    # Included from top-level .conf file
    filters = "chartable,dkim,spf,surbl,regexp,fuzzy_check";



    # A common rspamd configuration file
    # Please don't modify this file as your changes might be overwritten with
    # the next update.
    # You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
    # parameters defined on the top level
    # You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
    # parameters defined on the top level
    # For specific modules or configuration you can also modify
    # '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
    # '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
    # See https://rspamd.com/doc/tutorials/writing_rules.html for details   
    modules {
        path = "$PLUGINSDIR/lua/"





    chartable {
        threshold = 0.300000;
        symbol = "R_MIXED_CHARSET";
        .include(try=true,priority=5) "${DBDIR}/dynamic/chartable.conf"
        .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/chartable.conf"
        .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/chartable.conf"



  • dkim_cache_size(或expire):DKIM密钥缓存的最大大小
  • whitelist:不应使用DKIM检查的域的映射
  • domains:DKIM使用更严格的分数
  • strict_multiplier:如果从domains接收到,则将符号的值乘以该值
  • trusted_only:不要检查所有域的DKIM签名,而不是从domains地图中检查




    sign_condition =<<EOD
    return function(task)
      local from = task:get_from('smtp')

      if from and from[1]['addr'] then
        if string.find(from[1]['addr'], '@example.com$') then
          return {
            key = "/etc/dkim/example.com",
            domain = "example.com",
            selector = "test"

      return false

Fuzzy check


  • symbol:要插入的默认符号(如果没有标志匹配)
  • min_length:执行模糊检查的单词中文本部分的最小长度(默认 - 检查所有文本部分)
  • min_bytes:最小的附件长度和以字节为单位的图像,以便在模糊存储中进行检查
  • whitelist:IP列表跳过所有模糊检查
  • timeout:等待回覆的超时


    rule "FUZZY_CUSTOM" {
      # List of servers, can be an array or multi-value item
      servers = "";
      # List of additional mime types to be checked in this fuzzy ("*" for any)
      mime_types = ["application/*", "*/octet-stream"];
      # Maximum global score for all maps
      max_score = 20.0;
      # Ignore flags that are not listed in maps for this rule
      skip_unknown = yes;
      # If this value is false, then allow learning for this fuzzy rule
      read_only = no;
      # Fast hash type
      algorithm = "mumhash";


    rules {
        enabled = false;#enabled = true






    antivirus {
      # multiple scanners could be checked, for each we create a configuration block with an arbitrary name
      clamav {
        # If set force this action if any virus is found (default unset: no action is forced)
        # action = "reject";
        # if `true` only messages with non-image attachments will be checked (default true)
        attachments_only = true;
        # If `max_size` is set, messages > n bytes in size are not scanned
        #max_size = 20000000;
        # symbol to add (add it to metric if you want non-zero weight)
        symbol = "CLAM_VIRUS";
        # type of scanner: "clamav", "fprot", "sophos" or "savapi"
        type = "clamav";
        # For "savapi" you must also specify the following variable
        #product_id = 12345;
        # You can enable logging for clean messages
        #log_clean = true;
        # servers to query (if port is unspecified, scanner-specific default is used)
        # can be specified multiple times to pool servers
        # can be set to a path to a unix socket
        # Enable this in local.d/antivirus.conf
        #servers = "";
        # if `patterns` is specified virus name will be matched against provided regexes and the related
        # symbol will be yielded if a match is found. If no match is found, default symbol is yielded.
        patterns {
          # symbol_name = "pattern";
          JUST_EICAR = "^Eicar-Test-Signature$";
        # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned.
        whitelist = "/etc/rspamd/antivirus.wl";

      .include(try=true,priority=5) "${DBDIR}/dynamic/antivirus.conf"
      .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/antivirus.conf"
      .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/antivirus.conf"



