RE: sa-update error wrong gpg key...
Hey guys..
We're seeing the same thing.. although slightly different.. this error has
only been happening for a week or so now.. everything's been fine before
that.. it seems to be with the RSA key generated on 15Jan..
An sa-update -D shows :
[/usr/local/etc/mail/spamassassin]# sa-update -D
[56267] dbg: logger: adding facilities: all
[56267] dbg: logger: logging level is DBG
[56267] dbg: generic: SpamAssassin version 3.2.4
[56267] dbg: config: score set 0 chosen.
[56267] dbg: dns: is Net::DNS::Resolver available? yes
[56267] dbg: dns: Net::DNS version: 0.62
[56267] dbg: generic: sa-update version svn607589
[56267] dbg: generic: using update directory: /var/db/spamassassin/3.002004
[56267] dbg: diag: perl platform: 5.008008 freebsd
[56267] dbg: diag: module installed: Digest::SHA1, version 2.11
[56267] dbg: diag: module installed: HTML::Parser, version 3.56
[56267] dbg: diag: module installed: Net::DNS, version 0.62
[56267] dbg: diag: module installed: MIME::Base64, version 3.07
[56267] dbg: diag: module installed: DB_File, version 1.814
[56267] dbg: diag: module installed: Net::SMTP, version 2.31
[56267] dbg: diag: module not installed: Mail::SPF ('require' failed)
[56267] dbg: diag: module not installed: Mail::SPF::Query ('require' failed)
[56267] dbg: diag: module not installed: IP::Country::Fast ('require'
failed)
[56267] dbg: diag: module installed: Razor2::Client::Agent, version 2.84
[56267] dbg: diag: module not installed: Net::Ident ('require' failed)
[56267] dbg: diag: module installed: IO::Socket::INET6, version 2.51
[56267] dbg: diag: module installed: IO::Socket::SSL, version 1.12
[56267] dbg: diag: module installed: Compress::Zlib, version 2.008
[56267] dbg: diag: module installed: Time::HiRes, version 1.9711
[56267] dbg: diag: module not installed: Mail::DomainKeys ('require' failed)
[56267] dbg: diag: module not installed: Mail::DKIM ('require' failed)
[56267] dbg: diag: module installed: DBI, version 1.601
[56267] dbg: diag: module installed: Getopt::Long, version 2.35
[56267] dbg: diag: module installed: LWP::UserAgent, version 2.033
[56267] dbg: diag: module installed: HTTP::Date, version 1.47
[56267] dbg: diag: module installed: Archive::Tar, version 1.38
[56267] dbg: diag: module installed: IO::Zlib, version 1.07
[56267] dbg: diag: module installed: Encode::Detect, version 1.00
[56267] dbg: gpg: Searching for 'gpg'
[56267] dbg: util: current PATH is:
/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin
[56267] dbg: util: executable for gpg was found at /usr/local/bin/gpg
[56267] dbg: gpg: found /usr/local/bin/gpg
[56267] dbg: gpg: release trusted key id list:
5E541DC959CB8BAC7C78DFDC4056A61A5244EC45
26C900A46DD40CD5AD24F6D7DEE01987265FA05B
0C2B1D7175B852C64B3CDC716C55397824F434CE
[56267] dbg: channel: attempting channel updates.spamassassin.org
[56267] dbg: channel: update directory
/var/db/spamassassin/3.002004/updates_spamassassin_org
[56267] dbg: channel: channel cf file
/var/db/spamassassin/3.002004/updates_spamassassin_org.cf
[56267] dbg: channel: channel pre file
/var/db/spamassassin/3.002004/updates_spamassassin_org.pre
[56267] dbg: dns: 4.2.3.updates.spamassassin.org => 611820, parsed as 611820
[56267] dbg: channel: preparing temp directory for new channel
[56267] dbg: generic: update tmp directory /tmp/.spamassassin56267NDLylZtmp
[56267] dbg: generic: lint checking site pre files once before attempting
channel updates
[56267] dbg: generic: SpamAssassin version 3.2.4
[56267] dbg: config: score set 0 chosen.
