You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Bram Mertens <br...@sofico.be> on 2007/02/25 20:03:33 UTC
how to start using sa-update
Hi
I unsubscribed from this list decembre 2004 since SA was working fine for
me and I couldn't keep up with the volume on this list.
Lately however the number of SPAM messages getting through is increasing
rapidly so I could use some help.
Currently I'm running SpamAssassin version 3.1.7-deb ( running on Perl
version 5.8.8) on Debian Etch. Without RDJ or any other tool to update my
rules.
While checking the archives and the wiki I learned of the new sa-update
tool and it appears to be very interesting. Unfortunately I (apparantely
like several others) am strugling to understand where to put the various
rules.
Right now I have:
* the SA "default" rules - meaning the rules distributed by SA in
/usr/share/spamassassin
* Some of the SARE rules and a rule I wrote myself in /etc/spamassassin
Sa-update will create a /var/lib/spamassassin/3.xxxx folder containg the
various rules downloaded from the various channels.
What I don't understand (and I have read quite a few messages about this
topic in the archives) is whether this new directory replaces one of the
above or not. Put differently: will the (currently outdated) rules in
/etc/spamassassin and my own rule in that same directory still be used or
should I move the ones I still need to some other directory? If so which
one?
Thanks in advance
Bram
Re: how to start using sa-update
Posted by David Goldsmith <dg...@sans.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Fleming wrote:
> Thanks for the Q&A! Now, is there any functional difference between
> using sa-update in this way and using RDJ to get the SARE rules? (I'm
> using RDJ right now, so what would I gain by changing to sa-update with
> a SARE channel? Thanks! - John
sa-update can be used to get both Core and SARE rulesets.
RDJ only grabs the SARE sets, so you'll still need sa-update.
RDJ will automatically restart SA if there were new rules downloaded.
sa-update does not auto-restart. You can use the return code to
determine if there were new rules and restart SA on your own if needed.
David Goldsmith
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3rc2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF4fLY417vU8/9QfkRAoHsAJ4q2gMWxcvmAnp1wDpaaPDFrXOlcgCgtil6
fV9pT3AnDJMBno+VNVxSvXg=
=ssga
-----END PGP SIGNATURE-----
Re: how to start using sa-update
Posted by John Fleming <jo...@wa9als.com>.
----- Original Message -----
From: "Daryl C. W. O'Shea" <sp...@dostech.ca>
To: "John Fleming" <jo...@wa9als.com>
Cc: <us...@spamassassin.apache.org>
Sent: Sunday, February 25, 2007 5:41 PM
Subject: Re: how to start using sa-update
> On 2/25/2007 5:31 PM, John Fleming wrote:
>>
>> ----- Original Message ----- From: "Daryl C. W. O'Shea"
>> <sp...@dostech.ca>
>> To: <us...@spamassassin.apache.org>
>> Sent: Sunday, February 25, 2007 5:21 PM
>> Subject: Re: how to start using sa-update
>>
>>
>>> On 2/25/2007 5:13 PM, John Fleming wrote:
>>>
>>>>> The sa-update channels allow you to check for new rulesets more often
>>>>> than once a day, so you can get newly released rulesets a little
>>>>> faster. Of course the SARE rules aren't really updated that often so
>>>>> this may not be a big advantage for you.
>>>>
>>>>
>>>>
>>>> So the signature is good but it's not trusted? OK. But the "channel
>>>> failed" message bothers me a bit. It says the file was downloaded, but
>>>> I don't find it. Help please... - John
>>>>
>>>> Luke:/usr/share/spamassassin# sa-update --channelfile
>>>> /usr/share/spamassassin/channels.txt -D
>>>
>>>
>>> You're missing something to tell sa-update to trust the GPG key for the
>>> channels you're using. Adding --gpgkey 856AA88A to your sa-update
>>> command line would work.
>>>
>>> I'd also save your channel file somewhere else. Anything in
>>> /usr/share/spamassassin will be deleted when you upgrade SA. I'd put it
>>> in /etc/mail/spamassassin or the home directory of the user running
>>> sa-update or somewhere else that it's not going to get deleted
>>> automatically or accidentally.
