|  | @@ -124,4 +124,192 @@ for file in /hooks/*; do
 | 
											
												
													
														|  |    fi
 |  |    fi
 | 
											
												
													
														|  |  done
 |  |  done
 | 
											
												
													
														|  |  
 |  |  
 | 
											
												
													
														|  | 
 |  | +# If DQS KEY is set in mailcow.conf add Spamhaus DQS RBLs
 | 
											
												
													
														|  | 
 |  | +if [[ ! -z ${SPAMHAUS_DQS_KEY} ]]; then
 | 
											
												
													
														|  | 
 |  | +    cat <<EOF > /etc/rspamd/custom/dqs-rbl.conf
 | 
											
												
													
														|  | 
 |  | +  # Autogenerated by mailcow. DO NOT TOUCH!
 | 
											
												
													
														|  | 
 |  | +  rbls {
 | 
											
												
													
														|  | 
 |  | +    spamhaus {
 | 
											
												
													
														|  | 
 |  | +        rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
 | 
											
												
													
														|  | 
 |  | +        from = false;
 | 
											
												
													
														|  | 
 |  | +    }
 | 
											
												
													
														|  | 
 |  | +    spamhaus_from {
 | 
											
												
													
														|  | 
 |  | +        from = true;
 | 
											
												
													
														|  | 
 |  | +        received = false;
 | 
											
												
													
														|  | 
 |  | +        rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
 | 
											
												
													
														|  | 
 |  | +        returncodes {
 | 
											
												
													
														|  | 
 |  | +          SPAMHAUS_ZEN = [ "127.0.0.2", "127.0.0.3", "127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7", "127.0.0.9", "127.0.0.10", "127.0.0.11" ];
 | 
											
												
													
														|  | 
 |  | +        }
 | 
											
												
													
														|  | 
 |  | +    }
 | 
											
												
													
														|  | 
 |  | +    spamhaus_authbl_received {
 | 
											
												
													
														|  | 
 |  | +        # Check if the sender client is listed in AuthBL (AuthBL is *not* part of ZEN)
 | 
											
												
													
														|  | 
 |  | +        rbl = "${SPAMHAUS_DQS_KEY}.authbl.dq.spamhaus.net";
 | 
											
												
													
														|  | 
 |  | +        from = false;
 | 
											
												
													
														|  | 
 |  | +        received = true;
 | 
											
												
													
														|  | 
 |  | +        ipv6 = true;
 | 
											
												
													
														|  | 
 |  | +        returncodes {
 | 
											
												
													
														|  | 
 |  | +          SH_AUTHBL_RECEIVED = "127.0.0.20"
 | 
											
												
													
														|  | 
 |  | +        }
 | 
											
												
													
														|  | 
 |  | +    }
 | 
											
												
													
														|  | 
 |  | +    spamhaus_dbl {
 | 
											
												
													
														|  | 
 |  | +        # Add checks on the HELO string
 | 
											
												
													
														|  | 
 |  | +        rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
 | 
											
												
													
														|  | 
 |  | +        helo = true;
 | 
											
												
													
														|  | 
 |  | +        rdns = true;
 | 
											
												
													
														|  | 
 |  | +        dkim = true;
 | 
											
												
													
														|  | 
 |  | +        disable_monitoring = true;
 | 
											
												
													
														|  | 
 |  | +        returncodes {
 | 
											
												
													
														|  | 
 |  | +            RBL_DBL_SPAM = "127.0.1.2";
 | 
											
												
													
														|  | 
 |  | +            RBL_DBL_PHISH = "127.0.1.4";
 | 
											
												
													
														|  | 
 |  | +            RBL_DBL_MALWARE = "127.0.1.5";
 | 
											
												
													
														|  | 
 |  | +            RBL_DBL_BOTNET = "127.0.1.6";
 | 
											
												
													
														|  | 
 |  | +            RBL_DBL_ABUSED_SPAM = "127.0.1.102";
 | 
											
												
													
														|  | 
 |  | +            RBL_DBL_ABUSED_PHISH = "127.0.1.104";
 | 
											
												
													
