Add rspamd config files

README.md

@@ -38,7 +38,7 @@ Note that debian also has an onion service package archive, so you may want to e
 deb tor://vwakviie2ienjx6t.onion/debian `lsb_release -cs` main
 ```
 
-Copy (and modify according to your needs) the site files in `var/www` to `/var/www` and the configuration files in `etc` to `/etc` after installation has finished. Then restart some services:
+Copy (and modify according to your needs) the site files in `var/www` to `/var/www`, `usr/local` to `/usr/local`  and the configuration files in `etc` to `/etc` after installation has finished. Then restart some services:
 ```
 systemctl daemon-reload && systemctl restart bind9.service && systemctl restart dnsmasq.service && systemctl restart tor@default.service
 ```

install_binaries.sh

@@ -1757,4 +1757,3 @@ chown _rspamd: /var/lib/rspamd /var/log/rspamd
 
 #razorfy
 id -u razorfy >/dev/null 2>&1 || useradd -M -r -s /bin/false razorfy
-cp razorfy.pl /usr/local/bin/

usr/local/etc/rspamd/local.d/actions.conf

@@ -0,0 +1,3 @@
+reject = 15;
+add_header = 8;
+greylist = 7;

usr/local/etc/rspamd/local.d/antivirus.conf

@@ -0,0 +1,11 @@
+clamav {
+  # Scan whole message
+  scan_mime_parts = false;
+  #scan_text_mime = true;
+  #scan_image_mime = true;
+  symbol = "CLAM_VIRUS";
+  type = "clamav";
+  log_clean = true;
+  servers = "/var/run/clamav/clamd.ctl";
+  max_size = 20971520;
+}

usr/local/etc/rspamd/local.d/arc.conf

@@ -0,0 +1,16 @@
+sign_authenticated = true;
+sign_local = true;
+domain {
+  hosting.danwin1210.me {
+    selectors [
+     {
+       path: "/usr/local/etc/rspamd/hosting.danwin1210.me-rsa4096";
+       selector: "mail";
+     },
+     {
+       path: "/usr/local/etc/rspamd/hosting.danwin1210.me-ed25519";
+       selector: "ed25519";
+     }
+   ]
+ }
+}

usr/local/etc/rspamd/local.d/classifier-bayes.conf

@@ -0,0 +1 @@
+autolearn = true;

usr/local/etc/rspamd/local.d/dkim_signing.conf

@@ -0,0 +1,14 @@
+domain {
+  hosting.danwin1210.me {
+    selectors [
+     {
+       path: "/usr/local/etc/rspamd/hosting.danwin1210.me-rsa4096";
+       selector: "mail";
+     },
+     {
+       path: "/usr/local/etc/rspamd/hosting.danwin1210.me-ed25519";
+       selector: "ed25519";
+     }
+   ]
+ }
+}

usr/local/etc/rspamd/local.d/external_services.conf

@@ -0,0 +1,3 @@
+razor {
+  servers = "127.0.0.1:11342"
+}

usr/local/etc/rspamd/local.d/greylist.conf

@@ -0,0 +1 @@
+enabled = false;

usr/local/etc/rspamd/local.d/groups.conf

@@ -0,0 +1,11 @@
+symbols {
+  "CLAM_VIRUS" {
+    "weight": 10.0
+  }
+  "CLAM_VIRUS_ENCRYPTED" {
+    "weight": 1.0
+  }
+  "CLAM_VIRUS_MACRO" {
+    "weight": 1.0
+  }
+}

usr/local/etc/rspamd/local.d/logging.inc

@@ -0,0 +1,4 @@
+type = console
+systemd = true
+color = true
+level = notice

usr/local/etc/rspamd/local.d/neural.conf

@@ -0,0 +1,24 @@
+rules {
+  "LONG" {
+    train {
+      max_trains = 200;
+      max_usages = 20;
+      max_iterations = 25;
+      learning_rate = 0.01,
+    }
+    symbol_spam = "NEURAL_SPAM_LONG";
+    symbol_ham = "NEURAL_HAM_LONG";