    # If false, messages with empty envelope from are not signed
    allow_envfrom_empty = true;
    # If true, envelope/header domain mismatch is ignored
    allow_hdrfrom_mismatch = false;
    # If true, multiple from headers are allowed (but only first is used)
    allow_hdrfrom_multiple = false;
    # If true, username does not need to contain matching domain
    allow_username_mismatch = false;
    # If false, messages from authenticated users are not selected for signing
    auth_only = true;
    # Default path to key, can include '$domain' and '$selector' variables
    path = "/var/lib/rspamd/arc/$domain.$selector.key";
    # Default selector to use
    selector = "arc";
    # If false, messages from local networks are not selected for signing
    sign_local = true;
    # Symbol to add when message is signed
    symbol_signed = "ARC_SIGNED";
    # Whether to fallback to global config
    try_fallback = true;
    # Domain to use for ARC signing: can be "header" or "envelope"
    use_domain = "header";
    # Whether to normalise domains to eSLD
    use_esld = true;
    # Whether to get keys from Redis
    use_redis = false;
    # Hash for ARC keys in Redis
    key_prefix = "ARC_KEYS";
    # map of domains -> names of selectors (since rspamd 1.5.3)
    #selector_map = "/etc/rspamd/arc_selectors.map";
    # map of domains -> paths to keys (since rspamd 1.5.3)
    #path_map = "/etc/rspamd/arc_paths.map";

    # Domain specific settings
    domain {
      example.com {
        # Private key path
        path = "/var/lib/rspamd/arc/example.key";
        # Selector
        selector = "ds";


Click house

该模块可以收集:扫描邮件的发件人/收件人/分数和元数据,如DKIM / DMARC / bayes /模糊状态以及有关URL和附件的信息。配置示例如下:

    clickhouse {
      # Push update when 1000 records are collected (1000 if unset)
      limit = 1000;
      # IP:port of Clickhouse server ("localhost:8123" if unset)
      server = "localhost:8123";
      # Timeout to wait for response (5 seconds if unset)
      timeout = 5;
      # How many bits of sending IP to mask in logs for IPv4 (19 if unset)
      ipmask = 19;
      # How many bits of sending IP to mask in logs for IPv6 (48 if unset)
      ipmask6 = 48;
      # Record URL paths? (default false)
      full_urls = false;
      # This parameter points to a map of domain names
      # If a message has a domain in this map in From: header and DKIM signature,
      # record general metadata in a table named after the domain
      #from_tables = "/etc/rspamd/clickhouse_from.map";
      # These are tables used to store data in Clickhouse
      # Table used to store ASN information (default unset: not collected)
      #asn_table = "rspamd_asn"; # default unset
      # The following table names are set by default
      # Set these if you use want to use different table names
      #table = "rspamd"; # general metadata
      #attachments_table = "rspamd_attachments"; # attachment metadata
      #urls_table = "rspamd_urls"; # url metadata
      # These are symbols of other checks in Rspamd
      # Set these if you use non-default symbol names (unlikely)
      #bayes_spam_symbols = ["BAYES_SPAM"];
      #bayes_ham_symbols = ["BAYES_HAM"];
      #fann_symbols = ["FANN_SCORE"];
      #fuzzy_symbols = ["FUZZY_DENIED"];
      #whitelist_symbols = ["WHITELIST_DKIM", "WHITELIST_SPF_DKIM", "WHITELIST_DMARC"];
      #dkim_allow_symbols = ["R_DKIM_ALLOW"];
      #dkim_reject_symbols = ["R_DKIM_REJECT"];
      #dmarc_allow_symbols = ["DMARC_POLICY_ALLOW"];
      #dmarc_reject_symbols = ["DMARC_POLICY_REJECT", "DMARC_POLICY_QUARANTINE"];





  • 要有资格签名,必须从经过身份验证的用户或保留的IP地址或sign_networks表中的地址(如果已定义)收到邮件
  • 如果来自地址的信封不为空,则有效的二级域必须与MIME标题From匹配
  • 如果有身份验证的用户存在,那么这个应该是@domain的后缀域名就是从地址中看到的信封/头
  • 选择器和密钥路径从域特定配置(如果存在)中选择,返回到全局配置


