[Rspamd-Users] Regarding Malicious File blocking using hashes in rspamd

[Vsevolod Stakhov]

On 14/07/2020 14:42, Vsevolod Stakhov wrote:
> On 14/07/2020 14:12, Riccardo Alfieri wrote:
>> On 14/07/20 13:51, Vsevolod Stakhov wrote:
>>
>>> As I have said, this is a wrong approach as it is alien to Rspamd
>>> architecture and requires lot's of extra work (e.g. multiple sha256
>>> calculations). Here is the correct one:
>>>
>>> spamhaus_dqs_hbl {
>>>    symbol = "HBL_FILE_UNKNOWN";
>>>    rbl = "_file.{= SPAMHAUS_DQS_KEY =}.hbl.dq.spamhaus.net.";
>>>    selector = "attachments('rbase32', 'sha256')";
>>>    ignore_whitelist = true;
>>>    ignore_defaults = true;
>>>    returncodes {
>>>      HBL_FILE_MALICIOUS = "127.0.3.10";
>>>      HBL_FILE_SUSPICIOUS = "127.0.3.15";
>>>    }
>>> }
>> Thank you very much for pointing out to me how selectors work. Is there
>> a way I can check the Rspamd version through rspamd.local.lua? In this
>> way I could possibly dynamically use RFC base32 feature if Rspamd>=2.6
>> and keep using the "old" approach for versions 2.0-2.5
>>
> 
> You can use jinja templates in all Rspamd config files:
> 
> {% if tonumber(version or '0') >= 2.6 %}
> # Config for 2.6+
> {% else %}
> # Legacy config
> {% endif %}
> 

One more feature about environment vars:

> env RSPAMD_FOO=BAR rspamadm lua
LuaJIT 2.0.5> rspamd_env
{[ver_major] = 2, [version] = 2.6, [FOO] = BAR, [ver_minor] = 6,
[ver_num] = 569547023187968, [hostname] = MacBook-Pro.local, [ver_id] =
release}

All keys from `rspamd_env` are immediately available in jinja templates.
Please bear in mind that `RSPAMD_` prefix that is designed to filter
sensitive variables specific to Rspamd only. This prefix is also got
removed in `rspamd_env` table.