summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorclarkzjw <[email protected]>2023-02-08 00:40:09 -0800
committerclarkzjw <[email protected]>2023-02-08 00:40:09 -0800
commit1204730924436ef9e1c7c49c9557837f9a5ed0e8 (patch)
tree129d79dfd11245751cee6d4082ff5d2f6e941610 /ansible/roles/rspamd/files
parent9635ac4dedf69de5bff65785bcc16bef80b52d75 (diff)
downloadmail-master.tar.gz
fork https://github.com/mattsta/mailwebHEADmaster
Diffstat (limited to 'ansible/roles/rspamd/files')
-rw-r--r--ansible/roles/rspamd/files/redis/redis.conf21
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/classifier-bayes.conf4
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/greylist.conf1
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/milter_headers.conf3
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/mx_check.conf2
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/neural.conf33
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/neural_group.conf29
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/phishing.conf3
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/redis.conf2
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/replies.conf2
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/surbl.conf2
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/url_reputation.conf2
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/url_tags.conf2
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/worker-controller.inc39
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/worker-normal.inc3
-rw-r--r--ansible/roles/rspamd/files/rspamd/local.d/worker-proxy.inc16
16 files changed, 164 insertions, 0 deletions
diff --git a/ansible/roles/rspamd/files/redis/redis.conf b/ansible/roles/rspamd/files/redis/redis.conf
new file mode 100644
index 0000000..ee237d9
--- /dev/null
+++ b/ansible/roles/rspamd/files/redis/redis.conf
@@ -0,0 +1,21 @@
1# listen only on localhost
2# Even though we only tell rspamd to contact Redis over 127.0.0.1, it still
3# connects via ::1 for some modules as well, so things inside rspamd break
4# if redis isn't listening on both 127.0.0.1 and ::1
5bind 127.0.0.1 ::1
6
7# limit the max amount of memory used - appropriate value will depend on
8# your email volume
9maxmemory 512mb
10maxmemory-policy volatile-lru
11
12daemonize yes
13
14logfile /var/log/redis/redis-server.log
15dir /var/lib/redis
16
17appendonly yes
18appendfilename redisisgarbage.aof
19dbfilename redisisgarbage.rdb
20
21pidfile /var/run/redis/redis-server.pid
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/classifier-bayes.conf b/ansible/roles/rspamd/files/rspamd/local.d/classifier-bayes.conf
new file mode 100644
index 0000000..db2f240
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/classifier-bayes.conf
@@ -0,0 +1,4 @@
1autolearn = true;
2backend = "redis";
3new_schema = true;
4expire = 8640000;
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/greylist.conf b/ansible/roles/rspamd/files/rspamd/local.d/greylist.conf
new file mode 100644
index 0000000..a6ee831
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/greylist.conf
@@ -0,0 +1 @@
enabled = false;
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/milter_headers.conf b/ansible/roles/rspamd/files/rspamd/local.d/milter_headers.conf
new file mode 100644
index 0000000..4c924d7
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/milter_headers.conf
@@ -0,0 +1,3 @@
1# Refer to https://rspamd.com/doc/modules/milter_headers.html for information on configuration
2
3use = ["x-spamd-bar", "authentication-results", "x-spamd-result", "x-rspamd-server", "x-rspamd-queue-id"];
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/mx_check.conf b/ansible/roles/rspamd/files/rspamd/local.d/mx_check.conf
new file mode 100644
index 0000000..de9fac1
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/mx_check.conf
@@ -0,0 +1,2 @@
1# checks if sender's domain has at least one connectable MX record
2enabled = true;
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/neural.conf b/ansible/roles/rspamd/files/rspamd/local.d/neural.conf
new file mode 100644
index 0000000..7fc7bd2
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/neural.conf
@@ -0,0 +1,33 @@
1servers = "localhost";
2enabled = true; # Important after 1.7
3
4# use_settings = true;
5
6rules {
7 "LONG" {
8 train {
9 max_trains = 5000;
10 max_usages = 200;
11 max_iterations = 25;