>>
>>
>> Thanks - I had that earlier when something else was wrong, and then it
>> got left out earlier! I still don't completely understand
>> /var/lib/spamassassin/3.001007/updates_spamassassin_org
>> and
>> /var/lib/spamassassin/3.001007/updates_spamassassin_org.cf
>>
>> The first directory above doesn't have the requested SARE file in it, but
>> the updates_spamassassin_org.cf has the includes line for the SARE file.
>
> If the update_spamassassin_org.cf file has anything but a version line and
> include lines that point at updates_spamassassin_org/*.cf you've come
> across a bug. If this is the case, please send me a copy of the
> updates_spamassassin_org.cf file.
>
>
>> What am I missing? IOW, where should I find the updated/downloaded SARE
>> file from dostech? I expected there to be a dostech_net directory after
>> the sa-update run...?
>
> You should have something like a
> 70_sare_stocks_cf_sare_sa-update_dostech_net directory and a
> 70_sare_stocks_cf_sare_sa-update_dostech_net.cf file for each channel.
YES! I have it working. Duh, I didn't see the appropriate directories and
files because I needed to REFRESH my WinSCP window!!! Guess that's what I
get for working from Windows! NO BUG - The update_spamassassin_org.cf file
is OK!
Thanks again Daryl for your patience! - John
Re: how to start using sa-update
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 2/25/2007 5:31 PM, John Fleming wrote:
>
> ----- Original Message ----- From: "Daryl C. W. O'Shea"
> <sp...@dostech.ca>
> To: <us...@spamassassin.apache.org>
> Sent: Sunday, February 25, 2007 5:21 PM
> Subject: Re: how to start using sa-update
>
>
>> On 2/25/2007 5:13 PM, John Fleming wrote:
>>
>>>> The sa-update channels allow you to check for new rulesets more
>>>> often than once a day, so you can get newly released rulesets a
>>>> little faster. Of course the SARE rules aren't really updated that
>>>> often so this may not be a big advantage for you.
>>>
>>>
>>>
>>> So the signature is good but it's not trusted? OK. But the "channel
>>> failed" message bothers me a bit. It says the file was downloaded,
>>> but I don't find it. Help please... - John
>>>
>>> Luke:/usr/share/spamassassin# sa-update --channelfile
>>> /usr/share/spamassassin/channels.txt -D
>>
>>
>> You're missing something to tell sa-update to trust the GPG key for
>> the channels you're using. Adding --gpgkey 856AA88A to your
>> sa-update command line would work.
>>
>> I'd also save your channel file somewhere else. Anything in
>> /usr/share/spamassassin will be deleted when you upgrade SA. I'd put
>> it in /etc/mail/spamassassin or the home directory of the user running
>> sa-update or somewhere else that it's not going to get deleted
>> automatically or accidentally.
>
>
> Thanks - I had that earlier when something else was wrong, and then it
> got left out earlier! I still don't completely understand
> /var/lib/spamassassin/3.001007/updates_spamassassin_org
> and
> /var/lib/spamassassin/3.001007/updates_spamassassin_org.cf
>
> The first directory above doesn't have the requested SARE file in it,
> but the updates_spamassassin_org.cf has the includes line for the SARE
> file.
If the update_spamassassin_org.cf file has anything but a version line
and include lines that point at updates_spamassassin_org/*.cf you've
come across a bug. If this is the case, please send me a copy of the
updates_spamassassin_org.cf file.
> What am I missing? IOW, where should I find the
> updated/downloaded SARE file from dostech? I expected there to be a
> dostech_net directory after the sa-update run...?
You should have something like a
70_sare_stocks_cf_sare_sa-update_dostech_net directory and a
70_sare_stocks_cf_sare_sa-update_dostech_net.cf file for each channel.
Daryl
Re: how to start using sa-update
Posted by John Fleming <jo...@wa9als.com>.