+    ann_expire = 45d;
+  }
+  "SHORT" {
+    train {
+      max_trains = 100;
+      max_usages = 10;
+      max_iterations = 15;
+      learning_rate = 0.01,
+    }
+    symbol_spam = "NEURAL_SPAM_SHORT";
+    symbol_ham = "NEURAL_HAM_SHORT";
+    ann_expire = 7d;
+  }
+}

usr/local/etc/rspamd/local.d/neural_group.conf

@@ -0,0 +1,18 @@
+symbols = {
+  "NEURAL_SPAM_LONG" {
+    weight = 3.7; # sample weight
+    description = "Neural network spam (long)";
+  }
+  "NEURAL_HAM_LONG" {
+    weight = -4.0; # sample weight
+    description = "Neural network ham (long)";
+  }
+  "NEURAL_SPAM_SHORT" {
+    weight = 2.5; # sample weight
+    description = "Neural network spam (short)";
+  }
+  "NEURAL_HAM_SHORT" {
+    weight = -2.0; # sample weight
+    description = "Neural network ham (short)";
+  }
+}

usr/local/etc/rspamd/local.d/options.inc

@@ -0,0 +1,3 @@
+dns {
+  enable_dnssec = true;
+}

usr/local/etc/rspamd/local.d/phishing.conf

@@ -0,0 +1 @@
+phishtank_enabled = false;

usr/local/etc/rspamd/local.d/ratelimit.conf

@@ -0,0 +1,22 @@
+rates {
+  to = {
+    bucket = {
+      burst = 20;
+      rate =  1 / 1m;
+    }
+  }
+  sending_limit_2_per_min {
+    selector = 'user.lower.append("sending_limit_2_per_min")';
+    bucket = {
+      burst = 20;
+      rate = 2 / 1m;
+    }
+  }
+  sending_limit_500_per_day {
+    selector = 'user.lower.append("sending_limit_500_per_day")';
+    bucket = {
+      burst = 400;
+      rate = 50 / 3h;
+    }
+  }
+}

usr/local/etc/rspamd/local.d/redis.conf

@@ -0,0 +1 @@
+servers = "127.0.0.1";

usr/local/etc/rspamd/local.d/worker-fuzzy.inc

@@ -0,0 +1,10 @@
+count = 1;
+keypair {
+    privkey = "aojniuyfysb7i6zs47phwafd9wefdockzd4qwe3qu15nc4g1kq6y";
+    type = "kex";
+    algorithm = "curve25519";
+    id = "f1rw8w3cp88zt1y8wfrtrpu9xoy6zrr6bau6ieeq1qeh3jy14ezq835jboyugba86scgaqqmsqtoqmaoo7tt6gynyg9fnc51agu1try";
+    pubkey = "rsk86fw7w5x4dhkjhcomsyaqwiapp56ykq7woj8f7g9m7z8akfpy";
+    encoding = "base32";
+}
+encrypted_only = true;

usr/local/etc/rspamd/override.d/fuzzy_check.conf

@@ -0,0 +1,26 @@
+rule "localhost" {
+  algorithm = "mumhash";
+  servers = "localhost:11335";
+  encryption_key = "rsk86fw7w5x4dhkjhcomsyaqwiapp56ykq7woj8f7g9m7z8akfpy";
+  symbol = "FUZZY_UNKNOWN";
+  mime_types = ["*"];
+  max_score = 20.0;
+  read_only = no;
+  skip_unknown = yes;
+  short_text_direct_hash = true; # If less than min_length then use direct hash
+  min_length = 64; # Minimum words count to consider shingles
+  fuzzy_map = {
+    FUZZY_DENIED {
+      max_score = 20.0;
+      flag = 1;
+    }
+    FUZZY_PROB {
+      max_score = 10.0;
+      flag = 2;
+    }
+    FUZZY_WHITE {
+      max_score = 2.0;
+      flag = 3;
+    }
+  }
+}

usr/local/etc/rspamd/override.d/worker-controller.inc

@@ -0,0 +1,3 @@
+password = "$2$p8hk8x6i44t1azn3wnogqqd9quxqsc1t$34wr9o97cw6ho15tx9d3pjrjy3ccqrasjfgiu3w15f5urzqmfb3b";
+enable_password = "$2$p8hk8x6i44t1azn3wnogqqd9quxqsc1t$34wr9o97cw6ho15tx9d3pjrjy3ccqrasjfgiu3w15f5urzqmfb3b";
+secure_ip = "";