Differences

This shows you the differences between two versions of the page.

--- doc:appunti:linux:sa:rspamd_spamassassin [2023/11/17 11:12] – [Configure the blacklists] niccolo
+++ doc:appunti:linux:sa:rspamd_spamassassin [2024/01/26 15:22] (current) – [ClamAV on TCP socket in Debian 12] niccolo
@@ Line 256: / Line 256: @@
 </file>
-Local configuration must go into **local.d/rbl.conf**.
+Local configuration must go into **local.d/rbl.conf**, here it is an example on how to add a custom RBL:
+<file>
+# Map containing additional IPv4/IPv6 addresses/subnets that should
+# be excluded from checks where exclude_local is true (the default).
+local_exclude_ip_map = "${LOCAL_CONFDIR}/maps.d/rbl_local_exclude_ip.map";
+# Add a custom RBL.
+rbls {
+    zen_rigacci {
+        # Checks to enable for this RBL.
+        # from: the sending IP that sent the message.
+        checks = ["from"];
+        # Address used for RBL-testing.
+        rbl = "zen.rigacci.org";
+        ipv4 = true;
+        ipv6 = true;
+        exclude_local = true;
+        local_exclude_ip_map = "${LOCAL_CONFDIR}/maps.d/zen_rigacci_exclude_ip.map";
+        # Symbol to yeld.
+        symbol = "ZEN_RIGACCI";
+        returncodes = {
+            # Apply a specific symbol instead of the generic one.
+            "ZEN_RIGACCI_CODE_1" = "127.0.0.1";
+            "ZEN_RIGACCI_CODE_2" = "127.0.0.2";
+            "ZEN_RIGACCI_CODE_3" = "127.0.0.3";
+        }
+    }
+}
+</file>
+The file pointed by the **local_exclude_ip_map** option can be updated (adding or removing IP addresses or subnets) without the need to reload any service.
+A custom score can be defined into **local.d/rbl_group.conf**:
+<file>
+symbols = {
+    "ZEN_RIGACCI" {
+        weight = 6.2;
+        description = "From address is listed in ZEN Rigacci.Org";
+        groups = ["zen_rigacci"];
+    }
+}
+symbols = {
+    "ZEN_RIGACCI_CODE_1" {
+        weight = 6.8;
+        description = "From address is listed in ZEN Rigacci.Org, code 1";
+        groups = ["zen_rigacci"];
+    }
+}
+</file>
 Several RBLs are enabled per default in the Debian 12 install. if you want to disable some, just add the symbol into the **rbls** list with the option **enabled = false**:
@@ Line 342: / Line 393: @@
 </code>
-As you can see from the log below, an SPF fail does not trigger a significative SPAM score using the default metrics: only 0.90/18.00:
+The ''VIOLATED_DIRECT_SPF'' is a composite symbol, it combines an SPF (soft) fail and has no Received or no trusted received relays. As you can see from the log below, an SPF fail does not trigger a significative SPAM score using the default metrics: only 0.90/18.00:
 <code>
@@ Line 350: / Line 401: @@
     (default: F (no action): [0.90/18.00] [R_SPF_FAIL(1.00){-all;},
     MIME_GOOD(-0.10){text/plain;},ARC_NA(0.00){},ASN(0.00){asn:24940,
-    ipnet:2a01:4f8::/32, country:DE;},DMARC_NA(0.00){texnet.it;},
+    ipnet:2a01:4f8::/32, country:DE;},DMARC_NA(0.00){rigacci.org;},
     FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MIME_TRACE(0.00){0:+;},
     RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},RCVD_TLS_LAST(0.00){},
@@ Line 489: / Line 540: @@
 ^ add_header        | Add a header ''X-Spam: Yes'' to the message, but the message is eccepted for delivery.  |
 ^ rewrite_subject   | The message is accepted, but the ''Subject:'' header is modified according to the global //actions// => //subject// setting.  |
-^ soft reject       | The message is rejected with a 451 SMTP status code, meaning a temporary problem. The sender MTA is notified with a temporary failure message and it should retry later. Notice that this action **is not a greylisting**, when the message is retried the same rule applies again.  |
+^ soft reject       | The message is rejected with a 451 SMTP status code, meaning a temporary problem. The sender MTA is notified with a temporary failure message and it should retry later. Notice that this action **is not a greylisting**: when the message is retried the same rule applies again.  |
 ^ reject            | The message is reject witha 554 SMTP status code. The default message generated by the Postfix MTA is ''554 5.7.1 Matched map: TEST_SPAM_STRING''. The sender MTA should create a //sender non-delivery notification//.  |
@@ Line 596: / Line 647: @@
 ===== Logging =====
-Example to enable logging in milter protocol, create the file **/etc/rspamd/local.d/logging.inc** with:
+Example to enable logging for the //milter// and the //rbl// modules: create the file **/etc/rspamd/local.d/logging.inc** with:
 <file>
-debug_modules = ["milter"]
+debug_modules = ["milter", "rbl"]
 </file>
@@ Line 623: / Line 674: @@
 <code>
 systemctl daemon-reload
+systemctl restart clamav-daemon.socket
 systemctl restart clamav-daemon.service
 </code>