    # dkim_signing.conf
    # If false, messages with empty envelope from are not signed
    allow_envfrom_empty = true;
    # If true, envelope/header domain mismatch is ignored
    allow_hdrfrom_mismatch = false;
    # If true, multiple from headers are allowed (but only first is used)
    allow_hdrfrom_multiple = false;
    # If true, username does not need to contain matching domain
    allow_username_mismatch = false;
    # If false, messages from authenticated users are not selected for signing
    auth_only = true;
    # Default path to key, can include '$domain' and '$selector' variables
    path = "/var/lib/rspamd/dkim/$domain.$selector.key";
    # Default selector to use
    selector = "dkim";
    # If false, messages from local networks are not selected for signing
    sign_local = true;
    # Map file of IP addresses/subnets to consider for signing
    # sign_networks = "/some/file"; # or url
    # Symbol to add when message is signed
    symbol = "DKIM_SIGNED";
    # Whether to fallback to global config
    try_fallback = true;
    # Domain to use for DKIM signing: can be "header" (MIME From), "envelope" (SMTP From) or "auth" (SMTP username)
    use_domain = "header";
    # Domain to use for DKIM signing when sender is in sign_networks ("header"/"envelope"/"auth")
    #use_domain_sign_networks = "header";
    # Domain to use for DKIM signing when sender is a local IP ("header"/"envelope"/"auth")
    #use_domain_sign_local = "header";
    # Whether to normalise domains to eSLD
    use_esld = true;
    # Whether to get keys from Redis
    use_redis = false;
    # Hash for DKIM keys in Redis
    key_prefix = "DKIM_KEYS";
    # map of domains -> names of selectors (since rspamd 1.5.3)
    #selector_map = "/etc/rspamd/dkim_selectors.map";
    # map of domains -> paths to keys (since rspamd 1.5.3)
    #path_map = "/etc/rspamd/dkim_paths.map";

    # Domain specific settings
    domain {
      example.com {
        # Private key path
        path = "/var/lib/rspamd/dkim/example.key";
        # Selector
        selector = "ds";


Emails Scan


    # emails.conf
    rule "EMAILS_DNSBL" {
      dnsbl = "emailbl.rambler.ru";
      domain_only = true;

    rule "EMAILS_STATIC" {
      map = "/etc/rspamd/bad_emails.list";

Force Actions


  • action:如果规则匹配,则强制执行该操作
  • expression:符号或符号组合符合
  • honor_action:此列表中的操作不应被覆盖
  • message:MTA要使用的SMTP邮件
  • require_action:仅在此列表中的度量标准操作时才覆盖操作
  • subject:受制于度量设定rewrite subject行动


    rules {

      # For each condition we want to force an action on we define a rule

      # Rule is given a descriptive name
        # This is the action we want to force
        action = "no action";
        # If the following combination of symbols is present:
        expression = "IS_IN_WHITELIST & !CLAM_VIRUS & !FPROT_VIRUS";

        action = "reject";
        expression = "IS_IN_WHITELIST & (CLAM_VIRUS | FPROT_VIRUS)";
        # message setting sets SMTP message returned by mailer
        message = "Rejected due to suspicion of virus";

      DCC_BULK {
        action = "rewrite subject";
        # Here expression is just one symbol
        expression = "DCC_BULK";
        # subject setting sets metric subject for rewrite subject action
        subject = "[BULK] %s";
        # honor_action setting define actions we don't want to override
        honor_action = ["reject", "soft reject", "add header"];

        action = "add header";
        expression = "BAYES_SPAM";
        # require_action setting defines actions that will be overridden
        require_action = ["no action", "greylist"];


Fuzzy collect


    # We skip common section and leave only relevant configuration
    worker "fuzzy" {
      bind_socket = "*:11335";
      count = 1;
      # Important to enable this
      collection_only = true;
      # This is needed to sign collections (will discuss later)
      collection_signkey = "utenidt7xdkys5ite89w4gntrdgbsd9gp9rzjjtzzzwx693cei8y";
      # This is needed to encrypt communication between collector and this storage
      collection_keypair = {
        pubkey = "ffg1m6rqi3doy7qggqbr4qjwxw6ahy56nr4zs47doz3nn6euhsty";
        privkey = "y6qjkr4htunjwm7i9cxzzu413tnobe8cjmgmo916i1hdy4yh1s4y";
        id = "eg6ccqr91bt7bkfspufk5kgrejr8sriypkixo5a5xje83nhd58jnjnusr9ppcjtkgyqc7x1fyqpqkazxk6wnnf9buuxbguspyme7trn";
        encoding = "base32";
        algorithm = "curve25519";
        type = "kex";
      # Allow local updates
      allow_update = ["localhost"];
      # Collection should be performed once per minute
      sync = 1m;


