Rspamd: add custom symbol scores for SPF, DKIM & DMARC (#3726)
This commit is contained in:
parent
8f391e4d5a
commit
04f4ae4569
|
@ -6,6 +6,11 @@ All notable changes to this project will be documented in this file. The format
|
||||||
|
|
||||||
> **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes.
|
> **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes.
|
||||||
|
|
||||||
|
### Updates
|
||||||
|
|
||||||
|
- **Rspamd** ([#3726](https://github.com/docker-mailserver/docker-mailserver/pull/3726)):
|
||||||
|
- symbol scores for SPF, DKIM & DMARC were updated to more closely align with [RFC7489](https://www.rfc-editor.org/rfc/rfc7489#page-24); please note though that complete alignment is undesirable, because other symbols might be added as well, which changes the overall score calculation again, see [this issue](https://github.com/docker-mailserver/docker-mailserver/issues/3690#issuecomment-1866871996)
|
||||||
|
|
||||||
## [v13.2.0](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v13.2.0)
|
## [v13.2.0](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v13.2.0)
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
|
@ -106,6 +106,7 @@ EOF
|
||||||
# -----------------------------------------------
|
# -----------------------------------------------
|
||||||
|
|
||||||
COPY target/rspamd/local.d/ /etc/rspamd/local.d/
|
COPY target/rspamd/local.d/ /etc/rspamd/local.d/
|
||||||
|
COPY target/rspamd/scores.d/* /etc/rspamd/scores.d/
|
||||||
|
|
||||||
# -----------------------------------------------
|
# -----------------------------------------------
|
||||||
# --- LDAP & SpamAssassin's Cron ----------------
|
# --- LDAP & SpamAssassin's Cron ----------------
|
||||||
|
|
|
@ -1,9 +1,12 @@
|
||||||
# documentation: https://rspamd.com/doc/configuration/metrics.html#actions
|
# documentation: https://rspamd.com/doc/configuration/metrics.html#actions
|
||||||
# and https://rspamd.com/doc/configuration/metrics.html
|
# and https://rspamd.com/doc/configuration/metrics.html
|
||||||
|
|
||||||
#greylist = 4;
|
# These values work in conjunction with the symbol scores in
|
||||||
#add_header = 6;
|
# `scores.d/*.conf`. When adjusting them, make sure to understand
|
||||||
#rewrite_subject = 7;
|
# and to be able to explain the impact on the whole system.
|
||||||
#reject = 15;
|
greylist = 4;
|
||||||
|
add_header = 6;
|
||||||
|
rewrite_subject = 7;
|
||||||
|
reject = 11;
|
||||||
|
|
||||||
subject = "***SPAM*** %s"
|
subject = "***SPAM*** %s"
