OpenProtect's SpamAssassin sa-update channel
SpamAssassin includes a script named sa-update to update the
spam rules automatically from different channels to catch different
kind of spam. To read more about sa-update, see sa-update.
We guys at OpenProtect have
created a channel which contains the recommended rules in the SARE
- SpamAssassin Rules Emporium. This way, rules can be updated
easily using sa-update, which ships with SA versions above 3.0. SARE
rules catches different kinds of spam including adult, spoof, stock
tips, fraud spam etc.
SARE provides several rules, some which have versions from
0-4, 0 being the one that catches most spam, while not blocking any
ham. Versions 1-4 which are new rules, which don't yet hit lots of spam
but blocks too many ham, are not present in this channel. We have
included all the 0 rules and other single version rules, and this has
been tested on our servers to give the highest spam catching rate,
while having low FP(False Positives) and have less memory consumption
too.
Steps to use our channel
Follow the steps below to have our channel working on your
mail server or any computer with SA > 3.0 installed on it.
- Run "sa-update" once to download the default SA rules from
the channel
"updates.spamassassin.org". This should enable SA find all its rules
files under the "/var/lib/spamassassin" directory from now onwards.
-
Have gnupg installed, if you wish to check the channel
files against our signature.
-
Run the command gpg --keyserver pgp.mit.edu
--recv-keys BDE9DC10 to import our public key from the mit
keyserver. The output should look like:
gpg: requesting key BDE9DC10 from hkp
server pgp.mit.edu
gpg: key BDE9DC10: public key "Opencomputing Technologies (Key to sign
all files from openprotect.com) "
imported
gpg: Total number processed: 1
gpg: imported: 1
- Now, export our key alone from root's public key ring by
running the command
gpg --armor -o pub.gpg --export BDE9DC10
The public key has been saved to the file pub.gpg
now.
- Import the public key into sa-update's trusted public keys
by running
sa-update --import pub.gpg
-
Another way to import our public key is get the gpg file
and import it manually using sa-update and gpg. The commands are
wget http://saupdates.openprotect.com/pub.gpg.
Now, import by running the command
sa-update --import pub.gpg which should return
without any error or output messages.
This isn't the preferred way, as the gpg file could be corrupted or
tampered with, if our server is hacked.
- Now schedule daily downloads of rules from this channel
using cron using the command
If you use SA versions 3.2.0 or above, use the following command:
sa-update --allowplugins --gpgkey
D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel
saupdates.openprotect.com,
where the 40 digit hex is our public key fingerprint and the channel is
the URL from which to download the rules.
If you use SA versions 3.1.x, use the command:
sa-update --gpgkey
D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel
saupdates.openprotect.com
The rules should be installed at /var/lib/spamassassin/
directory and SA will use all these rules by default.
- If you want to update the default SA rules, add the "
--channel updates.spamassassin.org" to your cron command. Now, both the
saupdates as well as the SA rules will be updated automatically from
now on. The cron command will look like:
sa-update --gpgkey
D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel
saupdates.openprotect.com --channel updates.spamassassin.org
The above command is for SA versions 3.1.x. For SA 3.2.x, don't forget to add the "--allowplugins" option also to the cron command.
- If you don't have gpg or don't want to check against our
signature, you can add the --nogpg option to the
above sa-update command to skip gpg signature checks.