    # Needed for `rspamc fuzzy_add`
    worker "controller" {
       bind_socket = "localhost:11334";
       secure_ips = "";
    # Needed to send hashes to local storage
    fuzzy_check {
        min_bytes = 100;
        rule "main" {
            timeout = 1s;
            retransmits = 7;
            servers = "localhost:11335";
            symbol = "FUZZY_UNKNOWN";
            mime_types = "*";
            max_score = 20.0;
            read_only = no;
            skip_unknown = yes;
            algorithm = "mumhash";
            fuzzy_map = {
                FUZZY_DENIED {
                    max_score = 20.0;
                    flag = 1;
                FUZZY_PROB {
                    max_score = 10.0;
                    flag = 2;
                FUZZY_WHITE {
                    max_score = 2.0;
                    flag = 3;
            learn_condition =<<EOD
    return function(task)
      return true



  • Meta哈希是基于三重from:to:ip
  • Data哈希取自消息的正文,如果它有足够的长度


  • greylisting time - 消息应该被暂时拒绝
  • expire time - 在Redis中存储灰名单哈希时


  • expire:setup hashing到期时间(默认为1天)
  • greylist_min_score:分数低于此阈值的消息不会灰屏(默认未设置)
  • ipv4_mask:掩码申请IPv4地址(默认为19)
  • ipv6_mask:掩码来应用IPv6地址(默认为64)
  • key_prefix:用于哈希存储在Redis中的前缀(rg默认情况下)
  • max_data_len:用于身体散列的最大数据长度(默认为10kB)
  • message:暂时拒绝原因信息(Try again later默认情况下)
  • timeout:定义灰名单超时(默认为5分钟)
  • whitelisted_ip:用于跳过灰名单的IP地址和/或子网的映射
  • whitelist_domains_url:主机名的主机名和/或eSLD的地图,以跳过灰名单


    servers = "";

Redis history


    servers =; # Redis server to store history
    key_prefix = "rs_history"; # Default key name
    nrows = 2000; # Default rows limit
    compress = true; # Use zstd compression when storing data in redis

IP Score

IP分数在Redis中存储记录,IP Score需要ASN模块的查询信息。默认配置如下:

    # how each action is treated in scoring
    actions {
      reject = 1.0;
      "add header" = 0.25;
      "rewrite subject" = 0.25;
      "no action" = 1.0;
    # how each component is evaluated
    scores {
      asn = 0.5;
      country = 0.1;
      ipnet = 0.8;
      ip = 1.0;
    # prefix for asn hashes
    asn_prefix = "a:";
    # prefix for country hashes
    country_prefix = "c:";
    # hash table in redis used for storing scores
    hash = "ip_score";
    # prefix for subnet hashes
    ipnet_prefix = "n:";
    # minimum number of messages to be scored
    lower_bound = 10;
    # the metric to score (usually "default")
    metric = "default";
    # upper and lower bounds at which to cap total score
    #max_score = 10;
    #min_score = -5;
    # Amount to divide subscores by before applying tanh
    score_divisor = 10;
    # list of servers (or configure redis globally)
    #servers = "localhost";
    # symbol to be inserted
    symbol = "IP_SCORE";


    symbol "IP_SCORE" {
      weight = 2.0;
      description = "IP reputation";

Mailing list

Metadata exporter

元数据导出器处理一组规则,它们识别有趣的消息,并将信息推送到外部服务(目前支持的是Redis Pub / Sub,HTTP POST&SMTP;用户定义的后端也可以使用)。可能的应用程序包括隔离,记录,警报和反馈回路。对于配置中定义的每个规则:

