John Hardin wrote:
On Mon, 10 Dec 2018, ozgurerdogan wrote:
I have many servers using spamassassin. Time to time, I may need to add
custom rules to SA to block certain mails. It is time consuming doing
it on
each server. Is it somehow possible to create a one source for all
Spamassassin using server and update rule set from that source?
Certainly. There are several ways, at the least:
(1) set up file replication from a tested master copy (probably pretty
simple)
This is probably the better choice if you have a single platform, with
"many" nodes, to update. If you have "many" nodes, you should already
have methods to push other configuration changes out to them, and
SpamAssassin would be just another set of files.
(2) set up your own local published ruleset source and configure your
instances to include that in their rule sources for the standard
sa-update processing (will require managing DNS entries and generating
SHA checksums for the rules file)
This is useful if you have multiple different platforms to push SA rule
sets out to, or for some reason end up with multiple sets of rules that
need to be pushed out to different systems in different combinations.
I did this locally at a time when I was maintaining four very different
systems all running SA, and wanted to distribute common rules to all of
them. I'm down to one platform, with a handful of nodes, but since this
is up and running it's simpler to just keep using it.
The master/reference files are stored in a Subversion repository.
Commits to particular paths trigger the creation of the tarball, SHA*
hash files, and GPG signature. A cron job on our DNS master server
polls the repository to see if any of the paths have a higher
last-changed revision, and update the DNS subzone if so.
-kgd
