Skip to content

Instantly share code, notes, and snippets.

@kvaps
Last active May 6, 2024 05:13
Show Gist options
  • Save kvaps/25507a87dc287e6a620e1eec2d60ebc1 to your computer and use it in GitHub Desktop.
Save kvaps/25507a87dc287e6a620e1eec2d60ebc1 to your computer and use it in GitHub Desktop.
Howto create local whitelists and blacklists for Rspamd

Local whitelists and blacklists for Rspamd

  • cd /etc/rspamd
  • create rspamd.conf.local
  • create lists:
touch local_bl_from.map.inc local_bl_ip.map.inc local_bl_rcpt.map.inc \
local_wl_from.map.inc local_wl_ip.map.inc local_wl_rcpt.map.inc
  • change permissions:
chmod o+w local_bl_from.map.inc local_bl_ip.map.inc local_bl_rcpt.map.inc \
local_wl_from.map.inc local_wl_ip.map.inc local_wl_rcpt.map.inc

Thanks to @mnik247 in #118

multimap {
# ip - matches source IP of message (radix map)
# from - matches envelope from (or header From if envelope from is absent)
# rcpt - matches any of envelope rcpt or header To if envelope info is missing
# header - matches any header specified (must have header = "Header-Name" configuration attribute)
# dnsbl - matches source IP against some DNS blacklist (consider using RBL module for this)
local_bl_ip { type = "ip"; map = "$CONFDIR/local_bl_ip.map.inc"; symbol = "LOCAL_BL_IP"; description = "Local ip blacklist";}
local_bl_from { type = "from"; map = "$CONFDIR/local_bl_from.map.inc"; symbol = "LOCAL_BL_FROM"; description = "Local from blacklist";}
local_bl_rcpt { type = "rcpt"; map = "$CONFDIR/local_bl_rcpt.map.inc"; symbol = "LOCAL_BL_RCPT"; description = "Local rcpt blacklist";}
local_wl_ip { type = "ip"; map = "$CONFDIR/local_wl_ip.map.inc"; symbol = "LOCAL_WL_IP"; description = "Local ip whitelist";}
local_wl_from { type = "from"; map = "$CONFDIR/local_wl_from.map.inc"; symbol = "LOCAL_WL_FROM"; description = "Local from whitelist";}
local_wl_rcpt { type = "rcpt"; map = "$CONFDIR/local_wl_rcpt.map.inc"; symbol = "LOCAL_WL_RCPT"; description = "Local rcpt whitelist";}
}
metric {
name = "default";
group {
name = "local";
symbol {
weight = 3;
description = "Sender ip listed in local ip blacklist";
name = "LOCAL_BL_IP";
}
symbol {
weight = 3;
description = "Sender from listed in local from blacklist";
name = "LOCAL_BL_FROM";
}
symbol {
weight = 3;
description = "Recipient listed in local rcpt blacklist";
name = "LOCAL_BL_RCPT";
}
symbol {
weight = -5;
description = "Sender ip listed in local ip whitelist";
name = "LOCAL_WL_IP";
}
symbol {
weight = -5;
description = "Sender from listed in local from whitelist";
name = "LOCAL_WL_FROM";
}
symbol {
weight = -5;
description = "Recipient listed in local rcpt whitelist";
name = "LOCAL_WL_RCPT";
}
}
}
@adjustGirl
Copy link

is there anything new on this topic? And please be gracious to me, I'm brand new to this tool (V 2.7 on Debian 9). Thanx

@Polve
Copy link

Polve commented Apr 20, 2021

I'm interested in any news in this topic for the current (v2.7) version

@1210315127
Copy link

Hello everyone.
Can anyone please tel how to block subnets instead of a single ip in rspamd. currently blocking single ip in .map.inc
files.

