[Rspamd-Users] Simple rule trouble.
G.W. Haywood
rspamd at jubileegroup.co.uk
Wed Sep 10 16:04:03 UTC 2025
Hi there,
On Thu, 11 Sep 2025, Michelle Sullivan wrote:
> ... still runs into the issue of I have to deploy them which is
> change control, peer-review, approval, scheduling then finally 4
> hours of someone deploying them
Four hours seems onerous. Do you use anything like Puppet?
> ... impractical for something that needs a dynamic response.
I run milters which use Yara rules to flag e.g. IP addresses as
'unwanted' or something to that effect. The flags (plus a load of
other stuff) are written to our Postgres 'connections' table which a
cron job queries every few minutes. When this script finds e.g. a
flagged IP it adds an ipset DROP rule. There are currently just over
nine hundred rules, which can be anything from a /32 to a /8.
Almost everything is dynamic, the only manual steps are (1) modifying
(or possibly adding) Yara rules when nothing has flagged the unwanted
connectioon/message before it falls through to our greylisting, and
(2) consolidating ipset rules every now and then to reduce numbers of
rules, for example 192.0.2.0/32,192.0.2.1/32 => 192.0.2.0/31.
Activity (2) could easily and fairly trivially be automated too.
Would something like that reduce the time you spend hidebound?
--
73,
Ged.
More information about the Users
mailing list