Add sender address blocklist

README.md

@@ -251,6 +251,14 @@ Restart the Rspamd container:
 
 To disable the plugin, just remove the RSPAMD_dqs_token variable from the `state/rspamd.env` file and restart the affected service.
 
+## Rspamd block rules
+
+Following block rule configuration files are available in the Rspamd UI configuration tab:
+
+- Exact domain: `/var/lib/rspamd/block_sender_domain.map`
+- Domain suffix: `/var/lib/rspamd/block_sender_domain_suffix.map`
+- Sender mail address: `/var/lib/rspamd/block_sender.map`
+
 ## Service discovery
 
 Another module can discover IMAP and SUBMISSION endpoints by looking up

rspamd/README.md

@@ -35,6 +35,9 @@ Well-known ports
 - `RSPAMD_bypass_score` If undefined (default) bypass rules are applied as
   an accept prefilter. Set to a negative number to turn the rules to ham
   score and run antivirus checks (e.g. `RSPAMD_bypass_score=-5.000`)
+- `RSPAMD_block_score` If undefined (default) block rules are applied as
+  an reject prefilter. Set to a number to turn the rules to spam score and 
+  run antivirus checks (e.g. `RSPAMD_block_score=20`)
 - `RSPAMD_clamavscansize` sets the maximum size (default 2 MB) for
   email attachments scanned by ClamAV in Rspamd.
   Attachments larger than this value are skipped to optimize performance.

rspamd/usr/local/bin/reload-config

@@ -33,6 +33,17 @@ rspamadm template rbl_group.conf.j2 > /etc/rspamd/local.d/rbl_group.conf
 
 envsubst >/etc/unbound/unbound.conf < unbound.conf
 
+# Create block_sender*.map files
+cd /var/lib/rspamd
+
+for f in block_sender_domain.map block_sender_domain_suffix.map block_sender.map
+do
+    if [ ! -f "$f" ];then
+        echo "" > $f
+        chown rspamd:rspamd $f
+    fi
+done
+
 main_process=$(pgrep 'rspamd: main process' || :)
 if [ -n "${main_process}" ]; then
     kill -HUP "${main_process}"

rspamd/usr/local/templates/multimap.conf.j2

@@ -72,3 +72,53 @@ BYPASS_IP {
     type = "ip";
     map = ["${DBDIR}/bypass_ip.map"];
 }
+
+#
+{% if env.block_score -%}
+# block group of rules -- add score {= env.block_score =}
+{% else -%}
+# block prefilter rules
+{% endif -%}
+#
+BLOCK_SENDER_DOMAIN {
+    {% if env.block_score -%}
+    group = "block";
+    score = {= env.block_score =};
+    {% else -%}
+    prefilter = true;
+    action = "reject";
+    {% endif -%}
+    type = "from";
+    filter = "email:domain";
+    message = "Sender domain rejected";
+    map = ["${DBDIR}/block_sender_domain.map"];
+}
+
+BLOCK_SENDER_DOMAIN_SUFFIX {
+    {% if env.block_score -%}
+    group = "block";
+    score = {= env.block_score =};
+    {% else -%}
+    prefilter = true;
+    action = "reject";
+    {% endif -%}
+    regexp = true;
+    type = "from";
+    filter = "email:domain";
+    message = "Sender domain suffix rejected";
+    map = ["${DBDIR}/block_sender_domain_suffix.map"];
+}
+
+BLOCK_SENDER {
+    {% if env.block_score -%}
+    group = "block";
+    score = {= env.block_score =};
+    {% else -%}
+    prefilter = true;
+    action = "reject";
+    {% endif -%}
+    type = "from";
+    filter = "email";
+    message = "Sender address rejected";
+    map = ["${DBDIR}/block_sender.map"];
+}