM"; description = "Local from whitelist";} | |
| local_wl_rcpt { type = "rcpt"; map = "$CONFDIR/local_wl_rcpt.map.inc"; symbol = "LOCAL_WL_RCPT"; description = "Local rcpt whitelist";} | |
| } | |
| metric { | |
| name = "default"; | |
| group { | |
| name = "local"; | |
| symbol { | |
| weight = 3; | |
| description = "Sender ip listed in local ip blacklist"; | |
| name = "LOCAL_BL_IP"; | |
| } | |
| symbol { | |
| weight = 3; | |
| description = "Sender from listed in local from blacklist"; | |
| name = "LOCAL_BL_FROM"; | |
| } | |
| symbol { | |
| weight = 3; | |
| description = "Recipient listed in local rcpt blacklist"; | |
| name = "LOCAL_BL_RCPT"; | |
| } | |
| symbol { | |
| weight = -5; | |
| description = "Sender ip listed in local ip whitelist"; | |
| name = "LOCAL_WL_IP"; | |
| } | |
| symbol { | |
| weight = -5; | |
| description = "Sender from listed in local from whitelist"; | |
| name = "LOCAL_WL_FROM"; | |
| } | |
| symbol { | |
| weight = -5; | |
| description = "Recipient listed in local rcpt whitelist"; | |
| name = "LOCAL_WL_RCPT"; | |
| } | |
| } | |
| } |
I'm having the same question as @mspenkov has.
email:domain:tld - parse header value as email address and extract effective second level domain from it (Somebody user@foo.example.com -> example.com)
local_bl_from_domain { type = "from"; filter = "email:domain:tld"; map = "$CONFDIR/maps/local_bl_from_second_domain.map.inc"; symbol = "LOCAL_BL_FROM_DOMAIN"; description = "Local from domain blacklist";}
Hi,
I'm trying to exclude my local network for spam check for mail sent from the internal network.
My local docker connect to each other with ipv6 local network
I want to allow all: fd00:dead:beef::* and if possible exclude the gateway: fd00:dead:beef::1.
I have a config like this (all different docker):
matomo -> (postfix <-> rspamd) -> dovecot
Matomo sends an email to postfix for a user into dovecot. rspamd check this and apply dkim/darc signature, and antispam check then transmit it to dovecot.
The issue is that Matomo sends a terrible report with a score of 10. I have tried to learn from it 10 times, on different reports from matomo but it doesn't work. I still get a 9.3 score.
Thanks
I have tested this in my local_wl_ip.map.inc:
# Local ip whitelist
fd00:dead:beef::/64
10.20.0.0/24
And it works!
I add to my blacklist the ip of the router :
# Local ip blacklist
fd00:dead:beef::1
10.20.0.1
This one cancel the whitelist bonus. I have set whitelist and blacklist to a weight of 5.
Hi,
Should this multimap work with the latest rspamd 1.9.4 ? can't get it to work
this version works from beggining, second one from rspamd didn't works too.
Edit: added local.d/groups conf & everything works well in both versions
OP doesn't work with rspamd 1.9 anymore because of the nested multimap. Also local.d/metrics.conf is deprecated and local.d/groups.conf should be used instead.
After digging the docs and code, this is what works for me. The empty line in the end is significant.
# local.d/multimap.conf
# see local.d/groups.conf for multimap symbols
# Blacklists
local_bl_domain {
type = "from";
filter = "email:domain";
map = "$CONFDIR/maps.d/local_bl_domain.inc";
prefilter = true;
action = "reject";
description = "Blacklisted domain";
}
local_bl_from {
type = "from";
map = "$CONFDIR/maps.d/local_bl_from.inc";
symbol = "LOCAL_BL_FROM";
description = "Blacklist map for LOCAL_BL_FROM";
}
local_bl_ip {
type = "ip";
map = "$CONFDIR/maps.d/local_bl_ip.inc";
symbol = "LOCAL_BL_IP";
description = "Blacklist map for LOCAL_BL_IP";
}
local_bl_rcpt {
type = "rcpt";
map = "$CONFDIR/maps.d/local_bl_rcpt.inc";
symbol = "LOCAL_BL_RCPT";
description = "Blacklist map for LOCAL_BL_RCPT";
}
# Whitelists
local_wl_domain {
type = "from";
filter = "email:domain:tld";
map = "$CONFDIR/maps.d/local_wl_domain.inc";
symbol = "LOCAL_WL_DOMAIN";
description = "Whitelist map for LOCAL_WL_DOMAIN";
}
local_wl_from {
type = "from";
map = "$CONFDIR/maps.d/local_wl_from.inc";
symbol = "LOCAL_WL_FROM";
description = "Whitelist map for LOCAL_WL_FROM";
}
local_wl_ip {
type = "ip";
map = "$CONFDIR/maps.d/local_wl_ip.inc";
symbol = "LOCAL_WL_IP";
description = "Whitelist map for LOCAL_WL_IP";
}
local_wl_rcpt {
type = "rcpt";
map = "$CONFDIR/maps.d/local_wl_rcpt.inc";
symbol = "LOCAL_WL_RCPT";
description = "Whitelist map for LOCAL_WL_RCPT";
}
# local.d/groups.conf
# see local.d/multimap.conf for mappings
group "multimap" {
symbols = {
# Blacklists
"LOCAL_BL_FROM" {
weight = 3.0;
description = "Sender FROM listed in local blacklist";
}
"LOCAL_BL_IP" {
weight = 3.0;
description = "Sender IP listed in local blacklist";
}
"LOCAL_BL_RCPT" {
weight = 3.0;
description = "Recipient listed in local blacklist";
}
# Whitelists
"LOCAL_WL_DOMAIN" {
weight = -5;
description = "Domain listed in local whitelist";
}
"LOCAL_WL_FROM" {
weight = -5;
description = "Sender FROM listed in local whitelist";
}
"LOCAL_WL_IP" {
weight = -5;
description = "Sender IP listed in local whitelist";
}
"LOCAL_WL_RCPT" {
weight = -5;
description = "Recipient listed in local whitelist";
}
}
}
@denydiases example can be simplified. It's possible to set score and group in the local.d/multimap.conf like this.
