[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DWL support in Rspamd

[Thread Prev] | [Thread Next]

[Date Prev] | [Date Next]

Subject: DWL support in Rspamd
From: Vsevolod Stakhov <vsevolod@xxxxxxxxxx>
Date: Mon, 29 Oct 2018 17:48:43 +0000

Hello,

I have included DWL support into Rspamd vanilla configuration. It will
be available from the next version 1.8.2 if there are no objections from
the DNSWL maintainers (as they would have higher traffic on their
servers of course).

I have added the following configuration now:

        dnswl_dwl {
          symbol = "DWL_DNSWL";
          rbl = "dwl.dnswl.org";
          dkim = true;
          dkim_domainonly = false;
          dkim_match_from = true;
          unknown = false;

          returncodes {
              DWL_DNSWL_NONE = "127.0.%d+.0";
              DWL_DNSWL_LOW = "127.0.%d+.1";
              DWL_DNSWL_MED = "127.0.%d+.2";
              DWL_DNSWL_HI = "127.0.%d+.3";
              DWL_DNSWL_BLOCKED = "127.0.0.255";
          }
        }

So it will check just a valid DKIM signature domain that actually have
the same efficient single level domain with the MIME From address. For
customers with feed access, it is required to change `rbl` value in
local.d/rbl.conf as following:

rbls {
  dnswl_dwl {
    rbl = "your.local.dwl";
  }
}

Or you can set DNS forwarding in your resolver to forward queries to
`dwl.dnswl.org` to your own rbldnsd address.

Here are the default scores:

    "DWL_DNSWL_NONE" {
        weight = 0.0;
        description = "Message has a valid dkim signature originated
from domain listed at https://www.dnswl.org, no trust";
    }
    "DWL_DNSWL_LOW" {
        weight = -1;
        description = "Message has a valid dkim signature originated
from domain listed at https://www.dnswl.org, low trust";
    }
    "DWL_DNSWL_MED" {
        weight = -2;
        description = "Message has a valid dkim signature originated
from domain listed at https://www.dnswl.org, medium trust";
    }
    "DWL_DNSWL_HI" {
        weight = -3.5;
        description = "Message has a valid dkim signature originated
from domain listed at https://www.dnswl.org, high trust";
    }

Please bear in mind, that Rspamd will also apply monitored logging, so
in case of throttling (e.g. DNSWL_BLOCKED) it will automatically turn
off these checks to save your HW resources.

Please let me know if you have any questions or suggestions.

Follow-Ups:
Re: DWL support in Rspamd	Alessandro Vesely <vesely@xxxxxxx>