Do not send e-mail to me!

Rspamd

Introdução

 

O Rspamd é um sistema avançado de filtragem de spam que suporta uma variedade de mecanismos de filtragem, incluindo expressões regulares, análises estatísticas e serviços personalizados, como listas negras de URL. Cada mensagem é analisada pelo Rspamd e recebe uma pontuação de spam.

 

De acordo com essa pontuação de spam e as configurações do usuário, o Rspamd recomenda uma ação para o MTA aplicar à mensagem, por exemplo, para transmitir, rejeitar ou adicionar um cabeçalho. O Rspamd é projetado para processar centenas de mensagens por segundo simultaneamente.

 

Mais sobre Rpamd pode ser lido aqui https://rspamd.com/about.html.

 

 

Implementação

Antes de implementar a configuração SPFBL.net para o seu Rspamd, tenha certeza que seu serviço de e-mail não ultrapassará o limite de 10 consultas por segundo em nossos serviços. Normalmente isso não ocorre mas, se achar que isso for possível, considere uma doação mensal ao projeto e então poderemos aumentar o limite de acordo com o valor doado. No caso do seu serviço de e-mail ultrapassar o limite estabelecido, seja ele qual for, este serviço poderá sofrer banimento temporário em todos os nossos serviços públicos.

Você pode implementar todos os serviços SPFBL.net em seu Rspamd baixando o arquivo spfbl-rspamd-config-1.0.tar e seguindo esses passos:

1. Faça um backup do seu diretório /etc/rspamd

tar -czf /root/backup-rspamd.tar.gz /etc/rspamd

2. Descompacte o arquivo spfbl-rspamd-config-1.0.tar.gz

tar -C / -xzf /path/to/spfbl-rspamd-config-1.0.tar.gz

3. Reinicie o serviço rspamd.

Ou então, você pode também implementar manualmente todos os serviços SPFBL.net em seu Rspamd seguindo estes exemplos de códigos-fonte:

local logger = require "rspamd_logger"
local util = require "rspamd_util"
local lua_util = require "lua_util"

local function spfbl_getkeys(tab)
	local keyset = {}
	for k,v in pairs(tab) do
		keyset[#keyset + 1] = k
	end
	return keyset
end

local function spfbl_validate_dns(lstr)
  if lstr:match('%.%.') then
    -- two dots in a row
    return false
  end
  for v in lstr:gmatch('[^%.]+') do
    if not v:match('^[%w-]+$') or v:len() > 63
      or v:match('^-') or v:match('-$') then
      -- too long label or weird labels
      return false
    end
  end
  return true
end

local function spfbl_score_table(score)
	local result = 0
	if score >= 0 and score <= 100 then
		if score > 79 then
			result = (score-79)*1/(21)*-1
		elseif score < 50 then
			result = 2-(score-9)*2/(41)
			if result > 2 then result = 2 end
		end
	end
	return result
end

local function spfbl_check_score(task, query)

	local dns_cb = function(resolver, to_resolve, results, err)
		if err and (err ~= 'requested record is not found' and err ~= 'no records with this name') then
			rspamd_logger.infox(task, 'DNS query error: %1 = %2', to_resolve, err)
			return
		end
		if results then
			logger.infox(task, 'DNS query: %1 = %2', to_resolve, results)
			local found = false
			for _,result in ipairs(results) do
				local ipstr = result:to_string()
				for m in ipstr:gmatch("127.0.1.(%d+)") do
					if m and tonumber(m) <= 100 then
						local score = spfbl_score_table(tonumber(m))
						score = math.floor(score * 10^2 + 0.5) / 10^2
						local response = to_resolve .. ' : ' .. ipstr
						logger.infox(task, '%1 = %2', query.symbol, response)
						if not task:get_symbol(query.symbol) then
							task:insert_result(query.symbol, score, response)
						end
						found = true
						break
					end
				end
				if found then break end
			end
		else
			logger.infox(task, 'DNS query: %1 = no results', to_resolve)
		end
	end

