Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: sa-update on 5.x

  1. #1
    su_A_ve is offline Advanced Member
    Join Date
    Dec 2006
    Posts
    183
    Rep Power
    8

    Unhappy sa-update on 5.x

    We've been hit with the DNS_FROM_OPENWHOIS issue and instead of trying to play catch up as with the other issue from January, I figured let's get sa-update working.

    Installed spamassassin rpm and (as zimbra) imported the gpg key from dostech.net to add the SARE channels.

    As zimbra, I ran:

    Code:
    /usr/bin/sa-update --channelfile /usr/local/etc/SARE-sa-update-channels.txt --gpgkey 856AA88A --updatedir /opt/zimbra/conf/spamassassin --gpghomedir /opt/zimbra/conf/spamassassin
    The SARE-sa-update-channels.txt is:

    Code:
    updates.spamassassin.org
    72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net
    70_sare_evilnum0.cf.sare.sa-update.dostech.net
    70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net
    70_sare_html0.cf.sare.sa-update.dostech.net
    70_sare_html_eng.cf.sare.sa-update.dostech.net
    70_sare_header0.cf.sare.sa-update.dostech.net
    70_sare_header_eng.cf.sare.sa-update.dostech.net
    70_sare_specific.cf.sare.sa-update.dostech.net
    70_sare_adult.cf.sare.sa-update.dostech.net
    72_sare_bml_post25x.cf.sare.sa-update.dostech.net
    99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
    70_sare_spoof.cf.sare.sa-update.dostech.net
    70_sare_random.cf.sare.sa-update.dostech.net
    70_sare_oem.cf.sare.sa-update.dostech.net
    70_sare_genlsubj0.cf.sare.sa-update.dostech.net
    70_sare_genlsubj_eng.cf.sare.sa-update.dostech.net
    70_sare_unsub.cf.sare.sa-update.dostech.net
    70_sare_uri0.cf.sare.sa-update.dostech.net
    70_sare_obfu0.cf.sare.sa-update.dostech.net
    70_sare_stocks.cf.sare.sa-update.dostech.net
    This created a directory for each of the above entries, and the corresponding cf, ie:

    Code:
    drwxr-x---  2 zimbra zimbra 4096 Mar 26 16:28 updates_spamassassin_org
    -rw-r-----  1 zimbra zimbra 2431 Mar 26 16:28 updates_spamassassin_org.cf
    But it seems the top level files are still being in use instead of the new ones inside these directories. After running zmamavisctl reload or zmantispamctl reload, I still am getting the old rules:

    Code:
    X-Spam-Status: No, score=1.681 tagged_above=-10 required=6.6
    	tests=[ALL_TRUSTED=-1.8, AWL=-0.000, BAYES_00=-2.599,
    	DNS_FROM_OPENWHOIS=1.13, FH_DATE_PAST_20XX=3.188,
    	MISSING_SUBJECT=1.762]
    Any ideas???

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Check to ensure you have no errors in your configuration
    Code:
    /usr/bin/spamassassin -p /opt/zimbra/conf/salocal.cf --siteconfigpath /opt/zimbra/conf/spamassassin -D --lint > /tmp/sacheck.txt 2>&1
    Then view the sacheck.txt file and see whether the rules are being pulled in.

  3. #3
    su_A_ve is offline Advanced Member
    Join Date
    Dec 2006
    Posts
    183
    Rep Power
    8

    Default

    OK - Lookikng at the output from the check above, (and this might sound stoopid) but I now assume the existing rules in the top level /opt/zimbra/conf/spamassassin need to be removed?

    I'm currently reading from:

    [24761] dbg: config: using "/usr/share/spamassassin" for sys rules pre files
    [24761] dbg: config: using "/usr/share/spamassassin" for default rules dir
    [24761] dbg: config: using "/opt/zimbra/conf/spamassassin" for site rules dir
    [24761] dbg: config: using "/opt/zimbra/conf/salocal.cf" for user prefs file

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Further down the output you should see it pulling in the updates ? Are you able to post the whole log please ?

  5. #5
    su_A_ve is offline Advanced Member
    Join Date
    Dec 2006
    Posts
    183
    Rep Power
    8

    Default

    Quote Originally Posted by uxbod View Post
    Further down the output you should see it pulling in the updates ? Are you able to post the whole log please ?
    Attaching the whole log file. It seems to be including the updates as I see several one of each of these for them:

    [24761] dbg: config: fixed relative path: /opt/zimbra/conf/spamassassin/updates_spamassassin_org/80_additional.cf
    [24761] dbg: config: using "/opt/zimbra/conf/spamassassin/updates_spamassassin_org/80_additional.cf" for included file
    [24761] dbg: config: read file /opt/zimbra/conf/spamassassin/updates_spamassassin_org/80_additional.cf

    But from doing some testing, I still see some of rules that came with Zimbra still being used, such as the DNS_FROM_OPENWHOIS:

    X-Spam-Status: No, score=0.087 tagged_above=-10 required=6.6
    tests=[ALL_TRUSTED=-1.8, AWL=1.594, BAYES_00=-2.599,
    DNS_FROM_OPENWHOIS=1.13, MISSING_SUBJECT=1.762]

    I was under the impression that enabling sa-update would actually update the SA rules, however, it seems that these are getting merged with the zimbra stock ones. I do notice the FH_DATE_PAST_20XX is not being triggered. On my original post, this rule was effective, but at the time I hadn't done a full zmcontrol stop/start.
    Attached Files Attached Files

  6. #6
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Would you be able to do a
    Code:
    su - zimbra
    zmamavisdctl stop
    Once that is done please check that all amavis processes have died
    Code:
    ps aux | grep -i amavis
    and if they have then start up again
    Code:
    su - zimbra
    zmamavisdctl start
    I am just wondering whether a rogue amavis process is still running.

  7. #7
    su_A_ve is offline Advanced Member
    Join Date
    Dec 2006
    Posts
    183
    Rep Power
    8

    Default

    Verified that amavis was down, however, I'm still picking up the DNS_FROM_OPENWHOIS rule.

    This rule is present in the original 72_actvie.cf with the zimbra stock SA. The updated version of this file inside the updates_spamassassin_org directory no longer has the rule.

    Again, I think both of them are merged...

  8. #8
    su_A_ve is offline Advanced Member
    Join Date
    Dec 2006
    Posts
    183
    Rep Power
    8

    Default

    Bump ?????

  9. #9
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Hmmm, as a intermediary step move the downloaded rules into the top level and see if that resolves the problem.

  10. #10
    su_A_ve is offline Advanced Member
    Join Date
    Dec 2006
    Posts
    183
    Rep Power
    8

    Default

    Quote Originally Posted by uxbod View Post
    Hmmm, as a intermediary step move the downloaded rules into the top level and see if that resolves the problem.
    After some long testing, it seems we need to remove all ??_*.cf files from the top directory as these are replaced with the ones inside the sub directories.

    Hope this is ok - not sure how to actually run a lint using the stock spamassassin...

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: 04-26-2010, 07:22 AM
  2. Replies: 18
    Last Post: 08-15-2009, 05:23 AM
  3. mysql not starting, sort of.
    By lhutton in forum Installation
    Replies: 6
    Last Post: 06-19-2009, 10:45 AM
  4. SPAM update ports
    By feiticeir0 in forum Administrators
    Replies: 4
    Last Post: 05-27-2009, 04:31 AM
  5. i am so tired for zimbra update too quickly!!
    By nxzwt in forum Administrators
    Replies: 7
    Last Post: 05-08-2007, 09:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •