doc:appunti:linux:sa:rspamd_spamassassin
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
doc:appunti:linux:sa:rspamd_spamassassin [2023/11/16 12:39] – [Antivirus scanning] niccolo | doc:appunti:linux:sa:rspamd_spamassassin [2023/11/20 12:47] – [Custom regexp rule with multimap] niccolo | ||
---|---|---|---|
Line 256: | Line 256: | ||
</ | </ | ||
- | Local configuration must go into **local.d/ | + | Local configuration must go into **local.d/ |
< | < | ||
- | rules { | + | # Map containing additional IPv4/IPv6 addresses/ |
- | "RCVD_IN_DNSWL" { | + | # be excluded from checks where exclude_local is true (the default). |
- | enabled = false; | + | local_exclude_ip_map = " |
+ | |||
+ | # Add a custom RBL. | ||
+ | rbls { | ||
+ | | ||
+ | # Checks to enable for this RBL. | ||
+ | # from: the sending IP that sent the message. | ||
+ | checks = ["from"]; | ||
+ | # Address used for RBL-testing. | ||
+ | rbl = " | ||
+ | ipv4 = true; | ||
+ | ipv6 = true; | ||
+ | exclude_local = true; | ||
+ | local_exclude_ip_map = "${LOCAL_CONFDIR}/ | ||
+ | | ||
+ | symbol = " | ||
+ | returncodes = { | ||
+ | # Apply a specific symbol instead of the generic one. | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | The file pointed by the **local_exclude_ip_map** option can be updated (adding or removing IP addresses or subnets) without the need to reload any service. | ||
+ | |||
+ | A custom score can be defined into **local.d/ | ||
+ | |||
+ | < | ||
+ | symbols = { | ||
+ | " | ||
+ | weight = 6.2; | ||
+ | description = "From address is listed in ZEN Rigacci.Org"; | ||
+ | groups = [" | ||
+ | } | ||
+ | } | ||
+ | |||
+ | symbols = { | ||
+ | " | ||
+ | weight = 6.8; | ||
+ | description = "From address is listed in ZEN Rigacci.Org, | ||
+ | groups = [" | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | Several RBLs are enabled per default in the Debian 12 install. if you want to disable some, just add the symbol into the **rbls** list with the option **enabled = false**: | ||
+ | |||
+ | < | ||
+ | rbls { | ||
+ | dnswl { | ||
+ | symbol = " | ||
+ | | ||
} | } | ||
} | } | ||
Line 273: | Line 327: | ||
# local.d/ | # local.d/ | ||
clamav { | clamav { | ||
+ | # The antivirus engine to use. | ||
+ | type = " | ||
+ | servers = " | ||
# If set, force this action if any virus is found (default unset: no action is forced). | # If set, force this action if any virus is found (default unset: no action is forced). | ||
action = " | action = " | ||
Line 278: | Line 335: | ||
# If `max_size` is set, messages > n bytes in size are not scanned | # If `max_size` is set, messages > n bytes in size are not scanned | ||
max_size = 20000000; | max_size = 20000000; | ||
- | # symbol | + | # Symbol |
+ | # You can use this if you want to apply default actions based on score. | ||
symbol = " | symbol = " | ||
- | type = " | ||
- | servers = " | ||
# Prefix used for caching in Redis: scanner-specific defaults are used. | # Prefix used for caching in Redis: scanner-specific defaults are used. | ||
# If Redis is enabled and multiple scanners of the same type are present, | # If Redis is enabled and multiple scanners of the same type are present, | ||
Line 337: | Line 393: | ||
</ | </ | ||
- | As you can see from the log below, an SPF fail does not trigger a significative SPAM score using the default metrics: only 0.90/18.00: | + | The '' |
< | < | ||
Line 345: | Line 401: | ||
(default: F (no action): [0.90/ | (default: F (no action): [0.90/ | ||
MIME_GOOD(-0.10){text/ | MIME_GOOD(-0.10){text/ | ||
- | ipnet: | + | ipnet: |
FROM_EQ_ENVFROM(0.00){}, | FROM_EQ_ENVFROM(0.00){}, | ||
RCPT_COUNT_ONE(0.00){1; | RCPT_COUNT_ONE(0.00){1; | ||
Line 484: | Line 540: | ||
^ add_header | ^ add_header | ||
^ rewrite_subject | ^ rewrite_subject | ||
- | ^ soft reject | + | ^ soft reject |
^ reject | ^ reject | ||
Line 566: | Line 622: | ||
X-Rspamd-Action: | X-Rspamd-Action: | ||
</ | </ | ||
+ | |||
+ | With the following example we add a custom **X-Virus** header if a symbol was added, e.g. by the antivirus module. In this case the antivirus module should not apply its own //reject// action, otherwise it is pointless to mangle the headers. | ||
+ | |||
+ | < | ||
+ | # Add the X-Spamd-Result header and others to all the messages. | ||
+ | use = [" | ||
+ | |||
+ | # Implies X-Spamd-Result and add X-Rspamd-Queue-Id, | ||
+ | extended_spam_headers = true; | ||
+ | |||
+ | # Special routine to add custon a X-Virus header upon specific symbols. | ||
+ | routines { | ||
+ | x-virus { | ||
+ | header = " | ||
+ | remove = 0; | ||
+ | # The following setting is an empty list by default and required to be set. | ||
+ | # These are user-defined symbols added by the antivirus module. | ||
+ | symbols = [" | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
===== Logging ===== | ===== Logging ===== | ||
- | Example to enable logging | + | Example to enable logging |
< | < | ||
- | debug_modules = [" | + | debug_modules = [" |
</ | </ | ||
doc/appunti/linux/sa/rspamd_spamassassin.txt · Last modified: 2024/07/17 18:23 by niccolo