You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Florent Gilain <fl...@direct-energie.com> on 2007/01/23 18:22:00 UTC

Rules_du_jour question...

Hi all,

I followed the 2 docs here : http://www.rulesemporium.com/rules.htm and
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt

But i'm not sure all is ok because link for "more info" is broken..and i'm
really a newbie  ;-((

My /etc/mail/spamassassin/sare-sa-update-channels.txt :

updates.spamassassin.org
72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net
70_sare_evilnum0.cf.sare.sa-update.dostech.net
70_sare_evilnum1.cf.sare.sa-update.dostech.net
70_sare_evilnum2.cf.sare.sa-update.dostech.net
70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net
70_sare_html.cf.sare.sa-update.dostech.net
70_sare_header0.cf.sare.sa-update.dostech.net
70_sare_specific.cf.sare.sa-update.dostech.net
70_sare_adult.cf.sare.sa-update.dostech.net
72_sare_bml_post25x.cf.sare.sa-update.dostech.net
99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
70_sare_spoof.cf.sare.sa-update.dostech.net
70_sare_random.cf.sare.sa-update.dostech.net
70_sare_oem.cf.sare.sa-update.dostech.net
70_sare_genlsubj0.cf.sare.sa-update.dostech.net
70_sare_highrisk.cf.sare.sa-update.dostech.net
70_sare_unsub.cf.sare.sa-update.dostech.net
70_sare_uri0.cf.sare.sa-update.dostech.net
70_sare_whitelist.cf.sare.sa-update.dostech.net
70_sare_obfu.cf.sare.sa-update.dostech.net
70_sare_stocks.cf.sare.sa-update.dostech.net

My /etc/rulesdujour/config file :

TRUSTED_RULESETS="TRIPWIRE SARE_REDIRECT_POST300 SARE_EVILNUMBERS0
SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 SARE_BAYES_POISON_NXM SARE_HTML
SARE_HEADER0 SARE_SPECIFIC SARE_ADULT SARE_BML SARE_FRAUD SARE_SPOOF
SARE_RANDOM SARE_OEM SARE_GENLSUBJ0 SARE_HIGHRISK SARE_UNSUB SARE_URI0
SARE_WHITELIST SARE_OBFU SARE_STOCKS";


1) I was already using sa-update in crontab to update SA standard rules.
2) I think i have mixed 2 things that should do the same thing using
different method, didn't I ? (sa-update + rules_du_jour script...)

Should i now just have to run the sa-update command line from crontab to
update everything ? Or should i add parameters like : sa-update
--channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey
856AA88A

I suppose i can delete the reules_du_jour script and config file now ?

But there is something strange in /var/lib/spamassassin, it seems to have
duplicate things :
[root@mx2 root]# ls -rtla /var/lib/spamassassin/3.001007/
total 188
-rw-r--r--    1 root     root           43 jan 23 01:45
updates_spamassassin_org.pre
-rw-r--r--    1 root     root         2200 jan 23 01:45
updates_spamassassin_org.cf
drwxr-xr-x    2 root     root         4096 jan 23 01:45
updates_spamassassin_org
drwxr-xr-x    3 root     root         4096 jan 23 01:45 ..
-rw-r--r--    1 root     root           98 jan 23 17:09
70_sare_adult_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:09
70_sare_adult_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root          111 jan 23 17:57
72_sare_redirect_post3_0_0_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
72_sare_redirect_post3_0_0_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root          101 jan 23 17:57
70_sare_evilnum0_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
70_sare_evilnum0_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root          101 jan 23 17:57
70_sare_evilnum1_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
70_sare_evilnum1_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root          101 jan 23 17:57
70_sare_evilnum2_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
70_sare_evilnum2_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root          109 jan 23 17:57
70_sare_bayes_poison_nxm_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
70_sare_bayes_poison_nxm_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root           97 jan 23 17:57
70_sare_html_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
70_sare_html_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root          100 jan 23 17:57
70_sare_header0_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
70_sare_header0_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root          101 jan 23 17:57
70_sare_specific_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
70_sare_specific_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root          104 jan 23 17:57
72_sare_bml_post25x_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
72_sare_bml_post25x_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root          106 jan 23 17:57
99_sare_fraud_post25x_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
99_sare_fraud_post25x_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root           98 jan 23 17:57
70_sare_spoof_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
70_sare_spoof_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root           99 jan 23 17:57
70_sare_random_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
70_sare_random_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root           96 jan 23 17:57
70_sare_oem_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
70_sare_oem_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root          102 jan 23 17:57
70_sare_genlsubj0_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
70_sare_genlsubj0_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root          101 jan 23 17:57
70_sare_highrisk_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:57
70_sare_highrisk_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root           98 jan 23 17:58
70_sare_unsub_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:58
70_sare_unsub_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root           97 jan 23 17:58
70_sare_uri0_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:58
70_sare_uri0_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root          102 jan 23 17:58
70_sare_whitelist_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:58
70_sare_whitelist_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root           97 jan 23 17:58
70_sare_obfu_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:58
70_sare_obfu_cf_sare_sa-update_dostech_net
-rw-r--r--    1 root     root           99 jan 23 17:58
70_sare_stocks_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x    2 root     root         4096 jan 23 17:58
70_sare_stocks_cf_sare_sa-update_dostech_net
drwxr-xr-x   24 root     root         4096 jan 23 17:58 .


Sorry for theses maybe stupid questions, i really discover SA since 2 days
ago only...

Florent

Re: Rules_du_jour question...

Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.

For the SARE rules you only need to use ONE of sa-update or 
rules_du_jour.  Either works fine.  sa-update has the potential to get 
you newer rules faster without any significant additional load on the 
servers serving the channels.

Assuming you want to use sa-update for everything...

  - remove all the SARE rules from /etc/mail/spamassassin
  - disable your rules_du_jour cron
  - continue using sa-update how you are
    (you'll find all your updated rules in /var/lib/spamassassin
     which is where they are supposed to be)


Daryl