You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by ozgurerdogan <oz...@yesilbeyaz.com.tr> on 2018/12/10 11:18:21 UTC
Spamassassin using remote rules definition source?
I have many servers using spamassassin. Time to time, I may need to add
custom rules to SA to block certain mails. It is time consuming doing it on
each server. Is it somehow possible to create a one source for all
Spamassassin using server and update rule set from that source?
--
Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html
Re: Spamassassin using remote rules definition source?
Posted by Martin Gregorie <ma...@gregorie.org>.
On Mon, 2018-12-10 at 04:18 -0700, ozgurerdogan wrote:
> I have many servers using spamassassin. Time to time, I may need to
> add
> custom rules to SA to block certain mails. It is time consuming doing
> it on
> each server. Is it somehow possible to create a one source for all
> Spamassassin using server and update rule set from that source?
>
Install SA on a PC running the same OS as the servers. Keep your spam
corpus there and use it as your SA rule development system.
Then either use a script to distribute your rules to the servers via
scp and to force an SA restart to make them active.
or use a version control system to hold checked-on rules. Run a cron
job on all your servers that periodically checks version control for
new and revised rules and, if any new rules were uploaded, forces an SA
restart to make them active.
Martin
Re: Spamassassin using remote rules definition source?
Posted by Brent Clark <br...@gmail.com>.
On 2018/12/10 13:57, ozgurerdogan wrote:
> I simply need to write custom rules to block certain mails, domain names. Do
> I have to learn programming language for this? Is not it easy like create a
> conf file and let Sa update rules from that source remotely via http?
>
Nothing comes to mind, else try:
https://www.unixmen.com/copying-files-to-multiple-systems-simultaneously-with-pssh/
Then use pssh to restart spamd.
Regards
Brent
Re: Spamassassin using remote rules definition source?
Posted by Alan Hodgson <ah...@lists.simkin.ca>.
On Mon, 2018-12-10 at 04:57 -0700, ozgurerdogan wrote:
> I simply need to write custom rules to block certain mails, domain names. Do
> I have to learn programming language for this? Is not it easy like create a
> conf file and let Sa update rules from that source remotely via http?
>
>
cron + wget + reload.
Although if you're running multiple servers it's well worth setting up
puppet or something similar eventually.
Re: Spamassassin using remote rules definition source?
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Mon, 10 Dec 2018, ozgurerdogan wrote:
> I simply need to write custom rules to block certain mails, domain names. Do
> I have to learn programming language for this? Is not it easy like create a
> conf file and let Sa update rules from that source remotely via http?
If your primary need is to block certain domain names it might be easier to
create your own custom DNS-RBL and add rules to your SA configuration to score
against that.
Once you've got the DNS-RBL built (I recommend rbldnsd,
http://www.corpit.ru/mjt/rbldnsd.html) and the querying rules added to your SA
config, then updating is just a matter of adding new names to your DNS-RBL. If
you use rbldnsd, it's as easy as just "echoing" names onto the end of a text file.
By clever usage of the IP address associated with the name and the scoring rules
it is possible to have different scores assigned to specific names.
EG: if a name has the address 127.0.0.2 then give it a score of +2 if 127.0.0.4
then give it a score of 10.
So if a host is a bit spammy then the 127.0.0.2 address will not outright
black-list it but help score with other indications (EG Bayes, etc).
Whereas if you give it a 127.0.0.4 then it's a one-shot kill.
I actually run two local RBLs, one for DNS/Hostnames and one for URI-RBL to hit
specific URLs within messages.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: Spamassassin using remote rules definition source?
Posted by Martin Gregorie <ma...@gregorie.org>.
On Mon, 2018-12-10 at 04:57 -0700, ozgurerdogan wrote:
> I simply need to write custom rules to block certain mails, domain
> names. Do I have to learn programming language for this? Is not it
> easy like create a conf file and let Sa update rules from that source
> remotely via http?
>
Thats all explained in the SA documentation, but you do know enough
Perl to write regular expressions. SA rules are built round them.
