Howto create local whitelists and blacklists for Rspamd

rspamd-lists.md

Local whitelists and blacklists for Rspamd

• cd /etc/rspamd
• create rspamd.conf.local
• create lists:

touch local_bl_from.map.inc local_bl_ip.map.inc local_bl_rcpt.map.inc \
local_wl_from.map.inc local_wl_ip.map.inc local_wl_rcpt.map.inc

• change permissions:

chmod o+w local_bl_from.map.inc local_bl_ip.map.inc local_bl_rcpt.map.inc \
local_wl_from.map.inc local_wl_ip.map.inc local_wl_rcpt.map.inc

Thanks to @mnik247 in #118

rspamd.conf.local

multimap {
    # ip - matches source IP of message (radix map)
    # from - matches envelope from (or header From if envelope from is absent)
    # rcpt - matches any of envelope rcpt or header To if envelope info is missing
    # header - matches any header specified (must have header = "Header-Name" configuration attribute)
    # dnsbl - matches source IP against some DNS blacklist (consider using RBL module for this)
    local_bl_ip { type = "ip"; map = "$CONFDIR/local_bl_ip.map.inc"; symbol = "LOCAL_BL_IP"; description = "Local ip blacklist";}
    local_bl_from { type = "from"; map = "$CONFDIR/local_bl_from.map.inc"; symbol = "LOCAL_BL_FROM"; description = "Local from blacklist";}
    local_bl_rcpt { type = "rcpt"; map = "$CONFDIR/local_bl_rcpt.map.inc"; symbol = "LOCAL_BL_RCPT"; description = "Local rcpt blacklist";}
    local_wl_ip { type = "ip"; map = "$CONFDIR/local_wl_ip.map.inc"; symbol = "LOCAL_WL_IP"; description = "Local ip whitelist";}
    local_wl_from { type = "from"; map = "$CONFDIR/local_wl_from.map.inc"; symbol = "LOCAL_WL_FROM"; description = "Local from whitelist";}
    local_wl_rcpt { type = "rcpt"; map = "$CONFDIR/local_wl_rcpt.map.inc"; symbol = "LOCAL_WL_RCPT"; description = "Local rcpt whitelist";}
}

metric {
    name = "default";
    group {
        name = "local";
        symbol {
            weight = 3;
            description = "Sender ip listed in local ip blacklist";
            name = "LOCAL_BL_IP";
        }
        symbol {
            weight = 3;
            description = "Sender from listed in local from blacklist";
            name = "LOCAL_BL_FROM";
        }
        symbol {
            weight = 3;
            description = "Recipient listed in local rcpt blacklist";
            name = "LOCAL_BL_RCPT";
        }
        symbol {
            weight = -5;
            description = "Sender ip listed in local ip whitelist";
            name = "LOCAL_WL_IP";
        }
        symbol {
            weight = -5;
            description = "Sender from listed in local from whitelist";
            name = "LOCAL_WL_FROM";
        }
        symbol {
            weight = -5;
            description = "Recipient listed in local rcpt whitelist";
            name = "LOCAL_WL_RCPT";
        }
    }

}

is there anything new on this topic? And please be gracious to me, I'm brand new to this tool (V 2.7 on Debian 9). Thanx

I'm interested in any news in this topic for the current (v2.7) version

Hello everyone.
Can anyone please tel how to block subnets instead of a single ip in rspamd. currently blocking single ip in .map.inc
files.

Can anyone please tel how to block subnets instead of a single ip in rspamd. currently blocking single ip in .map.inc
files.

https://github.com/moisseev/rspamd-multimap-bl/blob/9a4a7d2ec29d67ac04126ce42e962106e78f2129/local.d/multimap.d/bl-ip.map#L4

Can anyone please tel how to block subnets instead of a single ip in rspamd. currently blocking single ip in .map.inc
files.

https://github.com/moisseev/rspamd-multimap-bl/blob/9a4a7d2ec29d67ac04126ce42e962106e78f2129/local.d/multimap.d/bl-ip.map#L4

Thank you bro

由于嵌套的多图，OP 不再适用于 rspamd 1.9。也local.d/metrics.conf已弃用，local.d/groups.conf应改为使用。

挖掘文档和代码后，这对我有用。最后的空行很重要。

local.d/multimap.conf

# local.d/multimap.conf
# see local.d/groups.conf for multimap symbols

# Blacklists
local_bl_domain {
  type = "from";
  filter = "email:domain";
  map = "$CONFDIR/maps.d/local_bl_domain.inc";
  prefilter = true;
  action = "reject";
  description = "Blacklisted domain";
}
local_bl_from {
  type = "from";
  map = "$CONFDIR/maps.d/local_bl_from.inc";
  symbol = "LOCAL_BL_FROM";
  description = "Blacklist map for LOCAL_BL_FROM";
}
local_bl_ip {
  type = "ip";
  map = "$CONFDIR/maps.d/local_bl_ip.inc";
  symbol = "LOCAL_BL_IP";
  description = "Blacklist map for LOCAL_BL_IP";
}
local_bl_rcpt {
  type = "rcpt";
  map = "$CONFDIR/maps.d/local_bl_rcpt.inc";
  symbol = "LOCAL_BL_RCPT";
  description = "Blacklist map for LOCAL_BL_RCPT";
}

# Whitelists
local_wl_domain {
  type = "from";
  filter = "email:domain:tld";
  map = "$CONFDIR/maps.d/local_wl_domain.inc";
  symbol = "LOCAL_WL_DOMAIN";
  description = "Whitelist map for LOCAL_WL_DOMAIN";
}
local_wl_from {
  type = "from";
  map = "$CONFDIR/maps.d/local_wl_from.inc";
  symbol = "LOCAL_WL_FROM";
  description = "Whitelist map for LOCAL_WL_FROM";
}
local_wl_ip {
  type = "ip";
  map = "$CONFDIR/maps.d/local_wl_ip.inc";
  symbol = "LOCAL_WL_IP";
  description = "Whitelist map for LOCAL_WL_IP";
}
local_wl_rcpt {
  type = "rcpt";
  map = "$CONFDIR/maps.d/local_wl_rcpt.inc";
  symbol = "LOCAL_WL_RCPT";
  description = "Whitelist map for LOCAL_WL_RCPT";
}

local.d/groups.conf

# local.d/groups.conf
# see local.d/multimap.conf for mappings
group "multimap" {
  symbols = {
    # Blacklists
    "LOCAL_BL_FROM" {
      weight = 3.0;
      description = "Sender FROM listed in local blacklist";
    }
    "LOCAL_BL_IP" {
      weight = 3.0;
      description = "Sender IP listed in local blacklist";
    }
    "LOCAL_BL_RCPT" {
      weight = 3.0;
      description = "Recipient listed in local blacklist";
    }
    # Whitelists
    "LOCAL_WL_DOMAIN" {
      weight = -5;
      description = "Domain listed in local whitelist";
    }
    "LOCAL_WL_FROM" {
      weight = -5;
      description = "Sender FROM listed in local whitelist";
    }
    "LOCAL_WL_IP" {
      weight = -5;
      description = "Sender IP listed in local whitelist";
    }
    "LOCAL_WL_RCPT" {
      weight = -5;
      description = "Recipient listed in local whitelist";
    }
  }
}

tks,This solved my problem

"chmod o+w" is almost always a very bad idea. You need to "chown" the files to the user running spamd instead.

Can I use local_bl_from.map.inc to blacklist top level (.ru for example) domains?
Or should I be using a different specific method?
The objective here is to block those top level domains that I perceive as problematic.
Sorry, I'm not a coder and I know even less about RSPAMD.

Regards

Fred