  • 一个selector功能标识我们要导出元数据的消息(默认选择器选择所有消息)。
  • 一个formatter功能提取从消息(默认格式返回完整的消息内容)格式的元数据。
  • 一个pusher功能(由定义的backend设置)推动格式化的元数据的某处


    metadata_exporter {

      # Each rule defines some export process

      rules {

        # The following rule posts JSON-formatted metadata at the defined URL
        # when it sees a rejected mail from an authenticated user
        MY_HTTP_ALERT_1 {
          backend = "http";
          url = "";
          # More about selectors and formatters later
          selector = "is_reject_authed";
          formatter = "json";

        # This rule posts all messages to a Redis Pub/Sub channel
        MY_REDIS_PUBSUB_1 {
          backend = "redis_pubsub";
          channel = "foo";
          # Default formatter and selector is used

        # This rule sends an e-Mail alert over SMTP containing message metadata
        # when it sees a rejected mail from an authenticated user
        MY_EMAIL_1 {
          backend = "send_mail";
          smtp = "";
          mail_to = "user@example.com";
          selector = "is_reject_authed";
          formatter = "email_alert";

Metric exporter


    # Backend: just "graphite" for now - MUST be set
    backend = "graphite";
    # List of metrics to export - MUST be set.
    # See next section for list of metrics
    metrics = [
    # Below settings are optional and values shown will be used as defaults if these are unset:
    # Statefile: Path to file at which to persist last run information
    statefile = "$DBDIR/metric_exporter_last_push";
    # Timeout in seconds for pushing stats to backend
    timeout = 15;
    # Interval in seconds at which stats should be pushed
    interval = 120;


    # Hostname for Carbon: "localhost" if unset
    host = "localhost";
    # Port for Carbon: 2003 if unset
    port = 2003;
    # Prefix for metric names: "rspamd" if unset
    metric_prefix = "rspamd";



    mid = {
      url = [

Milter Header


    # milter_headers.conf:
    # Options
    # Rmilter compatibility option (default false) (enables x-spamd-result, x-rspamd-server & x-rspamd-queue-id)
    # extended_spam_headers = true;
    # List of headers to be enabled for authenticated users (default empty)
    # authenticated_headers = ["authentication-results"];
    # List of headers to be enabled for local IPs (default empty)
    # local_headers = ["x-spamd-bar"];
    # Set false to always add headers for local IPs (default true)
    # skip_local = true;
    # Set false to always add headers for authenticated users (default true)
    # skip_authenticated = true;
    # Routines to use- this is the only required setting (may be omitted if using extended_spam_headers)
    use = ["x-spamd-bar", "authentication-results"];
    # this is where we may configure our selected routines
    routines {
      # settings for x-spamd-bar routine
      x-spamd-bar {
        # effectively disables negative spambar
        negative = "";
      # other routines...
    custom {
      # user-defined routines: more on these later

Mime type



    # multimap.conf
    symbol { 
      type = "type"; 
      map = "url"; 
      # [optional params...] 
    symbol1 { 
      type = "type"; 
      map = "from"; 
      # [optional params...] 


  • type- 地图类型
  • map - 具有列表的文件的路径,例如:
    • http://example.com/list- HTTP映射,重新加载使用If-Modified-Since,可以签名
    • https://example.com/list - HTTPS映射 - 与HTTP相同,但启用了TLS(使用证书检查)
    • file:///path/to/list - 文件映射,重新加载更改,可以签名
    • /path/to/list - 文件映射的较短形式
    • cdb://path/to/list.cdb- CDB地图在文件中,无法签名
    • redis:// - Redis地图,读取字段中的哈希存储在关键字


  • prefilter- 定义地图是否在预过滤器模式下使用
  • action - 用于预过滤器地图定义由地图匹配设置的动作
  • regexp- 设置为true如果您的地图包含正则表达式
  • symbols- 该地图可以插入的符号数组(用于键值对),了解更多信息
  • score- 符号的分数(可以在该metric部分重新定义)
  • description - 地图描述
  • group- 符号组(可重新定义metric)
  • require_symbols- 必须符合特定消息的符号表达式:了解更多信息
  • filter- 匹配输入的特定部分(例如,电子邮件域):这里是映射过滤器的完整定义