You don't need to any more Perl that to test and debug rules. To do
that you need an SA installation on a PC. You can also use grep (with
the -P option) to check regular expression syntax before writing an SA
rule that uses the regex.
Martin
Re: Spamassassin using remote rules definition source?
Posted by ozgurerdogan <oz...@yesilbeyaz.com.tr>.
I simply need to write custom rules to block certain mails, domain names. Do
I have to learn programming language for this? Is not it easy like create a
conf file and let Sa update rules from that source remotely via http?
--
Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html
Re: Spamassassin using remote rules definition source?
Posted by Brent Clark <br...@gmail.com>.
On 2018/12/10 13:18, ozgurerdogan wrote:
> I have many servers using spamassassin. Time to time, I may need to add
> custom rules to SA to block certain mails. It is time consuming doing it on
> each server. Is it somehow possible to create a one source for all
> Spamassassin using server and update rule set from that source?
>
Puppet -> Puppetbolt
Ansible
Take your pick
Regards
Brent
Re: Spamassassin using remote rules definition source?
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 10 Dec 2018, at 13:28, ozgurerdogan wrote:
> Can you give me some more step by step for :
>
> "set up your own local published ruleset source and configure your
> instances to include that in their rule sources for the standard
> sa-update
> processing (will require managing DNS entries and generating SHA
> checksums
> for the rules file) "
>
> This is what I needed. Thank you everyone by the way.
The setup John refers to is fully documented at
https://wiki.apache.org/spamassassin/PublishingRuleUpdates
Re: Spamassassin using remote rules definition source?
Posted by ozgurerdogan <oz...@yesilbeyaz.com.tr>.
Can you give me some more step by step for :
"set up your own local published ruleset source and configure your
instances to include that in their rule sources for the standard sa-update
processing (will require managing DNS entries and generating SHA checksums
for the rules file) "
This is what I needed. Thank you everyone by the way.
--
Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html
Re: Spamassassin using remote rules definition source?
Posted by Kris Deugau <kd...@vianet.ca>.
Kevin A. McGrail wrote:
> On 12/10/2018 2:49 PM, Kris Deugau wrote:
>> The master/reference files are stored in a Subversion repository.
>> Commits to particular paths trigger the creation of the tarball, SHA*
>> hash files, and GPG signature. A cron job on our DNS master server
>> polls the repository to see if any of the paths have a higher
>> last-changed revision, and update the DNS subzone if so.
>
> Nice. I'd like to see your svn commit hook scripts if you can share.
The full script also updates some custom ClamAV signature workspaces (I
happen to have local ClamAV signatures in the same repository), but the
SA bits are below. It could arguably use several kinds of error checking.
Watch for word wrap.
-kgd
====
#!/bin/bash
# Checks to see if updates were made to the prod/ or leanrules/ directories,
# if so, it pushes out the files necessary for sa-update to snag
# DNS updates are handled via polled pull rather than push
REPO="$1"
REV="$2"
PATH=/bin:/usr/bin
WEBROOT=/path/to/webroot
echo $REV >$WEBROOT/workspace/lastcommit
# check for changes within prod/
PRODCHG=`svnlook changed -r $REV $REPO |grep -c prod/.`
if [ "$PRODCHG" -gt 0 ]; then
echo $REV >$WEBROOT/workspace/main/rev
cd $WEBROOT/workspace/main
svn up -q -r $REV
tar -c *.cf |gzip >$WEBROOT/updates/$REV.tar.gz
sha1sum $WEBROOT/updates/$REV.tar.gz > $WEBROOT/updates/$REV.tar.gz.sha1
sha256sum $WEBROOT/updates/$REV.tar.gz >
$WEBROOT/updates/$REV.tar.gz.sha256
sha512sum $WEBROOT/updates/$REV.tar.gz >
$WEBROOT/updates/$REV.tar.gz.sha512
cd $WEBROOT/updates
gpg --homedir /path/to/webroot/gpghome -s -b -a $REV.tar.gz
fi
# check for changes within leanrules/
PRODCHG=`svnlook changed -r $REV $REPO |grep -c leanrules/.`
if [ "$PRODCHG" -gt 0 ]; then
echo $REV >$WEBROOT/workspace/lean/rev
cd $WEBROOT/workspace/lean
svn up -q -r $REV
tar -c *.cf |gzip >$WEBROOT/lean/$REV.tar.gz
sha1sum $WEBROOT/lean/$REV.tar.gz > $WEBROOT/lean/$REV.tar.gz.sha1
sha256sum $WEBROOT/lean/$REV.tar.gz > $WEBROOT/lean/$REV.tar.gz.sha256
sha512sum $WEBROOT/lean/$REV.tar.gz > $WEBROOT/lean/$REV.tar.gz.sha512
cd $WEBROOT/lean
gpg --homedir /path/to/webroot/gpghome -s -b -a $REV.tar.gz
fi
====
Re: Spamassassin using remote rules definition source?
