install/tpl/rspamd_mx_check.conf.master

+enabled = true;
+servers = "localhost";
+key_prefix = "rmx";
+symbol_bad_mx = "MX_INVALID";
+symbol_no_mx = "MX_MISSING";
+symbol_good_mx = "MX_GOOD";
+expire = 86400;
+expire_novalid = 7200;
+greylist_invalid = false;
\ No newline at end of file

install/tpl/rspamd_neural.conf.master

+servers = 127.0.0.1:6379;
+enabled = true;
+
+rules {
+  "LONG" {
+    train {
+      max_trains = 5000;
+      max_usages = 200;
+      max_iterations = 25;
+      learning_rate = 0.01,
+      spam_score = 10;
+      ham_score = -2;
+    }
+    symbol_spam = "NEURAL_SPAM_LONG";
+    symbol_ham = "NEURAL_HAM_LONG";
+    ann_expire = 100d;
+  }
+  "SHORT" {
+    train {
+      max_trains = 100;
+      max_usages = 2;
+      max_iterations = 25;
+      learning_rate = 0.01,
+      spam_score = 10;
+      ham_score = -2;
+    }
+    symbol_spam = "NEURAL_SPAM_SHORT";
+    symbol_ham = "NEURAL_HAM_SHORT";
+    ann_expire = 1d;
+  }
+}
\ No newline at end of file

install/tpl/rspamd_neural_group.conf.master

+symbols = {
+  "NEURAL_SPAM_LONG" {
+    weight = 1.0; # sample weight
+    description = "Neural network spam (long)";
+  }
+  "NEURAL_HAM_LONG" {
+    weight = -2.0; # sample weight
+    description = "Neural network ham (long)";
+  }
+  "NEURAL_SPAM_SHORT" {
+    weight = 0.5; # sample weight
+    description = "Neural network spam (short)";
+  }
+  "NEURAL_HAM_SHORT" {
+    weight = -1.0; # sample weight
+    description = "Neural network ham (short)";
+  }
+}

install/tpl/rspamd_options.inc.master

+local_addrs = "127.0.0.0/8, ::1";
+
+dns {
+	nameserver = ["127.0.0.1:53:10"];
+}

install/tpl/rspamd_override_rbl.conf.master

+# RBL
+symbols = {
+	"RBL_SENDERSCORE" {
+		weight = 4.0;
+		description = "From address is listed in senderscore.com BL";
+	}
+	"RBL_SPAMHAUS_SBL" {
+		weight = 2.0;
+		description = "From address is listed in zen sbl";
+	}
+	"RBL_SPAMHAUS_CSS" {
+	  weight = 2.0;
+	  description = "From address is listed in zen css";
+	}
+	"RBL_SPAMHAUS_XBL" {
+	  weight = 4.0;
+	  description = "From address is listed in zen xbl";
+	}
+	"RBL_SPAMHAUS_XBL_ANY" {
+	  weight = 4.0;
+	  description = "From or receive address is listed in zen xbl (any list)";
+	}
+	"RBL_SPAMHAUS_PBL" {
+	  weight = 2.0;
+	  description = "From address is listed in zen pbl (ISP list)";
+	}
+	"RBL_SPAMHAUS_DROP" {
+	  weight = 7.0;
+	  description = "From address is listed in zen drop bl";
+	}
+	"RECEIVED_SPAMHAUS_XBL" {
+	  weight = 3.0;
+	  description = "Received address is listed in zen xbl";
+	  one_shot = true;
+	}
+	"RBL_MAILSPIKE_WORST" {
+	  weight = 2.0;
+	  description = "From address is listed in RBL - worst possible reputation";
+	}
+	"RBL_MAILSPIKE_VERYBAD" {
+	  weight = 1.5;
+	  description = "From address is listed in RBL - very bad reputation";
+	}
+	"RBL_MAILSPIKE_BAD" {
+	  weight = 1.0;
+	  description = "From address is listed in RBL - bad reputation";
+	}
+	"RBL_SEM" {
+	  weight = 1.0;
+	  description = "Address is listed in Spameatingmonkey RBL";
+	}
+	# /RBL
+}

