RBL module

The RBL module provides support for checking the IPv4/IPv6 source address of a message’s sender against a set of RBLs as well as various less conventional methods of using RBLs: against addresses in Received headers; against the reverse DNS name of the sender and against the parameter used for HELO/EHLO at SMTP time.

Configuration is structured as follows:

# local.d/rbl.conf
# default settings defined here
rbls {
# 'rbls' subsection under which the RBL definitions are nested
	an_rbl {
			# rbl-specific subsection 
	}
	# ...
}

The default settings define the ways in which the RBLs are used unless overridden in an RBL-specific subsection.

Defaults may be set for the following parameters (default values used if these are not set are shown in brackets - note that these may be redefined in the default config):

  • default_ipv4: use this RBL to test IPv4 addresses (true by default).
  • default_ipv6: use this RBL to test IPv6 addresses (false by default).
  • default_received: use this RBL to test IPv4/IPv6 addresses found in Received headers. The RBL should also be configured to check one/both of IPv4/IPv6 addresses (true by default).
  • default_from: use this RBL to test IPv4/IPv6 addresses of message senders. The RBL should also be configured to check one/both of IPv4/IPv6 addresses (false by default).
  • default_rdns: use this RBL to test reverse DNS names of message senders (hostnames passed to Rspamd should have been validated with a forward lookup, particularly if this is to be used to provide whitelisting) (false by default).
  • default_helo: use this RBL to test parameters sent for HELO/EHLO at SMTP time (false by default).
  • default_dkim: use this RBL to test domains found in validated DKIM signatures (false by default).
  • default_dkim_domainonly: if true test top-level domain only, otherwise test entire domain found in DKIM signature (true by default).
  • default_emails: use this RBL to test email addresses in form [localpart].[domainpart].[rbl] or if set to "domain_only" uses [domainpart].[rbl] (false by default).
  • default_unknown: if set to false, do not yield a result unless the response received from the RBL is defined in its related returncodes {} subsection, else return the default symbol for the RBL (false by default).
  • default_exclude_users: if set to true, do not use this RBL if the message sender is authenticated. (false by default).
  • default_exclude_private_ips: if true, do not use the RBL if the sending host address is in local_addrs and do not check received headers baring these addresses (true by default).
  • default_exclude_local: if true, hosts listed in local_exclude_ip_map should not be checked in this RBL (see also local_exclude_ip_map setting) (true by default).
  • default_is_whitelist: if true matches on this list should neutralise any listings where this setting is false and ignore_whitelists is not true (false by default).
  • default_ignore_whitelists: if true this list should not be neutralised by whitelists (false by default).

Other parameters which can be set here are:

  • local_exclude_ip_map: map containing IPv4/IPv6 addresses/subnets that shouldn’t be checked in RBLs (where exclude_local is true (default)).
  • hash: (new in Rspamd 1.5) valid for helo and emails RBL types - lookup hashes instead of literal strings. Possible values for this parameter are sha1, sha256, sha384, sha512 and md5 or any other value for the default hashing algorithm.
  • disable_monitoring: (new in Rspamd 1.6) boolean value that disables monitoring completely. It should be placed in the global options file.
  • monitored_address: (new in Rspamd 1.6) fixed address to check for absence (1.0.0.127 by default).

RBL-specific subsection is structured as follows:

# Descriptive name of RBL or symbol if symbol is not defined.
an_rbl {
	# Explicitly defined symbol
	symbol = "SOME_SYMBOL";
	# RBL-specific defaults (where different from global defaults)
	#The global defaults may be overridden using 'helo' to override 'default_helo' and so on.
	ipv6 = true;
	ipv4 = false;
	# Address used for RBL-testing
	rbl = "v6bl.example.net";
	# Possible responses from RBL and symbols to yield
	returncodes {
		# Name_of_symbol = "address";
		EXAMPLE_ONE = "127.0.0.1";
		EXAMPLE_TWO = "127.0.0.2";
	}
}

The following extra settings are valid in the RBL subsection:

  • disabled: if set, the RBL is not used. Use this to disable specific RBLs in local.d/rbl.conf. For example:
rbls {
	spamhaus {
		disabled = true;
	}
}
  • whitelist_exception: (for whitelists) - symbols named as parameters for this setting will not be used for neutralising blacklists (set this multiple times to add multiple exceptions).