Semi-OT: Rule2XSBody - resolved.

Julian Field MailScanner at ecs.soton.ac.uk
Fri Jun 26 15:12:30 IST 2009



On 26/06/2009 15:04, Randal, Phil wrote:
> Stef Morrell wrote:
>    
>>> -----Original Message-----
>>> From: mailscanner-bounces at lists.mailscanner.info
>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
>>> Julian Field Sent: 26 June 2009 14:07
>>>
>>> On 26/06/2009 13:42, Stef Morrell wrote:
>>>        
>>>>> -----Original Message-----
>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
>>>>> Julian Field
>>>>>
>>>>> On 26/06/2009 12:39, Stef Morrell wrote:
>>>>>
>>>>>            
>>>>>> Hello,
>>>>>>
>>>>>> I see the new wiki page recommends compiling the regex for the
>>>>>> Rule2XSBody plugin.
>>>>>>
>>>>>> What I can't see from the Rule2XSBody or sa-compile
>>>>>>
>>>>>>              
>>>>> documentation is
>>>>>
>>>>>            
>>>>>> how this copes with rule changes.
>>>>>>
>>>>>> A quick google only had one opinion
>>>>>> (http://www.davidpashley.com/blog/debian/sa-compile) which
>>>>>> suggests for every rule change, a new compile is required.
>>>>>>
>>>>>> Unfortunately, it takes quite a long time to compile all
>>>>>>
>>>>>>              
>>>>> the rules and
>>>>>
>>>>>            
>>>>>> considering the download of Julian's spear phishing every hour, I
>>>>>> could end up spending more CPU time compiling rules, than
>>>>>> applying them to spam.
>>>>>>
>>>>>> The question then, is how to resolve the dichotomy. I may well
>>>>>> have rules which supercede, replace, or add to the compiled
>>>>>>
>>>>>>              
>>>>> rules. Equally,
>>>>>
>>>>>            
>>>>>> some of the compiled rules may be out of date and shouldn't
>>>>>>
>>>>>>              
>>>>> be there.
>>>>>
>>>>>            
>>>>>> Do I, in fact, need to perform a new compile for each and
>>>>>>
>>>>>>              
>>>>> every rule
>>>>>
>>>>>            
>>>>>> change (in which case, it's not worth me using compiled
>>>>>>
>>>>>>              
>>>>> rules) or does
>>>>>
>>>>>            
>>>>>> spamassassin somehow 'know' which rules have changed in the source
>>>>>> files, so I can run a compile perhaps once a day.
>>>>>>
>>>>>>
>>>>>>
>>>>>>              
>>>>> Rules that aren't sa-compiled will still be used, and you don't
>>>>> have to compile all your local rulesets. I just run sa-compile
>>>>> after sa-update in /usr/sbin/update_spamassassin and leave all my
>>>>> local rulesets as is. Seems to work fine for me.
>>>>>
>>>>>            
>>>> That's almost certainly ideal. How does one explain to sa-compile
>>>> that it should ignore local rulesets?
>>>>
>>>>          
>>> You don't appear to need to, it only compiles what it finds under
>>> /var/lib/spamassassin.
>>>        
>> It's not very clear from the documentation. "sa-compile uses re2c to
>> compile the site-wide parts..." To my mind, /etc/mail/spamassassin is
>> 'site-wide'.
>>
>> Still, that's useful to know and solves my problem. Many thanks.
>>
>> Stef
>>      
> Hmmm, I've just checked both the sa-compile source and the generated
> rules here, and it does use the stuff it finds in
> /etc/mail/spamassassin.
>    
But does it still use the uncompiled rules if they have been replaced 
since the last sa-compile, or do we need to re-do sa-compile every time 
we update any rules anywhere?

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list