SARE Rules worth it?

Steve Campbell campbell at cnpapers.com
Fri Nov 14 19:28:09 GMT 2008 


Steve Campbell wrote:
>
>
> Martin Hepworth wrote:
>> 2008/11/14 Steve Campbell <campbell at cnpapers.com>:
>>  
>>> Martin Hepworth wrote:
>>>    
>>>> 2008/11/12 Devon Harding <devonharding at gmail.com>:
>>>>
>>>>      
>>>>> Is using the SARE rules in spamassassin still worth it?  I'm still
>>>>> getting
>>>>> quite a few obvious spam coming through and bayes is not cutting 
>>>>> it.  I'm
>>>>> running MS 4.72 with SA 3.2.5 and all out of ideas.  Any thoughts?
>>>>>
>>>>> -Devon
>>>>>
>>>>> -- 
>>>>> MailScanner mailing list
>>>>> mailscanner at lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>>
>>>>>
>>>>>         
>>>> Definitely worth it, also consider the sought.cf ruleset and of course
>>>> running sa-update on a regular (daily) basis.
>>>>
>>>>
>>>>       
>>> After visiting the taint.org site, and reviewing the sought.cf 
>>> stuff, can
>>> someone explain to me whether I should somehow integrate this into my
>>> sa-update script that I already have, or whether I am supposed to 
>>> use the
>>> script as standalone that the website provides.
>>>
>>> Thanks
>>>
>>> Steve Campbell
>>>
>>>     
>>
>> steve
>>
>> the taint.org site tells you how to install the gpg key into sa-update
>> and use sa-update to update it regularly.
>>
>> http://taint.org/2007/08/15/004348a.html
>>   
> Thanks Martin,
>
> The problem is that there is fuzziness in my mind again. Mailscanner 
> (I think by way of Julian's SA install.sh) places a script in 
> cron.daily called update_spamassassin that calls sa-update. It makes 
> reference someplace to review /etc/sysconfig/MailScanner for additions 
> to the default. I can't remember where I saw that. So, do I run the 
> example from taint.org as a standalone call from my crontab, or do I 
> add something somewhere so that the update_spamassassin script 
> incorporates the stuff from the taint page, and where and how do I do 
> that?
>
> steve

What I did to test this all: as root

 > wget http://yerp.org/rules/GPG.KEY
 > sa-update --import GPG.KEY
# To test that I got something - which it did
 > sa-update --gpgkey 6C6191E3 --channel sought.rules.yerp.org

I then changed /etc/sysconfig/MailScanner as below
SAUPDATEARGS="--gpgkey 6C6191E3 --channel sought.rules.yerp.org"

I then changed /usr/sbin/update_spamassassin as below to keep the log file
# rm -f $LOGFILE

My /etc/cron.daily/update_spamassassin has in it the following:
UPDATEMAXDELAY=300

The only thing the log file has it it is that MailScanner was reloaded.

When I go to Mailwatch and update my rule descriptions, I cannot find a 
rule with JM_SOUGHT in it, so I'm guessing there is something else I 
need to do to move the rules into a rule folder and to make the 
sa-update work for the sought files as they weren't updated in 
/var/lib/spamassassin/3.002.005.

Thanks for looking and helping

steve

More information about the MailScanner mailing list