Spam Assassin v3.20 throwing errors

[sparek-3]

As long as spamassassin passes the lint test after you add these rules, there shouldn't be any problem.

spamassassin --lint -D

One thing to note, its really not necessary to use the channelfile option if you are just including one channel.

You might consider something like:

/usr/bin/sa-update
/usr/bin/sa-update --nogpg --channel saupdates.openprotect.com
/usr/bin/sa-update --nogpg --channel 70_sare_whitelist.cf.sare.sa-update.dostech.net

or add both channels to a channels file

/path/to/sare-sa-update-channels.txt:

Code:

saupdates.openprotect.com
70_sare_whitelist.cf.sare.sa-update.dostech.net

and then running:

/usr/bin/sa-update
/usr/bin/sa-update --channelfile /path/to/sare-sa-update-channels.txt

[aeroweb]

Thanks for the reply!

Putting both channels in a channel file actually makes the most sense for us. Especially if we we plan to add/change more channels in the future. Thanks for the tip. Im just curious as to whether we need to import the gpg keys or if we can flag them as --nogpg in a similar way as in the script? Trial and error should tell that story.

Come to think of it, this was actually quite obvious, duh . We have experience with RulesDuJour but we are still playing with sa-update to see exactly how it behaves.

Thanks again for your comments!

[internetfab]

They seem to have fixed the meta info for adult, but I'm still getting error about other rules: 70_sare_obfu0

Code:

spamd[16193]: Malformed UTF-8 character (unexpected non-continuation byte 0x00, immediately after start byte 0xce) in pattern match (m//) at /var/lib/spamassassin/3.002000/saupdates_openprotect_com/70_sare_obfu0.cf, rule SARE_OBFU_XANAX, line 1, <GEN22> line 131.

So im running without the extra rules for now..

[10101]

I'd suggest that you use sa-update to keep the SARE rules up to date rather than downloading and installing them manually:

/usr/bin/sa-update --nogpg --channel saupdates.openprotect.com

Run that in a cronjob on a daily basis and remove the rules that you have in /etc/mail/spamassassin/. The recommended rules will then be kept up to date in the directory tree /var/lib/spamassassin/

So once /usr/bin/sa-update --nogpg --channel saupdates.openprotect.com has been run soes SpamAssassin know to use those rulesets instead of /etc/mail/spamassassin?

[JC]

They seem to have fixed the meta info for adult, but I'm still getting error about other rules: 70_sare_obfu0

Code:

spamd[16193]: Malformed UTF-8 character (unexpected non-continuation byte 0x00, immediately after start byte 0xce) in pattern match (m//) at /var/lib/spamassassin/3.002000/saupdates_openprotect_com/70_sare_obfu0.cf, rule SARE_OBFU_XANAX, line 1, <GEN22> line 131.

So im running without the extra rules for now..

True... I ended up commenting out just that rule so it doesn't load and the errors disappeared.
Apart from that one I have not seen any more errors so far.

Ragards

[chirpy]

SARE have said that they've updated all the rules now. Either way, upgrading to perl v5.8.8 makes the issue moot.

[JC]

SARE have said that they've updated all the rules now. Either way, upgrading to perl v5.8.8 makes the issue moot.

70_sare_obfu0.cf (which comes in the openprotect.com package) still generates errors and the modified date is 2005-10-01, meaning it hasn't been updated :-)

In fact it seems that from the 70_sare_obfuX rules only obfu1.cf was updated.
Regards

[sparek-3]

According the Sare-user mailing list, the 70_sare_obfu.cf rule was just updated. It will likely take some time for those changes to trickle down to all of the update channels, but it should be fully propagated by tomorrow.

Again, this cannot be stressed enough, if you upgrade to perl 5.8.8, you do not run into these problems. The problems with the rulesets only apply if you are running perl 5.8.7 or older.

[plague]

Well, our servers do not present this errors after the upgrade of cPanel to v11.0 nor spamassassin to 3.2. But, how posted by "Mr McCabbage":

... When enabling it, it reports that my settings are working, but it doesn't apply any to emails. The headers do show it is being filtered though, at the default score of 5...