														|  | 
 |  | +            RBL_DBL_ABUSED_MALWARE = "127.0.1.105";
 | 
											
												
													
														|  | 
 |  | +            RBL_DBL_ABUSED_BOTNET = "127.0.1.106";
 | 
											
												
													
														|  | 
 |  | +            RBL_DBL_DONT_QUERY_IPS = "127.0.1.255";
 | 
											
												
													
														|  | 
 |  | +        }
 | 
											
												
													
														|  | 
 |  | +    }
 | 
											
												
													
														|  | 
 |  | +    spamhaus_dbl_fullurls {
 | 
											
												
													
														|  | 
 |  | +        ignore_defaults = true;
 | 
											
												
													
														|  | 
 |  | +        no_ip = true;
 | 
											
												
													
														|  | 
 |  | +        rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
 | 
											
												
													
														|  | 
 |  | +        selector = 'urls:get_host'
 | 
											
												
													
														|  | 
 |  | +        disable_monitoring = true;
 | 
											
												
													
														|  | 
 |  | +        returncodes {
 | 
											
												
													
														|  | 
 |  | +            DBLABUSED_SPAM_FULLURLS = "127.0.1.102";
 | 
											
												
													
														|  | 
 |  | +            DBLABUSED_PHISH_FULLURLS = "127.0.1.104";
 | 
											
												
													
														|  | 
 |  | +            DBLABUSED_MALWARE_FULLURLS = "127.0.1.105";
 | 
											
												
													
														|  | 
 |  | +            DBLABUSED_BOTNET_FULLURLS = "127.0.1.106";
 | 
											
												
													
														|  | 
 |  | +        }
 | 
											
												
													
														|  | 
 |  | +    }
 | 
											
												
													
														|  | 
 |  | +    spamhaus_zrd {
 | 
											
												
													
														|  | 
 |  | +        # Add checks on the HELO string also for DQS
 | 
											
												
													
														|  | 
 |  | +        rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
 | 
											
												
													
														|  | 
 |  | +        helo = true;
 | 
											
												
													
														|  | 
 |  | +        rdns = true;
 | 
											
												
													
														|  | 
 |  | +        dkim = true;
 | 
											
												
													
														|  | 
 |  | +        disable_monitoring = true;
 | 
											
												
													
														|  | 
 |  | +        returncodes {
 | 
											
												
													
														|  | 
 |  | +            RBL_ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
 | 
											
												
													
														|  | 
 |  | +            RBL_ZRD_FRESH_DOMAIN = [
 | 
											
												
													
														|  | 
 |  | +              "127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"
 | 
											
												
													
														|  | 
 |  | +            ];
 | 
											
												
													
														|  | 
 |  | +            RBL_ZRD_DONT_QUERY_IPS = "127.0.2.255";
 | 
											
												
													
														|  | 
 |  | +        }
 | 
											
												
													
														|  | 
 |  | +    }
 | 
											
												
													
														|  | 
 |  | +    "SPAMHAUS_ZEN_URIBL" {
 | 
											
												
													
														|  | 
 |  | +      enabled = true;
 | 
											
												
													
														|  | 
 |  | +      rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
 | 
											
												
													
														|  | 
 |  | +      resolve_ip = true;
 | 
											
												
													
														|  | 
 |  | +      checks = ['urls'];
 | 
											
												
													
														|  | 
 |  | +      replyto = true;
 | 
											
												
													
														|  | 
 |  | +      emails = true;
 | 
											
												
													
														|  | 
 |  | +      ipv4 = true;
 | 
											
												
													
														|  | 
 |  | +      ipv6 = true;
 | 
											
												
													
														|  | 
 |  | +      emails_domainonly = true;
 | 
											
												
													
														|  | 
 |  | +      returncodes {
 | 
											
												
													
														|  | 
 |  | +        URIBL_SBL = "127.0.0.2";
 | 
											
												
													
														|  | 
 |  | +        URIBL_SBL_CSS = "127.0.0.3";
 | 
											
												
													
														|  | 
 |  | +        URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
 | 
											
												
													
														|  | 
 |  | +        URIBL_PBL = ["127.0.0.10", "127.0.0.11"];
 | 
											
												
													
