Help with sa-update, SARE and RDJ ---Please

Johnny Stork stork at openenterprise.ca
Tue Aug 7 04:36:58 IST 2007


Hey thanks for replying with your suggestions. I think I am getting closer.

1: I removed the "update_spamassassin" script from /etc/cron.daily

2: I did another test of /etc/cron.daily/rules_du_jour and noticed that 
the *.cf files went into two locations

/etc/mail/spamassassin
&
/etc/mail/spamassassin/RulesDuJour


Is this what is supposed to happen? Same files in 2 locations.

3: What should I have in sare-sa-update-channels.txt to get ALL SARE 
rules and the standard SA rules? I would rather not have to manage this 
file with removing outdated rules, or adding new rules, just want them 
all or some sort of suggested set, and all the standard SA rules. I 
could then not even have to run rules_du_jour any longer.


Contents of /etc/rulesdujour:

###############################################################################
# Fort Systems
# Local RulesDuJour settings
# Fri Nov 11 11:18:06 EST 2005
###############################################################################

#DEBUG="true"

TRUSTED_RULESETS="SARE_REDIRECT_POST300 SARE_EVILNUMBERS2 
SARE_BAYES_POISON_NXM SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3 
SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3 SARE_SPECIFIC SARE_ADULT 
SARE_BML SARE_FRAUD SARE_SPOOF SARE_RANDOM SARE_SPAMCOP_TOP200 SARE_OEM 
SARE_GENLSUBJ0 SARE_GENLSUBJ1 SARE_GENLSUBJ2 SARE_GENLSUBJ3  SARE_UNSUB 
SARE_URI0 SARE_URI1 SARE_URI3 SARE_WHITELIST_SPF SARE_WHITELIST_RCVD 
SARE_OBFU SARE_STOCKS"

SA_DIR="/etc/mail/spamassassin"
MAIL_ADDRESS="root"
SINGLE_EMAIL_ONLY="true"
SA_LINT="/usr/bin/spamassassin -p 
/etc/MailScanner/spam.assassin.prefs.conf --lint"
SA_RESTART="/etc/init.d/MailScanner reload"




René Berber wrote:
> Johnny Stork wrote:
>
>   
>> 1: /etc/cron.daily has "sa-update", "rules_du_jour" and
>> "update_spamassassin".  Are all these necessary?
>>     
>
> No.  The 1st and the 3rd do the same thing, the 1st could do the work of the 2nd.
>
>   
>> 2: Can the sa-update rules and RDJ rules download all be combined into a
>> single script/tool?
>>     
>
> Yes, sa-update can replace RDJ.
>
>   
>> 3: Does it look like all my rules are currently being used and update?
>>     
>
> If you use sa-update and RDJ all the rules will be used.
>
> If sa-update is configured to get SARE rules, and you also use RDJ, both sets of
> rules will be used, the redundancy (of 2 copies of the same rule) will be
> handled by SA, the last one read wins... but you waste time reading it twice.
>
> I say redundancy because the RDJ script stores the files in one place, sa-update
> in a different place.
>
>   
>> 4: Does anyone have a suggested rules set, or channels file that can be
>> used to manage and update all SA rules in a clear and simple location/file?
>>     
>
> The recommended guide is:
>
>   http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
>
>   
>> 5: Any other suggestions for a simple to manage, and clean setup of SA
>> and SARE rules and automatic update?
>>     
>
> sa-update has (currently) an advantage, it uses distributed/mirrored sites, RDJ
> doesn't, the first one lets you check often (which is unnecessary), no
> blacklisting.  Both methods work fine.
>
> I use the RDJ script from Fortress and never did have a problem with RDJ.
>   


More information about the MailScanner mailing list