Howto create local whitelists and blacklists for Rspamd

rspamd-lists.md

Local whitelists and blacklists for Rspamd

• cd /etc/rspamd
• create rspamd.conf.local
• create lists:

touch local_bl_from.map.inc local_bl_ip.map.inc local_bl_rcpt.map.inc \
local_wl_from.map.inc local_wl_ip.map.inc local_wl_rcpt.map.inc

• change permissions:

chmod o+w local_bl_from.map.inc local_bl_ip.map.inc local_bl_rcpt.map.inc \
local_wl_from.map.inc local_wl_ip.map.inc local_wl_rcpt.map.inc

Thanks to @mnik247 in #118

rspamd.conf.local

multimap {
    # ip - matches source IP of message (radix map)
    # from - matches envelope from (or header From if envelope from is absent)
    # rcpt - matches any of envelope rcpt or header To if envelope info is missing
    # header - matches any header specified (must have header = "Header-Name" configuration attribute)
    # dnsbl - matches source IP against some DNS blacklist (consider using RBL module for this)
    local_bl_ip { type = "ip"; map = "$CONFDIR/local_bl_ip.map.inc"; symbol = "LOCAL_BL_IP"; description = "Local ip blacklist";}
    local_bl_from { type = "from"; map = "$CONFDIR/local_bl_from.map.inc"; symbol = "LOCAL_BL_FROM"; description = "Local from blacklist";}
    local_bl_rcpt { type = "rcpt"; map = "$CONFDIR/local_bl_rcpt.map.inc"; symbol = "LOCAL_BL_RCPT"; description = "Local rcpt blacklist";}
    local_wl_ip { type = "ip"; map = "$CONFDIR/local_wl_ip.map.inc"; symbol = "LOCAL_WL_IP"; description = "Local ip whitelist";}
    local_wl_from { type = "from"; map = "$CONFDIR/local_wl_from.map.inc"; symbol = "LOCAL_WL_FROM"; description = "Local from whitelist";}
    local_wl_rcpt { type = "rcpt"; map = "$CONFDIR/local_wl_rcpt.map.inc"; symbol = "LOCAL_WL_RCPT"; description = "Local rcpt whitelist";}
}

metric {
    name = "default";
    group {
        name = "local";
        symbol {
            weight = 3;
            description = "Sender ip listed in local ip blacklist";
            name = "LOCAL_BL_IP";
        }
        symbol {
            weight = 3;
            description = "Sender from listed in local from blacklist";
            name = "LOCAL_BL_FROM";
        }
        symbol {
            weight = 3;
            description = "Recipient listed in local rcpt blacklist";
            name = "LOCAL_BL_RCPT";
        }
        symbol {
            weight = -5;
            description = "Sender ip listed in local ip whitelist";
            name = "LOCAL_WL_IP";
        }
        symbol {
            weight = -5;
            description = "Sender from listed in local from whitelist";
            name = "LOCAL_WL_FROM";
        }
        symbol {
            weight = -5;
            description = "Recipient listed in local rcpt whitelist";
            name = "LOCAL_WL_RCPT";
        }
    }

}

Can anyone please tel how to block subnets instead of a single ip in rspamd. currently blocking single ip in .map.inc
files.

https://github.com/moisseev/rspamd-multimap-bl/blob/9a4a7d2ec29d67ac04126ce42e962106e78f2129/local.d/multimap.d/bl-ip.map#L4

Thank you bro

由于嵌套的多图，OP 不再适用于 rspamd 1.9。也local.d/metrics.conf已弃用，local.d/groups.conf应改为使用。

挖掘文档和代码后，这对我有用。最后的空行很重要。

local.d/multimap.conf

# local.d/multimap.conf
# see local.d/groups.conf for multimap symbols

# Blacklists
local_bl_domain {
  type = "from";
  filter = "email:domain";
  map = "$CONFDIR/maps.d/local_bl_domain.inc";
  prefilter = true;
  action = "reject";
  description = "Blacklisted domain";
}
local_bl_from {
  type = "from";
  map = "$CONFDIR/maps.d/local_bl_from.inc";
  symbol = "LOCAL_BL_FROM";
  description = "Blacklist map for LOCAL_BL_FROM";
}
local_bl_ip {
  type = "ip";
  map = "$CONFDIR/maps.d/local_bl_ip.inc";
  symbol = "LOCAL_BL_IP";
  description = "Blacklist map for LOCAL_BL_IP";
}
local_bl_rcpt {
  type = "rcpt";
  map = "$CONFDIR/maps.d/local_bl_rcpt.inc";
  symbol = "LOCAL_BL_RCPT";
  description = "Blacklist map for LOCAL_BL_RCPT";
}

# Whitelists
local_wl_domain {
  type = "from";
  filter = "email:domain:tld";
  map = "$CONFDIR/maps.d/local_wl_domain.inc";
  symbol = "LOCAL_WL_DOMAIN";
  description = "Whitelist map for LOCAL_WL_DOMAIN";
}
local_wl_from {
  type = "from";
  map = "$CONFDIR/maps.d/local_wl_from.inc";
  symbol = "LOCAL_WL_FROM";
  description = "Whitelist map for LOCAL_WL_FROM";
}
local_wl_ip {
  type = "ip";
  map = "$CONFDIR/maps.d/local_wl_ip.inc";
  symbol = "LOCAL_WL_IP";
  description = "Whitelist map for LOCAL_WL_IP";
}
local_wl_rcpt {
  type = "rcpt";
  map = "$CONFDIR/maps.d/local_wl_rcpt.inc";
  symbol = "LOCAL_WL_RCPT";
  description = "Whitelist map for LOCAL_WL_RCPT";
}

local.d/groups.conf

# local.d/groups.conf
# see local.d/multimap.conf for mappings
group "multimap" {
  symbols = {
    # Blacklists
    "LOCAL_BL_FROM" {
      weight = 3.0;
      description = "Sender FROM listed in local blacklist";
    }
    "LOCAL_BL_IP" {
      weight = 3.0;
      description = "Sender IP listed in local blacklist";
    }
    "LOCAL_BL_RCPT" {
      weight = 3.0;
      description = "Recipient listed in local blacklist";
    }
    # Whitelists
    "LOCAL_WL_DOMAIN" {
      weight = -5;
      description = "Domain listed in local whitelist";
    }
    "LOCAL_WL_FROM" {
      weight = -5;
      description = "Sender FROM listed in local whitelist";
    }
    "LOCAL_WL_IP" {
      weight = -5;
      description = "Sender IP listed in local whitelist";
    }
    "LOCAL_WL_RCPT" {
      weight = -5;
      description = "Recipient listed in local whitelist";
    }
  }
}

tks,This solved my problem

"chmod o+w" is almost always a very bad idea. You need to "chown" the files to the user running spamd instead.

Can I use local_bl_from.map.inc to blacklist top level (.ru for example) domains?
Or should I be using a different specific method?
The objective here is to block those top level domains that I perceive as problematic.
Sorry, I'm not a coder and I know even less about RSPAMD.

Regards

Fred