Rspamd使用通用配置语言(UCL)进行配置。Rspamd定义了几个变量和宏来扩展UCL功能。
最基础设置
C模块启动项在options.inc文件中配置。
# Included from top-level .conf file
filters = "chartable,dkim,spf,surbl,regexp,fuzzy_check";
在filters定义加载模块。
Lua模块启动项在common.conf文件中配置
# A common rspamd configuration file
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
# parameters defined on the top level
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
# parameters defined on the top level
#
# For specific modules or configuration you can also modify
# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
#
# See https://rspamd.com/doc/tutorials/writing_rules.html for details
...
modules {
path = "$PLUGINSDIR/lua/"
}
在modules里定义需要加载的模块。
C模块
Chartable
该模块允许从消息文本部分的不同Unicode脚本中查找字符数。如果消息无法转换为UTF-8(例如,当它包含无法识别的字符集定义)时,该模块只检查ASCII和非ASCII字符之间的转换次数。
在modules.d/chartable.conf中配置该模块
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
# parameters defined on the top level
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
# parameters defined on the top level
#
# For specific modules or configuration you can also modify
# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
#
# See https://rspamd.com/doc/tutorials/writing_rules.html for details
chartable {
threshold = 0.300000;
symbol = "R_MIXED_CHARSET";
.include(try=true,priority=5) "${DBDIR}/dynamic/chartable.conf"
.include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/chartable.conf"
.include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/chartable.conf"
}
默认情况下Rspamd将扫描结果与阈值threshold进行比较。
DKIM该模块检查扫描的电子邮件的DKIM签名。配置文件在dkim.conf
- dkim_cache_size(或expire):DKIM密钥缓存的最大大小
- whitelist:不应使用DKIM检查的域的映射
- domains:DKIM使用更严格的分数
- strict_multiplier:如果从domains接收到,则将符号的值乘以该值
- trusted_only:不要检查所有域的DKIM签名,而不是从domains地图中检查
另外,可以通过定义lua脚本完成其他功能。例如,可以使用某些密钥来签出出站邮件。
要使用此功能,可以使用一个选项sign_condition来定义Lua脚本,用于分析任务对象并返回签名参数(如果需要签名)
key:域的私钥路径
selector:DKIM选择器值
domain:用于签名的域名
如果不需要签名,那么这个函数应该返回nil或false。这是一个learn_condition脚本的示例,用于对来自example.com域的邮件进行签名:
#dkim.conf
sign_condition =<<EOD
return function(task)
local from = task:get_from('smtp')
if from and from[1]['addr'] then
if string.find(from[1]['addr'], '@example.com$') then
return {
key = "/etc/dkim/example.com",
domain = "example.com",
selector = "test"
}
end
end
return false
end
EOD;
Fuzzy check
该模块旨在检查存储在模糊存储工作者中的特定模糊模式的消息。同时,该模块负责用消息模式学习模糊存储。
- symbol:要插入的默认符号(如果没有标志匹配)
- min_length:执行模糊检查的单词中文本部分的最小长度(默认 - 检查所有文本部分)
- min_bytes:最小的附件长度和以字节为单位的图像,以便在模糊存储中进行检查
- whitelist:IP列表跳过所有模糊检查
- timeout:等待回覆的超时
模糊规则被定义为一组规则定义。每个规则都必须有服务器列表来检查或学习,以及一组标记和可选参数。下面是规则设置的一个例子:
#fuzzy_check.conf
rule "FUZZY_CUSTOM" {
# List of servers, can be an array or multi-value item
servers = "127.0.0.1:11335";
# List of additional mime types to be checked in this fuzzy ("*" for any)
mime_types = ["application/*", "*/octet-stream"];
# Maximum global score for all maps
max_score = 20.0;
# Ignore flags that are not listed in maps for this rule
skip_unknown = yes;
# If this value is false, then allow learning for this fuzzy rule
read_only = no;
# Fast hash type
algorithm = "mumhash";
}
SURBL该模块根据一个DNS列表扫描消息中的URL
下面是禁用SURBL配置:
#surbl.conf
rules {
"RAMBLER_URIBL" {
enabled = false;#enabled = true
}
}
SPF
正则表达式
Lua模块
Antivirus
该模块提供与病毒扫描程序的集成,目前支持ClamAV等。配置在antivirus.conf中
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
# parameters defined on the top level
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
# parameters defined on the top level
#
# For specific modules or configuration you can also modify
# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
#
# See https://rspamd.com/doc/tutorials/writing_rules.html for details
antivirus {
# multiple scanners could be checked, for each we create a configuration block with an arbitrary name
clamav {
# If set force this action if any virus is found (default unset: no action is forced)
# action = "reject";
# if `true` only messages with non-image attachments will be checked (default true)
attachments_only = true;
# If `max_size` is set, messages > n bytes in size are not scanned
#max_size = 20000000;
# symbol to add (add it to metric if you want non-zero weight)
symbol = "CLAM_VIRUS";
# type of scanner: "clamav", "fprot", "sophos" or "savapi"
type = "clamav";
# For "savapi" you must also specify the following variable
#product_id = 12345;
# You can enable logging for clean messages
#log_clean = true;
# servers to query (if port is unspecified, scanner-specific default is used)
# can be specified multiple times to pool servers
# can be set to a path to a unix socket
# Enable this in local.d/antivirus.conf
#servers = "127.0.0.1:3310";
# if `patterns` is specified virus name will be matched against provided regexes and the related
# symbol will be yielded if a match is found. If no match is found, default symbol is yielded.
patterns {
# symbol_name = "pattern";
JUST_EICAR = "^Eicar-Test-Signature$";
}
# `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned.
whitelist = "/etc/rspamd/antivirus.wl";
}
.include(try=true,priority=5) "${DBDIR}/dynamic/antivirus.conf"
.include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/antivirus.conf"
.include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/antivirus.conf"
}
ARC
该模块检查扫描的电子邮件的ARC签名和密封。
配置示例如下:
#arc.conf
# If false, messages with empty envelope from are not signed
allow_envfrom_empty = true;
# If true, envelope/header domain mismatch is ignored
allow_hdrfrom_mismatch = false;
# If true, multiple from headers are allowed (but only first is used)
allow_hdrfrom_multiple = false;
# If true, username does not need to contain matching domain
allow_username_mismatch