The sys admin's daily grind: SA-Update
SA-Update helps beleaguered admins face the onslaught of consumer trash.
Spammers must be creative with the structure and content of their junk mail if they want to guarantee the dislike of any PC user anywhere in the world. Because I like to fight spammers on even terms, my SpamAssassin's filter rules need regular updates. Fortunately, I can turn to many channels for ammunition.
The tool that retrieves the updates and copies them to the right spot goes by the name of SA-Update .
A GPG key prevents various manipulation techniques such as DNS spoofing. To rejuvenate the default channel, updates.spamassassin.org, I first need the matching public key:
wget http://spamassassin.apache.org/updates/GPG.KEY gpg --import GPG.KEY sa-update --import GPG.KEY
Next, I create two files in the SpamAssassin folder. One of them, channels.text, lists the update channels. The second, keys.text, holds the GPG key IDs that I need for secure access. A call to
sa-update -D --channelfile/etc/spamassassin/channels.text--gpgkeyfile /etc/spamassassin/keys.text
starts the update. The -D parameter tells SA-Update to display debug information. Without this parameter – SA-Update is as taciturn as Charles Bronson's character Harmonica  – there is no such thing as your average verbose mode.
The return value gives an easy method of checking for a successful update. A return value of 0 means that SA-Update has added new filter rules. A value of 1 means that the ruleset was already up to date. A value of 4 or more indicates an error, and that means I need to check the debug output more closely.
To improve the spam detection rate, I like to add channels such as OpenProtect  or Daryl O'Shea . A useful overview of the rules of the SpamAssassin Rules Emporium (SARE) are available online , and the default ruleset is explained in detail . The filter rule short forms appear in the mail logs; thus, you can tell at a glance what SpamAssassin doesn't like about a message and which ruleset the tool used (Figure 1).
The most important question is, "Is it worthwhile?" Definitely! My spam filter's detection rates benefit considerably by extending the rulesets. Still, I like to keep an eye on the logfiles: The danger of false positives grows with each new filter rule you add.
- SA-Update: http://wiki.apache.org/spamassassin/RuleUpdates
- "Once Upon a Time in the West" ("C'era una Volta il West"), 1968, http://www.imdb.com/title/tt0064116/
- OpenProtect: http://saupdates.openprotect.com
- Daryl O'Shea: http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
- SARE: http://www.rulesemporium.com/rules.htm
- Default ruleset: http://spamassassin.apache.org/tests_3_2_x.html
Buy this article as PDF
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.