forked from smfreegard/Haraka
-
Notifications
You must be signed in to change notification settings - Fork 6
/
karma.ini
224 lines (181 loc) · 7.82 KB
/
karma.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
; karma.ini, see 'haraka -h karma'
; Redis: karma's high speed key/value store for concurrency, IP history,
; and AS history
[redis]
server_ip = 127.0.0.1
server_port = 6379
; karma IP history is expired after this many days. This value is refreshed
; at every connection. Frequent senders may never expire.
expire_days = 60
[asn]
; track karma for AS? (network neighborhood)
enable=true
; award karma to connections based on ASN?
award=1
[tarpit]
delay=0
; If you make the remote wait too long, they drop the connection.
; 'max' limits how long to make remotes wait between responses.
max=4
[thresholds]
; negative: the threshold below which a connection is denied/rejected
; Be conservative to avoid false positives!
negative=-8
; score above which connections are considered 'good'
positive=3
; karma history = good - bad connections. A negative score means a sender has
; sent more bad than good messages. IPs are not subject to the penalty box
; until they have made > 5 connections and achieved a score lower than this.
history_negative=-3
; punish: the negative threshhold below which a connection must score to be
; sent to the penalty box.
punish=-15
[deny]
; hooks to disconnect on. When the score is below [threshholds]negative,
; deny the connection on these hooks:
;hooks=connect,unrecognized_command,helo,ehlo,mail,rcpt,data,data_post
hooks=unrecognized_command,helo,data,data_post
[penalty]
; how many days to reject connections from really bad senders
days = 1
; delay N seconds before disconnecting. This helps prevent rogue clients from
; immediately reconnecting dozens of times per second
disconnect_delay=5
; disconnect taunt
; taunt=go away, or I shall taunt you a second time!
taunt=Your mother was a hampster and your father smells of elderberries!
[concurrency]
; concurrency limits. Limit how many concurrent connections an IP can make.
; Caution: Using this *and* the rate_limit plugin may produce unexpected
; results. Use one or the other.
; Comment out this block of settings to disable
bad=3
neutral=5
good=20
; delay excess connections this many seconds before disconnecting
disconnect_delay=10
; minutes after which conncurrency data is expired
reset=10
; maximum number of recipients allowed
[recipients]
bad=5
neutral=15
good=50
[spammy_tlds]
; award negative karma to spammy TLDs
; caution, awarding karma > msg_negative_limit may blacklist that TLD
info=-2
biz=-2
pw=-2
me=-1
; AWARDS
; karma can award points by inspecting connection objects, including notes
; saved by other plugins.
;
; syntax: lo.ca.tion[@uniq-val]= N [if condition VAL]
;
; location: an object or attribute in the connection or transaction object.
; Use the transaction prefix to check only the transaction note.
; @uniq: an alpha-numeric unique value, subject to .ini value restrictions
; N: a numeric karma score to award: + to praise, - to smite
; VAL: the value to use in the conditional match
;
; conditions:
; if match // performs a case insensitive regex match on VAL
; if equals // performs an === comparison
; if gt // performs a greater-than comparison
; if lt // performs a less-than comparison
;
; if length lt // Compares the length of arrays. Especially
; if length gt // useful for plugins that use note.js
; if length equals
;
; if in pass whitelisted // looks in array 'pass' for 'whitelisted' element
;
; Examples:
;
; relaying = 1 // any true value in the object matches, +1 karma
;
; notes.spamassassin.flag = 1 if equals No // same thing
; notes.spamassassin.flag@No = 1 if equals // matches if flag===No
; notes.spamassassin.flag@Yes = -3 if equals // matches if flag===Yes
; notes.spamassassin.flag@uniq= -3 if equals Yes // matches if flag===Yes
;
; The values on the left hand side of the = sign in an INI file must be unique.
; To have multiple awards based on a single object location, each must have a
; uniq name. Use an @ followed by unique letters and numbers.