No matter how we change the settings in the SpamAssassin™ Configuration in cPanel, it always set the score to 5.0, and the whitelists and blacklists doesn't work too. Trying to solve this problem, i have updated perl from 5.8.7 to 5.8.8:

wget http://layer1.cpanel.net/perl588installer.tar.gz
tar xfz perl588installer.tar.gz
cd perl588installer
./install

and than updated de rules:

/usr/bin/sa-update

after that i began receive the rules errors in /var/log/maillog. To solve this i ran:

/scripts/perlinstaller --force Mail::SpamAssassin

moved the files from /etc/mail/spamassassin and than updated the rules again with this:

/usr/bin/sa-update
/usr/bin/sa-update --nogpg --channel saupdates.openprotect.com

Ok, maillog don't show the error messages anymore, but the SpamAssassin™ Configuration is still not working. I set the score to 10, the header shows that the required is 5. I tried to add my email in the whitelist and send a spam test, and was blocked.

Somebody fixed or notified this problem?

[nettigritty]

strangely /scripts/fixspamassassinfailedupdate has taken spamassassin back to 3.1.8 and upcp --force has not upgraded it to 3.2 .. was spamassassin rolled back to 3.1.8 or is something else wrong here?

[nettigritty]

this looks like the problem ..

Going to read /home/.cpan/Metadata
Database was generated on Fri, 08 Jun 2007 03:09:50 GMT
cPCPAN: Module (Mail::SpamAssassin) holdback (3.002000 held back to 3.1.8)
Mail::SpamAssassin is up to date (3.001008).

any fix ideas?

[nettigritty]

running cpan Mail::SpamAssassin seems to have installed 3.2.. going to upcp again to make sure it works ok...

[nettigritty]

i had to untick spamassassin setting, save, then go back, enable and restart exim again from the exim config editor in WHM to get it working with 3.2 but its working fine now.

[wtl]

Despite the various conflicting reports of success and failure here, I found that no matter what I do, pulling down all of the updates from openprotect.com results in many "undefined dependency" problems, and it seems like that is preventing spam assassin from properly processing messages, or at least a lot of our customers have complained of receiving a lot of spam lately.

So, for what it's worth, I went through each SARE ruleset from http://www.rulesemporium.com and determined which would present undefined dependency problems.

The results is that I seem to be okay with this update command:

Code:

sa-update --nogpg \
--channel updates.spamassassin.org \
--channel 70_sare_adult.cf.sare.sa-update.dostech.net \
--channel 70_sare_oem.cf.sare.sa-update.dostech.net \
--channel 70_sare_whitelist_rcvd.cf.sare.sa-update.dostech.net \
--channel 70_sare_random.cf.sare.sa-update.dostech.net \
--channel 70_sare_whitelist_spf.cf.sare.sa-update.dostech.net \
--channel 70_sare_ratware.cf.sare.sa-update.dostech.net \
--channel 70_sc_top200.cf.sare.sa-update.dostech.net \
--channel 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net \
--channel 70_sare_specific.cf.sare.sa-update.dostech.net \
--channel 72_sare_bml_post25x.cf.sare.sa-update.dostech.net \
--channel 70_sare_evilnum0.cf.sare.sa-update.dostech.net \
--channel 70_sare_unsub.cf.sare.sa-update.dostech.net \
--channel 99_sare_fraud_post25x.cf.sare.sa-update.dostech.net \
--channel 70_sare_highrisk.cf.sare.sa-update.dostech.net \
--channel 70_sare_uri0.cf.sare.sa-update.dostech.net \
--channel 70_sare_obfu.cf.sare.sa-update.dostech.net \
--channel 70_sare_whitelist.cf.sare.sa-update.dostech.net

Disclaimers:

1. Use at your own risk, I assume no responsibility for problems.

2. rm -rf /var/lib/spamassassin/* to remove all current rules before running.

3. Check /etc/mail/spamassassin for leftover sare rules from previous version of spamassassin.

4. I really don't know anything about the suitability of the above rulesets, they're simply all of them that seem to work with the latest spamassassin provided by CPanel 11.

5. I believe the whitelist_spf ruleset will require that you have the Mail::SPF perl mod installed.

6. Run spamassassin --lint -D afterwards to make sure there are no errors.