From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id DB412909A2 for ; Fri, 24 Mar 2023 13:47:25 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C0D14B6E7 for ; Fri, 24 Mar 2023 13:47:25 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 24 Mar 2023 13:47:24 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 36D8246881 for ; Fri, 24 Mar 2023 13:47:24 +0100 (CET) From: Stoiko Ivanov To: pmg-devel@lists.proxmox.com Date: Fri, 24 Mar 2023 13:46:53 +0100 Message-Id: <20230324124655.39567-2-s.ivanov@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230324124655.39567-1-s.ivanov@proxmox.com> References: <20230324124655.39567-1-s.ivanov@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.855 Adjusted score from AWL reputation of From: address DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pmg-devel] [PATCH spamassassin 1/2] kam-rules: ship full ruleset not only KAM.cf X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2023 12:47:25 -0000 The KAM ruleset consists of more files than just KAM.cf - and with the enabling of the HashBL module in SA 4.0.0 the KAM.cf depends on settings in other files from the ruleset. This leads to warnings when starting pmg-smtp-filter on a freshly installed system (more exactly on a system where pmg-daily did not already download the complete KAM ruleset to /var/lib) This patch follows the logic we use in pmg-daily and ships the complete ruleset in /usr/share/spamassassin-extra KAM.cf itself was also moved to the kam.sa-channels.mcgrail.org subdirectory so that we can use the downloaded cf file to get the correct includes Given that the default installations from PMG 6.4 on download and use the complete ruleset the potential for regression should be quite small. I shortly considered adding a symlink from KAM.cf pointing to kam_sa-channels_mcgrail_com/KAM.cf so that users with unadapted templates still load at least KAM.cf - but since SpamAssassin simply ignores non-existing files, and most setups, which have modified templates probably ran pmg-daily at some point resulting in the files from /var/lib/spamassassin being preferred I left that out. Signed-off-by: Stoiko Ivanov --- Makefile | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 65474a1..a0f6bb9 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,9 @@ DBG_DEB = proxmox-spamassassin-dbgsym_${DEB_VERSION_UPSTREAM_REVISION}_amd64.deb DEBS = ${DEB} ${DBG_DEB} DSC = proxmox-spamassassin_${DEB_VERSION_UPSTREAM_REVISION}.dsc -EXTRA_RULES = KAM.cf +KAM_CHANNEL_FILE = debian/tree/etc/mail/spamassassin/channel.d/KAM_channel.conf +KAM_KEYID = $(shell awk -F '=' '/^KEYID/ { print $$2 }' ${KAM_CHANNEL_FILE}) + SA_UPDATE_GPG_DIR = .sa-update-gpghome @@ -53,12 +55,12 @@ ${NPKGNAME}.orig.tar.gz: upstream/ cp -a upstream ${NPKGNAME} tar -czf $@ ${NPKGNAME} -${NPKGNAME}: sa-updates ${EXTRA_RULES} ${NPKGNAME}.orig.tar.gz +${NPKGNAME}: sa-updates kam-updates ${NPKGNAME}.orig.tar.gz cp -a debian $@ mkdir -p $@/debian/tree/usr/share/spamassassin rsync -av sa-updates/ $@/debian/tree/usr/share/spamassassin mkdir -p $@/debian/tree/usr/share/spamassassin-extra - cp -a ${EXTRA_RULES} $@/debian/tree/usr/share/spamassassin-extra + rsync -av kam-updates/ $@/debian/tree/usr/share/spamassassin-extra ${OPKGNAME}.tar.gz: rm -f $@* @@ -67,15 +69,12 @@ ${OPKGNAME}.tar.gz: mv $@.asc.tmp $@.asc gpgv --keyring ./sa-releasekey.gpg $@.asc $@ -KAM.cf: - wget https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf -O $@.tmp - mv KAM.cf.tmp $@ - ${SA_UPDATE_GPG_DIR}/.prepared: ${OPKGNAME}.tar.gz rm -rf ${SA_UPDATE_GPG_DIR} mkdir --mode=0700 -p ${SA_UPDATE_GPG_DIR} tar --strip-components 2 -xzf ${OPKGNAME}.tar.gz ${OPKGNAME}/rules/sa-update-pubkey.txt sa-update --gpghomedir ${SA_UPDATE_GPG_DIR} --import sa-update-pubkey.txt + sa-update --gpghomedir ${SA_UPDATE_GPG_DIR} --import ${KAM_CHANNEL_FILE} rm sa-update-pubkey.txt touch $@ @@ -85,13 +84,20 @@ update-sa: ${SA_UPDATE_GPG_DIR}/.prepared sa-update --gpghomedir ${SA_UPDATE_GPG_DIR} --updatedir updates.tmp --channel updates.spamassassin.org rsync -av --delete --exclude=local.cf --exclude=regression_tests.cf --exclude=*.txt --exclude=MIRRORED.BY updates.tmp/updates_spamassassin_org/ sa-updates +.PHONY: update-kam +update-kam: ${SA_UPDATE_GPG_DIR}/.prepared + rm -rf kam-updates.tmp + sa-update --gpghomedir ${SA_UPDATE_GPG_DIR} --gpgkey ${KAM_KEYID} --updatedir kam-updates.tmp --channel kam.sa-channels.mcgrail.com + rm -rf kam-updates.tmp/kam_sa-channels_mcgrail_com/MIRRORED.BY + mv kam-updates.tmp kam-updates + .PHONY: upload upload: ${DEBS} tar cf - ${DEBS} | ssh -X repoman@repo.proxmox.com -- upload --product pmg --dist bullseye .PHONY: clean distclean clean: - rm -rf *~ debian/*~ *.deb proxmox-spamassassin_* updates.tmp ${SA_UPDATE_GPG_DIR} ${OPKGNAME}.tar.gz.* + rm -rf *~ debian/*~ *.deb proxmox-spamassassin_* updates.tmp kam-updates.tmp ${SA_UPDATE_GPG_DIR} ${OPKGNAME}.tar.gz.* distclean: clean rm -rf ${OPKGNAME}.* -- 2.30.2