12 learning_rate = 0.01,
13 spam_score = 8;
14 ham_score = -2;
15 }
16 symbol_spam = "NEURAL_SPAM_LONG";
17 symbol_ham = "NEURAL_HAM_LONG";
18 ann_expire = 100d;
19 }
20 "SHORT" {
21 train {
22 max_trains = 100;
23 max_usages = 2;
24 max_iterations = 25;
25 learning_rate = 0.01,
26 spam_score = 8;
27 ham_score = -2;
28 }
29 symbol_spam = "NEURAL_SPAM_SHORT";
30 symbol_ham = "NEURAL_HAM_SHORT";
31 ann_expire = 1d;
32 }
33}
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/neural_group.conf b/ansible/roles/rspamd/files/rspamd/local.d/neural_group.conf
new file mode 100644
index 0000000..fff5058
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/neural_group.conf
@@ -0,0 +1,29 @@
1symbols = {
2 "NEURAL_SPAM" {
3 weight = 3.0; # sample weight
4 description = "Neural network spam";
5 }
6 "NEURAL_HAM" {
7 weight = -3.0; # sample weight
8 description = "Neural network ham";
9 }
10}
11
12symbols = {
13 "NEURAL_SPAM_LONG" {
14 weight = 3.0; # sample weight
15 description = "Neural network spam (long)";
16 }
17 "NEURAL_HAM_LONG" {
18 weight = -3.0; # sample weight
19 description = "Neural network ham (long)";
20 }
21 "NEURAL_SPAM_SHORT" {
22 weight = 2.0; # sample weight
23 description = "Neural network spam (short)";
24 }
25 "NEURAL_HAM_SHORT" {
26 weight = -1.0; # sample weight
27 description = "Neural network ham (short)";
28 }
29}
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/phishing.conf b/ansible/roles/rspamd/files/rspamd/local.d/phishing.conf
new file mode 100644
index 0000000..dcb1caf
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/phishing.conf
@@ -0,0 +1,3 @@
1# check messages against some anti-phishing databases
2openphish_enabled = true;
3phishtank_enabled = true;
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/redis.conf b/ansible/roles/rspamd/files/rspamd/local.d/redis.conf
new file mode 100644
index 0000000..4ae822d
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/redis.conf
@@ -0,0 +1,2 @@
1# just specifying a server enables redis for all modules that can use it
2servers = "127.0.0.1:6379";
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/replies.conf b/ansible/roles/rspamd/files/rspamd/local.d/replies.conf
new file mode 100644
index 0000000..382764d
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/replies.conf
@@ -0,0 +1,2 @@
1# whitelist messages from threads that have been replied to
2action = "no action";
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/surbl.conf b/ansible/roles/rspamd/files/rspamd/local.d/surbl.conf
new file mode 100644
index 0000000..9cbd70f
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/surbl.conf
@@ -0,0 +1,2 @@
1# follow redirects when checking URLs in emails for spaminess
2redirector_hosts_map = "/etc/rspamd/redirectors.inc";
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/url_reputation.conf b/ansible/roles/rspamd/files/rspamd/local.d/url_reputation.conf
new file mode 100644
index 0000000..f5ca48a
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/url_reputation.conf
@@ -0,0 +1,2 @@
1# check URLs within messages for spaminess
2enabled = true;
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/url_tags.conf b/ansible/roles/rspamd/files/rspamd/local.d/url_tags.conf
new file mode 100644
index 0000000..61832fb
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/url_tags.conf
@@ -0,0 +1,2 @@
1# cache some URL tags in redis
2enabled = true;
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/worker-controller.inc b/ansible/roles/rspamd/files/rspamd/local.d/worker-controller.inc
new file mode 100644
index 0000000..1e1a713
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/worker-controller.inc
@@ -0,0 +1,39 @@
1# generate a password hash using the `rspamadm pw` command and define 'password'
2# this one is the hash for 'hunter2'
3# password = "$2$b9s94udsn7zzgk1hc9wuheqqcpydo64x$a1kksr9r9f1g1358shqdz789wmoqbnapndwqi6uscazhz3muz4gy";
4
5# this one is the hash for:
6# Roberts had grown so rich, he wanted to retire. He took me to his cabin and he told me his secret. 'I am not the Dread Pirate Roberts' he said. 'My name is Ryan; I inherited the ship from the previous Dread Pirate Roberts, just as you will inherit it from me. The man I inherited it from is not the real Dread Pirate Roberts either. His name was Cummerbund. The real Roberts has been retired 15 years and living like a king in Patagonia.'
