Hi,
This is to notify you about another SARE channel with the most used
rules available as a single channel. If you're not the type to try every
single rule in SARE and manually select them, you can instead use this
single channel instead.
Protect's Sa-update channel for SARE
Sa-update
<#>,
as the linked page says is a way to download new rules from different
places called channels.
We guys at Protect <http://openprotect.comhave created a channel
which contains the recommended rules in the SARE - SpamAssassin Rules
Emporium <http://www.rulesemporium.com/>. This way, rules can be updated
easily using sa-update, which ships with SA versions above 3.0.
Steps to use our channel
Follow the steps below to have our channel working on your mail server
or any computer with SA 3.0 installed on it.
*
Have gnupg installed, if you wish to check the channel files
against our signature.
*
Run the command *gpg pgp.mit.edu BDE9DC10*
to import our public key from the mit keyserver. The output should
look like:
gpg: requesting key BDE9DC10 from hkp server pgp.mit.edu
gpg: key BDE9DC10: public key " Technologies (Key to
sign all files from openprotect.com) " imported
gpg: Total number processed: 1
gpg: imported: 1
* Now, copy the trusted public keys from root to SA by running the
command *cp -f /root/.gnupg/pubring.gpg
/*
*
Another way to import our public key is get the gpg file and
import it manually using sa-update and gpg. The commands are *wget
*.
Now, import by running the command *sa-update pub.gpg*
which should return without any error or output messages.
This isn't the preferred way, as the gpg file could be corrupted
or tampered with, if our server is hacked.
* Now schedule daily downloads of rules from this channel using cron
using the command *sa-update
saupdates.openprotect.com*, where the 40 digit hex is our public
key fingerprint and the channel is the URL from which to download
the rules.
The rules should be installed at */var/lib/spamassassin/*
directory and SA will use all these rules by default.
* If you don't have gpg or don't want to check against our
signature, you can add the ** option to the above sa-update
command to skip gpg signature checks.
Note that only rules with high hit ratio and low false positives, like
70_sare_uri0.cf are used, instead of the 1,2,3 etc rules which have high
FPs and don't hit on too many spam mails anyway. Rules are linted before
entering the channel, so it's assured to work on any SA from 3.0.0
onwards to 3.1.4.
Let me know of any feedback that you might have about this channel.
cheers,
skar.

Justin Mason wrote:

hey, btw, it might be better to extract the gpg public key from "gpg",
instead of copying over the entire public key ring -- since that will (a)
overwrite any existing SA-update keys, including the system ones,
and (b) will trust any existing GPG correspondents to publish SA updates!

Yes, downloading the gpg and using "sa-update import" doesn't have that
problem though. So, how to extract this public key alone from the public
key ring to copy over to the sa-update public key ring? Any idea on this
is welcome :)

cheers,
skar.