----- Original Message -----
From: "Daryl C. W. O'Shea" <sp...@dostech.ca>
To: <us...@spamassassin.apache.org>
Sent: Sunday, February 25, 2007 5:21 PM
Subject: Re: how to start using sa-update
> On 2/25/2007 5:13 PM, John Fleming wrote:
>>> The sa-update channels allow you to check for new rulesets more often
>>> than once a day, so you can get newly released rulesets a little faster.
>>> Of course the SARE rules aren't really updated that often so this may
>>> not be a big advantage for you.
>>
>>
>> So the signature is good but it's not trusted? OK. But the "channel
>> failed" message bothers me a bit. It says the file was downloaded, but I
>> don't find it. Help please... - John
>>
>> Luke:/usr/share/spamassassin# sa-update --channelfile
>> /usr/share/spamassassin/channels.txt -D
>
> You're missing something to tell sa-update to trust the GPG key for the
> channels you're using. Adding --gpgkey 856AA88A to your sa-update
> command line would work.
>
> I'd also save your channel file somewhere else. Anything in
> /usr/share/spamassassin will be deleted when you upgrade SA. I'd put it
> in /etc/mail/spamassassin or the home directory of the user running
> sa-update or somewhere else that it's not going to get deleted
> automatically or accidentally.
Thanks - I had that earlier when something else was wrong, and then it got
left out earlier! I still don't completely understand
/var/lib/spamassassin/3.001007/updates_spamassassin_org
and
/var/lib/spamassassin/3.001007/updates_spamassassin_org.cf
The first directory above doesn't have the requested SARE file in it, but
the updates_spamassassin_org.cf has the includes line for the SARE file.
What am I missing? IOW, where should I find the updated/downloaded SARE
file from dostech? I expected there to be a dostech_net directory after the
sa-update run...? Thanks for your patience! - John
Re: how to start using sa-update
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 2/25/2007 5:13 PM, John Fleming wrote:
>> The sa-update channels allow you to check for new rulesets more often
>> than once a day, so you can get newly released rulesets a little
>> faster. Of course the SARE rules aren't really updated that often so
>> this may not be a big advantage for you.
>
>
> So the signature is good but it's not trusted? OK. But the "channel
> failed" message bothers me a bit. It says the file was downloaded, but
> I don't find it. Help please... - John
>
> Luke:/usr/share/spamassassin# sa-update --channelfile
> /usr/share/spamassassin/channels.txt -D
You're missing something to tell sa-update to trust the GPG key for the
channels you're using. Adding --gpgkey 856AA88A to your sa-update
command line would work.
I'd also save your channel file somewhere else. Anything in
/usr/share/spamassassin will be deleted when you upgrade SA. I'd put it
in /etc/mail/spamassassin or the home directory of the user running
sa-update or somewhere else that it's not going to get deleted
automatically or accidentally.
Daryl
Re: how to start using sa-update
Posted by John Fleming <jo...@wa9als.com>.
> The sa-update channels allow you to check for new rulesets more often than
> once a day, so you can get newly released rulesets a little faster. Of
> course the SARE rules aren't really updated that often so this may not be
> a big advantage for you.
So the signature is good but it's not trusted? OK. But the "channel
failed" message bothers me a bit. It says the file was downloaded, but I
don't find it. Help please... - John
Luke:/usr/share/spamassassin# sa-update --channelfile
/usr/share/spamassassin/channels.txt -D
[32536] dbg: logger: adding facilities: all
[32536] dbg: logger: logging level is DBG
[32536] dbg: generic: SpamAssassin version 3.1.7
[32536] dbg: config: score set 0 chosen.
[32536] dbg: message: ---- MIME PARSER START ----
[32536] dbg: message: main message type: text/plain
[32536] dbg: message: parsing normal part
[32536] dbg: message: added part, type: text/plain
[32536] dbg: message: ---- MIME PARSER END ----
[32536] dbg: dns: is Net::DNS::Resolver available? yes
[32536] dbg: dns: Net::DNS version: 0.48
[32536] dbg: generic: sa-update version svn454083
[32536] dbg: generic: using update directory: /var/lib/spamassassin/3.001007
[32536] dbg: diag: perl platform: 5.008004 linux
[32536] dbg: diag: module installed: Digest::SHA1, version 2.10
[32536] dbg: diag: module installed: HTTP::Date, version 1.46
[32536] dbg: diag: module installed: Archive::Tar, version 1.23
[32536] dbg: diag: module installed: IO::Zlib, version 1.04
[32536] dbg: diag: module installed: DB_File, version 1.808
[32536] dbg: diag: module installed: HTML::Parser, version 3.45
[32536] dbg: diag: module installed: MIME::Base64, version 3.04
[32536] dbg: diag: module installed: Net::DNS, version 0.48
[32536] dbg: diag: module installed: Net::SMTP, version 2.26
[32536] dbg: diag: module not installed: Mail::SPF::Query ('require' failed)
[32536] dbg: diag: module not installed: IP::Country::Fast ('require'
failed)
[32536] dbg: diag: module installed: Razor2::Client::Agent, version 2.67
[32536] dbg: diag: module not installed: Net::Ident ('require' failed)
[32536] dbg: diag: module not installed: IO::Socket::INET6 ('require'
failed)
[32536] dbg: diag: module not installed: IO::Socket::SSL ('require' failed)
[32536] dbg: diag: module installed: Time::HiRes, version 1.59
[32536] dbg: diag: module installed: DBI, version 1.46
[32536] dbg: diag: module installed: Getopt::Long, version 2.34
[32536] dbg: diag: module installed: LWP::UserAgent, version 2.033
[32536] dbg: gpg: Searching for 'gpg'
[32536] dbg: util: current PATH is:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
[32536] dbg: util: executable for gpg was found at /usr/bin/gpg
[32536] dbg: gpg: found /usr/bin/gpg
[32536] dbg: gpg: release trusted key id list:
5E541DC959CB8BAC7C78DFDC4056A61A5244EC45
26C900A46DD40CD5AD24F6D7DEE01987265FA05B
0C2B1D7175B852C64B3CDC716C55397824F434CE
[32536] dbg: channel: reading in channelfile
/usr/share/spamassassin/channels.txt
[32536] dbg: channel: adding 70_sare_adult.cf.sare.sa-update.dostech.net
[32536] dbg: channel: attempting channel
70_sare_adult.cf.sare.sa-update.dostech.net
[32536] dbg: channel: update directory
/var/lib/spamassassin/3.001007/70_sare_adult_cf_sare_sa-update_dostech_net
[32536] dbg: channel: channel cf file
/var/lib/spamassassin/3.001007/70_sare_adult_cf_sare_sa-update_dostech_net.cf
[32536] dbg: channel: channel pre file
/var/lib/spamassassin/3.001007/70_sare_adult_cf_sare_sa-update_dostech_net.pre
[32536] dbg: dns: 7.1.3.70_sare_adult.cf.sare.sa-update.dostech.net =>
200611141100, parsed as 200611141100
[32536] dbg: channel: no MIRRORED.BY file available
[32536] dbg: http: GET request,
http://daryl.dostech.ca/sa-update/sare/70_sare_adult.cf/MIRRORED.BY
[32536] dbg: channel: MIRRORED.BY file retrieved
[32536] dbg: channel: reading MIRRORED.BY file
[32536] dbg: channel: found mirror
http://daryl.dostech.ca/sa-update/sare/70_sare_adult.cf/
[32536] dbg: channel: selected mirror
http://daryl.dostech.ca/sa-update/sare/70_sare_adult.cf
[32536] dbg: http: GET request,
http://daryl.dostech.ca/sa-update/sare/70_sare_adult.cf/200611141100.tar.gz
[32536] dbg: http: GET request,
http://daryl.dostech.ca/sa-update/sare/70_sare_adult.cf/200611141100.tar.gz.sha1
[32536] dbg: http: GET request,
http://daryl.dostech.ca/sa-update/sare/70_sare_adult.cf/200611141100.tar.gz.asc
[32536] dbg: sha1: verification wanted:
3d591f5ba1d1ab73199652d5eaa5b6550eecb67c
[32536] dbg: sha1: verification result:
3d591f5ba1d1ab73199652d5eaa5b6550eecb67c
[32536] dbg: channel: populating temp content file
[32536] dbg: gpg: populating temp signature file
[32536] dbg: gpg: calling gpg
[32536] dbg: gpg: gpg: Signature made Tue Nov 14 13:04:07 2006 EST using DSA
key ID 856AA88A
[32536] dbg: gpg: [GNUPG:] SIG_ID 2l4KioXgZb/TM/JlsILkcLRlHs0 2006-11-14
1163527447
[32536] dbg: gpg: [GNUPG:] GOODSIG 3C5C05EB856AA88A Daryl C. W. O'Shea
<sp...@dostech.ca>
[32536] dbg: gpg: gpg: Good signature from "Daryl C. W. O'Shea
<sp...@dostech.ca>"
[32536] dbg: gpg: [GNUPG:] VALIDSIG ABE0C8743B87262E5FB04F2B3C5C05EB856AA88A
2006-11-14 1163527447 0 3 0 17 2 00 ABE0C8743B87262E5FB04F2B3C5C05EB856AA88A
[32536] dbg: gpg: [GNUPG:] TRUST_UNDEFINED
[32536] dbg: gpg: gpg: WARNING: This key is not certified with a trusted
signature!
[32536] dbg: gpg: gpg: There is no indication that the signature belongs to
the owner.
[32536] dbg: gpg: Primary key fingerprint: ABE0 C874 3B87 262E 5FB0 4F2B
3C5C 05EB 856A A88A
[32536] dbg: gpg: found signature made by key
ABE0C8743B87262E5FB04F2B3C5C05EB856AA88A
[32536] dbg: gpg: key id 856AA88A is not release trusted
error: GPG validation failed!
The update downloaded successfully, but the GPG signature verification
failed.
channel: GPG validation failed, channel failed
[32536] dbg: diag: updates complete, exiting with code 4
Luke:/usr/share/spamassassin#
Re: how to start using sa-update
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 2/25/2007 3:57 PM, Brian Wilson wrote:
>
> On Feb 25, 2007, at 3:24 PM, John Fleming wrote:
>> Thanks for the Q&A! Now, is there any functional difference between
>> using sa-update in this way and using RDJ to get the SARE rules?
>> (I'm using RDJ right now, so what would I gain by changing to
>> sa-update with a SARE channel? Thanks! - John
The sa-update channels allow you to check for new rulesets more often
than once a day, so you can get newly released rulesets a little faster.
Of course the SARE rules aren't really updated that often so this may
not be a big advantage for you.
> Yes, use Daryl's SARE update channels (http://daryl.dostech.ca/sa-
> update/sare/sare-sa-update-howto.txt). RDJ is old and busted. If
> Daryl would add KAM.cf I'd be in business *hint hint* :)
I'm willing to host channels for (pretty much) anyone who has a ruleset
that they'd like published, but for whatever reason doesn't want to
setup their own channel(s).
In the case of Kevin's rules... he has commit access to the SA
repository and has some rules (that haven't been updated in 8 months) in
his sandbox, so I'm not really clear on what the status of his rules,
and where they're being updated, is.
I'd rather see him contribute them via the SA project, but I'm also
willing to setup a channel for him if he'd like. He just needs to
contact me about it. If you're not Kevin and want to see his rules
updated via a channel somewhere, I'd suggest you contact him about it.
Daryl
Re: how to start using sa-update
Posted by Brian Wilson <wi...@bubba.org>.
On Feb 25, 2007, at 3:24 PM, John Fleming wrote:
>
> ----- Original Message ----- From: "David Goldsmith"
> <dg...@sans.org>
> To: "Bram Mertens" <br...@sofico.be>
> Cc: <us...@spamassassin.apache.org>
> Sent: Sunday, February 25, 2007 2:10 PM
> Subject: Re: how to start using sa-update
>
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Bram Mertens wrote:
>>>
>>> Hi
>>>
>>> I unsubscribed from this list decembre 2004 since SA was working
>>> fine for
>>> me and I couldn't keep up with the volume on this list.
>>>
>>> Lately however the number of SPAM messages getting through is
>>> increasing
>>> rapidly so I could use some help.
>>>
>>> Currently I'm running SpamAssassin version 3.1.7-deb ( running on
>>> Perl
>>> version 5.8.8) on Debian Etch. Without RDJ or any other tool to
>>> update my
>>> rules.
>>>
>>> While checking the archives and the wiki I learned of the new sa-
>>> update
>>> tool and it appears to be very interesting. Unfortunately I
>>> (apparantely
>>> like several others) am strugling to understand where to put the
>>> various
>>> rules.
>>>
>>> Right now I have:
>>> * the SA "default" rules - meaning the rules distributed by SA in
>>> /usr/share/spamassassin
>>> * Some of the SARE rules and a rule I wrote myself in /etc/
>>> spamassassin
>>>
>>> Sa-update will create a /var/lib/spamassassin/3.xxxx folder
>>> containg the
>>> various rules downloaded from the various channels.
>>>
>>> What I don't understand (and I have read quite a few messages
>>> about this
>>> topic in the archives) is whether this new directory replaces one
>>> of the
>>> above or not. Put differently: will the (currently outdated)
>>> rules in
>>> /etc/spamassassin and my own rule in that same directory still be
>>> used or
>>> should I move the ones I still need to some other directory? If
>>> so which
>>> one?
>>>
>>> Thanks in advance
>>>
>>> Bram
>>>
>>
>> SA 3.1.x will look for rules in /usr/share/spamassassin,
>> /var/lib/spamassassin and /etc/mail/spamassassin. The last
>> definition
>> of any rule wins.
>>
>> So your default version of the core rules are in /usr/share/
>> spamassassin
>> and if you use sa-update, then you will have newer versions of these
>> rules under /var/lib/spamassassin/3.xxxxxx/updates_spamassassin_org*
>>
>> If you use sa-update to download the SARE rulesets (one source is
>> http://saupdates.openprotect.com/), then you would also have
>> /var/lib/spamassassin/3.xxxxxx/saupdates_openprotect_org* with the
>> latest SARE rules.
>>
>> If you do this, you can delete any SARE rulesets from you
>> /etc/mail/spamassassin directory (70_sare_*, 99_sare_*)
>>
>> Any local rulesets you create, or modifications to core/SARE rules,
>> should go in files in /etc/mail/spamassassin.
>>
>> David Goldsmith
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.3rc2 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFF4d81417vU8/9QfkRAqMpAJ45f9Zvjjp/vqLejMDrTyefwONV6gCfZVnL
>> 7dAeChXChrRcIkQJPct6Xck=
>> =PJKZ
>> -----END PGP SIGNATURE-----
>>
>
> Thanks for the Q&A! Now, is there any functional difference
> between using sa-update in this way and using RDJ to get the SARE
> rules? (I'm using RDJ right now, so what would I gain by changing
> to sa-update with a SARE channel? Thanks! - John
>
Yes, use Daryl's SARE update channels (http://daryl.dostech.ca/sa-
update/sare/sare-sa-update-howto.txt). RDJ is old and busted. If
Daryl would add KAM.cf I'd be in business *hint hint* :)
-B
Re: how to start using sa-update
Posted by John Fleming <jo...@wa9als.com>.
----- Original Message -----
From: "David Goldsmith" <dg...@sans.org>
To: "Bram Mertens" <br...@sofico.be>
Cc: <us...@spamassassin.apache.org>
Sent: Sunday, February 25, 2007 2:10 PM
Subject: Re: how to start using sa-update
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Bram Mertens wrote:
>>
>> Hi
>>
>> I unsubscribed from this list decembre 2004 since SA was working fine for
>> me and I couldn't keep up with the volume on this list.
>>
>> Lately however the number of SPAM messages getting through is increasing
>> rapidly so I could use some help.
>>
>> Currently I'm running SpamAssassin version 3.1.7-deb ( running on Perl
>> version 5.8.8) on Debian Etch. Without RDJ or any other tool to update
>> my
>> rules.
>>
>> While checking the archives and the wiki I learned of the new sa-update
>> tool and it appears to be very interesting. Unfortunately I (apparantely
>> like several others) am strugling to understand where to put the various
>> rules.
>>
>> Right now I have:
>> * the SA "default" rules - meaning the rules distributed by SA in
>> /usr/share/spamassassin
>> * Some of the SARE rules and a rule I wrote myself in /etc/spamassassin
>>
>> Sa-update will create a /var/lib/spamassassin/3.xxxx folder containg the
>> various rules downloaded from the various channels.
>>
>> What I don't understand (and I have read quite a few messages about this
>> topic in the archives) is whether this new directory replaces one of the
>> above or not. Put differently: will the (currently outdated) rules in
>> /etc/spamassassin and my own rule in that same directory still be used or
>> should I move the ones I still need to some other directory? If so which
>> one?
>>
>> Thanks in advance
>>
>> Bram
>>
>
> SA 3.1.x will look for rules in /usr/share/spamassassin,
> /var/lib/spamassassin and /etc/mail/spamassassin. The last definition
> of any rule wins.
>
> So your default version of the core rules are in /usr/share/spamassassin
> and if you use sa-update, then you will have newer versions of these
> rules under /var/lib/spamassassin/3.xxxxxx/updates_spamassassin_org*
>
> If you use sa-update to download the SARE rulesets (one source is
> http://saupdates.openprotect.com/), then you would also have
> /var/lib/spamassassin/3.xxxxxx/saupdates_openprotect_org* with the
> latest SARE rules.
>
> If you do this, you can delete any SARE rulesets from you
> /etc/mail/spamassassin directory (70_sare_*, 99_sare_*)
>
> Any local rulesets you create, or modifications to core/SARE rules,
> should go in files in /etc/mail/spamassassin.
>
> David Goldsmith
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3rc2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFF4d81417vU8/9QfkRAqMpAJ45f9Zvjjp/vqLejMDrTyefwONV6gCfZVnL
> 7dAeChXChrRcIkQJPct6Xck=
> =PJKZ
> -----END PGP SIGNATURE-----
>
Thanks for the Q&A! Now, is there any functional difference between using
sa-update in this way and using RDJ to get the SARE rules? (I'm using RDJ
right now, so what would I gain by changing to sa-update with a SARE
channel? Thanks! - John
Re: how to start using sa-update
Posted by John Fleming <jo...@wa9als.com>.
>I'd suggest addign soemthing like:
After running sa-update for the first time old rules which are provided
through one of sa-update's channels should be removed from
/etc/mail/spamassassin (or whichever is our local rules directory) because
the rules in this directory will take precedence over the rules in
/var/lib/spamassassin/3.xxxx/.
Regards
Bram
-------------------------
I agree that /etc/mail/spamassassin (or /etc/spamassassin) needs cleaned up
after an upgrade that includes a run of of sa-update for the first time.
But I don't think you mean exactly what you said above - "...old rules which
are provided through one of sa-update's channels should be removed from
/etc/mail/spamassassin". As you know, sa-update doesn't put rules in that
directory. Those would've been put there, perhaps, by RulesDuJour or
manually. SARE rules, especially, are what need cleaned up from that
directory, and perhaps others that have since been included in your newer
distro.
Still a Linux beginner and not a sysadmin, I have learned a lot about
sa-update the last couple of days, and SA is working great. Thanks to
ll! - John
Re: how to start using sa-update
Posted by Bram Mertens <br...@sofico.be>.
David Goldsmith <dg...@sans.org> wrote on 25/02/2007 20:10:46:
> Bram Mertens wrote:
[...]
> > Lately however the number of SPAM messages getting through is
increasing
> > rapidly so I could use some help.
[...]
> SA 3.1.x will look for rules in /usr/share/spamassassin,
> /var/lib/spamassassin and /etc/mail/spamassassin. The last definition
> of any rule wins.
>
> So your default version of the core rules are in /usr/share/spamassassin
> and if you use sa-update, then you will have newer versions of these
> rules under /var/lib/spamassassin/3.xxxxxx/updates_spamassassin_org*
>
> If you use sa-update to download the SARE rulesets (one source is
> http://saupdates.openprotect.com/), then you would also have
> /var/lib/spamassassin/3.xxxxxx/saupdates_openprotect_org* with the
> latest SARE rules.
>
> If you do this, you can delete any SARE rulesets from you
> /etc/mail/spamassassin directory (70_sare_*, 99_sare_*)
>
> Any local rulesets you create, or modifications to core/SARE rules,
> should go in files in /etc/mail/spamassassin.
[...]
Thanks, this explains things perfectly!
Could this be added to the Wiki? This has been covered several times on
this list (though this is the first answer to really answer my questions).
Also since the rules in /etc/mail/spamassassin have precedence over the
rules downloaded by sa-update people who have previously downloaded rules
to /etc/mail/spamassassin (either manually or through RDJ) will still be
using the older rules if they don't clean up /etc/mail/spamassassin.
So I would argue that the answer to "After sa-update completes, do I have
to move the files somewhere for them to be used?" on
http://wiki.apache.org/spamassassin/RuleUpdates isn't complete.
I'd suggest addign soemthing like:
After running sa-update for the first time old rules which are provided
through one of sa-update's channels should be removed from
/etc/mail/spamassassin (or whichever is our local rules directory) because
the rules in this directory will take precedence over the rules in
/var/lib/spamassassin/3.xxxx/.
And perhaps a section about how rules are looked for should be added as
well showing the order in which the various folders are checked. Perhaps
the man-page should be updated as well.
Regards
Bram
Re: how to start using sa-update
Posted by David Goldsmith <dg...@sans.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bram Mertens wrote:
>
> Hi
>
> I unsubscribed from this list decembre 2004 since SA was working fine for
> me and I couldn't keep up with the volume on this list.
>
> Lately however the number of SPAM messages getting through is increasing
> rapidly so I could use some help.
>
> Currently I'm running SpamAssassin version 3.1.7-deb ( running on Perl
> version 5.8.8) on Debian Etch. Without RDJ or any other tool to update my
> rules.
>
> While checking the archives and the wiki I learned of the new sa-update
> tool and it appears to be very interesting. Unfortunately I (apparantely
> like several others) am strugling to understand where to put the various
> rules.
>
> Right now I have:
> * the SA "default" rules - meaning the rules distributed by SA in
> /usr/share/spamassassin
> * Some of the SARE rules and a rule I wrote myself in /etc/spamassassin
>
> Sa-update will create a /var/lib/spamassassin/3.xxxx folder containg the
> various rules downloaded from the various channels.
>
> What I don't understand (and I have read quite a few messages about this
> topic in the archives) is whether this new directory replaces one of the
> above or not. Put differently: will the (currently outdated) rules in
> /etc/spamassassin and my own rule in that same directory still be used or
> should I move the ones I still need to some other directory? If so which
> one?
>
> Thanks in advance
>
> Bram
>
SA 3.1.x will look for rules in /usr/share/spamassassin,
/var/lib/spamassassin and /etc/mail/spamassassin. The last definition
of any rule wins.
So your default version of the core rules are in /usr/share/spamassassin
and if you use sa-update, then you will have newer versions of these
rules under /var/lib/spamassassin/3.xxxxxx/updates_spamassassin_org*
If you use sa-update to download the SARE rulesets (one source is
http://saupdates.openprotect.com/), then you would also have
/var/lib/spamassassin/3.xxxxxx/saupdates_openprotect_org* with the
latest SARE rules.
If you do this, you can delete any SARE rulesets from you
/etc/mail/spamassassin directory (70_sare_*, 99_sare_*)
Any local rulesets you create, or modifications to core/SARE rules,
should go in files in /etc/mail/spamassassin.
David Goldsmith
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3rc2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF4d81417vU8/9QfkRAqMpAJ45f9Zvjjp/vqLejMDrTyefwONV6gCfZVnL
7dAeChXChrRcIkQJPct6Xck=
=PJKZ
-----END PGP SIGNATURE-----