Writing Custom Rules
1,626 views
Skip to first unread message
Michael ONeil
Aug 27, 2017, 6:59:10 PM8/27/17
to rspamd
Debian 9/Postfix/Dovecot/MariaDB/Rspamd
Trying to understand this: https://rspamd.com/doc/tutorials/writing_rules.html
The closest example I found was here: https://groups.google.com/forum/#!searchin/rspamd/writing$20rule|sort:relevance/rspamd/xrmO2DqbPQg/rsM8-Uw_BwAJ
When even creating: /etc/rspamd/rspamd.local.lua
...and restarting rspamd, it still doesn't appear in the WebUI under symbols.
As the documentation states, it may not appear or be recognized because of permissions issues.
Ok, but all the files in /rspamd are root:root 644 set from the default debian install.
No where in the documentation can I find what the permissions should be?
Is there any more detailed explanation on how to write custom rules? The tutorial covers all the different config settings, and where to enter these config settings, but nothing on what an example would look like.
Do I need to activate the rule somewhere?
Thanks
Trying to understand this: https://rspamd.com/doc/tutorials/writing_rules.html
The closest example I found was here: https://groups.google.com/forum/#!searchin/rspamd/writing$20rule|sort:relevance/rspamd/xrmO2DqbPQg/rsM8-Uw_BwAJ
When even creating: /etc/rspamd/rspamd.local.lua
...and restarting rspamd, it still doesn't appear in the WebUI under symbols.
As the documentation states, it may not appear or be recognized because of permissions issues.
Ok, but all the files in /rspamd are root:root 644 set from the default debian install.
No where in the documentation can I find what the permissions should be?
Is there any more detailed explanation on how to write custom rules? The tutorial covers all the different config settings, and where to enter these config settings, but nothing on what an example would look like.
Do I need to activate the rule somewhere?
Thanks
Michael ONeil
Aug 28, 2017, 11:15:24 AM8/28/17
to rspamd
OK, so I figure out what user the files should be: _rspamd:_rspamd based on /var/lib/rspamd directory.
I'm not sure what the difference is between the /var/lib/rspamd vs /etc/rspamd directories?
Still not recognizing: /etc/rspamd/rspamd.local.lua
I'm not sure what the difference is between the /var/lib/rspamd vs /etc/rspamd directories?
Still not recognizing: /etc/rspamd/rspamd.local.lua
Michael ONeil
Aug 29, 2017, 4:29:10 PM8/29/17
to rspamd
I know rspamd is new on the scene, no one writing their own rules yet?
Michael ONeil
Aug 31, 2017, 6:52:46 PM8/31/17
to rspamd
/etc/rspamd/rspamd.local.lua as it appears in the documentation: https://rspamd.com/doc/tutorials/writing_rules.html
OR
/etc/rspamd/rules/* as it appears in github: https://github.com/vstakhov/rspamd/tree/master/rules
It doesn't seam like ANY of the documentation in this google groups or with the provided documentation is correct in how to get this working.
And I haven't seen any response within here, has this project died?
OR
/etc/rspamd/rules/* as it appears in github: https://github.com/vstakhov/rspamd/tree/master/rules
It doesn't seam like ANY of the documentation in this google groups or with the provided documentation is correct in how to get this working.
And I haven't seen any response within here, has this project died?
Message has been deleted
Michael ONeil
Sep 1, 2017, 2:02:04 AM9/1/17
to rspamd
Banning the IPs is not working anymore. The spam is getting out of control, and being all similar, one or two rules could simply eliminate it. But I'm not getting anywhere with trying to figure out how to write a custom rule for this. Sorry rspamd isn't cutting it.
Alex JOST
Sep 1, 2017, 3:24:23 AM9/1/17
to rsp...@googlegroups.com
LUA. Do you need a specific rule that can't be done with the existing
modules? If you simply want to add/change scores based on e.g. IP,
sender, subject etc. you are best served with the multimap module.
https://rspamd.com/doc/modules/
--
Alex JOST
Michael ONeil
Sep 1, 2017, 11:36:39 AM9/1/17
to rspamd, jost+...@dimejo.at
OK, lets try a multimap then....
