Updated configs

etc/postfix/main.cf

@@ -49,10 +49,10 @@ smtp_tls_chain_files = /etc/postfix/danwin1210-mail.chain
 smtpd_tls_received_header = yes
 
 #lookup maps for domains and email addresses
-relay_domains = torbox.danwin1210.me torbox.danwin1210.de
-canonical_maps = inline:{{@mail2tor.onion=@mail2tor.com}, {@torbox3uiot6wchz.onion=@torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion}, {@torbox.onion=@torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion}, {@torbox.danwin1210.me=@torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion}, {@torbox.danwin1210.de=@torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion}}
-sender_canonical_maps = inline:{{@localhost=@danwin1210.de}, {@danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion=@danwin1210.de}, {@danwin1210.me=@danwin1210.de}}
-transport_maps = inline:{{torbox3uiot6wchz.onion=relay:[torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion]:25}, {.onion=smtp}, {mail2tor.com=relay:[xc7tgk2c5onxni2wsy76jslfsitxjbbptejnqhw6gy2ft7khpevhc7ad.onion]:25}, {blackhost.xyz=relay:[blackhost7pws76u6vohksdahnm6adf7riukgcmahrwt43wv2drvyxid.onion]:25}} proxy:mysql:/etc/postfix/sql/mysql_transport_maps.cf inline:{*=relay:[10.9.0.1]:1025}
+relay_domains = 
+canonical_maps = inline:{{@mail2tor.onion=@mail2tor.com}, {@torbox3uiot6wchz.onion=@torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion}, {@torbox.onion=@torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion}}
+sender_canonical_maps = inline:{{@localhost=@danwin1210.de}, {@danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion=@danwin1210.de}}
+transport_maps = inline:{{.onion=smtp}, {mail2tor.com=relay:[xc7tgk2c5onxni2wsy76jslfsitxjbbptejnqhw6gy2ft7khpevhc7ad.onion]:25}, {blackhost.xyz=relay:[blackhost7pws76u6vohksdahnm6adf7riukgcmahrwt43wv2drvyxid.onion]:25}} proxy:mysql:/etc/postfix/sql/mysql_transport_maps.cf inline:{*=relay:[10.9.0.1]:1025}
 virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf
 virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
 virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf

etc/rspamd/local.d/actions.conf

@@ -0,0 +1,3 @@
+reject = 15;
+add_header = 8;
+greylist = 7;

etc/rspamd/local.d/antivirus.conf

@@ -0,0 +1,11 @@
+clamav {
+  # Scan whole message
+  scan_mime_parts = false;
+  #scan_text_mime = true;
+  #scan_image_mime = true;
+  symbol = "CLAM_VIRUS";
+  type = "clamav";
+  log_clean = true;
+  servers = "/var/run/clamav/clamd.ctl";
+  max_size = 20971520;
+}

etc/rspamd/local.d/arc.conf

@@ -0,0 +1,16 @@
+sign_authenticated = true;
+sign_local = true;
+domain {
+  danwin1210.de {
+    selectors [
+     {
+       path: "/var/lib/rspamd/dkim/danwin1210.de-rsa";
+       selector: "20211204-rsa";
+     },
+     {
+       path: "/var/lib/rspamd/dkim/danwin1210.de-ed25519";
+       selector: "20211204-ed25519";
+     }
+   ]
+ }
+}

etc/rspamd/local.d/classifier-bayes.conf

@@ -0,0 +1 @@
+autolearn = true;

etc/rspamd/local.d/dkim_signing.conf

@@ -0,0 +1,20 @@
+use_domain = "header";
+use_domain_sign_networks = "header";
+use_domain_sign_local = "header";
+allow_username_mismatch = true;
+allow_hdrfrom_mismatch = true;
+try_fallback = false;
+domain {
+  danwin1210.de {
+    selectors [
+     {
+       path: "/var/lib/rspamd/dkim/danwin1210.de-rsa";
+       selector: "20211204-rsa";
+     },
+     {
+       path: "/var/lib/rspamd/dkim/danwin1210.de-ed25519";
+       selector: "20211204-ed25519";
+     }
+   ]
+ }
+}

