Rspamd配置

最新推荐文章于 2024-05-09 10:02:25 发布

哪吒要结婚

最新推荐文章于 2024-05-09 10:02:25 发布

阅读量3.3k

点赞数 1

分类专栏：技术。文章标签： c语言

本文链接：https://blog.csdn.net/weixin_37958284/article/details/77067730

版权

Rspamd使用通用配置语言（UCL）进行配置。Rspamd定义了几个变量和宏来扩展UCL功能。

最基础设置

C模块启动项在options.inc文件中配置。

    # Included from top-level .conf file
    filters = "chartable,dkim,spf,surbl,regexp,fuzzy_check";

在filters定义加载模块。

Lua模块启动项在common.conf文件中配置

    # A common rspamd configuration file
    # Please don't modify this file as your changes might be overwritten with
    # the next update.
    #
    # You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
    # parameters defined on the top level
    #
    # You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
    # parameters defined on the top level
    #
    # For specific modules or configuration you can also modify
    # '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
    # '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
    #
    # See https://rspamd.com/doc/tutorials/writing_rules.html for details   
    ...
    modules {
        path = "$PLUGINSDIR/lua/"
    }

在modules里定义需要加载的模块。

C模块

Chartable

该模块允许从消息文本部分的不同Unicode脚本中查找字符数。如果消息无法转换为UTF-8（例如，当它包含无法识别的字符集定义）时，该模块只检查ASCII和非ASCII字符之间的转换次数。
在modules.d/chartable.conf中配置该模块

    # Please don't modify this file as your changes might be overwritten with
    # the next update.
    #
    # You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
    # parameters defined on the top level
    #
    # You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
    # parameters defined on the top level
    #
    # For specific modules or configuration you can also modify
    # '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
    # '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
    #
    # See https://rspamd.com/doc/tutorials/writing_rules.html for details

    chartable {
        threshold = 0.300000;
        symbol = "R_MIXED_CHARSET";
        .include(try=true,priority=5) "${DBDIR}/dynamic/chartable.conf"
        .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/chartable.conf"
        .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/chartable.conf"
    }

默认情况下Rspamd将扫描结果与阈值threshold进行比较。

DKIM该模块检查扫描的电子邮件的DKIM签名。配置文件在dkim.conf

dkim_cache_size（或expire）：DKIM密钥缓存的最大大小
whitelist：不应使用DKIM检查的域的映射
domains：DKIM使用更严格的分数
strict_multiplier：如果从domains接收到，则将符号的值乘以该值
trusted_only：不要检查所有域的DKIM签名，而不是从domains地图中检查

另外，可以通过定义lua脚本完成其他功能。例如，可以使用某些密钥来签出出站邮件。

    要使用此功能，可以使用一个选项sign_condition来定义Lua脚本，用于分析任务对象并返回签名参数（如果需要签名）

    key：域的私钥路径
    selector：DKIM选择器值
    domain：用于签名的域名
    如果不需要签名，那么这个函数应该返回nil或false。这是一个learn_condition脚本的示例，用于对来自example.com域的邮件进行签名：

    #dkim.conf
    sign_condition =<<EOD
    return function(task)
      local from = task:get_from('smtp')

      if from and from[1]['addr'] then
        if string.find(from[1]['addr'], '@example.com$') then
          return {
            key = "/etc/dkim/example.com",
            domain = "example.com",
            selector = "test"
          }
        end
      end

      return false
    end
    EOD;

Fuzzy check

该模块旨在检查存储在模糊存储工作者中的特定模糊模式的消息。同时，该模块负责用消息模式学习模糊存储。

symbol：要插入的默认符号（如果没有标志匹配）
min_length：执行模糊检查的单词中文本部分的最小长度（默认 - 检查所有文本部分）
min_bytes：最小的附件长度和以字节为单位的图像，以便在模糊存储中进行检查
whitelist：IP列表跳过所有模糊检查
timeout：等待回覆的超时

