KAM.cf spamassassin ruleset is not updating
A while back, cPanel added the KAM.cf ruleset in the cPanel default configuration. But the ruleset has not updated since 2023 and there are frequent updates to the ruleset. I've tried adding the channel to update it following this post from the official kam.cf website: https://mcgrail.com/template/kam.cf_channel. I seem to get the gpg key installed, but Cpanel's customized /usr/local/cpanel/3rdparty/bin/sa-update script doesn't seem to support adding another channel and I can't get the lists updated. Do you have an update on how to get the KAM.cf and CPANEL.cf spamassassin lists to update on a regular basis when sa-update is run?
-
Hey there! Just to confirm, can you let me know how you're determining that the rules haven't updated since 2023? I want to make sure I'm testing the correct area of the system on my end.
0 -
The files that should be updating are in /usr/local/cpanel/etc/mail/spamassassin/ and were installed by default with cpanel:
-rw-r--r--. 1 root root 750 May 24 2023 BAYES_POISON_DEFENSE.cf
-rw-r--r--. 1 root root 4233 May 24 2023 CPANEL.cf
-rw-r--r--. 1 root root 4983 May 24 2023 deadweight2.cf
-rw-r--r--. 1 root root 31173 May 24 2023 deadweight2_meta.cf
-rw-r--r--. 1 root root 8342 May 24 2023 deadweight2_sub.cf
-rw-r--r--. 1 root root 23681 May 24 2023 deadweight.cf
-rw-r--r--. 1 root root 560656 Nov 11 15:25 KAM.cf
-rw-r--r-- 1 root root 488518 Nov 11 15:22 KAM.cf.orig
-rw-r--r--. 1 root root 1316 May 24 2023 kam_heavyweights.cf
-rw-r--r--. 1 root root 3504 May 24 2023 P0f.cfThe date/timestamp on KAM.cf is recent only because I updated it manually. After adding the KAM channel settings shown here: https://mcgrail.com/template/kam.cf_channel and trying to run /usr/local/cpanel/3rdparty/perl/536/bin/sa-update --checkonly --channel kam.sa-channels.mcgrail.com or/usr/local/cpanel/scripts/sa-update_wrapper, none of the KAM or the CPANEL. cf files update; the default SA rules do update.
In the past, the above scripts would update not only default spamassassin rules, but any other channels I added. What is the proper method now to add new channels and have the standard sa-updates update all channels?
There are 2 settings in Exim Basic Editor to turn on for enable KAM and the CPANEL.cf: Enable KAM Apache SpamAssassin and Enable the Apache SpamAssassin™ ruleset that cPanel uses on cpanel.net
These are both ON, and the last time the rulesets updated appears to be when I turned these settings on.
0 -
Thanks for the details - let me look into this and I'll get back with you!
0 -
Could you try running the command without the "--checkonly" option to see if that changes the behavior?
0 -
I did, this was posted earlier, there is no error message and the KAM and CPANEL .cf files don't update, only the default spamassassin files:
/usr/local/cpanel/3rdparty/perl/536/bin/sa-update --checkonly --channel kam.sa-channels.mcgrail.com
0 -
Thanks for confirming.
The email team has created case HB-7927 to get the KAM ruleset updated in the next major release, version 126, as the way it's being handled (aka, not handled) at this time is obviously less than ideal. The case also ensures that this is something that will be automatically updated in the future.
I can't say which specific version this will be included in but its on the radar for future work - as in, I am not expecting it to ship when version 126 is first released at this point.
To manually update that file you can do the following:
> mkdir $some_temp_dir && cd $some_temp_dir
> wget https://mcgrail.com/downloads/kam.sa-channels.mcgrail.com.key
> sa-update --import kam.sa-channels.mcgrail.com.key
> sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com --updatedir .
> unlink /etc/mail/spamassassin/KAM.cf
> cp kam_sa-channels_mcgrail_com/KAM.cf /etc/mail/spamassassin/KAM.cfalthough you'll likely need to manually undo those changes when we ultimately do fix the issue, as that broken symlink will cause issues.
0 -
Thanks cPRex. Can we also include that we are able to add additional channels in the future like we used to be able to, and the cPanel-customized sa-update or sa-wrapper scripts will update any new channels we add? In addition, it is not just the KAM.cf file, but all the other files in that directory listed above except the CPANEL.cf (and the KAM.cf.orig which is a copy I made) are part of the KAM channel and should be updated. Thanks for the script above in the meantime, I can modify it to update the other KAM files.
Also, can you provide us a key and a channel for the CPANEL.cf so we can update it now also until the official fix is available?
0 -
I've just passed along that first paragraph to the team so they can reference that while they work on the case.
As far a a key and channel, I don't have anything I can pass on just yet until they actually take on that work - what you're seeing available is currently all we have to offer.
0 -
For anyone still hosting their email in cpanel, or anywhere else for that matter where you can implement your own spamassassin rules; after updating to current the KAM rulesets referenced above; our amount of spam decreased by a huge amount. These rules catch spam that quickly changes domain names, and other "difficult to filter out" spam. Highly recommend this KAM SA ruleset!
0
Please sign in to leave a comment.
Comments
9 comments