|
||||||
|
|
|
@ -0,0 +1,108 @@
|
||||||
|
# Please refer to
|
||||||
|
# https://github.com/docker-mailserver/docker-mailserver/issues/3690
|
||||||
|
# for understanding this file and its scores' values.
|
||||||
|
|
||||||
|
symbols = {
|
||||||
|
# SPF
|
||||||
|
"R_SPF_ALLOW" {
|
||||||
|
weight = -1;
|
||||||
|
description = "SPF verification allows sending";
|
||||||
|
groups = ["spf"];
|
||||||
|
}
|
||||||
|
"R_SPF_NA" {
|
||||||
|
weight = 1.5;
|
||||||
|
description = "Missing SPF record";
|
||||||
|
one_shot = true;
|
||||||
|
groups = ["spf"];
|
||||||
|
}
|
||||||
|
"R_SPF_SOFTFAIL" {
|
||||||
|
weight = 2.5;
|
||||||
|
description = "SPF verification soft-failed";
|
||||||
|
groups = ["spf"];
|
||||||
|
}
|
||||||
|
"R_SPF_FAIL" {
|
||||||
|
weight = 4.5;
|
||||||
|
description = "SPF verification failed";
|
||||||
|
groups = ["spf"];
|
||||||
|
}
|
||||||
|
|
||||||
|
"R_SPF_NEUTRAL" { # == R_SPF_NA
|
||||||
|
weight = 1.5;
|
||||||
|
description = "SPF policy is neutral";
|
||||||
|
groups = ["spf"];
|
||||||
|
}
|
||||||
|
"R_SPF_DNSFAIL" { # == R_SPF_SOFTFAIL
|
||||||
|
weight = 2.5;
|
||||||
|
description = "SPF DNS failure";
|
||||||
|
groups = ["spf"];
|
||||||
|
}
|
||||||
|
"R_SPF_PERMFAIL" { # == R_SPF_FAIL
|
||||||
|
weight = 4.5;
|
||||||
|
description = "SPF record is malformed or persistent DNS error";
|
||||||
|
groups = ["spf"];
|
||||||
|
}
|
||||||
|
|
||||||
|
# DKIM
|
||||||
|
"R_DKIM_ALLOW" {
|
||||||
|
weight = -1;
|
||||||
|
description = "DKIM verification succeed";
|
||||||
|
one_shot = true;
|
||||||
|
groups = ["dkim"];
|
||||||
|
}
|
||||||
|
"R_DKIM_NA" {
|
||||||
|
weight = 0;
|
||||||
|
description = "Missing DKIM signature";
|
||||||
|
one_shot = true;
|
||||||
|
groups = ["dkim"];
|
||||||
|
}
|
||||||
|
"R_DKIM_TEMPFAIL" {
|
||||||
|
weight = 1.5;
|
||||||
|
description = "DKIM verification soft-failed";
|
||||||
|
groups = ["dkim"];
|
||||||
|
}
|
||||||
|
"R_DKIM_PERMFAIL" {
|
||||||
|
weight = 4.5;
|
||||||
|
description = "DKIM verification hard-failed (invalid)";
|
||||||
|
groups = ["dkim"];
|
||||||
|
}
|
||||||
|
|
||||||
|
"R_DKIM_REJECT" { # == R_DKIM_PERMFAIL
|
||||||
|
weight = 4.5;
|
||||||
|
description = "DKIM verification failed";
|
||||||
|
one_shot = true;
|
||||||
|
groups = ["dkim"];
|
||||||
|
}
|
||||||
|
|
||||||
|
# DMARC
|
||||||
|
"DMARC_NA" {
|
||||||
|
weight = 1;
|
||||||
|
description = "No DMARC record";
|
||||||
|
groups = ["dmarc"];
|
||||||
|
}
|
||||||
|
"DMARC_POLICY_QUARANTINE" {
|
||||||
|
weight = 1.5;
|
||||||
|
description = "DMARC quarantine policy";
|
||||||
|
groups = ["dmarc"];
|
||||||
|
}
|
||||||
|
"DMARC_POLICY_REJECT" {
|
||||||
|
weight = 2;
|
||||||
|
description = "DMARC reject policy";
|
||||||
|
groups = ["dmarc"];
|
||||||
|
}
|
||||||
|
|
||||||
|
"DMARC_POLICY_ALLOW" { # no equivalent
|
||||||
|
weight = -1;
|
||||||
|
description = "DMARC permit policy";
|
||||||
|
groups = ["dmarc"];
|
||||||
|
}
|
||||||
|
"DMARC_POLICY_ALLOW_WITH_FAILURES" { # no equivalent
|
||||||
|
weight = -0.5;
|
||||||
|
description = "DMARC permit policy with DKIM/SPF failure";
|
||||||
|
groups = ["dmarc"];
|
||||||
|
}
|
||||||
|
"DMARC_POLICY_SOFTFAIL" { # == DMARC_POLICY_QUARANTINE
|
||||||
|
weight = 1.5;
|
||||||
|
description = "DMARC soft-failed";
|
||||||
|
groups = ["dmarc"];
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue