public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pmg-devel] [PATCH spamassassin/pmg-api ] ship complete KAM ruleset
@ 2023-03-24 12:46 Stoiko Ivanov
  2023-03-24 12:46 ` [pmg-devel] [PATCH spamassassin 1/2] kam-rules: ship full ruleset not only KAM.cf Stoiko Ivanov
                   ` (3 more replies)
  0 siblings, 4 replies; 6+ messages in thread
From: Stoiko Ivanov @ 2023-03-24 12:46 UTC (permalink / raw)
  To: pmg-devel

A few warnings were observed, when upgrading to proxmox-spamassassin 4.0
and to a pmg-api > 7.2-5:
* the sa-rules we ship in proxmox-spamassassin still recorded SA version
  3.4.6 and spamassassin warned about that - this is fixed independently,
  by pushing updates SA rules directly (after running our
  regression_tests)
* the KAM.cf file as of recently depends on the other files in the
  complete ruleset as well:
  ```
  WARNING: HashBL: PCCC_HASHBL_FREEMAIL acl 'freemail' not defined
  ```

This patchset addresses the latter issue by shipping the complete KAM
ruleset with each proxmox-spamassassin package.
The download using sa-update is based on the code in pmg-api, which does
the same in pmg-daily

I'm sending only the actual code and doc changes - and, if approved, would
push the actual rule-update and removal directly instead of sending
multiple megabytes of spamassassin rule definitions (which would not pass
our mail-gateway anyways :)

testing this is best done by applying the patches and running
`make update-kam`

With using kam_sa-channels_mcgrail_com.cf to include all files in the
ruleset the adaptation of the local.cf template (pmg-api patch 1/1) would
need a versioned dependeny bump on proxmox-spamassassin

In my tests spamassassin (pmg-smtp-filter) quite happily ignored the
missing /usr/share/spamassassin-extra/KAM.cf file - so a Breaks in the
other direction should not be needed.

proxmox-spamassassin:
Stoiko Ivanov (2):
  kam-rules: ship full ruleset not only KAM.cf
  buildsys: update outdated docs on updating rulesets

 Makefile | 41 +++++++++++++++++------------------------
 1 file changed, 17 insertions(+), 24 deletions(-)

pmg-api:
Stoiko Ivanov (1):
  templates: adapt to new path for KAM rules in proxmox-spamassassin

 src/templates/local.cf.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.30.2





^ permalink raw reply	[flat|nested] 6+ messages in thread

* [pmg-devel] [PATCH spamassassin 1/2] kam-rules: ship full ruleset not only KAM.cf
  2023-03-24 12:46 [pmg-devel] [PATCH spamassassin/pmg-api ] ship complete KAM ruleset Stoiko Ivanov
@ 2023-03-24 12:46 ` Stoiko Ivanov
  2023-03-24 12:46 ` [pmg-devel] [PATCH spamassassin 2/2] buildsys: update outdated docs on updating rulesets Stoiko Ivanov
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 6+ messages in thread
From: Stoiko Ivanov @ 2023-03-24 12:46 UTC (permalink / raw)
  To: pmg-devel

The KAM ruleset consists of more files than just KAM.cf - and with the
enabling of the HashBL module in SA 4.0.0 the KAM.cf depends on
settings in other files from the ruleset. This leads to warnings when
starting pmg-smtp-filter on a freshly installed system (more exactly
on a system where pmg-daily did not already download the complete KAM
ruleset to /var/lib)

This patch follows the logic we use in pmg-daily and ships the
complete ruleset in /usr/share/spamassassin-extra

KAM.cf itself was also moved to the kam.sa-channels.mcgrail.org
subdirectory so that we can use the downloaded cf file to get the
correct includes

Given that the default installations from PMG 6.4 on download and use
the complete ruleset the potential for regression should be quite
small.

I shortly considered adding a symlink from KAM.cf pointing to
kam_sa-channels_mcgrail_com/KAM.cf so that users with unadapted
templates still load at least KAM.cf - but since SpamAssassin simply
ignores non-existing files, and most setups, which have modified
templates probably ran pmg-daily at some point resulting in the files
from /var/lib/spamassassin being preferred I left that out.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 Makefile | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index 65474a1..a0f6bb9 100644
--- a/Makefile
+++ b/Makefile
@@ -26,7 +26,9 @@ DBG_DEB = proxmox-spamassassin-dbgsym_${DEB_VERSION_UPSTREAM_REVISION}_amd64.deb
 DEBS = ${DEB} ${DBG_DEB}
 DSC = proxmox-spamassassin_${DEB_VERSION_UPSTREAM_REVISION}.dsc
 
-EXTRA_RULES = KAM.cf
+KAM_CHANNEL_FILE = debian/tree/etc/mail/spamassassin/channel.d/KAM_channel.conf
+KAM_KEYID = $(shell awk -F '=' '/^KEYID/ { print $$2 }' ${KAM_CHANNEL_FILE})
+
 
 SA_UPDATE_GPG_DIR = .sa-update-gpghome
 
@@ -53,12 +55,12 @@ ${NPKGNAME}.orig.tar.gz: upstream/
 	cp -a upstream ${NPKGNAME}
 	tar -czf $@ ${NPKGNAME}
 
-${NPKGNAME}: sa-updates ${EXTRA_RULES} ${NPKGNAME}.orig.tar.gz
+${NPKGNAME}: sa-updates kam-updates ${NPKGNAME}.orig.tar.gz
 	cp -a debian $@
 	mkdir -p $@/debian/tree/usr/share/spamassassin
 	rsync -av sa-updates/ $@/debian/tree/usr/share/spamassassin
 	mkdir -p $@/debian/tree/usr/share/spamassassin-extra
-	cp -a ${EXTRA_RULES} $@/debian/tree/usr/share/spamassassin-extra
+	rsync -av kam-updates/ $@/debian/tree/usr/share/spamassassin-extra
 
 ${OPKGNAME}.tar.gz:
 	rm -f $@*
@@ -67,15 +69,12 @@ ${OPKGNAME}.tar.gz:
 	mv $@.asc.tmp $@.asc
 	gpgv --keyring ./sa-releasekey.gpg $@.asc $@
 
-KAM.cf:
-	wget https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf -O $@.tmp
-	mv KAM.cf.tmp $@
-
 ${SA_UPDATE_GPG_DIR}/.prepared: ${OPKGNAME}.tar.gz
 	rm -rf ${SA_UPDATE_GPG_DIR}
 	mkdir --mode=0700 -p ${SA_UPDATE_GPG_DIR}
 	tar --strip-components 2 -xzf ${OPKGNAME}.tar.gz ${OPKGNAME}/rules/sa-update-pubkey.txt
 	sa-update --gpghomedir ${SA_UPDATE_GPG_DIR} --import sa-update-pubkey.txt
+	sa-update --gpghomedir ${SA_UPDATE_GPG_DIR} --import ${KAM_CHANNEL_FILE}
 	rm sa-update-pubkey.txt
 	touch $@
 
@@ -85,13 +84,20 @@ update-sa: ${SA_UPDATE_GPG_DIR}/.prepared
 	sa-update --gpghomedir ${SA_UPDATE_GPG_DIR} --updatedir updates.tmp --channel updates.spamassassin.org
 	rsync -av --delete --exclude=local.cf --exclude=regression_tests.cf --exclude=*.txt  --exclude=MIRRORED.BY updates.tmp/updates_spamassassin_org/ sa-updates
 
+.PHONY: update-kam
+update-kam: ${SA_UPDATE_GPG_DIR}/.prepared
+	rm -rf kam-updates.tmp
+	sa-update --gpghomedir ${SA_UPDATE_GPG_DIR} --gpgkey ${KAM_KEYID} --updatedir kam-updates.tmp --channel kam.sa-channels.mcgrail.com
+	rm -rf kam-updates.tmp/kam_sa-channels_mcgrail_com/MIRRORED.BY
+	mv kam-updates.tmp kam-updates
+
 .PHONY: upload
 upload: ${DEBS}
 	tar cf - ${DEBS} | ssh -X repoman@repo.proxmox.com -- upload --product pmg --dist bullseye
 
 .PHONY: clean distclean
 clean:
-	rm -rf *~ debian/*~ *.deb proxmox-spamassassin_* updates.tmp ${SA_UPDATE_GPG_DIR} ${OPKGNAME}.tar.gz.*
+	rm -rf *~ debian/*~ *.deb proxmox-spamassassin_* updates.tmp kam-updates.tmp ${SA_UPDATE_GPG_DIR} ${OPKGNAME}.tar.gz.*
 
 distclean: clean
 	rm -rf  ${OPKGNAME}.*
-- 
2.30.2





^ permalink raw reply	[flat|nested] 6+ messages in thread

* [pmg-devel] [PATCH spamassassin 2/2] buildsys: update outdated docs on updating rulesets
  2023-03-24 12:46 [pmg-devel] [PATCH spamassassin/pmg-api ] ship complete KAM ruleset Stoiko Ivanov
  2023-03-24 12:46 ` [pmg-devel] [PATCH spamassassin 1/2] kam-rules: ship full ruleset not only KAM.cf Stoiko Ivanov
@ 2023-03-24 12:46 ` Stoiko Ivanov
  2023-03-24 12:46 ` [pmg-devel] [PATCH pmg-api 1/1] templates: adapt to new path for KAM rules in proxmox-spamassassin Stoiko Ivanov
  2023-03-26 16:11 ` [pmg-devel] applied-series: [PATCH spamassassin/pmg-api ] ship complete KAM ruleset Thomas Lamprecht
  3 siblings, 0 replies; 6+ messages in thread
From: Stoiko Ivanov @ 2023-03-24 12:46 UTC (permalink / raw)
  To: pmg-devel

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 Makefile | 19 +++----------------
 1 file changed, 3 insertions(+), 16 deletions(-)

diff --git a/Makefile b/Makefile
index a0f6bb9..c97bd95 100644
--- a/Makefile
+++ b/Makefile
@@ -2,22 +2,9 @@ include /usr/share/dpkg/pkg-info.mk
 
 # howto add rule updates:
 
-# edit paths ($srcdir) in changes.pl 
-# update changes.diff - verify changes!
-
-# dig  -t any 3.4.3.updates.spamassassin.org
-# wget http://spamassassin.kluge.net/updates/501214.tar.gz
-# wget http://spamassassin.kluge.net/updates/501214.tar.gz.asc
-# gpg --verify 501214.tar.gz.asc 501214.tar.gz
-#
-# or just use: make sa-updates.tgz (from the last stable version)
-# warning: start with an empty sa-updates.tgz, install the package,
-# the run sa-update to generate the updates
-#
-# Note: we also add KAM.cf from
-# http://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf
-#
-# edit debin/rules to apply updates
+# running `make update-sa` updates the core SA rules (in the sa-updates directory)
+# running `make update-kam` updates the KAM ruleset (in the kam-updates directory)
+
 
 OPKGNAME = Mail-SpamAssassin-${DEB_VERSION_UPSTREAM}
 NPKGNAME = proxmox-spamassassin_${DEB_VERSION_UPSTREAM}
-- 
2.30.2





^ permalink raw reply	[flat|nested] 6+ messages in thread

* [pmg-devel] [PATCH pmg-api 1/1] templates: adapt to new path for KAM rules in proxmox-spamassassin
  2023-03-24 12:46 [pmg-devel] [PATCH spamassassin/pmg-api ] ship complete KAM ruleset Stoiko Ivanov
  2023-03-24 12:46 ` [pmg-devel] [PATCH spamassassin 1/2] kam-rules: ship full ruleset not only KAM.cf Stoiko Ivanov
  2023-03-24 12:46 ` [pmg-devel] [PATCH spamassassin 2/2] buildsys: update outdated docs on updating rulesets Stoiko Ivanov
@ 2023-03-24 12:46 ` Stoiko Ivanov
  2023-03-26 16:11 ` [pmg-devel] applied-series: [PATCH spamassassin/pmg-api ] ship complete KAM ruleset Thomas Lamprecht
  3 siblings, 0 replies; 6+ messages in thread
From: Stoiko Ivanov @ 2023-03-24 12:46 UTC (permalink / raw)
  To: pmg-devel

