Help with sa-update, SARE and RDJ ---Please

Tue Aug 7 04:53:50 IST 2007

Ok, I created the following channel file below from suggestions I found 
at http://www.indomino.net/blog/. I also imported the GPG file suggested 
from http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt.

But when I ran this command below....

/usr/bin/sa-update –channelfile 
/etc/mail/spamassassin/sare-sa-update-channels.txt –gpgkey 856AA88A

...it returned to the prompt almost immediatley and no files were 
downloaded (I removed them from /etc/mail/spamassassin & 
/etc/mail/spamassassin/RulesDuJour)

Any suggestions?

Contents of channel file:

cat /etc/mail/spamassassin/sare-sa-update-channels.txt

updates.spamassassin.org
70_sare_adult.cf.sare.sa-update.dostech.net
70_sare_stocks.cf.sare.sa-update.dostech.net
70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net
70_sare_unsub.cf.sare.sa-update.dostech.net
70_sare_evilnum0.cf.sare.sa-update.dostech.net
70_sare_uri0.cf.sare.sa-update.dostech.net
70_sare_evilnum1.cf.sare.sa-update.dostech.net
70_sare_uri1.cf.sare.sa-update.dostech.net
70_sare_evilnum2.cf.sare.sa-update.dostech.net
70_sare_uri3.cf.sare.sa-update.dostech.net
70_sare_genlsubj0.cf.sare.sa-update.dostech.net
70_sare_whitelist_rcvd.cf.sare.sa-update.dostech.net
70_sare_genlsubj1.cf.sare.sa-update.dostech.net
70_sare_whitelist_spf.cf.sare.sa-update.dostech.net
70_sare_genlsubj2.cf.sare.sa-update.dostech.net
70_sare_genlsubj3.cf.sare.sa-update.dostech.net
72_sare_bml_post25x.cf.sare.sa-update.dostech.net
70_sare_header0.cf.sare.sa-update.dostech.net
99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
70_sare_header1.cf.sare.sa-update.dostech.net
70_sare_header2.cf.sare.sa-update.dostech.net
70_sare_header3.cf.sare.sa-update.dostech.net
70_sare_html0.cf.sare.sa-update.dostech.net
70_sare_html1.cf.sare.sa-update.dostech.net
70_sare_html2.cf.sare.sa-update.dostech.net
70_sare_html3.cf.sare.sa-update.dostech.net
70_sare_obfu.cf.sare.sa-update.dostech.net
70_sare_oem.cf.sare.sa-update.dostech.net
70_sare_random.cf.sare.sa-update.dostech.net
70_sare_specific.cf.sare.sa-update.dostech.net
70_sare_spoof.cf.sare.sa-update.dostech.net

Johnny Stork wrote:
> Hey thanks for replying with your suggestions. I think I am getting 
> closer.
>
> 1: I removed the "update_spamassassin" script from /etc/cron.daily
>
> 2: I did another test of /etc/cron.daily/rules_du_jour and noticed 
> that the *.cf files went into two locations
>
> /etc/mail/spamassassin
> &
> /etc/mail/spamassassin/RulesDuJour
>
>
> Is this what is supposed to happen? Same files in 2 locations.
>
> 3: What should I have in sare-sa-update-channels.txt to get ALL SARE 
> rules and the standard SA rules? I would rather not have to manage 
> this file with removing outdated rules, or adding new rules, just want 
> them all or some sort of suggested set, and all the standard SA rules. 
> I could then not even have to run rules_du_jour any longer.
>
>
> Contents of /etc/rulesdujour:
>
> ############################################################################### 
>
> # Fort Systems
> # Local RulesDuJour settings
> # Fri Nov 11 11:18:06 EST 2005
> ############################################################################### 
>
>
> #DEBUG="true"
>
> TRUSTED_RULESETS="SARE_REDIRECT_POST300 SARE_EVILNUMBERS2 
> SARE_BAYES_POISON_NXM SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3 
> SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3 SARE_SPECIFIC SARE_ADULT 
> SARE_BML SARE_FRAUD SARE_SPOOF SARE_RANDOM SARE_SPAMCOP_TOP200 
> SARE_OEM SARE_GENLSUBJ0 SARE_GENLSUBJ1 SARE_GENLSUBJ2 SARE_GENLSUBJ3 
> SARE_UNSUB SARE_URI0 SARE_URI1 SARE_URI3 SARE_WHITELIST_SPF 
> SARE_WHITELIST_RCVD SARE_OBFU SARE_STOCKS"
>
> SA_DIR="/etc/mail/spamassassin"
> MAIL_ADDRESS="root"
> SINGLE_EMAIL_ONLY="true"
> SA_LINT="/usr/bin/spamassassin -p 
> /etc/MailScanner/spam.assassin.prefs.conf --lint"
> SA_RESTART="/etc/init.d/MailScanner reload"
>
>
>
>
> René Berber wrote:
>> Johnny Stork wrote:
>>
>>> 1: /etc/cron.daily has "sa-update", "rules_du_jour" and
>>> "update_spamassassin". Are all these necessary?
>>
>> No. The 1st and the 3rd do the same thing, the 1st could do the work 
>> of the 2nd.
>>
>>> 2: Can the sa-update rules and RDJ rules download all be combined 
>>> into a
>>> single script/tool?
>>
>> Yes, sa-update can replace RDJ.
>>
>>> 3: Does it look like all my rules are currently being used and update?
>>
>> If you use sa-update and RDJ all the rules will be used.
>>
>> If sa-update is configured to get SARE rules, and you also use RDJ, 
>> both sets of
>> rules will be used, the redundancy (of 2 copies of the same rule) 
>> will be
>> handled by SA, the last one read wins... but you waste time reading 
>> it twice.
>>
>> I say redundancy because the RDJ script stores the files in one 
>> place, sa-update
>> in a different place.
>>
>>> 4: Does anyone have a suggested rules set, or channels file that can be
>>> used to manage and update all SA rules in a clear and simple 
>>> location/file?
>>
>> The recommended guide is:
>>
>> http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
>>
>>> 5: Any other suggestions for a simple to manage, and clean setup of SA
>>> and SARE rules and automatic update?
>>
>> sa-update has (currently) an advantage, it uses distributed/mirrored 
>> sites, RDJ
>> doesn't, the first one lets you check often (which is unnecessary), no
>> blacklisting. Both methods work fine.
>>
>> I use the RDJ script from Fortress and never did have a problem with 
>> RDJ.