	for _, v in ipairs(query.keys) do
		local to_resolve = v .. '.score.spfbl.net'
		if v ~= "localhost" and v ~= "1.0.0.127" and spfbl_validate_dns(to_resolve) then
			task:get_resolver():resolve_a({ task = task, name = to_resolve, callback = dns_cb, forced = true })
		end
	end

end

local function spfbl_resolve_dns(task, query)

	local dns_cb = function(resolver, to_resolve, results, err)
		if err and (err ~= 'requested record is not found' and err ~= 'no records with this name') then
			rspamd_logger.infox(task, 'DNS query error: %1 = %2', to_resolve, err)
			return
		end
		if results then
			logger.infox(task, 'DNS query: %1 = %2', to_resolve, results)
			local found = false
			for _,result in ipairs(results) do
				local ipstr = result:to_string()
				for symbol,i in pairs(query.returncodes) do
					if i == ipstr then
						local response = to_resolve .. ' : ' .. ipstr
						logger.infox(task, '(%1) %2 = %3', query.symbol, symbol, response)
						if query.symbol == "SPFBL_RECEIVED" or not task:get_symbol(query.symbol) then
							task:insert_result(query.symbol, 0)
							task:insert_result(symbol, 1, response)
						end
						found = true
						break
					end
				end
				if found then break end
			end
		else
			logger.infox(task, 'DNS query: %1 = no results', to_resolve)
		end
	end

	for _, v in ipairs(query.keys) do
		local to_resolve = v .. '.' .. query.dbl
		if v ~= "localhost" and (spfbl_validate_dns(to_resolve) or v:match("^[%w.]+@%w+%.%w+$")) then
			task:get_resolver():resolve_a({ task = task, name = to_resolve, callback = dns_cb })
		end
	end

end

-- All SPFBL symbols here
local spfbl_symbols = {
	SPFBL_WHITELIST_DOMAIN = {
		SPFBL_WHITELIST_DOMAIN_GOOD_REPUTATION = "127.0.0.2",
		SPFBL_WHITELIST_DOMAIN_PUBLIC_SERVICE = "127.0.0.3",
		SPFBL_WHITELIST_DOMAIN_CORPORATE_SERVICE = "127.0.0.4",
		SPFBL_WHITELIST_DOMAIN_BULK_SENDER = "127.0.0.5"
	},
	SPFBL_DOMAIN = {
		SPFBL_DOMAIN_BAD_REPUTATION = "127.0.0.2",
		SPFBL_DOMAIN_SUSPECTED_SOURCE = "127.0.0.3"
	},
	SPFBL_SERVER = {
		SPFBL_SERVER_BAD_REPUTATION = "127.0.0.2",
		SPFBL_SERVER_SUSPECTED_SOURCE = "127.0.0.3",
		SPFBL_SERVER_END_USER = "127.0.0.4"
	},
	SPFBL_WHITELIST_SERVER = {
		SPFBL_WHITELIST_SERVER_GOOD_REPUTATION = "127.0.0.2",
		SPFBL_WHITELIST_SERVER_PUBLIC_SERVICE = "127.0.0.3",
		SPFBL_WHITELIST_SERVER_CORPORATE_SERVICE = "127.0.0.4"
	},
	SPFBL_RECEIVED = {
		SPFBL_RECEIVED_BAD_REPUTATION = "127.0.0.2",
		SPFBL_RECEIVED_SUSPECTED_SOURCE = "127.0.0.3",
		SPFBL_RECEIVED_END_USER = "127.0.0.4"
	},
	SPFBL_EMAIL = {
		SPFBL_EMAIL_BAD_REPUTATION = "127.0.0.2",
		SPFBL_EMAIL_SUSPECTED_SOURCE = "127.0.0.3"
	},
	SPFBL_SCORE = nil
}

local function spfbl_get_symbols(task, key)
	for k, v in pairs(spfbl_symbols) do
		if k == key then
			if task:get_symbol(k) then return true end
			for k2, v2 in pairs(v) do
				if task:get_symbol(k2) then return true end
			end
		end
	end
	return false
end