This changes the included KAM.cf to the one downloaded from the
kam-channel, which in turn includes all files contained in the
rule-set

This commit needs a versioned dependency bump on proxmox-spamassassin

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 src/templates/local.cf.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/templates/local.cf.in b/src/templates/local.cf.in
index f1106fe..da66538 100644
--- a/src/templates/local.cf.in
+++ b/src/templates/local.cf.in
@@ -25,5 +25,5 @@ whitelist_bounce_relays [% composed.wl_bounce_relays %]
 score ANY_BOUNCE_MESSAGE [% pmg.spam.bounce_score %]
 [% END %]
 
-include /usr/share/spamassassin-extra/KAM.cf
+include /usr/share/spamassassin-extra/kam_sa-channels_mcgrail_com.cf
 
-- 
2.30.2





^ permalink raw reply	[flat|nested] 6+ messages in thread

* [pmg-devel] applied-series: [PATCH spamassassin/pmg-api ] ship complete KAM ruleset
  2023-03-24 12:46 [pmg-devel] [PATCH spamassassin/pmg-api ] ship complete KAM ruleset Stoiko Ivanov
                   ` (2 preceding siblings ...)
  2023-03-24 12:46 ` [pmg-devel] [PATCH pmg-api 1/1] templates: adapt to new path for KAM rules in proxmox-spamassassin Stoiko Ivanov
@ 2023-03-26 16:11 ` Thomas Lamprecht
  2023-03-27  8:43   ` Stoiko Ivanov
  3 siblings, 1 reply; 6+ messages in thread
From: Thomas Lamprecht @ 2023-03-26 16:11 UTC (permalink / raw)
  To: Stoiko Ivanov, pmg-devel

Am 24/03/2023 um 13:46 schrieb Stoiko Ivanov:
> A few warnings were observed, when upgrading to proxmox-spamassassin 4.0
> and to a pmg-api > 7.2-5:
> * the sa-rules we ship in proxmox-spamassassin still recorded SA version
>   3.4.6 and spamassassin warned about that - this is fixed independently,
>   by pushing updates SA rules directly (after running our
>   regression_tests)
> * the KAM.cf file as of recently depends on the other files in the
>   complete ruleset as well:
>   ```
>   WARNING: HashBL: PCCC_HASHBL_FREEMAIL acl 'freemail' not defined
>   ```
> 
> This patchset addresses the latter issue by shipping the complete KAM
> ruleset with each proxmox-spamassassin package.
> The download using sa-update is based on the code in pmg-api, which does
> the same in pmg-daily
> 
> I'm sending only the actual code and doc changes - and, if approved, would
> push the actual rule-update and removal directly instead of sending
> multiple megabytes of spamassassin rule definitions (which would not pass
> our mail-gateway anyways :)

just push it to a staff repo or the like next time, then I can
pull all and could have bumped this now already ;-)

> 
> testing this is best done by applying the patches and running
> `make update-kam`
> 
> With using kam_sa-channels_mcgrail_com.cf to include all files in the
> ruleset the adaptation of the local.cf template (pmg-api patch 1/1) would
> need a versioned dependeny bump on proxmox-spamassassin
> 
> In my tests spamassassin (pmg-smtp-filter) quite happily ignored the
> missing /usr/share/spamassassin-extra/KAM.cf file - so a Breaks in the
> other direction should not be needed.
> 
> proxmox-spamassassin:
> Stoiko Ivanov (2):
>   kam-rules: ship full ruleset not only KAM.cf
>   buildsys: update outdated docs on updating rulesets
> 
>  Makefile | 41 +++++++++++++++++------------------------
>  1 file changed, 17 insertions(+), 24 deletions(-)
> 
> pmg-api:
> Stoiko Ivanov (1):
>   templates: adapt to new path for KAM rules in proxmox-spamassassin
> 
>  src/templates/local.cf.in | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 


applied, thanks!




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [pmg-devel] applied-series: [PATCH spamassassin/pmg-api ] ship complete KAM ruleset
  2023-03-26 16:11 ` [pmg-devel] applied-series: [PATCH spamassassin/pmg-api ] ship complete KAM ruleset Thomas Lamprecht
@ 2023-03-27  8:43   ` Stoiko Ivanov
  0 siblings, 0 replies; 6+ messages in thread
From: Stoiko Ivanov @ 2023-03-27  8:43 UTC (permalink / raw)
  To: Thomas Lamprecht; +Cc: pmg-devel

On Sun, 26 Mar 2023 18:11:41 +0200
Thomas Lamprecht <t.lamprecht@proxmox.com> wrote:

> Am 24/03/2023 um 13:46 schrieb Stoiko Ivanov:
> > A few warnings were observed, when upgrading to proxmox-spamassassin 4.0
> > and to a pmg-api > 7.2-5:
> > * the sa-rules we ship in proxmox-spamassassin still recorded SA version
> >   3.4.6 and spamassassin warned about that - this is fixed independently,
> >   by pushing updates SA rules directly (after running our
> >   regression_tests)
> > * the KAM.cf file as of recently depends on the other files in the
> >   complete ruleset as well:
> >   ```
> >   WARNING: HashBL: PCCC_HASHBL_FREEMAIL acl 'freemail' not defined
> >   ```
> > 
> > This patchset addresses the latter issue by shipping the complete KAM
> > ruleset with each proxmox-spamassassin package.
> > The download using sa-update is based on the code in pmg-api, which does
> > the same in pmg-daily
> > 
> > I'm sending only the actual code and doc changes - and, if approved, would
> > push the actual rule-update and removal directly instead of sending
> > multiple megabytes of spamassassin rule definitions (which would not pass
> > our mail-gateway anyways :)  
> 
> just push it to a staff repo or the like next time, then I can
> pull all and could have bumped this now already ;-)

dunno why I did not do that ... - sorry for causing more work

pushed the ruleset I tested with.

Thanks for checking the patches!

> 
> > 
> > testing this is best done by applying the patches and running
> > `make update-kam`
> > 
> > With using kam_sa-channels_mcgrail_com.cf to include all files in the
> > ruleset the adaptation of the local.cf template (pmg-api patch 1/1) would
> > need a versioned dependeny bump on proxmox-spamassassin
> > 
> > In my tests spamassassin (pmg-smtp-filter) quite happily ignored the
> > missing /usr/share/spamassassin-extra/KAM.cf file - so a Breaks in the
> > other direction should not be needed.
> > 
> > proxmox-spamassassin:
> > Stoiko Ivanov (2):
> >   kam-rules: ship full ruleset not only KAM.cf
> >   buildsys: update outdated docs on updating rulesets
> > 
> >  Makefile | 41 +++++++++++++++++------------------------
> >  1 file changed, 17 insertions(+), 24 deletions(-)
> > 
> > pmg-api:
> > Stoiko Ivanov (1):
> >   templates: adapt to new path for KAM rules in proxmox-spamassassin
> > 
> >  src/templates/local.cf.in | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >   
> 
> 
> applied, thanks!





^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2023-03-27  8:43 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-24 12:46 [pmg-devel] [PATCH spamassassin/pmg-api ] ship complete KAM ruleset Stoiko Ivanov
2023-03-24 12:46 ` [pmg-devel] [PATCH spamassassin 1/2] kam-rules: ship full ruleset not only KAM.cf Stoiko Ivanov
2023-03-24 12:46 ` [pmg-devel] [PATCH spamassassin 2/2] buildsys: update outdated docs on updating rulesets Stoiko Ivanov
2023-03-24 12:46 ` [pmg-devel] [PATCH pmg-api 1/1] templates: adapt to new path for KAM rules in proxmox-spamassassin Stoiko Ivanov
2023-03-26 16:11 ` [pmg-devel] applied-series: [PATCH spamassassin/pmg-api ] ship complete KAM ruleset Thomas Lamprecht
2023-03-27  8:43   ` Stoiko Ivanov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal