Skip to content

Instantly share code, notes, and snippets.

@kvaps

kvaps/rspamd-lists.md

Last active March 28, 2024 23:51
Show Gist options
  • Star 24 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
  • Save kvaps/25507a87dc287e6a620e1eec2d60ebc1 to your computer and use it in GitHub Desktop.
Save kvaps/25507a87dc287e6a620e1eec2d60ebc1 to your computer and use it in GitHub Desktop.
Download ZIP
Howto create local whitelists and blacklists for Rspamd
Raw
rspamd-lists.md

Local whitelists and blacklists for Rspamd

  • cd /etc/rspamd
  • create rspamd.conf.local
  • create lists:
touch local_bl_from.map.inc local_bl_ip.map.inc local_bl_rcpt.map.inc \
local_wl_from.map.inc local_wl_ip.map.inc local_wl_rcpt.map.inc
  • change permissions:
chmod o+w local_bl_from.map.inc local_bl_ip.map.inc local_bl_rcpt.map.inc \
local_wl_from.map.inc local_wl_ip.map.inc local_wl_rcpt.map.inc

Thanks to @mnik247 in #118

Raw
rspamd.conf.local
multimap {
# ip - matches source IP of message (radix map)
# from - matches envelope from (or header From if envelope from is absent)
# rcpt - matches any of envelope rcpt or header To if envelope info is missing
# header - matches any header specified (must have header = "Header-Name" configuration attribute)
# dnsbl - matches source IP against some DNS blacklist (consider using RBL module for this)
local_bl_ip { type = "ip"; map = "$CONFDIR/local_bl_ip.map.inc"; symbol = "LOCAL_BL_IP"; description = "Local ip blacklist";}
local_bl_from { type = "from"; map = "$CONFDIR/local_bl_from.map.inc"; symbol = "LOCAL_BL_FROM"; description = "Local from blacklist";}
local_bl_rcpt { type = "rcpt"; map = "$CONFDIR/local_bl_rcpt.map.inc"; symbol = "LOCAL_BL_RCPT"; description = "Local rcpt blacklist";}
local_wl_ip { type = "ip"; map = "$CONFDIR/local_wl_ip.map.inc"; symbol = "LOCAL_WL_IP"; description = "Local ip whitelist";}
local_wl_from { type = "from"; map = "$CONFDIR/local_wl_from.map.inc"; symbol = "LOCAL_WL_FROM"; description = "Local from whitelist";}
local_wl_rcpt { type = "rcpt"; map = "$CONFDIR/local_wl_rcpt.map.inc"; symbol = "LOCAL_WL_RCPT"; description = "Local rcpt whitelist";}
}
metric {
name = "default";
group {
name = "local";
symbol {
weight = 3;
description = "Sender ip listed in local ip blacklist";
name = "LOCAL_BL_IP";
}
symbol {
weight = 3;
description = "Sender from listed in local from blacklist";
name = "LOCAL_BL_FROM";
}
symbol {
weight = 3;
description = "Recipient listed in local rcpt blacklist";
name = "LOCAL_BL_RCPT";
}
symbol {
weight = -5;
description = "Sender ip listed in local ip whitelist";
name = "LOCAL_WL_IP";
}
symbol {
weight = -5;
description = "Sender from listed in local from whitelist";
name = "LOCAL_WL_FROM";
}
symbol {
weight = -5;
description = "Recipient listed in local rcpt whitelist";
name = "LOCAL_WL_RCPT";
}
}
}
@renaudallard
Copy link

"chmod o+w" is almost always a very bad idea. You need to "chown" the files to the user running spamd instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment