You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Florent Gilain <fl...@direct-energie.com> on 2007/01/23 18:22:00 UTC
Rules_du_jour question...
Hi all,
I followed the 2 docs here : http://www.rulesemporium.com/rules.htm and
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
But i'm not sure all is ok because link for "more info" is broken..and i'm
really a newbie ;-((
My /etc/mail/spamassassin/sare-sa-update-channels.txt :
updates.spamassassin.org
72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net
70_sare_evilnum0.cf.sare.sa-update.dostech.net
70_sare_evilnum1.cf.sare.sa-update.dostech.net
70_sare_evilnum2.cf.sare.sa-update.dostech.net
70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net
70_sare_html.cf.sare.sa-update.dostech.net
70_sare_header0.cf.sare.sa-update.dostech.net
70_sare_specific.cf.sare.sa-update.dostech.net
70_sare_adult.cf.sare.sa-update.dostech.net
72_sare_bml_post25x.cf.sare.sa-update.dostech.net
99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
70_sare_spoof.cf.sare.sa-update.dostech.net
70_sare_random.cf.sare.sa-update.dostech.net
70_sare_oem.cf.sare.sa-update.dostech.net
70_sare_genlsubj0.cf.sare.sa-update.dostech.net
70_sare_highrisk.cf.sare.sa-update.dostech.net
70_sare_unsub.cf.sare.sa-update.dostech.net
70_sare_uri0.cf.sare.sa-update.dostech.net
70_sare_whitelist.cf.sare.sa-update.dostech.net
70_sare_obfu.cf.sare.sa-update.dostech.net
70_sare_stocks.cf.sare.sa-update.dostech.net
My /etc/rulesdujour/config file :
TRUSTED_RULESETS="TRIPWIRE SARE_REDIRECT_POST300 SARE_EVILNUMBERS0
SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 SARE_BAYES_POISON_NXM SARE_HTML
SARE_HEADER0 SARE_SPECIFIC SARE_ADULT SARE_BML SARE_FRAUD SARE_SPOOF
SARE_RANDOM SARE_OEM SARE_GENLSUBJ0 SARE_HIGHRISK SARE_UNSUB SARE_URI0
SARE_WHITELIST SARE_OBFU SARE_STOCKS";
1) I was already using sa-update in crontab to update SA standard rules.
2) I think i have mixed 2 things that should do the same thing using
different method, didn't I ? (sa-update + rules_du_jour script...)
Should i now just have to run the sa-update command line from crontab to
update everything ? Or should i add parameters like : sa-update
--channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey
856AA88A
I suppose i can delete the reules_du_jour script and config file now ?
But there is something strange in /var/lib/spamassassin, it seems to have
duplicate things :
[root@mx2 root]# ls -rtla /var/lib/spamassassin/3.001007/
total 188
-rw-r--r-- 1 root root 43 jan 23 01:45
updates_spamassassin_org.pre
-rw-r--r-- 1 root root 2200 jan 23 01:45
updates_spamassassin_org.cf
drwxr-xr-x 2 root root 4096 jan 23 01:45
updates_spamassassin_org
drwxr-xr-x 3 root root 4096 jan 23 01:45 ..
-rw-r--r-- 1 root root 98 jan 23 17:09
70_sare_adult_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:09
70_sare_adult_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 111 jan 23 17:57
72_sare_redirect_post3_0_0_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
72_sare_redirect_post3_0_0_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 101 jan 23 17:57
70_sare_evilnum0_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
70_sare_evilnum0_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 101 jan 23 17:57
70_sare_evilnum1_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
70_sare_evilnum1_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 101 jan 23 17:57
70_sare_evilnum2_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
70_sare_evilnum2_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 109 jan 23 17:57
70_sare_bayes_poison_nxm_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
70_sare_bayes_poison_nxm_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 97 jan 23 17:57
70_sare_html_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
70_sare_html_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 100 jan 23 17:57
70_sare_header0_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
70_sare_header0_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 101 jan 23 17:57
70_sare_specific_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
70_sare_specific_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 104 jan 23 17:57
72_sare_bml_post25x_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
72_sare_bml_post25x_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 106 jan 23 17:57
99_sare_fraud_post25x_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
99_sare_fraud_post25x_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 98 jan 23 17:57
70_sare_spoof_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
70_sare_spoof_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 99 jan 23 17:57
70_sare_random_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
70_sare_random_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 96 jan 23 17:57
70_sare_oem_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
70_sare_oem_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 102 jan 23 17:57
70_sare_genlsubj0_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
70_sare_genlsubj0_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 101 jan 23 17:57
70_sare_highrisk_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:57
70_sare_highrisk_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 98 jan 23 17:58
70_sare_unsub_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:58
70_sare_unsub_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 97 jan 23 17:58
70_sare_uri0_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:58
70_sare_uri0_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 102 jan 23 17:58
70_sare_whitelist_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:58
70_sare_whitelist_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 97 jan 23 17:58
70_sare_obfu_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:58
70_sare_obfu_cf_sare_sa-update_dostech_net
-rw-r--r-- 1 root root 99 jan 23 17:58
70_sare_stocks_cf_sare_sa-update_dostech_net.cf
drwxr-xr-x 2 root root 4096 jan 23 17:58
70_sare_stocks_cf_sare_sa-update_dostech_net
drwxr-xr-x 24 root root 4096 jan 23 17:58 .
Sorry for theses maybe stupid questions, i really discover SA since 2 days
ago only...
Florent
Re: Rules_du_jour question...
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
For the SARE rules you only need to use ONE of sa-update or
rules_du_jour. Either works fine. sa-update has the potential to get
you newer rules faster without any significant additional load on the
servers serving the channels.
Assuming you want to use sa-update for everything...
- remove all the SARE rules from /etc/mail/spamassassin
- disable your rules_du_jour cron
- continue using sa-update how you are
(you'll find all your updated rules in /var/lib/spamassassin
which is where they are supposed to be)
Daryl