[Rspamd-Users] Control rspamd depending on subject content
G.W. Haywood
rspamd at jubileegroup.co.uk
Sat Jan 20 10:16:04 UTC 2024
Hi there,
On Sat, 20 Jan 2024, Andreas wrote:
> To avoid annoying spam that gets through Rspamd, I wrote this script
>
> #!/bin/bash +x
> if [ ! $UID = 0 ]
> then
> /usr/bin/su -
> fi
> ...
In general I would advise against all use of sudo on a mail server
which is exposed to the Internet. Its use makes the steps from an
initial compromise to full control of the machine very much easier
for the criminals. Some of them are a lot better than we are, for
the simple reason that they do it for a living, all day every day.
> Can Rspamd be configured similarly to the script shown so that a reject is triggered
> immediately depending on special terms in the subject?
There is great flexibility in rspamd configuration. See for example
https://rspamd.com/doc/tutorials/writing_rules.html#regexp-rules
https://rspamd.com/doc/modules/force_actions.html
Unfortunately things like using regexes to drop mail which contains
particular words or phrases can eventually degenerate into a game of
"whack-a-mole". The maintenance can be costly. I always try to look
for more general features in unwanted mail; the usually unseen headers
can be a rich source of information.
If you aren't using the rbl module
https://rspamd.com/doc/modules/rbl.html
then you should consider it. After careful setup it can probably
remove a large fraction of your spam with almost no maintenance.
--
73,
Ged.
More information about the Users
mailing list