Goodbye Rules_du_jour, Welcome sa-update

I’ve been using Rules_du_jour for years now, and a very happy rules_du_jour user.

But since the ddos attack on rule semporium, I had severals problem on updating my SARE rulessets.

Since spamassassin version 3.x, spamassassin come with a little script called sa-update. Sa-update actually works like rules_du_jour script, to look for a new rulesets and update it.

As default, sa-update will look for their own update from updates.spamassassin.org (called channel), but we can create a new channels and tell sa-update to look for another rulesets. The most stable and usefull rulesets (beside spamassassin own rulesets) are from rulesemporium (SARE for short).

I will not discuss on how to use sa-update to update your SARE rulesets, because it already available (and a very good one too) in here.

But this is just a simple steps on how I do it.

  1. Basically, I disabled to rules_du_jour from cron script and delete all SARE rulesets from /etc/mail/spamassassin (in my CentOS).
  2. Create a new channels file and save it in /etc/. I named my channels file as sare-sa-update-channels.txt.
  3. Add entry in channels file for my SARE rulesets, and don’t forget to add the default that come from spamassasin.
  4. Add another cron job that run daily to run this script

sa-update –channelfile /etc/sare-sa-update-channels.txt –gpgkey 856AA88A

And this my channels file look like, you can copy paste it if you like.

updates.spamassassin.org
70_sare_adult.cf.sare.sa-update.dostech.net
70_sare_stocks.cf.sare.sa-update.dostech.net
70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net
70_sare_unsub.cf.sare.sa-update.dostech.net
70_sare_evilnum0.cf.sare.sa-update.dostech.net
70_sare_uri0.cf.sare.sa-update.dostech.net
70_sare_evilnum1.cf.sare.sa-update.dostech.net
70_sare_uri1.cf.sare.sa-update.dostech.net
70_sare_evilnum2.cf.sare.sa-update.dostech.net
70_sare_uri3.cf.sare.sa-update.dostech.net
70_sare_genlsubj0.cf.sare.sa-update.dostech.net
70_sare_whitelist_rcvd.cf.sare.sa-update.dostech.net
70_sare_genlsubj1.cf.sare.sa-update.dostech.net
70_sare_whitelist_spf.cf.sare.sa-update.dostech.net
70_sare_genlsubj2.cf.sare.sa-update.dostech.net
70_sare_genlsubj3.cf.sare.sa-update.dostech.net
72_sare_bml_post25x.cf.sare.sa-update.dostech.net
70_sare_header0.cf.sare.sa-update.dostech.net
99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
70_sare_header1.cf.sare.sa-update.dostech.net
70_sare_header2.cf.sare.sa-update.dostech.net
70_sare_header3.cf.sare.sa-update.dostech.net
70_sare_html0.cf.sare.sa-update.dostech.net
70_sare_html1.cf.sare.sa-update.dostech.net
70_sare_html2.cf.sare.sa-update.dostech.net
70_sare_html3.cf.sare.sa-update.dostech.net
70_sare_obfu.cf.sare.sa-update.dostech.net
70_sare_oem.cf.sare.sa-update.dostech.net
70_sare_random.cf.sare.sa-update.dostech.net
70_sare_specific.cf.sare.sa-update.dostech.net
70_sare_spoof.cf.sare.sa-update.dostech.net

The first line will tell sa-update to look for an updates from it default channels first.

You can learn more about sa-update in here

Uncategorized

Leave a Reply