install/tpl/rspamd_override_surbl.conf.master

+symbols = {
+	# SURBL
+	"PH_SURBL_MULTI" {
+	  weight = 5.5;
+	  description = "SURBL: Phishing sites";
+	}
+	"MW_SURBL_MULTI" {
+	  weight = 5.5;
+	  description = "SURBL: Malware sites";
+	}
+	"ABUSE_SURBL" {
+	  weight = 5.5;
+	  description = "SURBL: ABUSE";
+	}
+	"CRACKED_SURBL" {
+	  weight = 4.0;
+	  description = "SURBL: cracked site";
+	}
+	"RAMBLER_URIBL" {
+	  weight = 4.5;
+	  description = "Rambler uribl";
+	  one_shot = true;
+	}
+	"RAMBLER_EMAILBL" {
+	  weight = 9.5;
+	  description = "Rambler emailbl";
+	  one_shot = true;
+	}
+	"MSBL_EBL" {
+	  weight = 7.5;
+	  description = "MSBL emailbl";
+	  one_shot = true;
+	}
+	"SEM_URIBL" {
+	  weight = 3.5;
+	  description = "Spameatingmonkey uribl";
+	}
+	"SEM_URIBL_FRESH15" {
+	  weight = 3.0;
+	  description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)";
+	}
+	"DBL" {
+	  weight = 0.0;
+	  description = "DBL unknown result";
+	}
+	"DBL_SPAM" {
+	  weight = 6.5;
+	  description = "DBL uribl spam";
+	}
+	"DBL_PHISH" {
+	  weight = 6.5;
+	  description = "DBL uribl phishing";
+	}
+	"DBL_MALWARE" {
+	  weight = 6.5;
+	  description = "DBL uribl malware";
+	}
+	"DBL_BOTNET" {
+	  weight = 5.5;
+	  description = "DBL uribl botnet C&C domain";
+	}
+	"DBL_ABUSE" {
+	  weight = 6.5;
+	  description = "DBL uribl abused legit spam";
+	}
+	"DBL_ABUSE_REDIR" {
+	  weight = 1.5;
+	  description = "DBL uribl abused spammed redirector domain";
+	}
+	"DBL_ABUSE_PHISH" {
+	  weight = 7.5;
+	  description = "DBL uribl abused legit phish";
+	}
+	"DBL_ABUSE_MALWARE" {
+	  weight = 7.5;
+	  description = "DBL uribl abused legit malware";
+	}
+	"DBL_ABUSE_BOTNET" {
+	  weight = 5.5;
+	  description = "DBL uribl abused legit botnet C&C";
+	}
+	"URIBL_BLACK" {
+	  weight = 7.5;
+	  description = "uribl.com black url";
+	}
+	"URIBL_RED" {
+	  weight = 3.5;
+	  description = "uribl.com red url";
+	}
+	"URIBL_GREY" {
+	  weight = 1.5;
+	  description = "uribl.com grey url";
+	  one_shot = true;
+	}
+	"URIBL_SBL" {
+	  weight = 6.5;
+	  description = "Spamhaus SBL URIBL";
+	}
+	"URIBL_SBL_CSS" {
+	  weight = 6.5;
+	  description = "Spamhaus SBL CSS URIBL";
+	}
+	"RBL_SARBL_BAD" {
+	  weight = 2.5;
+	  description = "A domain listed in the mail is blacklisted in SARBL";
+	}
+	# /SURBL
+}

install/tpl/rspamd_redis.conf.master

+servers = "127.0.0.1";
\ No newline at end of file

install/tpl/rspamd_symbols_antivirus.conf.master

+subject = "***SPAM*** %s";
+symbols = {
+	"CLAM_VIRUS" {
+		weight = 50;
+		description = "Clamav has found a virus.";
+	}
+	"JUST_EICAR" {
+		weight = 50;
+		description = "Clamav has found a virus.";
+	}
+	"R_DUMMY" {
+		weight = 0.0;
+		description = "Dummy symbol";
+	}
+}
\ No newline at end of file

install/tpl/rspamd_users.conf.master

+settings {
+	authenticated {
+		priority = 10;
+		authenticated = yes;
+		#apply "default" { groups_disabled = ["rbl", "spf"]; }
+		apply "default" {
+			#symbols_enabled = [];
+			symbols_disabled = [];
+			#groups_enabled = [];
+			groups_disabled = ["rbl"];
+		}
+	}
+	whitelist {
+		priority = 10;
+		rcpt = "postmaster";
+		rcpt = "hostmaster";
+		rcpt = "abuse";
+		want_spam = yes;
+	}
+	whitelist-ip {
+		priority = 10;
+<tmpl_loop name="whitelist_ips">
+		ip = "<tmpl_var name='ip'>";
+</tmpl_loop>
+		
+		want_spam = yes;
+	}
+#	whitelist-timmehosting {
+#		priority = 20;
+#		from = "@xxx";
+#		from = "@xxx";
+#		want_spam = yes;
+#	}
+	whitelist-ca {
+		priority = 20;
+		from = "@comodo.com";
+		from = "@geotrust.com";
+		from = "@geotrusteurope.com";
+		want_spam = yes;
+	}
+	.include(try=true; glob=true) "$LOCAL_CONFDIR/local.d/users/*.conf"
+	.include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/users.local.conf"
+}

