[Rspamd-Users] Regarding Malicious File blocking using hashes in rspamd
Vsevolod Stakhov
vsevolod at rspamd.com
Tue Jul 14 13:42:16 UTC 2020
On 14/07/2020 14:12, Riccardo Alfieri wrote:
> On 14/07/20 13:51, Vsevolod Stakhov wrote:
>
>> As I have said, this is a wrong approach as it is alien to Rspamd
>> architecture and requires lot's of extra work (e.g. multiple sha256
>> calculations). Here is the correct one:
>>
>> spamhaus_dqs_hbl {
>> symbol = "HBL_FILE_UNKNOWN";
>> rbl = "_file.{= SPAMHAUS_DQS_KEY =}.hbl.dq.spamhaus.net.";
>> selector = "attachments('rbase32', 'sha256')";
>> ignore_whitelist = true;
>> ignore_defaults = true;
>> returncodes {
>> HBL_FILE_MALICIOUS = "127.0.3.10";
>> HBL_FILE_SUSPICIOUS = "127.0.3.15";
>> }
>> }
> Thank you very much for pointing out to me how selectors work. Is there
> a way I can check the Rspamd version through rspamd.local.lua? In this
> way I could possibly dynamically use RFC base32 feature if Rspamd>=2.6
> and keep using the "old" approach for versions 2.0-2.5
>
You can use jinja templates in all Rspamd config files:
{% if tonumber(version or '0') >= 2.6 %}
# Config for 2.6+
{% else %}
# Legacy config
{% endif %}
More information about the Users
mailing list