[Rspamd-Users] Regarding Malicious File blocking using hashes in rspamd
Vsevolod Stakhov
vsevolod at rspamd.com
Tue Jul 14 13:45:52 UTC 2020
On 14/07/2020 14:42, Vsevolod Stakhov wrote:
> On 14/07/2020 14:12, Riccardo Alfieri wrote:
>> On 14/07/20 13:51, Vsevolod Stakhov wrote:
>>
>>> As I have said, this is a wrong approach as it is alien to Rspamd
>>> architecture and requires lot's of extra work (e.g. multiple sha256
>>> calculations). Here is the correct one:
>>>
>>> spamhaus_dqs_hbl {
>>> symbol = "HBL_FILE_UNKNOWN";
>>> rbl = "_file.{= SPAMHAUS_DQS_KEY =}.hbl.dq.spamhaus.net.";
>>> selector = "attachments('rbase32', 'sha256')";
>>> ignore_whitelist = true;
>>> ignore_defaults = true;
>>> returncodes {
>>> HBL_FILE_MALICIOUS = "127.0.3.10";
>>> HBL_FILE_SUSPICIOUS = "127.0.3.15";
>>> }
>>> }
>> Thank you very much for pointing out to me how selectors work. Is there
>> a way I can check the Rspamd version through rspamd.local.lua? In this
>> way I could possibly dynamically use RFC base32 feature if Rspamd>=2.6
>> and keep using the "old" approach for versions 2.0-2.5
>>
>
> You can use jinja templates in all Rspamd config files:
>
> {% if tonumber(version or '0') >= 2.6 %}
> # Config for 2.6+
> {% else %}
> # Legacy config
> {% endif %}
>
One more feature about environment vars:
> env RSPAMD_FOO=BAR rspamadm lua
LuaJIT 2.0.5> rspamd_env
{[ver_major] = 2, [version] = 2.6, [FOO] = BAR, [ver_minor] = 6,
[ver_num] = 569547023187968, [hostname] = MacBook-Pro.local, [ver_id] =
release}
All keys from `rspamd_env` are immediately available in jinja templates.
Please bear in mind that `RSPAMD_` prefix that is designed to filter
sensitive variables specific to Rspamd only. This prefix is also got
removed in `rspamd_env` table.
More information about the Users
mailing list