local function spfbl_register_symbols(id_symbol, group)
	for k, v in pairs(group) do
		rspamd_config:register_symbol({name = k, parent = id_symbol, type = 'virtual' })
	end
end

local function spfbl_register_dependency(symbol,key)
	for k, v in pairs(spfbl_symbols) do
		if k == key then
			rspamd_config:register_dependency(symbol, key)
			for k2, v2 in pairs(v) do
				rspamd_config:register_dependency(symbol, k2)
			end
		end
	end
	return false
end

local spfbl_id_symbol = nil

--

spfbl_id_symbol = rspamd_config:register_symbol{name = "SPFBL_RECEIVED", type = 'callback', flags = 'empty,no_squeeze', callback = function(task)
	logger.infox(task, 'started SPFBL_RECEIVED')

	if spfbl_get_symbols(task, 'SPFBL_SERVER') or spfbl_get_symbols(task, 'SPFBL_WHITELIST_SERVER') then return end

	local ip = task:get_from_ip()
	if ip and ip:is_valid() then
		local received_headers = task:get_received_headers()
		for k, v in pairs(received_headers) do
			if v['real_ip'] and v['real_ip']:is_valid() and not v['flags']['artificial'] and not v['real_ip']:is_local() and v['real_ip']:to_string() ~= ip:to_string() then
				local ip_query = {[1] = table.concat(v['real_ip']:inversed_str_octets(), '.') }
				spfbl_resolve_dns(task, { dbl = 'dnsbl.spfbl.net', keys = ip_query, symbol = "SPFBL_RECEIVED", returncodes = spfbl_symbols.SPFBL_RECEIVED })
			end
		end
	end
end}
spfbl_register_symbols(spfbl_id_symbol, spfbl_symbols.SPFBL_RECEIVED)
spfbl_register_dependency("SPFBL_RECEIVED", "SPFBL_SERVER")
spfbl_register_dependency("SPFBL_RECEIVED", "SPFBL_WHITELIST_SERVER")

--

spfbl_id_symbol = rspamd_config:register_symbol{name = "SPFBL_WHITELIST_DOMAIN", type = 'callback', flags = 'nice,empty,no_squeeze', callback = function(task)
	logger.infox(task, 'started SPFBL_WHITELIST_DOMAIN')

	if spfbl_get_symbols(task, 'SPFBL_WHITELIST_SERVER') then return end

	local search = {}

	if task:get_symbol('R_SPF_ALLOW') then
		local from = task:get_from(1)
		if (from and from[1]) then
			search[from[1].domain:lower()] = 1
		end
	end
	if task:get_symbol('R_DKIM_ALLOW') or task:get_symbol('DMARC_POLICY_ALLOW') then
		local from = task:get_from(2)
		if (from and from[1]) then
			search[from[1].domain:lower()] = 1
		end
	end

	local query = spfbl_getkeys(search)
	if #query > 0 then
		spfbl_resolve_dns(task, { dbl = 'dnswl.spfbl.net', keys = query, symbol = "SPFBL_WHITELIST_DOMAIN", returncodes = spfbl_symbols.SPFBL_WHITELIST_DOMAIN  })
	end

end}

spfbl_register_symbols(spfbl_id_symbol, spfbl_symbols.SPFBL_WHITELIST_DOMAIN)
spfbl_register_dependency("SPFBL_WHITELIST_DOMAIN", "SPFBL_WHITELIST_SERVER")
rspamd_config:register_dependency('SPFBL_WHITELIST_DOMAIN', 'R_SPF_ALLOW')
rspamd_config:register_dependency('SPFBL_WHITELIST_DOMAIN', 'R_DKIM_ALLOW')
rspamd_config:register_dependency('SPFBL_WHITELIST_DOMAIN', 'DMARC_POLICY_ALLOW')

