Spamassassin and sa-update

Sa-update replaces Rules-Du-Jour providing fresh spam rules to spamassassin in a similar way that freshclam provides viri updates to ClamAV.
Presumably Spamassassin is installed but if it isn't:

yum install spamassassin*

This will install the main package plus the seperate tools package.
Some of the plug-ins require specific perl modules so the following might help depending on the plug-ins you use:

yum install perl-Mail-SPF* perl-IP-Country perl-Razor-Agent perl-Net-Ident perl-Mail-DKIM perl-Mail-DomainKeys perl-Encode-Detect perl-HTML-Parser perl-Net-DNS perl-Digest-SHA1 perl-Archive-Tar perl-IO-Zlib perl-IO-Socket-SSL perl-DBI perl-DBD-MySQL
yum install gocr poppler-utils
yum install netpbm gifsicle giflib ocrad perl-String-Approx perl-Time-HiRes

With the latest versions of spamassassin sa-update is pre-installed so to get the ball rolling you need to:

sa-update -D

After this you should find a new directory related to your spamassassin version in:

ls /var/lib/spamassassin 

drwxr-xr-x  3 root root 4096 Apr 25 23:49 3.001009

 In this directory is stored any sa-update channels you have configured. By default the main spamassassin updates channel is used but it is also possible to add others.
The OpenProtect channel:

 SARE Channel by OpenProtect.com
Details for using OpenProtects SARE channel are available here. I preferred this to the Dostech one below
http://saupdates.openprotect.com/

cd /root
gpg –keyserver pgp.mit.edu –recv-keys BDE9DC10
gpg –armor -o pub.gpg –export BDE9DC10
sa-update –import pub.gpg

Then just proceed with the cron script which will use sa-update to fetch new channel updates.

SARE Channel by DOSTECH.NET
Now add the SARE (Spam Assassin Rules Emporium) channel to sa-update (courtesy of Daryl O'Shea):

mkdir /var/lib/spamassassin/3.001009/sa-update.dostech.net

Download the GPG key used to sign files in these channels from:

    wget http://daryl.dostech.ca/sa-update/sare/GPG.KEY

Import the GPG key used for these channels (downloaded above):

    sa-update –import GPG.KEY

vi /var/lib/spamassassin/sare-sa-update-channels.txt
updates.spamassassin.org
70_sare_adult.cf.sare.sa-update.dostech.net
70_sare_stocks.cf.sare.sa-update.dostech.net
70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net
70_sare_unsub.cf.sare.sa-update.dostech.net
70_sare_evilnum0.cf.sare.sa-update.dostech.net
70_sare_uri0.cf.sare.sa-update.dostech.net
70_sare_evilnum1.cf.sare.sa-update.dostech.net
70_sare_uri1.cf.sare.sa-update.dostech.net
70_sare_evilnum2.cf.sare.sa-update.dostech.net
70_sare_uri3.cf.sare.sa-update.dostech.net
70_sare_genlsubj0.cf.sare.sa-update.dostech.net
70_sare_whitelist_rcvd.cf.sare.sa-update.dostech.net
70_sare_genlsubj1.cf.sare.sa-update.dostech.net
70_sare_whitelist_spf.cf.sare.sa-update.dostech.net
70_sare_genlsubj2.cf.sare.sa-update.dostech.net
70_sare_genlsubj3.cf.sare.sa-update.dostech.net
72_sare_bml_post25x.cf.sare.sa-update.dostech.net
70_sare_header0.cf.sare.sa-update.dostech.net
99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
70_sare_header1.cf.sare.sa-update.dostech.net
70_sare_header2.cf.sare.sa-update.dostech.net
70_sare_header3.cf.sare.sa-update.dostech.net
70_sare_html0.cf.sare.sa-update.dostech.net
70_sare_html1.cf.sare.sa-update.dostech.net
70_sare_html2.cf.sare.sa-update.dostech.net
70_sare_html3.cf.sare.sa-update.dostech.net
70_sare_obfu.cf.sare.sa-update.dostech.net
70_sare_oem.cf.sare.sa-update.dostech.net
70_sare_random.cf.sare.sa-update.dostech.net
70_sare_specific.cf.sare.sa-update.dostech.net
70_sare_spoof.cf.sare.sa-update.dostech.net

  Note: You should also add the default update channel "updates.spamassassin.org"
    to the channel file you create.  Currently SpamAssassin requires you
    to use updates from the default channel if you use any other channels.
    If you do not add the default channel to the channel file you MUST
    also run sa-update without the –channelfile option at least once.
Some of these dostech channels are duplicates of some of the openprotect ones.

Cron Jobs for sa-update channels:
# vi /etc/cron.daily/50-sa-update-dostech.sh

# This cron job will update the dostech channels but also the standard SA updates channel
sa-update -D –channelfile /var/lib/spamassassin/sare-sa-update-channels.txt –gpgkey 856AA88A 2>&1 | tee -a /var/log/sa-update-dostech.log

# vi /etc/cron.daily/50-sa-update-openprotect.sh

sa-update -D –allowplugins –gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 –channel saupdates.openprotect.com 2>&1 | tee -a /var/log/sa-update-openprotect.log

After updating the rules Spam Assassin needs restarted. To check rule syntax you can also use: spamassassin –lint
# vi /etc/cron.daily/99-sa-restart-spamassassin.sh

/etc/init.d/spamassassin restart > /var/log/sa-update-restart.log

Make the files executable and run them manually once to ensure they work as expected, from then on the sa-update rules should be updated daily.

 

2 Responses to “Spamassassin and sa-update”

  1. locutus

    How did you get the dostech rules to go into the directory you created? Mine ended up a level higher.

    Reply

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>