Custom symbols for incoming emails

[tierpod]

Hello. Can I add custom symbols for incoming emails?

For example, I want blacklist some incoming messages (filtering by 'From' field). I see 'regexp' and 'settings' modules, and possibility to write lua script, but I don't see examples.

[fatalbanana]

Hi, yes you can and those are all possibilities.

Settings module (recommended): https://rspamd.com/doc/configuration/settings.html
Regexp module: https://rspamd.com/doc/modules/regexp.html

DIY:

https://rspamd.com/doc/lua
https://rspamd.com/doc/lua/task.html
https://rspamd.com/doc/lua/regexp.html

[moisseev]

Sender's mail server ip and host name blacklisting example:

rspamd.conf.local

multimap {
    local_ip_bl { type = "ip"; map = "$CONFDIR/ip-blacklist.map.local"; symbol = "RCVD_IN_LOCAL_IP_BL"; }
}

metric {
    name = "default";
    group {
    name = "local";

    symbol {
        weight = 4;
        description = "Sender ip listed in local ip blacklist";
        name = "RCVD_IN_LOCAL_IP_BL";

    symbol {
        weight = 4;
        description = "Sender ip listed in local ip blacklist";
        name = "HOSTNAME_IN_LOCAL_BL";

    }
}

ip-blacklist.map.local

188.134.0.200   # mail.interzet.ru
195.3.144.64/26 # .ip-colo.net (195.3.144.0/22 actually)
46.61.214.59    # s2.parnas-it.com

rspamd.local.lua

local rspamd_regexp = require "rspamd_regexp"

rspamd_config.HOSTNAME_IN_LOCAL_BL = function(task)
    local re = rspamd_regexp.create_cached('/( \
^mail-b((n1|n1b|y2)h|l2u)n02[45][0-9]\\.outbound\\.protection\\.outlook\\.com$ | \
^p\\dnlsmtp\\d{2}\\.shr\\.prod\\.phx3\\.secureserver\\.net$ | \
^p\\dplsmtpa\\d{2}-\\d{2}\\.prod\\.phx3\\.secureserver\\.net$ | \
^mtaout0\\d-winn\\.ispmail\\.ntl\\.com$ | \
^trafik\\d{3}\\.ru$ | \
^a\\d{1,2}-\\d{2}\\.smtp-out\\.(amazonses|us-west-2)\\.com$ | \
^[^\\.]+\\.mxlogic\\.net$ | \
^vm\\d{4}\\.vps\\.agava\\.net$ | \
^bba\\d{6}\\.alshamil\\.net\\.ae$ | \
^vm\\d{5}\\.hv8\\.ru$ | \
^m[a-z]\\.wixshoutout\\.com$ \
      )/ix')
    local hn = task:get_hostname()
    if hn and re:match(hn) then
        >return true
    end
    return false
end

[moisseev]

to @fatalbanana

Settings module (recommended)

According to rspamd documentation the setting module allows to modify weight of a symbol. Is it possible to add custom symbols with the settings module?

[tierpod]

Thank you. This setup working for me:

/etc/rspamd/modules.d/settings.conf:

settings = "file:///etc/rspamd/settings/global-blacklist.conf"

/etc/rspamd/settings/global-blacklist.conf:

settings {
    global_blacklist {
        priority = "high";
        from = "@example.com";
        apply "default" {
            BAYES_SPAM = 20.0;
        }
    }
}

As I understand, settings module only can modify current symbols or actions. But I think, that adding a new symbol is better way.

[fatalbanana]

I suppose for best use of settings module as a whitelist/blacklist you must use hacks: https://groups.google.com/d/msg/rspamd/8RqmIW9b5OM/mKe5L3KwTMYJ

[tierpod]

Summary, two ways:

1. Add new symbol with weight (regexp or multimap module):

• Use regexp lua script OR multimap module for add symbol to message.
• Add 'weight' for this symbol in metric section.

2. Modify current symbol (settings module):

• Show current symbols: rspamc symbols message.eml.
• Choose symbol, for example 'BAYES_SPAM'.
• Add rule for 'settings' module.

PS. Maybe, add this usecases to documentation?

[tierpod]

Both ways works for me, thank you for config examples 👍

[moisseev]

"2. Modify current symbol (settings module):"

I'm using this method to whitelist symbols.

Blacklist won't work if particular message doesn't have that symbol. You should add the symbol to all messages as @fatalbanana suggested.

[tierpod]

@moisseev I understood. Thats why I prefer adding new symbol (first method with multimap module).

[vstakhov]

I have added feature to insert symbols when settings match to the master branch.