> Theo Van Dinter wrote: > > On Wed, Aug 09, 2006 at 09:58:19AM -0700, Richard wrote: > >>> rules_du_jour was done when sa-update did not exists > >> are you implying that sa-update replaces rules-du-jour? > > > > That depends on what you mean by "replaces". > > > >> i though sa-update updates the SA distro's bundled rules, > but NOT any > >> additional SARE rules that require rules du jour. > > > > sa-update is a generic tool that lets users download > "channels" (ie: > bundles > > of rules/plugins) from anywhere that decides to publish > them (requires a > > certain setup, etc.) At the moment, the only published > channel that > I know > > of is updates.spamassassin.org. (all this is in > > http://wiki.apache.org/spamassassin/RuleUpdates btw) > > > > There's nothing stoping the SARE folks from publishing a > single or a > > bunch of channels and getting rid of RDJ in favor of > sa-update if they > > wanted to... There are some benefits either way I > suppose, and I'm > biased > > towards sa-update of course. :| > > > > This all going down a path I started last night after Theo's > replies on > Re: updates.spamassassin.org.cf overrides local.cf? I've > been reading > the Wiki throughout this morning. > > With regards to such things as SARE, it would be easy enough > for me to > setup RDJ on a server, downloading the just the rule sets I want and > then publish them to a channel of my own, running sa-update on my > servers to pull updates when available correct? > > Seems like a lot of work, but as others write more rules and > as rules be > come available from differing sources, this would be a very > nice way to > update only specific sets of rules that I want. The upside is that I > would not have to do anything custom on my SA installs other than add > channels to sa-update. > > Going further... > > I could see SARE rules offered on many channels though some > reorganization may be required. Channels such as post25, > pre30, header, > body, etc. There are too many rules to have a channel for each but > possibly sets of popular rules could be collected together. > > I could also see breaking my own local rules into individual > *.cf files. > I like the idea of moving all transient rules such as SARE and > TLS.cf(our local rules) into a common dir structure and location. > > /var/lib/spamassassin/$VER/updates.sare-fraud.rulesemporium.com > /var/lib/spamassassin/$VER/updates.sare-header.rulesemporium.com > /var/lib/spamassassin/$VER/updates.tls.local > /var/lib/spamassassin/$VER/updates.someOtherRulesHouse.com > > This would leave /usr/local/etc/mail/spamassassin containing only the > local site specific .pre files and local.cf which set > required options for my specific installation. > > Would all this be a correct interpretation on my part?
That sounds good to me. I think the real problem with doing this to SARE rules is the subsetting. Many of the SARE rulesets are subsetted so you can use just the 0 set which is likely not to impact HAM at all, the 1, 2, 3, or full combined set depending on how much risk of false positives you allow on your server. I guess what you'd really need is a way to update all the rules without re-writing the channel CF and PRE files. That way you could set your own CF and PRE to include only the rules you wanted to use while still updating the whole channel. It would be a tiny bit more overhead since you'd have to download the entire set of rules even if you weren't using them all, but probably the best compromise between that and having a channel for every rule subset. Bret