;
; notes.dnsbl.fail@0 = -1 if length gt // smite -1 if listed on 1 dnsbls
; notes.dnsbl.fail@1 = -3 if length gt // smite -3 if listed on 2 dnsbls
[awards]
;results.connect.geoip.too_far = -1
results.connect.geoip.distance@4 = -1 if gt 4000
results.connect.geoip.distance@8 = -1 if gt 8000
results.connect.p0f.os_name@fbsd = 1 if match freebsd
results.connect.p0f.os_name@win = -2 if match windows
results.connect.fcrdns.fcrdns@0 = 1 if length gt 0
results.connect.fcrdns.fail@0 = -1 if length gt 0
results.connect.fcrdns.fail@1 = -2 if length gt 1
results.connect.fcrdns.no_rdns = -3
results.connect.fcrdns.ip_in_rdns= -1
; results.access.whitelist = 8 if whitelist
; results.access.rdns = 8 if in pass connect.rdns_access.whitelist
; results.access.mail_pass = 8 if in pass mail_from.access.whitelist
; results.access.rcpt_pass = 8 if in pass rcpt_to.access.whitelist
; these are cumulative, failing multiple adds up fast
results.dnsbl.fail@0 = -2 if length gt 0
results.dnsbl.fail@1 = -2 if length gt 1
results.dnsbl.fail@2 = -3 if length gt 2
results.dnsbl.fail@3 = -4 if length gt 3
results.helo.checks.fail@valid_hostname = -1 if match
results.helo.checks.pass@forward_dns = 1 if match
results.helo.checks.skip@forward_dns = -1 if match
results.helo.checks.fail@forward_dns = -1 if match
results.helo.checks.fail@dynamic = -2 if match
results.helo.checks.fail@reverse_dns = -1 if match
notes.tls.authorized = 1
relaying = 5
notes.auth_user = 7
notes.auth_fails@1 = -1 if gt 0
notes.auth_fails@2 = -2 if gt 1
notes.auth_fails@3 = -3 if gt 2
notes.auth_fails@4 = -4 if gt 3
early_talker = -4
; SPF survey in March 2014: over 95% of ham has SPF Pass
; over 60% of spam has SPF Pass
; None, Pass, Fail, SoftFail, Neutral, TempError, PermError
results.spf.result@3 = -4 if equals Fail
results.spf.result@4 = -3 if equals SoftFail
results.spf.result@5 = -1 if equals Neutral
results.spf.result@6 = -2 if equals TempError
results.spf.result@7 = -2 if equals PermError
; only penalize for mail_from = None. Most legit senders have SPF helo=none
transaction.results.spf.result@1 = -1 if equals None
results.karma.fail@rfc5321mf = -1 if in fail rfc5321.MailFrom
results.karma.fail@rfc5321rt = -1 if in fail rfc5321.RcptTo
results.rcpt_to.qmail_deliverable.fail@0 = -3 if length gt 0
results.rcpt_to.qmail_deliverable.fail@1 = -3 if length gt 1
results.rcpt_to.qmail_deliverable.fail@3 = -5 if length gt 3
results.headers.pass@p3 = 1 if length gt 4
results.headers.fail@f1 = -1 if length gt 0
results.headers.fail@f2 = -3 if length gt 1
results.headers.fail@f3 = -3 if length gt 2
results.headers.fail@from_match = -1 if match
results.data.uribl.fail@1 = -2 if length gt 0
results.data.uribl.fail@2 = -2 if length gt 1
results.data.uribl.fail@3 = -2 if length gt 2
results.bounce.fail@1 = -5 if length gt 0
notes.bounce@invalid = -3 if equals
notes.spamassassin.hits@h0 = 1 if lt 0
notes.spamassassin.hits@h2 = 2 if lt -2
notes.spamassassin.hits@h5 = 3 if lt -10
notes.spamassassin.hits@s1 = -1 if gt 1
notes.spamassassin.hits@s2 = -1 if gt 2
notes.spamassassin.hits@s3 = -1 if gt 3
notes.spamassassin.hits@s4 = -1 if gt 4
notes.spamassassin.hits@s5 = -1 if gt 5
notes.spamassassin.hits@s7 = -2 if gt 7
notes.spamassassin.hits@s9 = -4 if gt 9
notes.spamassassin.hits@s20 = -10 if gt 20
results.clamd.fail@virus = -16 if match
results.clamd.fail@phish = -6 if match