[Rspamd-Users] Control rspamd depending on subject content

Andreas rspamd at linuxmaker.com
Sat Jan 20 11:00:59 UTC 2024 

Am Samstag, 20. Januar 2024, 11:16:04 CET schrieb G.W. Haywood:
> Hi there,
> 
> On Sat, 20 Jan 2024, Andreas wrote:
> > To avoid annoying spam that gets through Rspamd, I wrote this script
> > 
> > #!/bin/bash +x
> > if [ ! $UID = 0 ]
> > then
> > 
> >       /usr/bin/su -
> > 
> > fi
> > ...
> 
> In general I would advise against all use of sudo on a mail server
> which is exposed to the Internet.  Its use makes the steps from an
> initial compromise to full control of the machine very much easier
> for the criminals.  Some of them are a lot better than we are, for
> the simple reason that they do it for a living, all day every day.
> 
> > Can Rspamd be configured similarly to the script shown so that a reject is
> > triggered immediately depending on special terms in the subject?
> 
> There is great flexibility in rspamd configuration.  See for example
> 
> https://rspamd.com/doc/tutorials/writing_rules.html#regexp-rules
> https://rspamd.com/doc/modules/force_actions.html
> 
> Unfortunately things like using regexes to drop mail which contains
> particular words or phrases can eventually degenerate into a game of
> "whack-a-mole".  The maintenance can be costly.  I always try to look
> for more general features in unwanted mail; the usually unseen headers
> can be a rich source of information.
> 
> If you aren't using the rbl module
> 
> https://rspamd.com/doc/modules/rbl.html
> 
> then you should consider it.  After careful setup it can probably
> remove a large fraction of your spam with almost no maintenance.

Thank you for the URLs, they are very informative. 

I find the warning expose at the beginning a little inappropriate. We all know 
that a normal user on Linux cannot change anything in the system. Only the 
root can do this, or this sudo. That's exactly what I think is very dangerous 
- see Ubuntu. Because everyone, every village idiot can change something.
But those who administrate with "su -" plus root password, I think, are so 
skilled that they know what they're doing.

Anyway, thank you very much

Andreas

More information about the Users mailing list