MX Check

Neural network



    # Phishing.conf
    phishing {
        symbol = "R_PHISHING"; # Default symbol

        # Check only domains from this list
        domains = "file:///path/to/map";

        # Make exclusions for known redirectors
        # Entry format: URL/path for map, colon, name of symbol
        redirector_domains = [
        # For certain domains from the specified strict maps
        # use another symbol for phishing plugin
        strict_domains = [


Ratelimit 模块支持以下配置选项:

  • servers - 存储可用数据的服务器列表; 如果未设置,则使用全局设置
  • symbol- 如果此选项被指定,则ratelimit插件只是添加相应的符号而不是设置预结果,该值被缩放为,tanh+ 双曲正切函数在哪里
  • whitelisted_rcpts - 以逗号分隔的列入白名单的收件人列表。默认情况下,此选项的值为“postmaster,mailer-daemon”
  • whitelisted_ip - IP地址或网络的地图列入白名单
  • whitelisted_user - 从用户标识符中排除的用户名的映射
  • max_delay - 任何限制桶的最大使用寿命(默认为1天)
  • max_rcpt - 如果包含超过此值的收件人(默认为5),则不应用ratelimit。如果消息中有很多收件人,则此选项可以避免太多的设置桶的工作。
  • rates - 表格中允许的利率表格:

    type = [burst,leak];


    • bounce_to:限制每个收件人弹跳
    • bounce_to_ip:每个收件人每ip限制跳出
    • to:每个收件人的限制
    • to_ip:每对收件人和发件人的IP地址限制
    • to_ip_from:每三位数限制:收件人,发件人的信封和发件人的IP
    • user:每个认证用户的限制(对出站限制有用)


该模块支持检查消息的发送方的IPv4 / IPv6源地址与一组RBL以及各种不太常规的使用RBL的方法:对于接收头中的地址; 针对发件人的反向DNS名称和SMTP时间下用于HELO / EHLO的参数。配置结构如下:

    # rbl.conf
    # default settings defined here
    rbls {
    # 'rbls' subsection under which the RBL definitions are nested
        an_rbl {
                # rbl-specific subsection 
        # ...



  • default_ipv4 (true)使用此RBL测试IPv4地址。
  • default_ipv6 (false)使用此RBL测试IPv6地址。
  • default_received (true)使用此RBL测试在Received标头中找到的IPv4 / IPv6地址。还应将RBL配置为检查IPv4 / IPv6地址之一。
  • default_from (false)使用此RBL测试消息发送者的IPv4 / IPv6地址。还应将RBL配置为检查IPv4 / IPv6地址之一。
  • default_rdns (false)使用此RBL测试消息发送者的反向DNS名称(传递给rspamd的主机名应已使用正向查找进行验证,特别是如果要用于提供白名单)。
  • default_helo (false)使用此RBL测试在SMTP时间为HELO / EHLO发送的参数。
  • default_dkim (false)使用此RBL测试在验证的DKIM签名中找到的域。
  • default_dkim_domainonly (true)如果只有真测试顶级域,否则测试DKIM签名中找到的整个域。
  • default_emails (false)使用此RBL以[localpart]形式测试电子邮件地址。[domainpart]。[rbl]或如果设置为“domain_only”使用[domainpart] [rbl]。
  • default_unknown (false)如果设置为false,则不要产生结果,除非从RBL中收到的响应在其相关的returncodes {}子句中定义,否则返回RBL的默认符号。
  • default_exclude_users (false)如果设置为true,则如果消息发送方已通过身份验证,则不要使用此RBL。
  • default_exclude_private_ips (true)如果为真,如果发送主机地址处于local_addrs&不检查接收到的标头,这些地址不要使用RBL 。
  • default_exclude_local (true)如果设置了true&local_exclude_ip_map - 如果发送主机地址在本地IP列表中,则不要使用RBL,并且不要检查接收到的标头,以便这些地址。
  • default_is_whitelist (false)如果此列表上的真实匹配项应中和任何此设置为false并且ignore_whitelists不为true的列表。
  • default_ignore_whitelists (false)如果为真,则此列表不应被白名单中和。
  • local_exclude_ip_map可以设置为IPv4 / IPv6地址和子网列表的URL,不被exclude_local检查视为本地排除。
  • hash适用于helo和emailsRBL类型 - 查找散列而不是文字字符串。此参数的可能值是sha1,sha256,sha384,sha512和md5或默认哈希算法的任何其他值。
  • disable_monitoring布尔值,完全禁用监视
  • monitored_address固定地址检查缺席(默认情况下)