--

spfbl_id_symbol = rspamd_config:register_symbol{name = "SPFBL_DOMAIN", type = 'callback', flags = 'empty,no_squeeze', callback = function(task)
	logger.infox(task, 'started SPFBL_DOMAIN')

	if spfbl_get_symbols(task, 'SPFBL_WHITELIST_DOMAIN') then return end

	local search = {}
	local from = task:get_from(1)
	if (from and from[1]) then
		search[from[1].domain:lower()] = 1
	end

	from = task:get_from(2)
	if (from and from[1]) then
		search[from[1].domain:lower()] = 1
	end

	local replyto = task:get_header('Reply-To')
	if replyto then
		local rt = util.parse_mail_address(replyto, task:get_mempool())
		if (rt and rt[1]) then
			search[rt[1].domain:lower()] = 1
		end
	end

	local query = spfbl_getkeys(search)
	if #query > 0 then
		spfbl_resolve_dns(task, { dbl = 'dnsbl.spfbl.net', keys = query, symbol = "SPFBL_DOMAIN", returncodes = spfbl_symbols.SPFBL_DOMAIN })
	end

end}

spfbl_register_symbols(spfbl_id_symbol, spfbl_symbols.SPFBL_DOMAIN)
spfbl_register_dependency("SPFBL_DOMAIN", "SPFBL_WHITELIST_DOMAIN")

---

spfbl_id_symbol = rspamd_config:register_symbol{name = "SPFBL_EMAIL", type = 'callback', flags = 'empty,no_squeeze', callback = function(task)
	logger.infox(task, 'started SPFBL_EMAIL')

	if spfbl_get_symbols(task, 'SPFBL_DOMAIN') or spfbl_get_symbols(task, 'SPFBL_WHITELIST_DOMAIN') then return end

	local search = {}
	if task:get_symbol('FREEMAIL_ENVFROM') then
		local from = task:get_from(1)
		if (from and from[1]) then
			search[from[1].addr] = 1
		end
	end

	if task:get_symbol('FREEMAIL_FROM') then
		local from = task:get_from(2)
			if (from and from[1]) then
			search[from[1].addr] = 1
		end
	end

	if task:get_symbol('FREEMAIL_REPLYTO') then
		local replyto = task:get_header('Reply-To')
		if replyto then
			local rt = util.parse_mail_address(replyto, task:get_mempool())
			if (rt and rt[1]) then
				lua_util.remove_email_aliases(rt[1])
				search[rt[1].addr] = 1
			end
		end
	end	

	local query = spfbl_getkeys(search)
	if #query > 0 then
		spfbl_resolve_dns(task, { dbl = 'dnsbl.spfbl.net', keys = query, symbol = "SPFBL_EMAIL", returncodes = spfbl_symbols.SPFBL_EMAIL })
	end

end}

spfbl_register_symbols(spfbl_id_symbol, spfbl_symbols.SPFBL_EMAIL)
spfbl_register_dependency("SPFBL_EMAIL", "SPFBL_WHITELIST_DOMAIN")
spfbl_register_dependency("SPFBL_EMAIL", "SPFBL_DOMAIN")
rspamd_config:register_dependency('SPFBL_EMAIL', 'FREEMAIL_ENVFROM')
rspamd_config:register_dependency('SPFBL_EMAIL', 'FREEMAIL_FROM')
rspamd_config:register_dependency('SPFBL_EMAIL', 'FREEMAIL_REPLYTO')

---

spfbl_id_symbol = rspamd_config:register_symbol{name = "SPFBL_SCORE", type = 'callback', flags = 'nice,empty,no_squeeze', callback = function(task)
	logger.infox(task, 'started SPFBL_SCORE')