[56267] dbg: dns: is Net::DNS::Resolver available? yes
[56267] dbg: dns: Net::DNS version: 0.62
[56267] dbg: ignore: using a test message to lint rules
[56267] dbg: config: using "/usr/local/etc/mail/spamassassin" for site rules
pre files
[56267] dbg: config: read file /usr/local/etc/mail/spamassassin/init.pre
[56267] dbg: config: read file /usr/local/etc/mail/spamassassin/v310.pre
[56267] dbg: config: read file /usr/local/etc/mail/spamassassin/v312.pre
[56267] dbg: config: read file /usr/local/etc/mail/spamassassin/v320.pre
[56267] dbg: config: using "/tmp/.spamassassin56267NDLylZtmp/doesnotexist"
for sys rules pre files
[56267] dbg: config: using "/tmp/.spamassassin56267NDLylZtmp/doesnotexist"
for default rules dir
[56267] dbg: config: using
"/tmp/.spamassassin56267NDLylZtmp/doesnotexist/doesnotexist" for user prefs
file
[56267] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
[56267] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
[56267] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[56267] dbg: pyzor: local tests only, disabling Pyzor
[56267] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
[56267] dbg: razor2: local tests only, skipping Razor
[56267] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
[56267] dbg: reporter: local tests only, disabling SpamCop
[56267] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[56267] dbg: plugin: loadi
Re: sa-update error wrong gpg key...
Steve Monkhouse wrote: > Hey guys.. > > We're seeing the same thing.. although slightly different.. Not really the same thing. In the OPs case he wasn't using the key for the channel. In your case, your (I assume) recently updated version of GPG refuses to use the non-cross-certified key. > this error has > only been happening for a week or so now.. everything's been fine before > that.. it seems to be with the RSA key generated on 15Jan.. http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5775 Daryl
Re: sa-update error wrong gpg key...
Justin Mason wrote: > Kevin -- I have bad news. ;) that's not coming from our channels, > it's the sare.sa-update.dostech.net channel I'd guess. Hey, why's that bad news! :) > Kevin W. Gagel writes: >> Thanks for looking into this. I've copied and pasted everything below so >> that you have a complete picture. >> >> The command line is (in a cronjob): >> sa-update --allowplugins --channelfile >> /etc/mail/spamassassin/sa-update-keys/sa-update-channels && >> /etc/init.d/spamassassin restart >> 70_sare_adult.cf.sare.sa-update.dostech.net [...] >> >> This is what I receive in my inbox in the morning: >> error: GPG validation failed! >> The update downloaded successfully, but it was not signed with a trusted >> GPG >> key. Instead, it was signed with the following keys: >> >> 856AA88A >> >> Perhaps you need to import the channel's GPG key? For example: >> >> wget http://spamassassin.apache.org/updates/GPG.KEY >> sa-update --import GPG.KEY This is completely expected. You're missing --gpgkey 856AA88A from your command line and I'm not sure that you've imported the correct key or have just re-imported the default channel's key. Take a look at the instructions I have for these channels at: http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt Daryl
Re: sa-update error wrong gpg key...
