Differences

This shows you the differences between two versions of the page.

--- doc:appunti:linux:sa:rspamd_spamassassin [2023/11/17 11:15] – [Configure the blacklists] niccolo
+++ doc:appunti:linux:sa:rspamd_spamassassin [2024/01/26 15:22] (current) – [ClamAV on TCP socket in Debian 12] niccolo
@@ Line 259: / Line 259: @@
 <file>
+# Map containing additional IPv4/IPv6 addresses/subnets that should
+# be excluded from checks where exclude_local is true (the default).
+local_exclude_ip_map = "${LOCAL_CONFDIR}/maps.d/rbl_local_exclude_ip.map";
 # Add a custom RBL.
 rbls {
@@ Line 279: / Line 283: @@
             "ZEN_RIGACCI_CODE_3" = "127.0.0.3";
         }
+    }
+}
+</file>
+The file pointed by the **local_exclude_ip_map** option can be updated (adding or removing IP addresses or subnets) without the need to reload any service.
+A custom score can be defined into **local.d/rbl_group.conf**:
+<file>
+symbols = {
+    "ZEN_RIGACCI" {
+        weight = 6.2;
+        description = "From address is listed in ZEN Rigacci.Org";
+        groups = ["zen_rigacci"];
+    }
+}
+symbols = {
+    "ZEN_RIGACCI_CODE_1" {
+        weight = 6.8;
+        description = "From address is listed in ZEN Rigacci.Org, code 1";
+        groups = ["zen_rigacci"];
     }
 }
@@ Line 367: / Line 393: @@
 </code>
-As you can see from the log below, an SPF fail does not trigger a significative SPAM score using the default metrics: only 0.90/18.00:
+The ''VIOLATED_DIRECT_SPF'' is a composite symbol, it combines an SPF (soft) fail and has no Received or no trusted received relays. As you can see from the log below, an SPF fail does not trigger a significative SPAM score using the default metrics: only 0.90/18.00:
 <code>
@@ Line 514: / Line 540: @@
 ^ add_header        | Add a header ''X-Spam: Yes'' to the message, but the message is eccepted for delivery.  |
 ^ rewrite_subject   | The message is accepted, but the ''Subject:'' header is modified according to the global //actions// => //subject// setting.  |
-^ soft reject       | The message is rejected with a 451 SMTP status code, meaning a temporary problem. The sender MTA is notified with a temporary failure message and it should retry later. Notice that this action **is not a greylisting**, when the message is retried the same rule applies again.  |
+^ soft reject       | The message is rejected with a 451 SMTP status code, meaning a temporary problem. The sender MTA is notified with a temporary failure message and it should retry later. Notice that this action **is not a greylisting**: when the message is retried the same rule applies again.  |
 ^ reject            | The message is reject witha 554 SMTP status code. The default message generated by the Postfix MTA is ''554 5.7.1 Matched map: TEST_SPAM_STRING''. The sender MTA should create a //sender non-delivery notification//.  |
@@ Line 621: / Line 647: @@
 ===== Logging =====
-Example to enable logging in milter protocol, create the file **/etc/rspamd/local.d/logging.inc** with:
+Example to enable logging for the //milter// and the //rbl// modules: create the file **/etc/rspamd/local.d/logging.inc** with:
 <file>
-debug_modules = ["milter"]
+debug_modules = ["milter", "rbl"]
 </file>
@@ Line 648: / Line 674: @@
 <code>
 systemctl daemon-reload
+systemctl restart clamav-daemon.socket
 systemctl restart clamav-daemon.service
 </code>