wiki:RuleUpdates

Updating SpamAssassin Rules

SpamAssassin ships with an extensive set of rules, but over time those rules lose some of their effectiveness, since spammers download SpamAssassin and use it to test their new spam. Rules that perform very well on the day a new version of SpamAssassin is released may start hitting less frequently after a month or two, and their scores may no longer reflect their effectiveness at detecting spam.

Rather than waiting for the next SpamAssassin release, however, there are ways that you can update your rules on a daily basis, downloading the latest versions of existing rules as well as all-new rules that have been added since the last release. By doing this, you can keep SpamAssassin working at peak efficiency, even as spammers adapt to new rules.

The recommended way to update your SpamAssassin rules these days is to use the sa-update script that ships with SpamAssassin. It can be used to update your core SpamAssassin rules, as well as third-party rules from the SpamAssassin Rules Emporium (SARE).

NOTE: If you're using the older RulesDuJour script for updating your SpamAssassin rules, you should consider replacing it with sa-update, as RulesDuJour is deprecated and no longer being maintained.

Updating SpamAssassin's Core Rules

If you only want to update SpamAssassin's core rules (i.e. you're not interested in using third-party rules from SARE), you can run sa-update as follows, adding it as a daily cron job. This sequence looks for rule updates on the official SpamAssassin channel (updates.spamassassin.org), and if it makes any updates it then recompiles the rules for efficiency, tells Maia about any new rules, and restarts amavisd-maia.

sa-update && /usr/bin/sa-compile && /var/amavisd/maia/scripts/load-sa-rules.pl && /sbin/service amavisd restart

Updating SARE Rules

If you also wish to update third-party rules from the SpamAssassin Rules Emporium, you have a couple of options:

  • OpenProtect provides a pre-packaged set of SARE's most conservative (i.e. level-0) rulesets in one convenient channel. This saves you the trouble of having to hand-pick the rulesets you wish to use, but it also limits you to the rules that OpenProtect has chosen to include, so more aggressive rules with levels 1-4 are not available. This is a good choice for novices and for production environments where conservative rules are favoured.
  • DOStech publishes all of the SARE rulesets in individual channels, allowing you to pick and choose the rulesets you wish to use. This flexibility comes with some complexity however, since it means having to decide which rulesets are appropriate for your site. This is a good choice for advanced mail administrators and power users who want fine-grained control over their SARE updates.

Using OpenProtect Channels

Download the channel's GPG key:

wget http://saupdates.openprotect.com/pub.gpg

Import the GPG key into sa-update's keyring:

sa-update --import pub.gpg

Create a text file (e.g. sare-sa-update-channels.txt) that lists the official SpamAssassin update channel (updates.spamassassin.org, for your core rules) and the OpenProtect channel (saupdates.openprotect.com, for the SARE rulesets).

NOTE: The order of these channels in the text file is important. The updates.spamassassin.org channel must always be the first channel in the list.

updates.spamassassin.org
saupdates.openprotect.com

You can then run sa-update as follows, adding it as a daily cron job. This sequence looks for rule updates on both channels (SpamAssassin and OpenProtect), and if it makes any updates it then recompiles the rules for efficiency, tells Maia about any new rules, and restarts amavisd-maia.

sa-update --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channelfile /path/to/sare-sa-update-channels.txt && /usr/bin/sa-compile && /var/amavisd/maia/scripts/load-sa-rules.pl && /sbin/service amavisd restart

Using DOStech Channels

Download the channel's GPG key:

wget http://daryl.dostech.ca/sa-update/sare/GPG.KEY

Import the GPG key into sa-update's keyring:

sa-update --import GPG.KEY

Visit the SpamAssassin Rules Emporium and make a list of the rulesets you wish to use. Add the names of these rulesets to a text file (e.g. sare-sa-update-channels.txt), and append ".sare.sa-update.dostech.net" to the name of each ruleset, e.g. 70_sare_header2.cf becomes 70_sare_header2.cf.sare.sa-update.dostech.net.

NOTE: The first channel in the file must be updates.spamassassin.org. e.g.

updates.spamassassin.org
72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net
70_sare_evilnum0.cf.sare.sa-update.dostech.net
70_sare_evilnum1.cf.sare.sa-update.dostech.net
70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net
70_sare_html0.cf.sare.sa-update.dostech.net
70_sare_html1.cf.sare.sa-update.dostech.net
70_sare_html2.cf.sare.sa-update.dostech.net
70_sare_html3.cf.sare.sa-update.dostech.net
70_sare_html_eng.cf.sare.sa-update.dostech.net
70_sare_header0.cf.sare.sa-update.dostech.net
70_sare_header1.cf.sare.sa-update.dostech.net
70_sare_header2.cf.sare.sa-update.dostech.net
70_sare_header3.cf.sare.sa-update.dostech.net
70_sare_header_eng.cf.sare.sa-update.dostech.net
70_sare_specific.cf.sare.sa-update.dostech.net
70_sare_adult.cf.sare.sa-update.dostech.net
72_sare_bml_post25x.cf.sare.sa-update.dostech.net
99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
70_sare_spoof.cf.sare.sa-update.dostech.net
70_sare_random.cf.sare.sa-update.dostech.net
70_sare_oem.cf.sare.sa-update.dostech.net
70_sare_genlsubj0.cf.sare.sa-update.dostech.net
70_sare_genlsubj1.cf.sare.sa-update.dostech.net
70_sare_genlsubj2.cf.sare.sa-update.dostech.net
70_sare_genlsubj3.cf.sare.sa-update.dostech.net
70_sare_genlsubj_eng.cf.sare.sa-update.dostech.net
70_sare_unsub.cf.sare.sa-update.dostech.net
70_sare_uri0.cf.sare.sa-update.dostech.net
70_sare_uri1.cf.sare.sa-update.dostech.net
70_sare_uri2.cf.sare.sa-update.dostech.net
70_sare_uri3.cf.sare.sa-update.dostech.net
70_sare_uri_eng.cf.sare.sa-update.dostech.net
70_sare_obfu0.cf.sare.sa-update.dostech.net
70_sare_obfu1.cf.sare.sa-update.dostech.net
70_sare_obfu2.cf.sare.sa-update.dostech.net
70_sare_stocks.cf.sare.sa-update.dostech.net

You can then run sa-update as follows, adding it as a daily cron job. This sequence looks for rule updates on all channels (SpamAssassin and the DOStech channels), and if it makes any updates it then recompiles the rules for efficiency, tells Maia about any new rules, and restarts amavisd-maia.

sa-update --gpgkey 856AA88A --channelfile /path/to/sare-sa-update-channels.txt && /usr/bin/sa-compile && /var/amavisd/maia/scripts/load-sa-rules.pl && /sbin/service amavisd restart

Back to FAQ

Last modified 15 years ago Last modified on May 26, 2008, 6:25:49 AM