[Rspamd-Users] Regarding Malicious File blocking using hashes in rspamd
Riccardo Alfieri
riccardo.alfieri at spamteq.com
Tue Jul 14 13:12:26 UTC 2020
On 14/07/20 13:51, Vsevolod Stakhov wrote:
> As I have said, this is a wrong approach as it is alien to Rspamd
> architecture and requires lot's of extra work (e.g. multiple sha256
> calculations). Here is the correct one:
>
> spamhaus_dqs_hbl {
> symbol = "HBL_FILE_UNKNOWN";
> rbl = "_file.{= SPAMHAUS_DQS_KEY =}.hbl.dq.spamhaus.net.";
> selector = "attachments('rbase32', 'sha256')";
> ignore_whitelist = true;
> ignore_defaults = true;
> returncodes {
> HBL_FILE_MALICIOUS = "127.0.3.10";
> HBL_FILE_SUSPICIOUS = "127.0.3.15";
> }
> }
Thank you very much for pointing out to me how selectors work. Is there
a way I can check the Rspamd version through rspamd.local.lua? In this
way I could possibly dynamically use RFC base32 feature if Rspamd>=2.6
and keep using the "old" approach for versions 2.0-2.5
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
More information about the Users
mailing list