	-- check IP/RDNS score
	if not (spfbl_get_symbols(task, 'SPFBL_SERVER') or spfbl_get_symbols(task, 'SPFBL_WHITELIST_SERVER')) then
		local search = {}

		local ip = task:get_from_ip()
		if ip and ip:is_valid() and not ip:is_local() then
			search[table.concat(ip:inversed_str_octets(), '.')] = 1
		end

		local rdns = task:get_hostname()
		if not (rdns == nil or rdns == '' or rdns == 'unknown' or rdns == 'localhost') then
			search[rdns:lower()] = 1
		end

		local query = spfbl_getkeys(search)
		if #query > 0 then
			spfbl_check_score(task, { keys = query, symbol = "SPFBL_SCORE_SERVER" })
		end
	end

	-- check domain score
	if not (spfbl_get_symbols(task, 'SPFBL_DOMAIN') or spfbl_get_symbols(task, 'SPFBL_WHITELIST_DOMAIN') or spfbl_get_symbols(task, 'SPFBL_EMAIL')) then
		local search = {}

		if task:get_symbol('R_SPF_ALLOW') then
			local from = task:get_from(1)
			if (from and from[1]) then
				search[from[1].domain:lower()] = 1
			end
		end
		if task:get_symbol('R_DKIM_ALLOW') or task:get_symbol('DMARC_POLICY_ALLOW') then
			local from = task:get_from(2)
			if (from and from[1]) then
				search[from[1].domain:lower()] = 1
			end
		end

		local replyto = task:get_header('Reply-To')
		if replyto then
			local rt = util.parse_mail_address(replyto, task:get_mempool())
			if (rt and rt[1]) then
				lua_util.remove_email_aliases(rt[1])
				search[rt[1].addr] = 1
			end
		end

		local query = spfbl_getkeys(search)
		if #query > 0 then
			spfbl_check_score(task, { keys = query, symbol = "SPFBL_SCORE_DOMAIN" })
		end

	end

end}

rspamd_config:register_symbol({name = "SPFBL_SCORE_SERVER", parent = spfbl_id_symbol, type = 'virtual' })
rspamd_config:register_symbol({name = "SPFBL_SCORE_DOMAIN", parent = spfbl_id_symbol, type = 'virtual' })
spfbl_register_dependency("SPFBL_SCORE", "SPFBL_WHITELIST_DOMAIN")
spfbl_register_dependency("SPFBL_SCORE", "SPFBL_DOMAIN")
spfbl_register_dependency("SPFBL_SCORE", "SPFBL_WHITELIST_SERVER")
spfbl_register_dependency("SPFBL_SCORE", "SPFBL_SERVER")
spfbl_register_dependency("SPFBL_SCORE", "SPFBL_EMAIL")
rspamd_config:register_dependency('SPFBL_SCORE', 'R_SPF_ALLOW')
rspamd_config:register_dependency('SPFBL_SCORE', 'R_DKIM_ALLOW')
rspamd_config:register_dependency('SPFBL_SCORE', 'DMARC_POLICY_ALLOW')

-- Adding conditions to all symbols
for k, v in pairs(spfbl_symbols) do
	rspamd_config:add_condition(k, function(task)
		if task:get_user() then return false end
		local ip = task:get_from_ip()
		if ip and ip:is_local() then return false end
		return true
	end)
end
SPFBL_UNAUTH {
	expression = "(SPFBL_RECEIVED_END_USER or SPFBL_SERVER_END_USER) and not SPFBL_WHITELIST_DOMAIN and not RCVD_VIA_SMTP_AUTH";
	description = "Relayed through SPFBL.NET IP without sufficient authentication (possible indicating an open relay)"
	score = 0.5;
	policy = "leave";
}

SPFBL_WHITELIST {
	expression = "SPFBL_WHITELIST_DOMAIN and not SPFBL_WHITELIST_DOMAIN_BULK_SENDER and (SPFBL_WHITELIST_SERVER_GOOD_REPUTATION or SPFBL_WHITELIST_SERVER_PUBLIC_SERVICE or SPFBL_WHITELIST_SERVER_CORPORATE_SERVICE or SPFBL_WHITELIST_SERVER_BULK_SENDER)";
	description = "Whitelisted by SPFBL.NET";
	score = -1.0;
	policy = "leave";
}