etc/rspamd/local.d/greylist.conf

@@ -0,0 +1 @@
+enabled = false;

etc/rspamd/local.d/groups.conf

@@ -0,0 +1,15 @@
+symbols {
+  "CLAM_VIRUS" {
+    "weight": 10.0
+  }
+  "CLAM_VIRUS_ENCRYPTED" {
+    "weight": 1.0
+  }
+  "CLAM_VIRUS_MACRO" {
+    "weight": 1.0
+  }
+  "AUTHENTICATED_USER" {
+    description = "authenticated user should receive higher scoring to prevent outgoing spam";
+    score = 5.0;
+  }
+}

etc/rspamd/local.d/logging.inc

@@ -0,0 +1,4 @@
+type = console
+systemd = true
+color = true
+level = notice

etc/rspamd/local.d/options.inc

@@ -0,0 +1,3 @@
+dns {
+  enable_dnssec = true;
+}

etc/rspamd/local.d/phishing.conf

@@ -0,0 +1 @@
+phishtank_enabled = false;

etc/rspamd/local.d/ratelimit.conf

@@ -0,0 +1,24 @@
+whitelisted_rcpts = ["postmaster", "mailer-daemon", "daniel@danwin1210.de"]
+whitelisted_user = ["daniel@danwin1210.de"]
+rates {
+  to = {
+    bucket = {
+      burst = 20;
+      rate =  1 / 1m;
+    }
+  }
+  sending_limit_2_per_min {
+    selector = 'user.lower.append("sending_limit_2_per_min")';
+    bucket = {
+      burst = 20;
+      rate = 2 / 1m;
+    }
+  }
+  sending_limit_500_per_day {
+    selector = 'user.lower.append("sending_limit_500_per_day")';
+    bucket = {
+      burst = 400;
+      rate = 50 / 3h;
+    }
+  }
+}

etc/rspamd/local.d/redis.conf

@@ -0,0 +1 @@
+servers = "127.0.0.1";

etc/rspamd/local.d/statistics_group.conf

@@ -0,0 +1,5 @@
+symbols {
+  "BAYES_SPAM" {
+    "score": 7.0
+  }
+}

etc/rspamd/local.d/worker-fuzzy.inc

@@ -0,0 +1,10 @@
+count = 1;
+keypair {
+    privkey = "YOUR_PRIVATE_KEY";
+    type = "kex";
+    algorithm = "curve25519";
+    id = "YOUR_ID";
+    pubkey = "YPUR_PUBLIC_KEY";
+    encoding = "base32";
+}
+encrypted_only = true;

etc/rspamd/local.d/worker-proxy.inc

@@ -0,0 +1 @@
+bind_socket = "*:11332";

etc/rspamd/lua/rspamd.local.lua

@@ -0,0 +1,8 @@
+rspamd_config.AUTHENTICATED_USER = {
+	callback = function(task)
+		local uname = task:get_user()
+		if uname then
+			return 1
+		end
+	end
+}

etc/rspamd/override.d/fuzzy_check.conf

@@ -0,0 +1,26 @@
+rule "localhost" {
+  algorithm = "mumhash";
+  servers = "localhost:11335";
+  encryption_key = "YOUR_ENCRYPTION_KEY";
+  symbol = "FUZZY_UNKNOWN";
+  mime_types = ["*"];
+  max_score = 20.0;
+  read_only = no;
+  skip_unknown = yes;
+  short_text_direct_hash = true; # If less than min_length then use direct hash
+  min_length = 64; # Minimum words count to consider shingles
+  fuzzy_map = {
+    FUZZY_DENIED {
+      max_score = 20.0;
+      flag = 1;
+    }
+    FUZZY_PROB {
+      max_score = 10.0;
+      flag = 2;
+    }
+    FUZZY_WHITE {
+      max_score = 2.0;
+      flag = 3;
+    }
+  }
+}

etc/rspamd/override.d/worker-controller.inc

@@ -0,0 +1,4 @@
+bind_socket = "*:11334";
+password = "YOUR_PASSWORD_HASH";
+enable_password = "YOUR_PASSWORD_HASH";
+secure_ip = "";