模糊规则被定义为一组规则定义。每个规则都必须有服务器列表来检查或学习，以及一组标记和可选参数。下面是规则设置的一个例子:

    #fuzzy_check.conf
    rule "FUZZY_CUSTOM" {
      # List of servers, can be an array or multi-value item
      servers = "127.0.0.1:11335";
      # List of additional mime types to be checked in this fuzzy ("*" for any)
      mime_types = ["application/*", "*/octet-stream"];
      # Maximum global score for all maps
      max_score = 20.0;
      # Ignore flags that are not listed in maps for this rule
      skip_unknown = yes;
      # If this value is false, then allow learning for this fuzzy rule
      read_only = no;
      # Fast hash type
      algorithm = "mumhash";
    }

SURBL该模块根据一个DNS列表扫描消息中的URL
下面是禁用SURBL配置：

    #surbl.conf
    rules {
      "RAMBLER_URIBL" {
        enabled = false;#enabled = true
      }
    }

SPF

正则表达式

Lua模块

Antivirus

该模块提供与病毒扫描程序的集成，目前支持ClamAV等。配置在antivirus.conf中

    # Please don't modify this file as your changes might be overwritten with
    # the next update.
    #
    # You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
    # parameters defined on the top level
    #
    # You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
    # parameters defined on the top level
    #
    # For specific modules or configuration you can also modify
    # '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
    # '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
    #
    # See https://rspamd.com/doc/tutorials/writing_rules.html for details

    antivirus {
      # multiple scanners could be checked, for each we create a configuration block with an arbitrary name
      clamav {
        # If set force this action if any virus is found (default unset: no action is forced)
        # action = "reject";
        # if `true` only messages with non-image attachments will be checked (default true)
        attachments_only = true;
        # If `max_size` is set, messages > n bytes in size are not scanned
        #max_size = 20000000;
        # symbol to add (add it to metric if you want non-zero weight)
        symbol = "CLAM_VIRUS";
        # type of scanner: "clamav", "fprot", "sophos" or "savapi"
        type = "clamav";
        # For "savapi" you must also specify the following variable
        #product_id = 12345;
        # You can enable logging for clean messages
        #log_clean = true;
        # servers to query (if port is unspecified, scanner-specific default is used)
        # can be specified multiple times to pool servers
        # can be set to a path to a unix socket
        # Enable this in local.d/antivirus.conf
        #servers = "127.0.0.1:3310";
        # if `patterns` is specified virus name will be matched against provided regexes and the related
        # symbol will be yielded if a match is found. If no match is found, default symbol is yielded.
        patterns {
          # symbol_name = "pattern";
          JUST_EICAR = "^Eicar-Test-Signature$";
        }
        # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned.
        whitelist = "/etc/rspamd/antivirus.wl";
      }


      .include(try=true,priority=5) "${DBDIR}/dynamic/antivirus.conf"
      .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/antivirus.conf"
      .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/antivirus.conf"
    }

ARC

该模块检查扫描的电子邮件的ARC签名和密封。
配置示例如下：

    #arc.conf
    # If false, messages with empty envelope from are not signed
    allow_envfrom_empty = true;
    # If true, envelope/header domain mismatch is ignored
    allow_hdrfrom_mismatch = false;
    # If true, multiple from headers are allowed (but only first is used)
    allow_hdrfrom_multiple = false;
    # If true, username does not need to contain matching domain
    allow_username_mismatch

最低0.47元/天解锁文章

哪吒要结婚

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Rspamd配置

Rspamd使用通用配置语言（UCL）进行配置。Rspamd定义了几个变量和宏来扩展UCL功能。最基础设置C模块启动项在options.inc文件中配置。 # Included from top-level .conf file filters = "chartable,dkim,spf,surbl,regexp,fuzzy_check";在filters定义加载模块。Lua模块启动
复制链接

扫一扫