Kevin -- I have bad news. ;) that's not coming from our channels, it's the sare.sa-update.dostech.net channel I'd guess. --j. Kevin W. Gagel writes: > - Original Message - > >hi Kevin -- what's the channel and command line? > > Hi Justin, > > Thanks for looking into this. I've copied and pasted everything below so > that you have a complete picture. > > The command line is (in a cronjob): > sa-update --allowplugins --channelfile > /etc/mail/spamassassin/sa-update-keys/sa-update-channels && > /etc/init.d/spamassassin restart > > The channels are (all of them are failing, copied from the > sa-update-channels file): > 70_sare_adult.cf.sare.sa-update.dostech.net > 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net > 70_sare_evilnum0.cf.sare.sa-update.dostech.net > 70_sare_evilnum1.cf.sare.sa-update.dostech.net > 70_sare_genlsubj0.cf.sare.sa-update.dostech.net > 70_sare_genlsubj2.cf.sare.sa-update.dostech.net > 70_sare_header.cf.sare.sa-update.dostech.net > 70_sare_html.cf.sare.sa-update.dostech.net > 70_sare_obfu0.cf.sare.sa-update.dostech.net > 70_sare_obfu1.cf.sare.sa-update.dostech.net > 70_sare_oem.cf.sare.sa-update.dostech.net > 70_sare_random.cf.sare.sa-update.dostech.net > 70_sare_specific.cf.sare.sa-update.dostech.net > 70_sare_spoof.cf.sare.sa-update.dostech.net > 70_sare_stocks.cf.sare.sa-update.dostech.net > 70_sare_unsub.cf.sare.sa-update.dostech.net > 70_sare_uri0.cf.sare.sa-update.dostech.net > 70_sare_whitelist.cf.sare.sa-update.dostech.net > 70_sare_whitelist_rcvd.cf.sare.sa-update.dostech.net > 70_sare_whitelist_spf.cf.sare.sa-update.dostech.net > 72_sare_bml_post25x.cf.sare.sa-update.dostech.net > 72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net > updates.spamassassin.org > > This is what I receive in my inbox in the morning: > error: GPG validation failed! > The update downloaded successfully, but it was not signed with a trusted > GPG > key. Instead, it was signed with the following keys: > > 856AA88A > > Perhaps you need to import the channel's GPG key? For example: > > wget http://spamassassin.apache.org/updates/GPG.KEY > sa-update --import GPG.KEY > > channel: GPG validation failed, channel failed > error: GPG validation failed! > The update downloaded successfully, but it was not signed with a trusted > GPG > key. Instead, it was signed with the following keys: > > 856AA88A > > Perhaps you need to import the channel's GPG key? For example: > > wget http://spamassassin.apache.org/updates/GPG.KEY > sa-update --import GPG.KEY > > channel: GPG validation failed, channel failed > error: GPG validation failed! > The update downloaded successfully, but it was not signed with a trusted > GPG > key. Instead, it was signed with the following keys: > > 856AA88A > > Perhaps you need to import the channel's GPG key? For example: > > wget http://spamassassin.apache.org/updates/GPG.KEY > sa-update --import GPG.KEY > > channel: GPG validation failed, channel failed > error: GPG validation failed! > The update downloaded successfully, but it was not signed with a trusted > GPG > key. Instead, it was signed with the following keys: > > 856AA88A > > Perhaps you need to import the channel's GPG key? For example: > > wget http://spamassassin.apache.org/updates/GPG.KEY > sa-update --import GPG.KEY > > channel: GPG validation failed, channel failed > error: GPG validation failed! > The update downloaded successfully, but it was not signed with a trusted > GPG > key. Instead, it was signed with the following keys: > > 856AA88A > > Perhaps you need to import the channel's GPG key? For example: > > wget http://spamassassin.apache.org/updates/GPG.KEY > sa-update --import GPG.KEY > > channel: GPG validation failed, channel failed > error: GPG validation failed! > The update downloaded successfully, but it was not signed with a trusted > GPG > key. Instead, it was signed with the following keys: > > 856AA88A > > Perhaps you need to import the channel's GPG key? For example: > > wget http://spamassassin.apache.org/updates/GPG.KEY > sa-update --import GPG.KEY > > channel: GPG validation failed, channel failed > error: GPG validation failed! > The update downloaded successfully, but it was not signed with a trusted > GPG > key. Instead, it was signed with the following keys: > > 856AA88A > > Perhaps you need to import the channel's GPG key? For example: > > wget http://spamassassin.apache.org/updates/GPG.KEY > sa-update --import GPG.KEY > > channel: GPG validation failed, channel failed > error: GPG validation failed! > The update downloaded successfully, but it was not signed with a trusted > GPG > key. Instead, it was signed with the following keys: > > 856AA88A > > Perhaps you need to import the channel's GPG key? For example: > > wget http://spamassassin.apache.org/updates/GPG.KEY > sa-update --import GPG.KEY > > channel: GPG validation failed, channel failed > error: GPG validation failed!
