[Rspamd-Users] rspamd_update module
Giovanni Bechis
giovanni+rspamd at paclan.it
Thu Aug 29 08:36:47 UTC 2024
On 8/28/24 10:46 PM, Gerald Galster wrote:
>> I am trying to deploy some "Rspamd 3.9 rules" to some servers (rules will be public so I cannot use Puppet/Ansible as usual) and I would like to use a web server to store the rules.
>> I've taken a look at rspamd_update module (https://rspamd.com/doc/modules/rspamd_update.html) but I cannot make it work.
>> Looking at Github issues it seems it has been disabled and there is no alternative (https://github.com/rspamd/rspamd/issues/3190).
>>
>> Is there any native way to download rules from a http server or should I script something on my own ?
>
> The bug report mentions rspamd 2.0/2.2 and *signed* ucl maps.
> Https provides some form of protection on its own even with
> unsigned content, which may or may not offer the level of
> security you require with public content.
>
> This is confirmed to work with rspamd 3.9:
>
> -------------------------------------------------------------
> # cat /etc/rspamd/local.d/rspamd_update.conf
> enabled = true;
> rules = https://example.com/tmp/rules_general.ucl
>
> # rules_general.ucl on webserver, overwriting symbol scores
>
> symbols = {
> SUBJ_EXCESS_BASE64 = 0.55,
> ...
> }
> -------------------------------------------------------------
>
> There are different kinds of "rules". Loading multimap content
> and distributing regular expressions in a central way is easy
> to accomplish:
>
> https://rspamd.com/doc/modules/multimap.html#map-field-syntax
>
thanks, does rspamd_update module supports "rbls" as well ?
On my rules.ucl I have a "rbls" stanza but it seems to be ignored.
> Besides there is always the option to retrieve any public
> resource and transform it into a suitable form, e.g. by using
> cron and scripting (bash/perl/php/curl/...) which can then
> be deployed on a web-/ansible-server under your management.
>
I will probably go that way so that I can also gpg sign rules.
thanks
Giovanni
> Best regards,
> Gerald
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.rspamd.com/pipermail/users/attachments/20240829/349d032b/attachment.bin>
More information about the Users
mailing list