install/tpl/rspamd_wblist.inc.conf.master

+spamfilter_wblist-<tmpl_var name='record_id'> {
+	priority = <tmpl_var name='priority'>;
+	from = "<tmpl_var name='from'>";
+	rcpt = "<tmpl_var name='recipient'>";
+<tmpl_if name='wblist' op='==' value='W'>
+	want_spam = yes;
+</tmpl_else>
+	apply "default" {
+		R_DUMMY = 999.0;
+		actions {
+			reject = 0.2;
+			add_header = 0.1;
+			greylist = 0.1;
+			rewrite_subject = 0.1;
+		}
+	}
+</tmpl_if>
+}
\ No newline at end of file

install/tpl/rspamd_worker-controller.inc.master

+../../server/conf/rspamd_worker-controller.inc.master
\ No newline at end of file

install/tpl/sasl_smtpd.conf.master

-pwcheck_method: saslauthd
-mech_list: plain login
-allow_plaintext: true
-auxprop_plugin: mysql
-sql_hostnames: {mysql_server_ip}
-sql_user: {mysql_server_ispconfig_user}
-sql_passwd: {mysql_server_ispconfig_password}
-sql_database: {mysql_server_database}
-sql_select: select password from mail_user where (login = '%u' or email = '%u@%r') and postfix = 'y' and disablesmtp = 'n'
\ No newline at end of file

install/tpl/sasl_smtpd2.conf.master

-pwcheck_method: saslauthd
-mech_list: plain login
-allow_plaintext: true
-auxprop_plugin: sql
-sql_engine: mysql
-sql_hostnames: {mysql_server_ip}
-sql_user: {mysql_server_ispconfig_user}
-sql_passwd: {mysql_server_ispconfig_password}
-sql_database: {mysql_server_database}
-sql_select: select password from mail_user where (login = '%u' or email = '%u@%r') and postfix = 'y' and disablesmtp = 'n'

install/tpl/server.ini.master

@@ -38,8 +38,8 @@ homedir_path=/var/vmail
 maildir_format=maildir
 dkim_path=/var/lib/amavis/dkim
 dkim_strength=1024
-pop3_imap_daemon=courier
-mail_filter_syntax=maildrop
+content_filter=rspamd
+rspamd_password=
 mailuser_uid=5000
 mailuser_gid=5000
 mailuser_name=vmail
@@ -57,7 +57,6 @@ overquota_notify_client=y
 overquota_notify_freq=7
 overquota_notify_onok=n
 sendmail_path=/usr/sbin/sendmail
-mailinglist_manager=mlmmj
 
 [getmail]
 getmail_config_dir=/etc/getmail
@@ -103,6 +102,7 @@ php_fpm_ini_path=/etc/php5/fpm/php.ini
 php_fpm_pool_dir=/etc/php5/fpm/pool.d
 php_fpm_start_port=9010
 php_fpm_socket_dir=/var/lib/php5-fpm
+php_default_name=Default
 set_folder_permissions_on_update=n
 add_web_users_to_sshusers_group=y
 connect_userid_to_webid=n
@@ -133,12 +133,11 @@ fastcgi_phpini_path=/etc/php5/cgi/
 fastcgi_children=8
 fastcgi_max_requests=5000
 fastcgi_bin=/usr/bin/php-cgi
-fastcgi_config_syntax=2
 
 [jailkit]
 jailkit_chroot_home=/home/[username]
 jailkit_chroot_app_sections=basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh
-jailkit_chroot_app_programs=/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch /usr/bin/which /usr/lib/x86_64-linux-gnu/libmemcached.so.11 /usr/lib/x86_64-linux-gnu/libmemcachedutil.so.2 /usr/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.2 /opt/php-5.6.8/bin/php /opt/php-5.6.8/include /opt/php-5.6.8/lib
+jailkit_chroot_app_programs=/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch /usr/bin/which /usr/lib/x86_64-linux-gnu/libmemcached.so.11 /usr/lib/x86_64-linux-gnu/libmemcachedutil.so.2 /usr/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.2 /usr/bin/rsync /usr/bin/jpegoptim /usr/bin/optipng /usr/share/ca-certificates/ /etc/ssl/certs/ /opt/th-php-libs/ /etc/ld.so.conf.d/ /bin/bzip2 /usr/local/bin/composer /usr/lib/ssl /usr/bin/env /usr/bin/xargs
 jailkit_chroot_cron_programs=/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php
 
