Differences

This shows you the differences between two versions of the page.

--- doc:appunti:linux:sa:rspamd_spamassassin [2023/11/16 13:00] – [Customizing the headers] niccolo
+++ doc:appunti:linux:sa:rspamd_spamassassin [2023/11/20 12:37] – [SPF check] niccolo
@@ Line 256: / Line 256: @@
 </file>
-Local configuration must go into **local.d/rbl.conf**. Suppose we want to disable one RBL:
+Local configuration must go into **local.d/rbl.conf**, here it is an example on how to add a custom RBL:
 <file>
-rules {
+# Map containing additional IPv4/IPv6 addresses/subnets that should
-    "RCVD_IN_DNSWL" {
+# be excluded from checks where exclude_local is true (the default).
-        enabled = false;
+local_exclude_ip_map = "${LOCAL_CONFDIR}/maps.d/rbl_local_exclude_ip.map";
+# Add a custom RBL.
+rbls {
+    zen_rigacci {
+        # Checks to enable for this RBL.
+        # from: the sending IP that sent the message.
+        checks = ["from"];
+        # Address used for RBL-testing.
+        rbl = "zen.rigacci.org";
+        ipv4 = true;
+        ipv6 = true;
+        exclude_local = true;
+        local_exclude_ip_map = "${LOCAL_CONFDIR}/maps.d/zen_rigacci_exclude_ip.map";
+        # Symbol to yeld.
+        symbol = "ZEN_RIGACCI";
+        returncodes = {
+            # Apply a specific symbol instead of the generic one.
+            "ZEN_RIGACCI_CODE_1" = "127.0.0.1";
+            "ZEN_RIGACCI_CODE_2" = "127.0.0.2";
+            "ZEN_RIGACCI_CODE_3" = "127.0.0.3";
+        }
+    }
+}
+</file>
+The file pointed by the **local_exclude_ip_map** option can be updated (adding or removing IP addresses or subnets) without the need to reload any service.
+A custom score can be defined into **local.d/rbl_group.conf**:
+<file>
+symbols = {
+    "ZEN_RIGACCI" {
+        weight = 6.2;
+        description = "From address is listed in ZEN Rigacci.Org";
+        groups = ["zen_rigacci"];
+    }
+}
+symbols = {
+    "ZEN_RIGACCI_CODE_1" {
+        weight = 6.8;
+        description = "From address is listed in ZEN Rigacci.Org, code 1";
+        groups = ["zen_rigacci"];
+    }
+}
+</file>
+Several RBLs are enabled per default in the Debian 12 install. if you want to disable some, just add the symbol into the **rbls** list with the option **enabled = false**:
+<file>
+rbls {
+    dnswl {
+      symbol = "RCVD_IN_DNSWL";
+      enabled = false;
     }
 }
@@ Line 339: / Line 393: @@
 </code>
-As you can see from the log below, an SPF fail does not trigger a significative SPAM score using the default metrics: only 0.90/18.00:
+The ''VIOLATED_DIRECT_SPF'' is a composite symbol, it combines an SPF (soft) fail and has no Received or no trusted received relays. As you can see from the log below, an SPF fail does not trigger a significative SPAM score using the default metrics: only 0.90/18.00:
 <code>
@@ Line 347: / Line 401: @@
     (default: F (no action): [0.90/18.00] [R_SPF_FAIL(1.00){-all;},
     MIME_GOOD(-0.10){text/plain;},ARC_NA(0.00){},ASN(0.00){asn:24940,
-    ipnet:2a01:4f8::/32, country:DE;},DMARC_NA(0.00){texnet.it;},
+    ipnet:2a01:4f8::/32, country:DE;},DMARC_NA(0.00){rigacci.org;},
     FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MIME_TRACE(0.00){0:+;},
     RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},RCVD_TLS_LAST(0.00){},
@@ Line 593: / Line 647: @@
 ===== Logging =====
-Example to enable logging in milter protocol, create the file **/etc/rspamd/local.d/logging.inc** with:
+Example to enable logging for the //milter// and the //rbl// modules: create the file **/etc/rspamd/local.d/logging.inc** with:
 <file>
-debug_modules = ["milter"]
+debug_modules = ["milter", "rbl"]
 </file>