I added to multimap.conf
reject_content {
type = "content";
filter = "body";
map = "/${LOCAL_CONFDIR}/local.d/content.map";
symbol = "REJECT_CONTENT";
action = "reject";
regexp = true;
}
The map is read and found in the logs.
content.map contains:
/\btest\b/i
I send a "test" email, and it is NOT rejected.
What am I missing...?
I added to multimap.conf
reject_content {
type = "content";
filter = "body";
map = "/${LOCAL_CONFDIR}/local.d/content.map";
symbol = "REJECT_CONTENT";
action = "reject";
regexp = true;
}
The map is read and found in the logs.
content.map contains:
/\btest\b/i
I send a "test" email, and it is NOT rejected.
What am I missing...?
Michael ONeil
Sep 1, 2017, 12:05:55 PM9/1/17
to rspamd, jost+...@dimejo.at
OK, I got it to work!
The test email rejected.
Curious though about this line from the documentation: https://rspamd.com/doc/modules/multimap.html
"The last line of a map must have a newline symbol at the end." = What exactly does that mean? A carriage return? or something like /n ?
Because the content.map worked when I added multiple entries and a blank line at the bottom.
/\btest\b/i
/\btest2\b/i
(blank line)
Also, how would I add an embeded comment?
The example shows:
The test email rejected.
Curious though about this line from the documentation: https://rspamd.com/doc/modules/multimap.html
"The last line of a map must have a newline symbol at the end." = What exactly does that mean? A carriage return? or something like /n ?
Because the content.map worked when I added multiple entries and a blank line at the bottom.
/\btest\b/i
/\btest2\b/i
(blank line)
Also, how would I add an embeded comment?
The example shows:
key2 # Embedded comment
So the above would be:/\btest\b/i # Test
/\btest2\b/i # Test2
(blank line)
I tried that and when rejected it only shows the: symbol = "REJECT_CONTENT";
I assumed this meant the embedded comment would be listed in the logs with the REJECTED_CONTENT line, no?
Thanks
Alex JOST
Sep 1, 2017, 1:32:36 PM9/1/17
to rsp...@googlegroups.com
Am 01.09.2017 um 18:05 schrieb Michael ONeil:
> OK, I got it to work!
>
> The test email rejected.
>
> Curious though about this line from the documentation:
> https://rspamd.com/doc/modules/multimap.html
> "The last line of a map *must* have a newline symbol at the end." = What
> OK, I got it to work!
>
> The test email rejected.
>
> Curious though about this line from the documentation:
> https://rspamd.com/doc/modules/multimap.html
> exactly does that mean? A carriage return? or something like /n ?
>
> Because the content.map worked when I added multiple entries and a blank
> line at the bottom.
> /\btest\b/i
> /\btest2\b/i
> (blank line)
One of the developers might give you a more concrete answer, but as I
>
> Because the content.map worked when I added multiple entries and a blank
> line at the bottom.
> /\btest\b/i
> /\btest2\b/i
> (blank line)
understood it you simply need to add a blank line at the end.
> Also, how would I add an embeded comment?
> The example shows: key2 # Embedded comment
> So the above would be:
> /\btest\b/i # Test
> /\btest2\b/i # Test2
> (blank line)
> I tried that and when rejected it only shows the: symbol = "REJECT_CONTENT";
> I assumed this meant the embedded comment would be listed in the logs with
> the REJECTED_CONTENT line, no?
different depending on the regexp (but keep everything in one map) you
can use 'multiple symbol maps'.
https://rspamd.com/doc/modules/multimap.html#multiple-symbol-maps
--
Alex JOST
Michael ONeil
Oct 29, 2017, 12:22:16 PM10/29/17
to rspamd
OK, so now...how would I create a customer whitelist for this filter?
Do I add it to the multimap.conf? Like in the example?
Do I add it to the multimap.conf? Like in the example?
# local.d/multimap.conf
IP_WHITELIST {
type = "ip";
map = "/tmp/ip.map";
prefilter = true;
action = "accept";
}
Thanks
Reply all
Reply to author
Forward
0 new messages