7# password = "$2$bhjy5j4njn8r5mx3yo6ksmdt9hbm8fan$myysr1gnbcf9ggpf4dzjdky3by9nbb8w9wbm7wciu97sbb7zhomy";
8
9# this one is the hash for:
10# The point is, ladies and gentleman, that greed, for lack of a better word, is good. Greed is right, greed works. Greed clarifies, cuts through, and captures the essence of the evolutionary spirit. Greed, in all of its forms; greed for life, for money, for love, knowledge has marked the upward surge of mankind. And greed, you mark my words, will not only save Teldar Paper, but that other malfunctioning corporation called the USA. Thank you very much.
11# password = "$2$eqre5picpektnop85uashzyxpxeeo6cr$gugecdr35jhg8uhzxkwh4jnp19rtxc6ukaadaad5665sm1rapmfy";
12
13# this one is the hash for:
14# whence the day goes on
15# password = "$2$am4gzwgxbuksntkn7784g6mpoir4mp1o$83i86hfju6jfbp6g9w9sh44qacqmne85q9weah6xcj1d3c5ei1rb";
16
17
18# You can list multiple bind sockets on networks and file systems.
19#bind_socket = "/var/run/rspamd/rspamd.sock mode=0666 owner=nobody";
20
21# The worker controller handles multiple functions:
22# - trains spam
23# - trains not-spam
24# - hosts the built-in statistics web interface
25# - web interface also allows config modification and data injection
26
27# The config parameter 'secure_ip' defines which sources DO NOT need a
28# password to connect to this worker controller.
29# By default, 'secure_ip' is defined as:
30# secure_ip = "127.0.0.1";
31# secure_ip = "::1";
32#
33# If you need distributed rspamd access or want to view your spam stats console
34# from another machine without SSH tunneling port 11334, you can add multiple
35# non-localhost IP address config lines here, but also remember to
36# define 'password' above as well.
37
38bind_socket = "127.0.0.1:11334";
39#bind_socket = "192.168.122.8:11334";
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/worker-normal.inc b/ansible/roles/rspamd/files/rspamd/local.d/worker-normal.inc
new file mode 100644
index 0000000..ffa77f5
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/worker-normal.inc
@@ -0,0 +1,3 @@
1# we're not running rspamd in a distributed setup, so this can be disabled
2# the proxy worker will handle all the spam filtering
3enabled = false;
diff --git a/ansible/roles/rspamd/files/rspamd/local.d/worker-proxy.inc b/ansible/roles/rspamd/files/rspamd/local.d/worker-proxy.inc
new file mode 100644
index 0000000..056d2bc
--- /dev/null
+++ b/ansible/roles/rspamd/files/rspamd/local.d/worker-proxy.inc
@@ -0,0 +1,16 @@
1# this worker will be used as postfix milter
2milter = yes;
3
4# note to self - tighten up these permissions
5#bind_socket = "/var/run/rspamd/milter.sock mode=0666 owner=nobody";
6
7# DEFAULT: listens on localhost:11332
8
9
10# the following specifies self-scan mode, for when rspamd is on the same
11# machine as postfix
12timeout = 120s;
13upstream "local" {
14 default = yes;
15 self_scan = yes;
16}
Powered by cgit v1.2.3 (git 2.41.0)