@moisseev
Copy link

Can anyone please tel how to block subnets instead of a single ip in rspamd. currently blocking single ip in .map.inc
files.

https://github.com/moisseev/rspamd-multimap-bl/blob/9a4a7d2ec29d67ac04126ce42e962106e78f2129/local.d/multimap.d/bl-ip.map#L4

@1210315127
Copy link

Can anyone please tel how to block subnets instead of a single ip in rspamd. currently blocking single ip in .map.inc
files.

https://github.com/moisseev/rspamd-multimap-bl/blob/9a4a7d2ec29d67ac04126ce42e962106e78f2129/local.d/multimap.d/bl-ip.map#L4

Thank you bro

@badfires
Copy link

由于嵌套的多图,OP 不再适用于 rspamd 1.9。也local.d/metrics.conf已弃用,local.d/groups.conf应改为使用。

挖掘文档和代码后,这对我有用。最后的空行很重要。

local.d/multimap.conf

# local.d/multimap.conf
# see local.d/groups.conf for multimap symbols

# Blacklists
local_bl_domain {
  type = "from";
  filter = "email:domain";
  map = "$CONFDIR/maps.d/local_bl_domain.inc";
  prefilter = true;
  action = "reject";
  description = "Blacklisted domain";
}
local_bl_from {
  type = "from";
  map = "$CONFDIR/maps.d/local_bl_from.inc";
  symbol = "LOCAL_BL_FROM";
  description = "Blacklist map for LOCAL_BL_FROM";
}
local_bl_ip {
  type = "ip";
  map = "$CONFDIR/maps.d/local_bl_ip.inc";
  symbol = "LOCAL_BL_IP";
  description = "Blacklist map for LOCAL_BL_IP";
}
local_bl_rcpt {
  type = "rcpt";
  map = "$CONFDIR/maps.d/local_bl_rcpt.inc";
  symbol = "LOCAL_BL_RCPT";
  description = "Blacklist map for LOCAL_BL_RCPT";
}

# Whitelists
local_wl_domain {
  type = "from";
  filter = "email:domain:tld";
  map = "$CONFDIR/maps.d/local_wl_domain.inc";
  symbol = "LOCAL_WL_DOMAIN";
  description = "Whitelist map for LOCAL_WL_DOMAIN";
}
local_wl_from {
  type = "from";
  map = "$CONFDIR/maps.d/local_wl_from.inc";
  symbol = "LOCAL_WL_FROM";
  description = "Whitelist map for LOCAL_WL_FROM";
}
local_wl_ip {
  type = "ip";
  map = "$CONFDIR/maps.d/local_wl_ip.inc";
  symbol = "LOCAL_WL_IP";
  description = "Whitelist map for LOCAL_WL_IP";
}
local_wl_rcpt {
  type = "rcpt";
  map = "$CONFDIR/maps.d/local_wl_rcpt.inc";
  symbol = "LOCAL_WL_RCPT";
  description = "Whitelist map for LOCAL_WL_RCPT";
}

local.d/groups.conf

# local.d/groups.conf
# see local.d/multimap.conf for mappings
group "multimap" {
  symbols = {
    # Blacklists
    "LOCAL_BL_FROM" {
      weight = 3.0;
      description = "Sender FROM listed in local blacklist";
    }
    "LOCAL_BL_IP" {
      weight = 3.0;
      description = "Sender IP listed in local blacklist";
    }
    "LOCAL_BL_RCPT" {
      weight = 3.0;
      description = "Recipient listed in local blacklist";
    }
    # Whitelists
    "LOCAL_WL_DOMAIN" {
      weight = -5;
      description = "Domain listed in local whitelist";
    }
    "LOCAL_WL_FROM" {
      weight = -5;
      description = "Sender FROM listed in local whitelist";
    }
    "LOCAL_WL_IP" {
      weight = -5;
      description = "Sender IP listed in local whitelist";
    }
    "LOCAL_WL_RCPT" {
      weight = -5;
      description = "Recipient listed in local whitelist";
    }
  }
}

tks,This solved my problem

@renaudallard
Copy link

"chmod o+w" is almost always a very bad idea. You need to "chown" the files to the user running spamd instead.

@derfz
Copy link

derfz commented May 6, 2024

Can I use local_bl_from.map.inc to blacklist top level (.ru for example) domains?
Or should I be using a different specific method?
The objective here is to block those top level domains that I perceive as problematic.
Sorry, I'm not a coder and I know even less about RSPAMD.

Regards

Fred

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment