SpamAssassin

Does anyone know where you would add TRUSTED_RULESETS for SpamAssassin?

I found a few “[SIZE=-1]rulesemporium” type of sites that have new, updated CF files for SpamAssassin, and i’d like to add them to reduce spam on my servers, but i can’t figure out where InterWorx keeps the config file I need to add the TRUSTED_RULESETS line … to allow these custom rulesets.

I know the CF files themselves are kept in /usr/share/spamassassin — and i know that most SpamAssassin installations (on anything BUT an InterWorx server) usually keeps a .spamassassin folder in each user’s home dir?

Anyone have any additional info on this?
[/SIZE]

int, try “sa-update”!

Have a look at:
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt

We have the following rulesets in the file:
/etc/mail/spamassassin/sare-sa-update-channels.txt

updates.spamassassin.org
70_sare_adult.cf.sare.sa-update.dostech.net
72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net
70_sare_evilnum0.cf.sare.sa-update.dostech.net
70_sare_evilnum1.cf.sare.sa-update.dostech.net
70_sare_evilnum2.cf.sare.sa-update.dostech.net
70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net
70_sare_html.cf.sare.sa-update.dostech.net
70_sare_html4.cf.sare.sa-update.dostech.net
70_sare_header.cf.sare.sa-update.dostech.net
70_sare_specific.cf.sare.sa-update.dostech.net
70_sare_adult.cf.sare.sa-update.dostech.net
72_sare_bml_post25x.cf.sare.sa-update.dostech.net
99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
70_sare_spoof.cf.sare.sa-update.dostech.net
70_sare_random.cf.sare.sa-update.dostech.net
70_sare_oem.cf.sare.sa-update.dostech.net
70_sare_genlsubj.cf.sare.sa-update.dostech.net
70_sare_genlsubj4.cf.sare.sa-update.dostech.net
70_sare_highrisk.cf.sare.sa-update.dostech.net
70_sare_unsub.cf.sare.sa-update.dostech.net
70_sare_uri0.cf.sare.sa-update.dostech.net
70_sare_uri1.cf.sare.sa-update.dostech.net
70_sare_uri2.cf.sare.sa-update.dostech.net
70_sare_uri3.cf.sare.sa-update.dostech.net
70_sare_uri4.cf.sare.sa-update.dostech.net
70_sare_obfu.cf.sare.sa-update.dostech.net
70_sare_obfu2.cf.sare.sa-update.dostech.net
70_sare_obfu3.cf.sare.sa-update.dostech.net
70_sare_obfu4.cf.sare.sa-update.dostech.net
70_sare_stocks.cf.sare.sa-update.dostech.net

Each night we run:

/usr/bin/sa-update --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 856AA88A ; service spamassassin restart

We currently have a problem with the gpg key but I’m looking into that.

rgds
-tsl-

Thanks for the reply =)

I followed instructions on that site and downloaded the GPG.KEY, and then tried to import it. I’m having problems as well:

[root@TSH root]# wget http://daryl.dostech.ca/sa-update/sare/GPG.KEY
–01:00:50-- http://daryl.dostech.ca/sa-update/sare/GPG.KEY
=> `GPG.KEY’
Resolving daryl.dostech.ca… done.
Connecting to daryl.dostech.ca[69.61.78.188]:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 2,522 [text/plain]

100%[====================================>] 2,522 2.41M/s ETA 00:00

01:00:50 (2.41 MB/s) - `GPG.KEY’ saved [2522/2522]

[root@TSH root]# sa-update --import GPG.KEY
Can’t locate Archive/Tar.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at /usr/bin/sa-update line 94.
BEGIN failed–compilation aborted at /usr/bin/sa-update line 94.

[root@TSH root]# /usr/bin/sa-update --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 856AA88A
Can’t locate Archive/Tar.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at /usr/bin/sa-update line 94.
BEGIN failed–compilation aborted at /usr/bin/sa-update line 94.

If ever you come across a solution, I would really appreciate it if you posted it =)

Thanks again!

Ahh, OK I had the “issue” as well…

You need to install the following perl modules in this order:

Algorithm-Diff
Text-Diff
IO-Zlib
Archive-Tar

I have placed the files at:
http://xpanel.xhost.se/sa-update-perl-mods.tgz

Please download an untar the files.
Go into each directory (in above order) and run:

perl Makefile.PL
make
make install

You should now be able to use sa-update.

As for the gpg key I just use --nogpg in the sa-update cmd for now.
If you want to import keys be sure to create the directory:
/etc/mail/spamassassin/sa-update-keys in advance and chmod 700

hth
-tsl-

[quote=tsl;11906]Ahh, OK I had the “issue” as well…

You need to install the following perl modules in this order:

Algorithm-Diff
Text-Diff
IO-Zlib
Archive-Tar

I have placed the files at:
http://xpanel.xhost.se/sa-update-perl-mods.tgz

Please download an untar the files.
Go into each directory (in above order) and run:

perl Makefile.PL
make
make install

You should now be able to use sa-update.

As for the gpg key I just use --nogpg in the sa-update cmd for now.
If you want to import keys be sure to create the directory:
/etc/mail/spamassassin/sa-update-keys in advance and chmod 700

hth
-tsl-[/quote]

Worked beautifully - this should be stickied/added to the InterWorx manual =)

Thanks a lot tsl!

Sorry, guys, but why not install the RPM’s from up2date/yum (or DAG, even) rather than compiling these things?

They don’t remove cleanly, and may cause problems down the line when mixed with other perl RPM packages.

Catalyst, you’re right!

I took a look at DAG and they are sure all there, sorry I didn’t know that.

-tsl-

perl-IO-Zlib & perl-Archive-Tar are in up2date/yum, for that matter. Check out that road first.

This solution was working great for me until Iworx 3.0.x

Now, last night, the cron job didn’t run. Instead, I got an email that said this:

error: GPG validation failed!
The update downloaded successfully, but it was not signed with a trusted GPG key. Instead, it was signed with the following keys:

24F434CE 

Perhaps you need to import the channel’s GPG key? For example:

wget http://spamassassin.apache.org/updates/GPG.KEY
sa-update --import GPG.KEY

^^ Which I tried (re-importing the new key and re-running the cronjob command - no go:

[root@TSH root]# sa-update --import GPG.KEY
[root@TSH root]# /usr/bin/sa-update --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 24F434CE
Insecure dependency in eval while running with -T switch at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 1822.

Any ideas? Had a client email me about an increased amount of spam already - crazy impatient people! =)

A step back =/ In waiting for a reply, I started messing with it myself. What I did is that I opened the PerMsgStatus file and commented out the one line the error referred to (because after some searches, it appeared that one command wasn’t recognized due to mod_perl having something turned on). Anyways - when I tried to re-run sa-update, it errored out (with compilation errors) and now, SpamAssassin won’t start at all =/

[root@TSH root]# service spamassassin restart
Shutting down spamd: [FAILED]
Starting spamd: Variable “$uriRe” will not stay shared at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 2103.
Variable “$schemeRE” will not stay shared at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 2112.
Variable “$Addr_spec_re” will not stay shared at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 2136.
Variable “$tldsRE” will not stay shared at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 2140.
Missing right curly or square bracket at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 2998, at end of line
syntax error at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 2998, at EOF
Compilation failed in require at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 72.
BEGIN failed–compilation aborted at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 72.
Compilation failed in require at /usr/bin/spamd line 44.
BEGIN failed–compilation aborted at /usr/bin/spamd line 44.
[FAILED]

ANY help would be appreciated!

Does changing the PerMsgStatus file back the way it was before you changed it do anything to get spamassassin starting again?

EDIT: Ok I figured it out - looks like a brace bracket was removed. SpamAssassin service restarts now.

Now I just need to get sa-update to work like it used to before the Iworx update =) Insecure dependency in eval while running with -T switch…

Ok. First thing I’d try would be to try installing the spamassassin rpm again.

Assuming the server is running centos 4,

rpm -Uvh --force http://updates.interworx.com/iworx/RPMS/cos4x/i386/spamassassin-3.1.9-100.rhe4x.iworx.i386.rpm

If spamassassin still won’t start, you could try the previous spamassassin version rpm, here.

rpm -Uvh --force http://updates.interworx.com/iworx/RPMS/cos4x/legacy/i386/spamassassin-3.1.8-100.rhe4x.iworx.i386.rpm

[quote=IWorx-Paul;13613]Ok. First thing I’d try would be to try installing the spamassassin rpm again.

Assuming the server is running centos 4,

rpm -Uvh --force http://updates.interworx.com/iworx/RPMS/cos4x/i386/spamassassin-3.1.9-100.rhe4x.iworx.i386.rpm

If spamassassin still won’t start, you could try the previous spamassassin version rpm, here.

rpm -Uvh --force http://updates.interworx.com/iworx/RPMS/cos4x/legacy/i386/spamassassin-3.1.8-100.rhe4x.iworx.i386.rpm[/quote]

Thanks for the reply Paul, but I guess you posted that before seeing my EDIT? I fixed the compilation issue, but the sa-update issue remained. However, somehow, the problem fixed itself somehow today, because I came home, tried the sa-update command with the old gpg key and it worked — sooo all is good on that front.

Thanks!

[QUOTE=tsl;11904]int, try “sa-update”!

Have a look at:
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt

We have the following rulesets in the file:
/etc/mail/spamassassin/sare-sa-update-channels.txt

Each night we run:

/usr/bin/sa-update --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 856AA88A ; service spamassassin restart

We currently have a problem with the gpg key but I’m looking into that.

rgds
-tsl-[/QUOTE]

Couple questions…

• Is sa-update run at all by an InterWorx cron at all?
• Do I need to create the file /etc/mail/spamassassin/sare-sa-update-channels.txt or is this file supposed to be somewhere already and I add to it? (there is not one at that location)
• What does sa-update actually do? Does it just download the requested filters into /etc/mail/spamassassin directory?
• What is the difference in files in /usr/share/spamassassin and /etc/mail/spamassassin?

From what Im reading it seems like I would just need to do the following:

1. Create the file /etc/mail/spamassassin/sare-sa-update-channels.txt and put all the channels I want to get auto updates for.
2. Create /etc/mail/spamassassin/sa-update-keys in advance and chmod 700
3. Download the gpgkey and import the GPG (sa-update --import GPG.KEY)
4. Make sure Algorithm-Diff, Text-Diff, IO-Zlib, Archive-Tar packages are installed.
5. Run /usr/bin/sa-update --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 856AA88A ; service spamassassin restart

From what Im reading it seems like I would just need to do the following:

1. Create the file /etc/mail/spamassassin/sare-sa-update-channels.txt and put all the channels I want to get auto updates for.
2. Create /etc/mail/spamassassin/sa-update-keys in advance and chmod 700
3. Download the gpgkey and import the GPG (sa-update --import GPG.KEY)
4. Make sure Algorithm-Diff, Text-Diff, IO-Zlib, Archive-Tar packages are installed.
5. Run /usr/bin/sa-update --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 856AA88A ; service spamassassin restart

Yepp, thats correct. Nothing is there by default.
To have it run by cron each night, we create a script as /etc/cron.daily/sa-update which include:

/usr/bin/sa-update --channelfile /etc/mail/spamassassin/sare-sa-update-channels.
txt --nogpg ; /sbin/service spamassassin restart

Currently still a problem with the gpgkey which I can’t seem to solve, so we use the --nogpg flag at the moment

I got this setup now.