Posted by "Kevin A. McGrail" <km...@apache.org>.
On 12/10/2018 2:49 PM, Kris Deugau wrote:
> The master/reference files are stored in a Subversion repository.
> Commits to particular paths trigger the creation of the tarball, SHA*
> hash files, and GPG signature. A cron job on our DNS master server
> polls the repository to see if any of the paths have a higher
> last-changed revision, and update the DNS subzone if so.
Nice. I'd like to see your svn commit hook scripts if you can share.
--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
Re: Spamassassin using remote rules definition source?
Posted by Kris Deugau <kd...@vianet.ca>.
John Hardin wrote:
> On Mon, 10 Dec 2018, ozgurerdogan wrote:
>
>> I have many servers using spamassassin. Time to time, I may need to add
>> custom rules to SA to block certain mails. It is time consuming doing
>> it on
>> each server. Is it somehow possible to create a one source for all
>> Spamassassin using server and update rule set from that source?
>
> Certainly. There are several ways, at the least:
>
> (1) set up file replication from a tested master copy (probably pretty
> simple)
This is probably the better choice if you have a single platform, with
"many" nodes, to update. If you have "many" nodes, you should already
have methods to push other configuration changes out to them, and
SpamAssassin would be just another set of files.
> (2) set up your own local published ruleset source and configure your
> instances to include that in their rule sources for the standard
> sa-update processing (will require managing DNS entries and generating
> SHA checksums for the rules file)
This is useful if you have multiple different platforms to push SA rule
sets out to, or for some reason end up with multiple sets of rules that
need to be pushed out to different systems in different combinations.
I did this locally at a time when I was maintaining four very different
systems all running SA, and wanted to distribute common rules to all of
them. I'm down to one platform, with a handful of nodes, but since this
is up and running it's simpler to just keep using it.
The master/reference files are stored in a Subversion repository.
Commits to particular paths trigger the creation of the tarball, SHA*
hash files, and GPG signature. A cron job on our DNS master server
polls the repository to see if any of the paths have a higher
last-changed revision, and update the DNS subzone if so.
-kgd
Re: Spamassassin using remote rules definition source?
Posted by John Hardin <jh...@impsec.org>.
On Mon, 10 Dec 2018, ozgurerdogan wrote:
> I have many servers using spamassassin. Time to time, I may need to add
> custom rules to SA to block certain mails. It is time consuming doing it on
> each server. Is it somehow possible to create a one source for all
> Spamassassin using server and update rule set from that source?
Certainly. There are several ways, at the least:
(1) set up file replication from a tested master copy (probably pretty
simple)
(2) set up your own local published ruleset source and configure your
instances to include that in their rule sources for the standard sa-update
processing (will require managing DNS entries and generating SHA checksums
for the rules file)
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The yardstick you should use when considering whether to support a
given piece of legislation is "what if my worst enemy is chosen to
administer this law?"
-----------------------------------------------------------------------
5 days until Bill of Rights day