 [vlogger]
@@ -154,14 +153,3 @@ try_rescue=n
 do_not_try_rescue_httpd=n
 do_not_try_rescue_mysql=n
 do_not_try_rescue_mail=n
-
-[xmpp]
-xmpp_daemon=prosody
-xmpp_use_ispv6=n
-xmpp_bosh_max_inactivity=30
-xmpp_server_admins=
-xmpp_modules_enabled=roster, saslauth, tls, dialback, disco, carbons, pep, private, blocklist, vcard, version, uptime, time, ping, admin_adhoc, mam, bosh, websocket, http_files, announce, proxy65, offline, posix, webpresence, smacks, csi_battery_saver, pep_vcard_avatar, omemo_all_access
-xmpp_port_http=5290
-xmpp_port_https=5291
-xmpp_port_pastebin=5292
-xmpp_port_bosh=5280

install/tpl/xmpp_metronome_conf_global.master

-pidfile = "/var/run/metronome/metronome.pid";
-metronome_max_files_soft = 200000;
-metronome_max_files_hard = 300000;
-plugin_paths = {
-        "/usr/lib/metronome/isp-modules",
-};
-use_libevent = true;
-log = {
-        debug = "/var/log/metronome/metronome.dbg",
-        info = "/var/log/metronome/metronome.log",
-        error = "/var/log/metronome/metronome.err",
-};
-use_ipv6 = true;
-http_ports = {
-        5290,
-};
-https_ports = {
-        5291,
-};
-pastebin_ports = {
-        5292,
-};
-bosh_ports = {
-        5280,
-};
-admins = {
-        {tmpl_var xmpp_admins}
-};
-modules_enabled = {
-        "saslauth",
-        "tls",
-        "dialback",
-        "disco",
-        "discoitems",
-        "version",
-        "uptime",
-        "time",
-        "ping",
-        "admin_adhoc",
-        "admin_telnet",
-        "bosh",
-        "posix",
-        "announce",
-        "offline",
-        "webpresence",
-        "mam",
-        "stream_management",
-        "message_carbons"
-};
-modules_disabled = {
-};
-bosh_max_inactivity = 30;
-consider_bosh_secure = true;
-cross_domain_bosh = true;
-allow_registration = false;
-ssl = {
-        key = "/etc/metronome/certs/localhost.key",
-        certificate = "/etc/metronome/certs/localhost.cert",
-};
-c2s_require_encryption = false;
-s2s_secure = true;
-s2s_insecure_domains = {
-        "gmail.com",
-};
-authentication = "internal_plain";

install/tpl/xmpp_metronome_conf_main.master

-Include "/etc/metronome/global.cfg.lua"
-Include "/etc/metronome/hosts/*.lua"
-Include "/etc/metronome/status/*.lua"

install/tpl/xmpp_metronome_conf_ssl.master

-oid_section = new_oids
-
-[ new_oids ]
-
-# RFC 3920 section 5.1.1 defines this OID
-xmppAddr = 1.3.6.1.5.5.7.8.5
-
-# RFC 4985 defines this OID
-SRVName  = 1.3.6.1.5.5.7.8.7
-
-[ req ]
-
-default_bits       = 4096
-default_keyfile    = {tmpl_var name='domain'}.key
-distinguished_name = distinguished_name
-req_extensions     = v3_extensions
-x509_extensions    = v3_extensions
-
-# ask about the DN?
-prompt = no
-
-[ distinguished_name ]
-
-commonName             = {tmpl_var name='domain'}
-countryName            = {tmpl_var name='ssl_country'}
-localityName           = {tmpl_var name='ssl_locality'}
-organizationName       = {tmpl_var name='ssl_organisation'}
-organizationalUnitName = {tmpl_var name='ssl_organisation_unit'}
-emailAddress           = {tmpl_var name='ssl_email'}
-
-[ v3_extensions ]
-
-# for certificate requests (req_extensions)
-# and self-signed certificates (x509_extensions)
-
-basicConstraints = CA:FALSE
-keyUsage         = digitalSignature,keyEncipherment
-extendedKeyUsage = serverAuth,clientAuth
-subjectAltName   = @subject_alternative_name
-
-[ subject_alternative_name ]
-
-# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.
-
-DNS.0       =                                           {tmpl_var name='domain'}
-otherName.0 =                 xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'}
-otherName.1 =            SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'}
-otherName.2 =            SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'}
\ No newline at end of file

install/tpl/xmpp_prosody_conf_global.master

-plugin_paths = {
-        "/usr/local/lib/prosody/modules",
-};
-use_libevent = true;
-log = {
-      -- optional: uncomment debug log here
-      -- debug = "/var/log/prosody/prosody.dbg",
-      info = "/var/log/prosody/prosody.log",
-      error = "/var/log/prosody/prosody.err",
-      "syslog",
-};
-use_ipv6 = true;
-http_ports = {
-        5290,
-};
-https_ports = {
-        5291,
-};
-pastebin_ports = {
-        5292,
-};
-bosh_ports = {
-        5280,
-};
-admins = {
-        {tmpl_var xmpp_admins}
-};
-modules_enabled = {
-        "roster",
-        "saslauth",
-        "tls",
-        "dialback",
-        "disco",
-        "carbons",
-        "pep",
-        "private",
-        "blocklist",
-        "vcard",
-        "version",
-        "uptime",
-        "time",
-        "ping",
-        "admin_adhoc",
-        "mam",
-        "bosh",
-        "websocket",
-        "http_files",
-        "announce",
-        "proxy65",
-        "offline",
-        "posix",
-        "websocket",
-        -- community modules
-        "webpresence",
-        "smacks",
-        "csi_battery_saver",
-        "pep_vcard_avatar",
-        "omemo_all_access",
-};
-modules_disabled = {
-};
-
-allow_registration = false;
-c2s_require_encryption = false;
-s2s_require_encryption = true;
-s2s_secure_auth = false;
-s2s_insecure_domains = {
-        "gmail.com",
-};
-
-pidfile = "/var/run/prosody/prosody.pid";
-
-authentication = "external";
-
-archive_expires_after = "2w";
-
-statistics = "internal";
-
-certificates = "certs";
-bosh_max_inactivity = 60;
-consider_bosh_secure = true;
-cross_domain_bosh = true;
-consider_websocket_secure = true;
-
-ssl = {
-        key = "/etc/prosody/certs/localhost.key",
-        certificate = "/etc/prosody/certs/localhost.crt",
-};
-
-Component "{tmpl_var main_host}" "http_upload"
-        ud_disco_name = "HTTP File Upload";
-        http_upload_file_size_limit = 1024 * 1024 * 10;
-        http_upload_quota = 1024 * 1024 * 10;
-        http_upload_expire_after = 60 * 60 * 24 * 2;
\ No newline at end of file

install/tpl/xmpp_prosody_conf_main.master

-Include "/etc/prosody/storage.cfg.lua"
-Include "/etc/prosody/global.cfg.lua"
-Include "/etc/prosody/hosts/*.lua"

install/tpl/xmpp_prosody_conf_ssl.master

-oid_section = new_oids
-
-[ new_oids ]
-
-# RFC 3920 section 5.1.1 defines this OID
-xmppAddr = 1.3.6.1.5.5.7.8.5
-
-# RFC 4985 defines this OID
-SRVName  = 1.3.6.1.5.5.7.8.7
-
-[ req ]
-
-default_bits       = 4096
-default_keyfile    = {tmpl_var name='domain'}.key
-distinguished_name = distinguished_name
-req_extensions     = v3_extensions
-x509_extensions    = v3_extensions
-
-# ask about the DN?
-prompt = no
-
-[ distinguished_name ]
-
-commonName             = {tmpl_var name='domain'}
-countryName            = {tmpl_var name='ssl_country'}
-localityName           = {tmpl_var name='ssl_locality'}
-organizationName       = {tmpl_var name='ssl_organisation'}
-organizationalUnitName = {tmpl_var name='ssl_organisation_unit'}
-emailAddress           = {tmpl_var name='ssl_email'}
-
-[ v3_extensions ]
-
-# for certificate requests (req_extensions)
-# and self-signed certificates (x509_extensions)
-
-basicConstraints = CA:TRUE
-keyUsage         = digitalSignature,keyEncipherment
-extendedKeyUsage = serverAuth,clientAuth
-subjectAltName   = @subject_alternative_name
-
-[ subject_alternative_name ]
-
-# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.
-
-DNS.0       =                                           {tmpl_var name='domain'}
-otherName.0 =                 xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'}
-otherName.1 =            SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'}
-otherName.2 =            SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'}
\ No newline at end of file