Hello All,
After my post Help figuring our why SA is taking like 1.5 minutes to filter I decided to kind of clean up my configuration and also get rid of RulesDeJour. I now have configured sa-update with the following: Cron updates daily with the following: /usr/bin/sa-update --channelfile /ibin/sare-sa-update-channels.txt --nogpg ; /sbin/service spamassassin restart (having issues with the gpg so I am using nogpg for now) sare-sa-update-channels.txt Content: ---------------------------------------------------------------------------- ------ updates.spamassassin.org 70_sare_adult.cf.sare.sa-update.dostech.net 70_sare_stocks.cf.sare.sa-update.dostech.net 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net 70_sare_unsub.cf.sare.sa-update.dostech.net 70_sare_evilnum0.cf.sare.sa-update.dostech.net 70_sare_uri0.cf.sare.sa-update.dostech.net 70_sare_evilnum1.cf.sare.sa-update.dostech.net 70_sare_uri1.cf.sare.sa-update.dostech.net 70_sare_evilnum2.cf.sare.sa-update.dostech.net 70_sare_uri3.cf.sare.sa-update.dostech.net 70_sare_genlsubj0.cf.sare.sa-update.dostech.net 70_sare_whitelist_rcvd.cf.sare.sa-update.dostech.net 70_sare_genlsubj1.cf.sare.sa-update.dostech.net 70_sare_whitelist_spf.cf.sare.sa-update.dostech.net 70_sare_genlsubj2.cf.sare.sa-update.dostech.net 70_sare_genlsubj3.cf.sare.sa-update.dostech.net 72_sare_bml_post25x.cf.sare.sa-update.dostech.net 70_sare_header0.cf.sare.sa-update.dostech.net 99_sare_fraud_post25x.cf.sare.sa-update.dostech.net 70_sare_header1.cf.sare.sa-update.dostech.net 70_sare_header2.cf.sare.sa-update.dostech.net 70_sare_header3.cf.sare.sa-update.dostech.net 70_sare_html0.cf.sare.sa-update.dostech.net 70_sare_html1.cf.sare.sa-update.dostech.net 70_sare_html2.cf.sare.sa-update.dostech.net 70_sare_html3.cf.sare.sa-update.dostech.net 70_sare_obfu.cf.sare.sa-update.dostech.net 70_sare_oem.cf.sare.sa-update.dostech.net 70_sare_random.cf.sare.sa-update.dostech.net 70_sare_specific.cf.sare.sa-update.dostech.net 70_sare_spoof.cf.sare.sa-update.dostech.net spam_numbers.cf.sare.sa-update.dostech.net I noticed these updates go to /var/lib/spamassassin/X.XXX, my first question is does this folder automatically get used by SA when it's looking for rules, so there is no config I have to do? Second if I were to update to a specific folder lets say /myfolder I know I can pass the parameter on the sa-update of -updatedir /myfolder, however do I then have to specify in the local.cf anything to insure we are using that folder for rules? For reference if I have a backup folder within the rules folder called backup, will SA look at any of the rules I copied there without having a cf file telling it to include any files in that folder? In other words does it automatically use any cf files it finds within any subfolder of the main rules folder? Now my other question is about cleaning up old/outdated junk in my /etc/mail/spamassassin folder. Currently remaining I have the following: -rw-r--r-- 1 root root 22K Nov 16 2005 backhair.cf -rw-r--r-- 1 root root 108K Dec 15 2005 bogus-virus-warnings.cf -rw-r--r-- 1 root root 23K Aug 9 2005 chickenpox.cf -rw-r--r-- 1 root root 23K Jun 24 2005 chickenpox.cf.1 -rw-r--r-- 1 root root 5.7K May 17 2005 german.cf -rw-r--r-- 1 root root 3.1K Oct 31 14:04 iis_whitelist.cf -rw-r--r-- 1 root root 1.5K Feb 27 2006 iis_whitelist.cfy -rw-r--r-- 1 root root 948 Jun 14 16:19 init.pre -rw-r--r-- 1 root root 2.3K Jun 22 20:57 local.cf -rw-r--r-- 1 root root 1.9K Jan 9 2005 mime_validate.cf lrwxrwxrwx 1 root root 23 Dec 20 2005 NOTES -> /var/spool/filter/NOTES -rw-r--r-- 1 root root 4.8K May 25 2004 random.cf drwx------ 2 root root 4.0K Oct 31 02:50 sa-update-keys -rwxr-xr-x 1 root root 235 Feb 15 2006 sa_update.sh -rw-r--r-- 1 root root 62 Jun 14 16:19 spamassassin-default.rc -rwxr-xr-x 1 root root 35 Jun 14 16:19 spamassassin-helper.sh -rw-r--r-- 1 root root 55 Jun 14 16:19 spamassassin-spamc.rc -rw-r--r-- 1 root root 18K Jan 9 2005 spam_numbers.cf -rw-r--r-- 1 root root 182 Oct 31 03:14 spamtest -rw-r--r-- 1 root root 55K Jun 1 2005 tripwire.cf -rw-r--r-- 1 root root 816K Apr 24 2004 uce_domains.cftest -rw-r--r-- 1 root root 2.2K Jun 22 20:59 v310.pre -rw-r--r-- 1 root root 806 Jun 14 16:19 v312.pre -rw-r--r-- 1 root root 2.1K May 8 08:57 v320.pre 1. Is there a way for me to have sa-update update the .cf files here? 2. Should I get rid of any of these rules ( tripwire etc)? 3. Are there any other rules that do well that I should add? Anything that can be suggested to improve my configuration is GREATLY appreciated! My local.cf contains: required_score 4.0 # Change the subject of suspected spam #Jack rewrite_header subject *****SPAM***** rewrite_header Subject <<- SPAM Tagged->> # Encapsulate spam in an attachment (0=no, 1=yes, 2=safe) report_safe 1 # Enable the Bayes system use_bayes 1 # Enable Bayes auto-learning bayes_auto_learn 1 # Enable or disable network checks skip_rbl_checks 1 use_razor2 1 use_dcc 1 use_pyzor 1 # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. #ok_languages all # Mail using locales used in these country codes will not be marked # as being possibly spam in a foreign language. ok_locales all # ........................................................................ clear_report_template report THIS IS SPAM MESSAGE----- report report Content preview: _PREVIEW_ report report Content analysis details: (_SCORE_ points, _REQD_ required) report report " pts rule name description" report ---- ---------------------- -------------------------------------------------- report _SUMMARY_ # ........................................................................ # -----< Scores >--------------------------------------------------------------------- score URIBL_SBL 7 score URIBL_SC_SURBL 7 score URIBL_WS_SURBL 7 score URIBL_PH_SURBL 7 score URIBL_OB_SURBL 7 score URIBL_AB_SURBL 7 score URIBL_JP_SURBL 7 ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ------------------- end of local.cf -------------------