Skip to content

Instantly share code, notes, and snippets.

@stephdl

stephdl/gist:06d2009a2f6706849e43f74974805b64

Last active February 23, 2020 09:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save stephdl/06d2009a2f6706849e43f74974805b64 to your computer and use it in GitHub Desktop.
Save stephdl/06d2009a2f6706849e43f74974805b64 to your computer and use it in GitHub Desktop.
Download ZIP
Raspamd whitelist/blacklist domain.org and subdomain.org configuration
Raw
gistfile1.md

Rspamd blacklist/whitelist multimap

This configuration is provided by the project NethServer, a CentOS clone which provide a full postfix email server with Rspamd and a lot of more good other features https://www.nethserver.org/

domain.org/sub.domain.org blacklist FROM/TO and whitelist FROM/TO whith IP whitelisting.

To manage the priority the blacklist is rejected with a forced action because the priority between blacklist and whitelist is hard to be fine. For example if you blacklist the domain.org, user@domain.org could be blacklisted too even if the use@domain.org is whitelisted. Moreover we want to use our SMTP message rejection and do not reject based on score, because when the message is rejected it is rejected with a SPAM rejection message.

the map is a file with a email or a domain list (one entry per line), same for the IP whitelisting

  • the whitelist_from and blacklist_from are maps for emails (user@domain.org)
  • the whitelist_from_domains and blacklist_from_domains are maps for domains (sub.domain.org or domain.org)
  • the whitelist_to_domains and blacklist_to_domains are maps for domains (sub.domain.org or domain.org)
  • the whitelist_ip is a map for IP
touch /etc/rspamd/{whitelist_ip.map,whitelist_from.map,whitelist_from_domains.map,blacklist_from.map,blacklist_from_domains.map,whitelist_to.map,whitelist_to_domains.map}

Put the configuration in /etc/rspamd/local.d/multimap.conf then create your map under /etc/rspamd (could be /var/lib/rspamd if you want to adjust it from the UI, but the map path must be adjusted)

# whitelist the IP
IP_WHITELIST {
    type = "ip";
    prefilter = "true";
    map = "${CONFDIR}/whitelist_ip.map";
    action = "accept";
    symbol = "IP_WHITELIST";
    description = "Accept SMTP sender by exact IP address";
  }

# whitelist the senders
FROM_WHITELIST {
    type = "from";
    map = [
    "${CONFDIR}/whitelist_from.map",
    ];
    prefilter = true;
    filter = "email:addr";
    action = "accept";
    description = "Accept SMTP sender by exact email address";
    symbol = "FROM_WHITELIST";
}

#whitelist the sub.domains of senders
FROM_SUBDOMAINS_WHITELIST {

    map = [
    "${CONFDIR}/whitelist_from_domains.map",
    ];
    type = "from";
    prefilter = true;
    action = "accept";
    filter = "email:domain";
    description = "Accept SMTP sender by exact domain name";
    symbol = "FROM_SUBDOMAINS_WHITELIST";
}

#whitelist the domains of senders
FROM_DOMAINS_WHITELIST {

    map = [
    "${CONFDIR}/whitelist_from_domains.map",
    ];
    type = "from";
    prefilter = true;
    action = "accept";
    filter = "email:domain:tld";
    description = "Accepted SMTP sender by top level domain name suffix";
    symbol = "FROM_DOMAINS_WHITELIST";
}

#blacklist the senders
FROM_BLACKLIST {
    type = "from";
    map = [
    "${CONFDIR}/blacklist_from.map",
    ];
    filter = "email:addr";
    symbol = "FROM_BLACKLIST";
    description = "Reject SMTP sender by exact email address";
}

#blacklist the subdomains of senders
FROM_SUBDOMAINS_BLACKLIST {
    map = [
    "${CONFDIR}/blacklist_from_domains.map",
    ];
    type = "from";
    filter = "email:domain";
    description = "Reject SMTP sender by exact domain name";
    symbol = "FROM_SUBDOMAINS_BLACKLIST";
}

#blacklist the domains of senders
FROM_DOMAINS_BLACKLIST {
    map = [
    "${CONFDIR}/blacklist_from_domains.map",
    ];
    type = "from";
    filter = "email:domain:tld";
    description = "Reject SMTP sender by top level domain name suffix";
    symbol = "FROM_DOMAINS_BLACKLIST";
}

#whitelist the subdomain of recipients
TO_SUBDOMAINS_WHITELIST {
    map = [
    "${CONFDIR}/whitelist_to_domains.map",
    ];
    type = "rcpt";
    prefilter = true;
    action = "accept";
    filter = "email:domain";
    description = "Accept SMTP recipient by exact domain name";
    symbol = "TO_SUBDOMAINS_WHITELIST";
}

#whitelist the domain of recipients
TO_DOMAINS_WHITELIST {
    map = [
    "${CONFDIR}/whitelist_to_domains.map",
    ];
    type = "rcpt";
    prefilter = true;
    action = "accept";
    filter = "email:domain:tld";
    description = "Accept SMTP recipient by top level domain name suffix";
    symbol = "TO_DOMAINS_WHITELIST";
}

#whitelist the email address of recipients
TO_WHITELIST {
    type = "rcpt";
    map = [
    "${CONFDIR}/whitelist_to.map",
    ];
    prefilter = true;
    filter = "email:addr";
    action = "accept";
    description = "Accept SMTP recipient by exact email address";
    symbol = "TO_WHITELIST";
}

in /etc/rspamd/local.d/force_actions.conf

    REJECT_FROM_BLACKLIST {
        action = "reject";
        message = "Sender email address rejected";
        expression = "FROM_BLACKLIST | FROM_SUBDOMAINS_BLACKLIST | FROM_DOMAINS_BLACKLIST";
    }

after this change the rspamd service must be restarted, the map are loaded every 5 minutes (default settings) or rspamd must be reload

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment