"Karsten Bräckelmann" <guent...@rudersport.de> wrote in message
news:1307726044.7307.29.camel@monkey...
On Fri, 2011-06-10 at 18:07 +0200, Jezz wrote:
I recently upgraded SpamAssassin from 3.2.5 to 3.3.1, and I discovered
that
the JM_SOUGHT_FRAUD_x rules are now included within the official ruleset,
within the 72_active.cf file.
However, as far as I can tell, these rules seem to be different to the
same-named rules that are within the latest copy of 20_sought_fraud.cf
which
is downloaded from the sought.rules.yerp.org channel. Which is to say,
the
contents of the 'meta' rule is different between these two files. My
guess
is that the version of these rules contained inside 72_active.cf is
perhaps
an older version than the ones inside 20_sought_fraud.cf. Is that the
case?
Yes. Well, currently at least.
The Sought rule-set is re-generated multiple times a day, which is what
you get from the dedicated sa-update channel. With 3.3.x the plan is, to
frequently perform mass-checks and re-scoring, distributed via the
regular channel. This includes a recent snapshot of the Sought rules, so
the dedicated channel is almost obsolete. Alas, the re-scoring currently
does not happen as we plan for.
What's more, I also see that these three FRAUD rules all have a score of
0
inside 50_scores.cf. My first question then is why they are zeroed out?
It's a safety default. If you want the FRAUD subset, assign them a score
in your local config.
Secondly, I'm wondering how I can enable these rules again if I do want
to
use them. In other words, if I want to use the latest version contained
within 20_sought_fraud.cf - I don't see how this could be possible.
Certainly I can add 'score' values for those three rules into my local.cf
file, which will override the zeroed-out scores in 50_scores.cf file.
However, because 72_active.cf comes numerically after 20_sought_fraud.cf,
that means the (assumedly older) FRAUD rules inside 72_active.cf will
override the (assumedly newer) FRAUD rules inside 20_sought_fraud.cf -
right? If so, there's no way for me to use the rules from
20_sought_fraud.cf
at all?
The score in your local config will take precedence, thus enabling the
rules.
You are generally correct about the numerical (actually lexical) order,
though it doesn't apply to the files you are talking about. The
mentioned 72_active and 20_sought are in different sa-update channels.
Now, the bad thing about this is that updates_spamassassin_org.cf is
lexically *after* sought_rules_yerp_org.cf in your rule update dir.
Which means the more recent rules in the dedicated Sought channel are
overwritten by the stock rules...
This merely requires a re-ordering hack, though. A symlink zzz_sought.cf
in your rule updates dir, pointing at the channel generated cf should
do. These channel cf files only hold include statements, to pull in the
actual cf files in the per-channel dir.
--
char
*t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8?
c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){
putchar(t[s]);h=m;s=0; }}}
Thanks Karsten, and everyone else - that's very helpful!
So here's the thing: I'm actually running SA on Windows, via the MDaemon
mail server. So I can't so easily create a symlink as you've described.
However I think I can do something similar - let me know if this sounds
right:
Currently I've got the default rules located in a directory called
/default_rules. Inside that directory is the 'sought_rules_yerp_org' and
'updates_spamassassin_org' sub-directories, each containing their respective
.cf files, and there is also the sought_rules_yerp_org.cf and
updates_spamassassin_org.cf files with their 'include' entries inside,
pointing to the .cf files inside their sub-directories.
Then I also have a separate directory called /rules which is parallel to
/default_rules. In the /rules directory goes my local.cf file and my other
personal .cf files that I've created for myself.
The problem with your idea of a symlink or similar is that I can't change
anything inside the /default_rules directory, because MDaemon wipes and
replaces all the files and folders inside that directory each time I install
a new version of MDaemon - much to my annoyance. However, MDaemon doesn't
touch the contents of the /rules directory, so I can do whatever I want in
there.
So currently I'm thinking about this plan: I could create a file called
'zz_sought.cf' and place it into my /rules directory where it's safe. AFAIK
the files in here would be parsed *after* the files inside the
/default_rules directory - at least that would seem logical to me.
And inside this zz_sought.cf file I can include one line like this:
include C:\PATH\TO\default_rules\sought_rules_yerp_org.cf
...which is pointing to the .cf file from the SOUGHT channel, which itself
contains two 'include' lines pointing to 20_sought.cf and
20_sought_fraud.cf.
Hopefully that would work, but this raises a couple of questions:
Firstly, is it okay to have one 'include' line pointing to a .cf file which
itself contains 'include' lines? So we have two layers of includes? If this
works I think it would be preferable, as it protects me from any future
additions or filename changes within the SOUGHT channel.
Secondly, I now essentially have two files containing 'include' lines which
point to the two SOUGHT .cf files. First (lexically) is
sought_rules_yerp_org.cf. Then comes updates_spamassassin_org.cf which
overwrites the SOUGHT channel entries. Then after that we have my
zz_sought.cf file being parsed last, pointing back to the SOUGHT channel
again. So is there any issue or problem with having two files
(sought_rules_yerp_org.cf and zz_sought.cf) pointing to the two actual
SOUGHT .cf files? I'm guessing not, but I want to make sure.
Sorry if any of that is confusing to follow! (It makes sense in my head at
least...)
By the way, you mentioned that the SOUGHT channel normally gets updated a
few times a day, but currently I'm not seeing that - mine hasn't been
updated in a couple of weeks actually (for the 20_sought_fraud.cf file
specifically). I assume that's correct and I'm not doing something wrong -
perhaps the author of SOUGHT is taking a break or something?
FWIW, my vote would also be to keep the SOUGHT rules completely out of the
official updates channel altogether, and leave it up to folks to download it
separately via its own channel if they want to use it - unless the updates
channel is going to be updated at least once a day and will always include
the latest SOUGHT rules with it - but if that's unlikely to happen, then I'd
rather keep SOUGHT separate.
Cheers,
Jezz