SPFBL_BULK_SENDER_BAD_REPLYTO {
	expression = "SPFBL_WHITELIST_SERVER_BULK_SENDER and (FREEMAIL_REPLYTO or DISPOSABLE_REPLYTO)";
	description = "Bulk/Good senders have no reason to use a free/disposable e-mail address in Reply-To";
	score = 1.0;
	policy = "leave";
}
rules {

	SPFBL_URIBL_EMAIL {
		dnsbl = "uribl.spfbl.net";
		domain_only = false;
		returncodes = {
			SPFBL_URIBL_EMAIL_PHISHING_SPAM = "127.0.0.2";
			SPFBL_URIBL_EMAIL_SUSPECTED_MALWARE = "127.0.0.3";
		}
	}

}
group "spfbl" {

	symbols = {

		"SPFBL_DOMAIN" {
			weight = 0.0;
			description = "Domain blacklist at SPFBL.NET";
			one_shot = true;
		}

		"SPFBL_DOMAIN_BAD_REPUTATION" {
			weight = 3.0;
			description = "Domain blacklisted due to bad reputation and confirmed by anonymous complaints";
		}

		"SPFBL_DOMAIN_SUSPECTED_SOURCE" {
			weight = 1.0;
			description = "Domain flagged due to the difficulty of identifying the person responsible";
		}

		"SPFBL_SCORE" {
			weight = 0.0;
			description = "Score from SPFBL.NET";
		}

		"SPFBL_SCORE_SERVER" {
			weight = 1.0;
			description = "Server score from SPFBL.NET";
		}

		"SPFBL_SCORE_DOMAIN" {
			weight = 2.0;
			description = "Server score from SPFBL.NET";
		}

		"SPFBL_WHITELIST_DOMAIN" {
			weight = 0.0;
			description = "Domain whitelist at SPFBL.NET";
		}

		"SPFBL_WHITELIST_DOMAIN_GOOD_REPUTATION" {
			weight = -3.0;
			description = "Domain listed by excellent reputation, confirmed by the community";
			one_shot = true;
		}

		"SPFBL_WHITELIST_DOMAIN_PUBLIC_SERVICE" {
			weight = -1.5;
			description = "Domain listed as public service or indispensable for the proper functioning of society";
			one_shot = true;
		}

		"SPFBL_WHITELIST_DOMAIN_CORPORATE_SERVICE" {
			weight = -1.0;
			description = "Domain listed as corporate message service, forbidden to use for marketing purposes";
			one_shot = true;
		}

		"SPFBL_WHITELIST_DOMAIN_BULK_SENDER" {
			weight = 0.0;
			description = "Domain listed as bulk message sender with low spam or phishing complaints";
		}

		"SPFBL_EMAIL_BAD_REPUTATION" {
			weight = 5.0;
			description = "E-mail address blacklisted due to bad reputation and confirmed by anonymous complaints";
		}

		"SPFBL_EMAIL_SUSPECTED_SOURCE" {
			weight = 2.5;
			description = "E-mail address flagged due to the difficulty of identifying the person responsible";
		}

	}

}
rbls {

	spfbl_server {
		symbol = "SPFBL_SERVER";
		rbl = "dnsbl.spfbl.net";
		ipv6 = true;
		ipv4 = true;
		received = false;
		from = true;
		rdns = true;
		ignore_whitelists = false;
		returncodes {
			SPFBL_SERVER_BAD_REPUTATION = "127.0.0.2";
			SPFBL_SERVER_SUSPECTED_SOURCE = "127.0.0.3";
			SPFBL_SERVER_END_USER = "127.0.0.4";
		}
	}