														|  | 
 |  | +        URIBL_DROP = "127.0.0.9";
 | 
											
												
													
														|  | 
 |  | +      }
 | 
											
												
													
														|  | 
 |  | +    }
 | 
											
												
													
														|  | 
 |  | +    SH_EMAIL_DBL {
 | 
											
												
													
														|  | 
 |  | +      ignore_defaults = true;
 | 
											
												
													
														|  | 
 |  | +      replyto = true;
 | 
											
												
													
														|  | 
 |  | +      emails_domainonly = true;
 | 
											
												
													
														|  | 
 |  | +      disable_monitoring = true;
 | 
											
												
													
														|  | 
 |  | +      rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net"
 | 
											
												
													
														|  | 
 |  | +      returncodes = {
 | 
											
												
													
														|  | 
 |  | +        SH_EMAIL_DBL = [
 | 
											
												
													
														|  | 
 |  | +          "127.0.1.2",
 | 
											
												
													
														|  | 
 |  | +          "127.0.1.4",
 | 
											
												
													
														|  | 
 |  | +          "127.0.1.5",
 | 
											
												
													
														|  | 
 |  | +          "127.0.1.6"
 | 
											
												
													
														|  | 
 |  | +        ];
 | 
											
												
													
														|  | 
 |  | +        SH_EMAIL_DBL_ABUSED = [
 | 
											
												
													
														|  | 
 |  | +          "127.0.1.102",
 | 
											
												
													
														|  | 
 |  | +          "127.0.1.104",
 | 
											
												
													
														|  | 
 |  | +          "127.0.1.105",
 | 
											
												
													
														|  | 
 |  | +          "127.0.1.106"
 | 
											
												
													
														|  | 
 |  | +        ];
 | 
											
												
													
														|  | 
 |  | +        SH_EMAIL_DBL_DONT_QUERY_IPS = [ "127.0.1.255" ];
 | 
											
												
													
														|  | 
 |  | +      }
 | 
											
												
													
														|  | 
 |  | +    }
 | 
											
												
													
														|  | 
 |  | +    SH_EMAIL_ZRD {
 | 
											
												
													
														|  | 
 |  | +      ignore_defaults = true;
 | 
											
												
													
														|  | 
 |  | +      replyto = true;
 | 
											
												
													
														|  | 
 |  | +      emails_domainonly = true;
 | 
											
												
													
														|  | 
 |  | +      disable_monitoring = true;
 | 
											
												
													
														|  | 
 |  | +      rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net"
 | 
											
												
													
														|  | 
 |  | +      returncodes = {
 | 
											
												
													
														|  | 
 |  | +        SH_EMAIL_ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
 | 
											
												
													
														|  | 
 |  | +        SH_EMAIL_ZRD_FRESH_DOMAIN = [
 | 
											
												
													
														|  | 
 |  | +          "127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"
 | 
											
												
													
														|  | 
 |  | +        ];
 | 
											
												
													
														|  | 
 |  | +        SH_EMAIL_ZRD_DONT_QUERY_IPS = [ "127.0.2.255" ];
 | 
											
												
													
														|  | 
 |  | +      }
 | 
											
												
													
														|  | 
 |  | +  }
 | 
											
												
													
														|  | 
 |  | +  "DBL" {
 | 
											
												
													
														|  | 
 |  | +      # override the defaults for DBL defined in modules.d/rbl.conf
 | 
											
												
													
														|  | 
 |  | +      rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
 | 
											
												
													
														|  | 
 |  | +      disable_monitoring = true;
 | 
											
												
													
														|  | 
 |  | +  }
 | 
											
												
													
														|  | 
 |  | +  "ZRD" {
 | 
											
												
													
														|  | 
 |  | +      ignore_defaults = true;
 | 
											
												
													
														|  | 
 |  | +      rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
 | 
											
												
													
														|  | 
 |  | +      no_ip = true;
 | 
											
												
													
														|  | 
 |  | +      dkim = true;
 | 
											
												
													
														|  | 
 |  | +      emails = true;
 | 
											
												
													
														|  | 
 |  | +      emails_domainonly = true;
 | 
											
												
													
														|  | 
 |  | +      urls = true;
 | 
											
												
													
														|  | 
 |  | +      returncodes = {
 | 
											
												
													
														|  | 
 |  | +          ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
 | 
											
												
													
														|  | 
 |  | +          ZRD_FRESH_DOMAIN = ["127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"];
 | 
											