    # Descriptive name of RBL or symbol if symbol is not defined.
    an_rbl {
        # Explicitly defined symbol
        symbol = "SOME_SYMBOL";
        # RBL-specific defaults (where different from global defaults)
        #The global defaults may be overridden using 'helo' to override 'default_helo' and so on.
        ipv6 = true;
        ipv4 = false;
        # Address used for RBL-testing
        rbl = "v6bl.example.net";
        # Possible responses from RBL and symbols to yield
        returncodes {
            # Name_of_symbol = "address";
            EXAMPLE_ONE = "";
            EXAMPLE_TWO = "";

Received policy

该模块的目的是对一个Received header的邮件进行简单的检查。这些检查背后的想法是,合法邮件可能不止一个header,还有一些糟糕的模式,比如动态或宽带,这些都是被黑客入侵的用户机器的垃圾邮件所常见的。配置示例如下:

once_received {
    # lines are used to negate this module for certain hosts
    good_host = "^mail";
    # lines are used to specify certain bad patterns
    bad_host = "static";
    bad_host = "dynamic";
    # for emails with bad patterns or with unresolvable hostnames 
    symbol_strict = "ONCE_RECEIVED_STRICT";
    # for generic one received mail
    symbol = "ONCE_RECEIVED";
    # define a list of networks for which once_received checks should be excluded.
    whitelist = "/tmp/ip.map";



  • 动作(null)如果设置,将给定的操作应用于标识为回复的消息(通常将设置为“无操作”以接受)。
  • 到期(86400)时间(以秒为单位),之后到期记录(默认为一天)。
  • key_prefix(rr)字符串前缀为Redis中的键。
  • 消息(消息回复我们发起的一个)当行动被迫时通过的讯息。
  • 服务器(null)Redis主机的逗号分隔列表
  • 符号(REPLY)符号在标识为回复的消息上产生。

    # replies.conf
    # This setting is non-default & may be desirable
    #action = "no action";
    # These are default settings you may want to change
    expire = 86400;
    key_prefix = "rr";
    message = "Message is reply to one we originated";
    symbol = "REPLY";
    # Module specific redis configuration
    #servers = "localhost";

Rspamd update

模块允许加载rspamd规则,调整符号分数和操作,而不需要完全守护程序重新启动。 rspamd_update提供了在不更新rspamd本身的情况下更新新规则和分数更改的方法。

  • symbols- 已经在rspamd中的符号的新分数列表(加载priority = 1以覆盖默认设置)
  • actions- 行动分数列表(也载入priority = 1)
  • rules- 将加载到rspamd中的lua代码片段列表,可以使用rspamd_config全局注册新的规则

    rules = {
        test =<<EOD
    rspamd_config.TEST = {
        callback = function(task) return true end,
        score = 1.0,
        description = 'test',
    actions = {
        greylist = 3.4,
    symbols = {
        R_DKIM_ALLOW = -0.5,

Spamassassin rule


    spamassassin {
        ruleset = "/path/to/file";
        # Limit search size to 100 kilobytes for all regular expressions
        match_limit = 100k;
        # Those regexp atoms will not be passed through hyperscan:
        pcre_only = ["RULE1", "__RULE2"];



  • action:您可以选择设置一个动作
  • symbol:如果发现收件人和垃圾邮件被收集的电子邮件/域之间的匹配,将插入的符号的名称。默认为“SPAMTRAP”
  • score:这个符号的得分。它默认为中性0.0
  • learn_fuzzy:启用或禁用模糊学习的布尔值。默认为“false”
  • learn_spam:Boolean启用或禁用bayes垃圾邮件学习。默认为“false”
  • fuzzy_flag:模糊标志,它必须与fuzzy_check中定义的标志匹配“被拒绝”规则
  • fuzzy_weight:模糊规则的权重因子。默认为10.0
  • key_prefix:用于查找垃圾邮件记录的Redis前缀。它默认为’sptr_’
  • map:您可以定义一个正则表达式映射,该映射将自动禁用此模块的Redis

    action = "no action";
    score = 1.0;
    learn_fuzzy = true;
    learn_spam = true;
    map = file://$LOCAL_CONFDIR/maps.d/spamtrap.map;
    enabled = true;


