Skip to content

Instantly share code, notes, and snippets.

@kvaps

kvaps/rspamd-lists.md

Last active May 6, 2024 05:13
Show Gist options
  • Save kvaps/25507a87dc287e6a620e1eec2d60ebc1 to your computer and use it in GitHub Desktop.
Save kvaps/25507a87dc287e6a620e1eec2d60ebc1 to your computer and use it in GitHub Desktop.
Download ZIP
Howto create local whitelists and blacklists for Rspamd
Raw
rspamd-lists.md

Local whitelists and blacklists for Rspamd

  • cd /etc/rspamd
  • create rspamd.conf.local
  • create lists:
touch local_bl_from.map.inc local_bl_ip.map.inc local_bl_rcpt.map.inc \
local_wl_from.map.inc local_wl_ip.map.inc local_wl_rcpt.map.inc
  • change permissions:
chmod o+w local_bl_from.map.inc local_bl_ip.map.inc local_bl_rcpt.map.inc \
local_wl_from.map.inc local_wl_ip.map.inc local_wl_rcpt.map.inc

Thanks to @mnik247 in #118

Raw
rspamd.conf.local
multimap {
# ip - matches source IP of message (radix map)
# from - matches envelope from (or header From if envelope from is absent)
# rcpt - matches any of envelope rcpt or header To if envelope info is missing
# header - matches any header specified (must have header = "Header-Name" configuration attribute)
# dnsbl - matches source IP against some DNS blacklist (consider using RBL module for this)
local_bl_ip { type = "ip"; map = "$CONFDIR/local_bl_ip.map.inc"; symbol = "LOCAL_BL_IP"; description = "Local ip blacklist";}
local_bl_from { type = "from"; map = "$CONFDIR/local_bl_from.map.inc"; symbol = "LOCAL_BL_FROM"; description = "Local from blacklist";}
local_bl_rcpt { type = "rcpt"; map = "$CONFDIR/local_bl_rcpt.map.inc"; symbol = "LOCAL_BL_RCPT"; description = "Local rcpt blacklist";}
local_wl_ip { type = "ip"; map = "$CONFDIR/local_wl_ip.map.inc"; symbol = "LOCAL_WL_IP"; description = "Local ip whitelist";}
local_wl_from { type = "from"; map = "$CONFDIR/local_wl_from.map.inc"; symbol = "LOCAL_WL_FROM"; description = "Local from whitelist";}
local_wl_rcpt { type = "rcpt"; map = "$CONFDIR/local_wl_rcpt.map.inc"; symbol = "LOCAL_WL_RCPT"; description = "Local rcpt whitelist";}
}
metric {
name = "default";
group {
name = "local";
symbol {
weight = 3;
description = "Sender ip listed in local ip blacklist";
name = "LOCAL_BL_IP";
}
symbol {
weight = 3;
description = "Sender from listed in local from blacklist";
name = "LOCAL_BL_FROM";
}
symbol {
weight = 3;
description = "Recipient listed in local rcpt blacklist";
name = "LOCAL_BL_RCPT";
}
symbol {
weight = -5;
description = "Sender ip listed in local ip whitelist";
name = "LOCAL_WL_IP";
}
symbol {
weight = -5;
description = "Sender from listed in local from whitelist";
name = "LOCAL_WL_FROM";
}
symbol {
weight = -5;
description = "Recipient listed in local rcpt whitelist";
name = "LOCAL_WL_RCPT";
}
}
}
@renaudallard
Copy link

"chmod o+w" is almost always a very bad idea. You need to "chown" the files to the user running spamd instead.

@derfz
Copy link

derfz commented May 6, 2024

Can I use local_bl_from.map.inc to blacklist top level (.ru for example) domains?
Or should I be using a different specific method?
The objective here is to block those top level domains that I perceive as problematic.
Sorry, I'm not a coder and I know even less about RSPAMD.

Regards

Fred

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment