> >> Theo Van Dinter wrote: > <SNIP> > >> Going further... > >> > >> I could see SARE rules offered on many channels though some > >> reorganization may be required. Channels such as post25, > >> pre30, header, > >> body, etc. There are too many rules to have a channel for each but > >> possibly sets of popular rules could be collected together. > >> > >> I could also see breaking my own local rules into individual > >> *.cf files. > >> I like the idea of moving all transient rules such as SARE and > >> TLS.cf(our local rules) into a common dir structure and location. > >> > >> /var/lib/spamassassin/$VER/updates.sare-fraud.rulesemporium.com > >> /var/lib/spamassassin/$VER/updates.sare-header.rulesemporium.com > >> /var/lib/spamassassin/$VER/updates.tls.local > >> /var/lib/spamassassin/$VER/updates.someOtherRulesHouse.com > >> > >> This would leave /usr/local/etc/mail/spamassassin > containing only the > >> local site specific .pre files and local.cf which set > >> required options for my specific installation. > >> > >> Would all this be a correct interpretation on my part? > > > > That sounds good to me. I think the real problem with doing > this to SARE > > rules is the subsetting. Many of the SARE rulesets are > subsetted so you > > can use just the 0 set which is likely not to impact HAM at > all, the 1, > > 2, 3, or full combined set depending on how much risk of > false positives > > you allow on your server. > > > > I guess what you'd really need is a way to update all the > rules without > > re-writing the channel CF and PRE files. That way you could > set your own > > CF and PRE to include only the rules you wanted to use while still > > updating the whole channel. It would be a tiny bit more > overhead since > > you'd have to download the entire set of rules even if you > weren't using > > them all, but probably the best compromise between that and having a > > channel for every rule subset. > > > > Bret > > I have it working fine here, about 20 lines of /bin/sh and and I can > turn out any number of rule sets, even a channel per SARE rule. > > I'm willing to publish the channels if there is interest in them. I > still believe packages or sets of popular rules would be good. > Alternatively I can create a channel file with each rule > commented out > and the user can download the file, uncomment the rules they > want, and > run 'sa-update --channelfile MY_FILE' and be done with it. > > I still need to get a gpg sig for the channels, it's been a few years > since I did anything with gpg so there is a bit of dusting off of > braincells to do. > > Any thoughts on popular sets?
I had to write my own tool to update these rules, so anything that makes my life less complicated is worth testing. Here's the set I currently update. It's pretty much the full set of everything SARE. I'd be willing to test on any subset of this list. I also use the ImageInfo plugin, but can't update it with my tool because the headers don't include the locations in the same way the other rules do. (Yeah, inconsistency means having to recode the parsing for specific cases and I haven't had the time to look at it. Hoping he'll change the headers to match the other SARE rules before I figure out how to parse his headers.) 70_sare_adult.cf 70_sare_bayes_poison_nxm.cf 70_sare_evilnum0.cf 70_sare_evilnum1.cf 70_sare_evilnum2.cf 70_sare_genlsubj.cf 70_sare_header.cf 70_sare_highrisk.cf 70_sare_html.cf 70_sare_obfu.cf 70_sare_oem.cf 70_sare_random.cf 70_sare_specific.cf 70_sare_spoof.cf 70_sare_stocks.cf 70_sare_unsub.cf 70_sare_uri.cf 70_sare_uri_eng.cf 70_sare_whitelist_rcvd.cf 70_sare_whitelist_spf.cf 70_zmi_german.cf 72_sare_bml_post25x.cf 72_sare_redirect_post3.0.0.cf 99_sare_fraud_post25x.cf Bret