	spfbl_whitelist_server {
		symbol = "SPFBL_WHITELIST_SERVER";
		rbl = "dnswl.spfbl.net";
		ipv6 = true;
		ipv4 = true;
		is_whitelist = true;
		received = false;
		from = true;
		rdns = true;
		ignore_whitelists = true;
		whitelist_exception = "SPFBL_WHITELIST_SERVER";
		whitelist_exception = "SPFBL_WHITELIST_SERVER_GOOD_REPUTATION";
		whitelist_exception = "SPFBL_WHITELIST_SERVER_CORPORATE_SERVICE";
		returncodes {
			SPFBL_WHITELIST_SERVER_GOOD_REPUTATION = "127.0.0.2";
			SPFBL_WHITELIST_SERVER_PUBLIC_SERVICE = "127.0.0.3";
			SPFBL_WHITELIST_SERVER_CORPORATE_SERVICE = "127.0.0.4";
			SPFBL_WHITELIST_SERVER_BULK_SENDER = "127.0.0.5";
		}
	}

}
symbols = {

	"SPFBL_WHITELIST_SERVER" {
		weight = 0.0;
		one_shot = true;
	}

	"SPFBL_WHITELIST_SERVER_GOOD_REPUTATION" {
		weight = -2.0;
		description = "IP or Hostname listed by excellent reputation, confirmed by the community";
		one_shot = true;
	}

	"SPFBL_WHITELIST_SERVER_PUBLIC_SERVICE" {
		weight = -1.0;
		description = "IP or Hostname listed as public service or indispensable for the proper functioning of society";
		one_shot = true;
	}

	"SPFBL_WHITELIST_SERVER_CORPORATE_SERVICE" {
		weight = -1.0;
		description = "IP or Hostname listed as corporate message service, forbidden to use for marketing purposes";
		one_shot = true;
	}

	"SPFBL_WHITELIST_SERVER_BULK_SENDER" {
		weight = 0.0;
		description = "IP or Hostname listed as bulk message sender with low spam or phishing complaints";
		one_shot = true;
	}

	"SPFBL_SERVER" {
		weight = 0.0;
		one_shot = true;
	}

	"SPFBL_SERVER_BAD_REPUTATION" {
		weight = 2.0;
		description = "IP or Hostname blacklisted due to bad reputation and confirmed by anonymous complaints";
		one_shot = true;
	}

	"SPFBL_SERVER_SUSPECTED_SOURCE" {
		weight = 1.0;
		description = "IP or Hostname flagged due to the difficulty of identifying the person responsible";
		one_shot = true;
	}

	"SPFBL_SERVER_END_USER" {
		weight = 3.0;
		description = "IP or Hostname should not deliver unauthenticated SMTP email to any Internet mail server";
		one_shot = true;
	}

	"SPFBL_RECEIVED_BAD_REPUTATION" {
		weight = 0.5;
		description = "Received address blacklisted due to bad reputation and confirmed by anonymous complaints";
	}

	"SPFBL_RECEIVED_SUSPECTED_SOURCE" {
		weight = 0.1;
		description = "Received address flagged due to the difficulty of identifying the person responsible";
	}

	"SPFBL_RECEIVED_END_USER" {
		weight = 0.0;
		description = "Received address should not deliver unauthenticated SMTP email to any Internet mail server";
	}

}
rules {

	spfbl_uribl {
		suffix = "uribl.spfbl.net";
		noip = false;
		resolve_ip = true;
		ips {
			SPFBL_URIBL_PHISHING_SPAM = "127.0.0.2";
			SPFBL_URIBL_SUSPECTED_MALWARE = "127.0.0.3";
		}
	}

}
symbols = {

	"SPFBL_URIBL_PHISHING_SPAM" {
		weight = 2.0;
		description = "Domain listed for inappropriate use of the URL, such as phishing or used by spammer";
	}
	"SPFBL_URIBL_SUSPECTED_MALWARE" {
		weight = 1.0;
		description = "Executable file listed for suspected malware";
	}

	"SPFBL_URIBL_EMAIL_PHISHING_SPAM" {
		weight = 4.0;
		description = "E-mail listed for inappropriate use, such as phishing or used by spammer";
	}

	"SPFBL_URIBL_EMAIL_SUSPECTED_MALWARE" {
		weight = 1.0;
		description = "Executable file listed for suspected malware";
	}

}