Bret Miller wrote:
Theo Van Dinter wrote:
> On Wed, Aug 09, 2006 at 09:58:19AM -0700, Richard wrote:
>>> rules_du_jour was done when sa-update did not exists
>> are you implying that sa-update replaces rules-du-jour?
>
> That depends on what you mean by "replaces".
>
>> i though sa-update updates the SA distro's bundled rules,
but NOT any
>> additional SARE rules that require rules du jour.
>
> sa-update is a generic tool that lets users download
"channels" (ie:
bundles
> of rules/plugins) from anywhere that decides to publish
them (requires a
> certain setup, etc.) At the moment, the only published
channel that
I know
> of is updates.spamassassin.org. (all this is in
> http://wiki.apache.org/spamassassin/RuleUpdates btw)
>
> There's nothing stoping the SARE folks from publishing a
single or a
> bunch of channels and getting rid of RDJ in favor of
sa-update if they
> wanted to... There are some benefits either way I
suppose, and I'm
biased
> towards sa-update of course. :|
>
This all going down a path I started last night after Theo's
replies on
Re: updates.spamassassin.org.cf overrides local.cf? I've
been reading
the Wiki throughout this morning.
With regards to such things as SARE, it would be easy enough
for me to
setup RDJ on a server, downloading the just the rule sets I want and
then publish them to a channel of my own, running sa-update on my
servers to pull updates when available correct?
Seems like a lot of work, but as others write more rules and
as rules be
come available from differing sources, this would be a very
nice way to
update only specific sets of rules that I want. The upside is that I
would not have to do anything custom on my SA installs other than add
channels to sa-update.
Going further...
I could see SARE rules offered on many channels though some
reorganization may be required. Channels such as post25,
pre30, header,
body, etc. There are too many rules to have a channel for each but
possibly sets of popular rules could be collected together.
I could also see breaking my own local rules into individual
*.cf files.
I like the idea of moving all transient rules such as SARE and
TLS.cf(our local rules) into a common dir structure and location.
/var/lib/spamassassin/$VER/updates.sare-fraud.rulesemporium.com
/var/lib/spamassassin/$VER/updates.sare-header.rulesemporium.com
/var/lib/spamassassin/$VER/updates.tls.local
/var/lib/spamassassin/$VER/updates.someOtherRulesHouse.com
This would leave /usr/local/etc/mail/spamassassin containing only the
local site specific .pre files and local.cf which set
required options for my specific installation.
Would all this be a correct interpretation on my part?
That sounds good to me. I think the real problem with doing this to SARE
rules is the subsetting. Many of the SARE rulesets are subsetted so you
can use just the 0 set which is likely not to impact HAM at all, the 1,
2, 3, or full combined set depending on how much risk of false positives
you allow on your server.
I guess what you'd really need is a way to update all the rules without
re-writing the channel CF and PRE files. That way you could set your own
CF and PRE to include only the rules you wanted to use while still
updating the whole channel. It would be a tiny bit more overhead since
you'd have to download the entire set of rules even if you weren't using
them all, but probably the best compromise between that and having a
channel for every rule subset.
Bret
Desperately trying to get a new thread going here and move off of "Image
spam with inline jpeg image"...
I have created a channel for internal use and it works fine. I have
rulesdujour pulling my choices from the Rules Emporium, adding my local
rule files, and building a channel file. The dns gets updated and wa-la!
I can check for SARE updates each night and my SA servers will get new
rules on their own, all automated, very nice.
I ran into one issue but I haven't gotten a chance to look deeper into
it yet. The sha1 file on updates.spamassassin.org is in one format, and
he sha1 file I create is in another. Currently sa-update can't parse my
file so I had to edit it.
SpamAssassin sha1 contents (would all be one line) have the signature first,
f7c3edde6e9e2330318c3fc6a8e70af68387eaeb
/home/updatesd/tmp/stage/3.2.0/update.tgzSHA1
My sha1 contents (would all be one line) have the signature last,
(/data/data/lastremaining.com/public_html/updates/tls-local/20060810.tar.gz)=
8918d6852caab9e57f645e0ff8510c3026fdedd2
521 # Validate the SHA1 signature before going forward with more
522 # complicated operations.
523 # The SHA1 file may be "signature filename" ala sha1sum, just use
the signature
524 $SHA1 =~ /^([a-fA-F0-9]{40})/;
525 $SHA1 = $1 || 'INVALID';
Line 524 in sa-update is the failure I believe. I suspect anyone
creating a channel on FreeBSD may have the same problem.
All in all, it was quite simple to create channels, and new channels can
be scripted with nothing more than /bin/sh and a handful of Unix tools.
I would be willing to create channels for SARE rules if people were
interested in using them. I think groups of popular files would be the
best way, "sets" so to speak. Though I am not against a channel for each
file, I think it would be a sure fire way to clutter
/var/lib/spamassassin though.
DAve
--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?
Maybe they forgot who made that choice possible.