URL redirector


    # surbl.conf
    redirector_hosts_map = "/etc/rspamd/redirectors.inc";


    # url_redirector.conf
    # How long to cache dereferenced links in Redis (default 1 day)
    expire = 1d;
    # Timeout for HTTP requests (10 seconds by default)
    timeout = 10; # 10 seconds by default
    # How many nested redirects to follow (default 1)
    nested_limit = 1;
    # Prefix for keys in redis (default "rdr:")
    key_prefix = "rdr:";
    # Check SSL certificates (default false)
    check_ssl = false;
    max_size = 10k; # maximum body to process

URL reputation


    # url_reputation.conf
    enabled = true;


    # url_reputation.conf
    # Key prefix for redis - default "Ur."
    key_prefix = "Ur.";
    # Symbols to insert - defaults as shown
    symbols {
      white = "URL_REPUTATION_WHITE";
      black = "URL_REPUTATION_BLACK";
      grey = "URL_REPUTATION_GREY";
      neutral = "URL_REPUTATION_NEUTRAL";
    # DKIM/DMARC/SPF allow symbols - defaults as shown
    foreign_symbols {
      dmarc = "DMARC_POLICY_ALLOW";
      dkim = "R_DKIM_ALLOW";
      spf = "R_SPF_ALLOW";
    # SURBL metatags to ignore - default as shown
    ignore_surbl = ["URIBL_BLOCKED", "DBL_PROHIBIT", "SURBL_BLOCKED"];
    # Amount of samples required for scoring - default 5
    threshold = 5;
    # Maximum number of TLDs to update reputation on (default 1)
    update_limit = 1;
    # Maximum number of TLDs to query reputation on (default 100)
    query_limit = 100;
    # If true, try to find most 'relevant' URL (default true)
    relevance = true;

URL tags


白名单模块旨在否定或增加已知来自受信任来源的某些消息的分数。白名单配置非常简单。您可以在rules段内定义一组规则 。每个规则必须具有domains指定域的映射(如果指定为字符串)或域的直接列表(如果指定为数组)的属性。

  • valid_spf:需要有效的SPF策略
  • valid_dkim:需要DKIM验证
  • valid_dmarc:需要有效的DMARC策略


  • whitelist(默认):当找到域并且满足定义的约束之一时添加符号(例如valid_dmarc)
  • blacklist:当一个域已发现添加符号和定义的约束之一是NOT满足(例如valid_dmarc)
  • strict:当已经找到域并且当定义的某些约束失败时,满足定义的约束(例如valid_dmarc)和添加具有POSITIVE(垃圾邮件)分数的符号之后,添加带有负(ham)分数的符号


  • score:默认分数
  • group:默认组(whitelist如果未明确指定,则使用组)
  • one_shot:默认单次拍摄模式
  • description:默认描述


    # whitelist.conf
    whitelist {
        rules {
            WHITELIST_SPF = {
                valid_spf = true;
                domains = [
                score = -1.0;

            WHITELIST_DKIM = {
                valid_dkim = true;
                domains = [
                score = -2.0;

            WHITELIST_SPF_DKIM = {
                valid_spf = true;
                valid_dkim = true;
                domains = [
                    ["github.com", 2.0],
                score = -3.0;

            STRICT_SPF_DKIM = {
                valid_spf = true;
                valid_dkim = true;
                strict = true;
                domains = [
                    ["paypal.com", 2.0],
                score = -3.0; # For strict rules negative score should be defined

            BLACKLIST_DKIM = {
                valid_spf = true;
                valid_dkim = true;
                blacklist = true;
                domains = "/some/file/blacklist_dkim.map";
                score = 3.0; # Note positive score here

            WHITELIST_DMARC_DKIM = {
                valid_dkim = true;
                valid_dmarc = true;
                domains = [
                score = -7.0;