1. Create the file /etc/mail/spamassassin/sare-sa-update-channels.txt and put all the channels I want to get auto updates for.

2. Create /etc/mail/spamassassin/sa-update-keys in advance and chmod 700

3. Installed perl packages via YUM.
   yum install perl-IO-Zlib
   yum install perl-Archive-Tar
   I did not have to install the other 2 packages which was nice b/c these to were an easy YUM install

4. Download the gpgkey and import the GPG (sa-update --import GPG.KEY)

5. Run /usr/bin/sa-update --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 856AA88A

#5 gave me an error just like Int got…

6. wget http://spamassassin.apache.org/updates/GPG.KEY
   sa-update --import GPG.KEY

7. Run /usr/bin/sa-update --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 24F434CE

and then it worked fine.

Checking /var/lib/spamassassin I had all the files in there (which answered one of my other questions where do these filters get installed to)

Great
I’ll try your solution for the key.

cheers
-tsl-

[QUOTE=Justec;14295]I got this setup now.

6. wget http://spamassassin.apache.org/updates/GPG.KEY
   sa-update --import GPG.KEY

7. Run /usr/bin/sa-update --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 24F434CE

and then it worked fine.

Checking /var/lib/spamassassin I had all the files in there (which answered one of my other questions where do these filters get installed to)[/QUOTE]

Hi

I followed up your instrcutions but I still have

channel: GPG validation failed, channel failed
error: GPG validation failed!
The update downloaded successfully, but it was not signed with a trusted GPG
key. Instead, it was signed with the following keys:

856AA88A

Perhaps you need to import the channel’s GPG key? For example:

wget http://spamassassin.apache.org/updates/GPG.KEY
sa-update --import GPG.KEY

I use /usr/bin/sa-update --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 856AA88A
Maybe it is because I use this list

updates.spamassassin.org
70_sare_adult.cf.sare.sa-update.dostech.net
72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net
70_sare_evilnum0.cf.sare.sa-update.dostech.net
70_sare_evilnum1.cf.sare.sa-update.dostech.net
70_sare_evilnum2.cf.sare.sa-update.dostech.net
70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net
70_sare_html.cf.sare.sa-update.dostech.net
70_sare_html4.cf.sare.sa-update.dostech.net
70_sare_header.cf.sare.sa-update.dostech.net
70_sare_specific.cf.sare.sa-update.dostech.net
70_sare_adult.cf.sare.sa-update.dostech.net
72_sare_bml_post25x.cf.sare.sa-update.dostech.net
99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
70_sare_spoof.cf.sare.sa-update.dostech.net
70_sare_random.cf.sare.sa-update.dostech.net
70_sare_oem.cf.sare.sa-update.dostech.net
70_sare_genlsubj.cf.sare.sa-update.dostech.net
70_sare_genlsubj4.cf.sare.sa-update.dostech.net
70_sare_highrisk.cf.sare.sa-update.dostech.net
70_sare_unsub.cf.sare.sa-update.dostech.net
70_sare_uri0.cf.sare.sa-update.dostech.net
70_sare_uri1.cf.sare.sa-update.dostech.net
70_sare_uri2.cf.sare.sa-update.dostech.net
70_sare_uri3.cf.sare.sa-update.dostech.net
70_sare_uri4.cf.sare.sa-update.dostech.net
70_sare_obfu.cf.sare.sa-update.dostech.net
70_sare_obfu2.cf.sare.sa-update.dostech.net
70_sare_obfu3.cf.sare.sa-update.dostech.net
70_sare_obfu4.cf.sare.sa-update.dostech.net
70_sare_stocks.cf.sare.sa-update.dostech.net

What is yours ?

Thanks Pascal

Hi

From what I know all the default “wide” rules are in /usr/share/spamassassin/

By default sa-update use this update-directory : /var/lib/spamassassin/[version]

Not sure the rules in /var/lib/spamassassin will be taken in account

Pascal