So local.d/groups.conf is not necessary.
OP doesn't work with rspamd 1.9 anymore because of the nested multimap. Also
local.d/metrics.confis deprecated andlocal.d/groups.confshould be used instead.After digging the docs and code, this is what works for me. The empty line in the end is significant.
...
@denydias You just made my day, thanks for sharing your examples!
@denydias You just made my day, thanks for sharing your examples!
I'm glad I did, @defulmere! Enjoy the day. 😉
Hi @ll,
I am trying to figure out what is wrong, but it doesn't work for me as expected.
I have added groups.conf and multimap.conf into the local.d folder and I can see them in my Rspam web interface. Storing new entries works as well but for unknown reason the blocked domains still were processed and stored into my spam folder or inbox.
I have raised the weight in groups up to 15 but I can't get it to work (blocking all incoming mails from a specific domain using "Blacklisted domain").
Anyone who has an idea?
BR
Andre
UPDATE
I am not sure, but it seems that domains entered via web interface are not getting blocked properly. I have added an unexisting domain and used a free testmailer and forged the sender address. This testmail was blocked as expected and the log confirmed it was caused by the local blocklist. Anyone out there who can confirm that?
is there anything new on this topic? And please be gracious to me, I'm brand new to this tool (V 2.7 on Debian 9). Thanx
I'm interested in any news in this topic for the current (v2.7) version
Hello everyone.
Can anyone please tel how to block subnets instead of a single ip in rspamd. currently blocking single ip in .map.inc
files.
Can anyone please tel how to block subnets instead of a single ip in rspamd. currently blocking single ip in .map.inc
files.
Can anyone please tel how to block subnets instead of a single ip in rspamd. currently blocking single ip in .map.inc
files.
Thank you bro
由于嵌套的多图,OP 不再适用于 rspamd 1.9。也
local.d/metrics.conf已弃用,local.d/groups.conf应改为使用。挖掘文档和代码后,这对我有用。最后的空行很重要。
local.d/multimap.conf
# local.d/multimap.conf # see local.d/groups.conf for multimap symbols # Blacklists local_bl_domain { type = "from"; filter = "email:domain"; map = "$CONFDIR/maps.d/local_bl_domain.inc"; prefilter = true; action = "reject"; description = "Blacklisted domain"; } local_bl_from { type = "from"; map = "$CONFDIR/maps.d/local_bl_from.inc"; symbol = "LOCAL_BL_FROM"; description = "Blacklist map for LOCAL_BL_FROM"; } local_bl_ip { type = "ip"; map = "$CONFDIR/maps.d/local_bl_ip.inc"; symbol = "LOCAL_BL_IP"; description = "Blacklist map for LOCAL_BL_IP"; } local_bl_rcpt { type = "rcpt"; map = "$CONFDIR/maps.d/local_bl_rcpt.inc"; symbol = "LOCAL_BL_RCPT"; description = "Blacklist map for LOCAL_BL_RCPT"; } # Whitelists local_wl_domain { type = "from"; filter = "email:domain:tld"; map = "$CONFDIR/maps.d/local_wl_domain.inc"; symbol = "LOCAL_WL_DOMAIN"; description = "Whitelist map for LOCAL_WL_DOMAIN"; } local_wl_from { type = "from"; map = "$CONFDIR/maps.d/local_wl_from.inc"; symbol = "LOCAL_WL_FROM"; description = "Whitelist map for LOCAL_WL_FROM"; } local_wl_ip { type = "ip"; map = "$CONFDIR/maps.d/local_wl_ip.inc"; symbol = "LOCAL_WL_IP"; description = "Whitelist map for LOCAL_WL_IP"; } local_wl_rcpt { type = "rcpt"; map = "$CONFDIR/maps.d/local_wl_rcpt.inc"; symbol = "LOCAL_WL_RCPT"; description = "Whitelist map for LOCAL_WL_RCPT"; }local.d/groups.conf
# local.d/groups.conf # see local.d/multimap.conf for mappings group "multimap" { symbols = { # Blacklists "LOCAL_BL_FROM" { weight = 3.0; description = "Sender FROM listed in local blacklist"; } "LOCAL_BL_IP" { weight = 3.0; description = "Sender IP listed in local blacklist"; } "LOCAL_BL_RCPT" { weight = 3.0; description = "Recipient listed in local blacklist"; } # Whitelists "LOCAL_WL_DOMAIN" { weight = -5; description = "Domain listed in local whitelist"; } "LOCAL_WL_FROM" { weight = -5; description = "Sender FROM listed in local whitelist"; } "LOCAL_WL_IP" { weight = -5; description = "Sender IP listed in local whitelist"; } "LOCAL_WL_RCPT" { weight = -5; description = "Recipient listed in local whitelist"; } } }
tks,This solved my problem
"chmod o+w" is almost always a very bad idea. You need to "chown" the files to the user running spamd instead.
Maybe with Regexp maps?