												
													
														|  | 
 |  | +      }
 | 
											
												
													
														|  | 
 |  | +  }
 | 
											
												
													
														|  | 
 |  | +  spamhaus_sbl_url {
 | 
											
												
													
														|  | 
 |  | +        ignore_defaults = true
 | 
											
												
													
														|  | 
 |  | +        rbl = "${SPAMHAUS_DQS_KEY}.sbl.dq.spamhaus.net";
 | 
											
												
													
														|  | 
 |  | +        checks = ['urls'];
 | 
											
												
													
														|  | 
 |  | +        disable_monitoring = true;
 | 
											
												
													
														|  | 
 |  | +        returncodes {
 | 
											
												
													
														|  | 
 |  | +            SPAMHAUS_SBL_URL = "127.0.0.2";
 | 
											
												
													
														|  | 
 |  | +        }
 | 
											
												
													
														|  | 
 |  | +    }
 | 
											
												
													
														|  | 
 |  | +
 | 
											
												
													
														|  | 
 |  | +    SH_HBL_EMAIL {
 | 
											
												
													
														|  | 
 |  | +      ignore_defaults = true;
 | 
											
												
													
														|  | 
 |  | +      rbl = "_email.${SPAMHAUS_DQS_KEY}.hbl.dq.spamhaus.net";
 | 
											
												
													
														|  | 
 |  | +      emails_domainonly = false;
 | 
											
												
													
														|  | 
 |  | +      selector = "from('smtp').lower;from('mime').lower";
 | 
											
												
													
														|  | 
 |  | +      ignore_whitelist = true;
 | 
											
												
													
														|  | 
 |  | +      checks = ['emails', 'replyto'];
 | 
											
												
													
														|  | 
 |  | +      hash = "sha1";
 | 
											
												
													
														|  | 
 |  | +      returncodes = {
 | 
											
												
													
														|  | 
 |  | +        SH_HBL_EMAIL = [
 | 
											
												
													
														|  | 
 |  | +          "127.0.3.2"
 | 
											
												
													
														|  | 
 |  | +        ];
 | 
											
												
													
														|  | 
 |  | +      }
 | 
											
												
													
														|  | 
 |  | +    }
 | 
											
												
													
														|  | 
 |  | +
 | 
											
												
													
														|  | 
 |  | +    spamhaus_dqs_hbl {
 | 
											
												
													
														|  | 
 |  | +      symbol = "HBL_FILE_UNKNOWN";
 | 
											
												
													
														|  | 
 |  | +      rbl = "_file.${SPAMHAUS_DQS_KEY}.hbl.dq.spamhaus.net.";
 | 
											
												
													
														|  | 
 |  | +      selector = "attachments('rbase32', 'sha256')";
 | 
											
												
													
														|  | 
 |  | +      ignore_whitelist = true;
 | 
											
												
													
														|  | 
 |  | +      ignore_defaults = true;
 | 
											
												
													
														|  | 
 |  | +      returncodes {
 | 
											
												
													
														|  | 
 |  | +        SH_HBL_FILE_MALICIOUS = "127.0.3.10";
 | 
											
												
													
														|  | 
 |  | +        SH_HBL_FILE_SUSPICIOUS = "127.0.3.15";
 | 
											
												
													
														|  | 
 |  | +      }
 | 
											
												
													
														|  | 
 |  | +    }
 | 
											
												
													
														|  | 
 |  | +  }
 | 
											
												
													
														|  | 
 |  | +EOF
 | 
											
												
													
														|  | 
 |  | +else
 | 
											
												
													
														|  | 
 |  | +  rm -rf /etc/rspamd/custom/dqs-rbl.conf
 | 
											
												
													
														|  | 
 |  | +fi
 | 
											
												
													
														|  | 
 |  | +
 | 
											
												
													
														|  |  exec "$@"
 |  |  exec "$@"
 |