KAM.cf spamassassin ruleset is not updating
A while back, cPanel added the KAM.cf ruleset in the cPanel default configuration. But the ruleset has not updated since 2023 and there are frequent updates to the ruleset. I've tried adding the channel to update it following this post from the official kam.cf website: https://mcgrail.com/template/kam.cf_channel. I seem to get the gpg key installed, but Cpanel's customized /usr/local/cpanel/3rdparty/bin/sa-update script doesn't seem to support adding another channel and I can't get the lists updated. Do you have an update on how to get the KAM.cf and CPANEL.cf spamassassin lists to update on a regular basis when sa-update is run?
-
Hey there! Just to confirm, can you let me know how you're determining that the rules haven't updated since 2023? I want to make sure I'm testing the correct area of the system on my end.
0 -
The files that should be updating are in /usr/local/cpanel/etc/mail/spamassassin/ and were installed by default with cpanel:
-rw-r--r--. 1 root root 750 May 24 2023 BAYES_POISON_DEFENSE.cf
-rw-r--r--. 1 root root 4233 May 24 2023 CPANEL.cf
-rw-r--r--. 1 root root 4983 May 24 2023 deadweight2.cf
-rw-r--r--. 1 root root 31173 May 24 2023 deadweight2_meta.cf
-rw-r--r--. 1 root root 8342 May 24 2023 deadweight2_sub.cf
-rw-r--r--. 1 root root 23681 May 24 2023 deadweight.cf
-rw-r--r--. 1 root root 560656 Nov 11 15:25 KAM.cf
-rw-r--r-- 1 root root 488518 Nov 11 15:22 KAM.cf.orig
-rw-r--r--. 1 root root 1316 May 24 2023 kam_heavyweights.cf
-rw-r--r--. 1 root root 3504 May 24 2023 P0f.cfThe date/timestamp on KAM.cf is recent only because I updated it manually. After adding the KAM channel settings shown here: https://mcgrail.com/template/kam.cf_channel and trying to run /usr/local/cpanel/3rdparty/perl/536/bin/sa-update --checkonly --channel kam.sa-channels.mcgrail.com or/usr/local/cpanel/scripts/sa-update_wrapper, none of the KAM or the CPANEL. cf files update; the default SA rules do update.
In the past, the above scripts would update not only default spamassassin rules, but any other channels I added. What is the proper method now to add new channels and have the standard sa-updates update all channels?
There are 2 settings in Exim Basic Editor to turn on for enable KAM and the CPANEL.cf: Enable KAM Apache SpamAssassin and Enable the Apache SpamAssassin™ ruleset that cPanel uses on cpanel.net
These are both ON, and the last time the rulesets updated appears to be when I turned these settings on.
0 -
Thanks for the details - let me look into this and I'll get back with you!
0 -
Could you try running the command without the "--checkonly" option to see if that changes the behavior?
0 -
I did, this was posted earlier, there is no error message and the KAM and CPANEL .cf files don't update, only the default spamassassin files:
/usr/local/cpanel/3rdparty/perl/536/bin/sa-update --checkonly --channel kam.sa-channels.mcgrail.com
0 -
Thanks for confirming.
The email team has created case HB-7927 to get the KAM ruleset updated in the next major release, version 126, as the way it's being handled (aka, not handled) at this time is obviously less than ideal. The case also ensures that this is something that will be automatically updated in the future.
I can't say which specific version this will be included in but its on the radar for future work - as in, I am not expecting it to ship when version 126 is first released at this point.
To manually update that file you can do the following:
> mkdir $some_temp_dir && cd $some_temp_dir
> wget https://mcgrail.com/downloads/kam.sa-channels.mcgrail.com.key
> sa-update --import kam.sa-channels.mcgrail.com.key
> sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com --updatedir .
> unlink /etc/mail/spamassassin/KAM.cf
> cp kam_sa-channels_mcgrail_com/KAM.cf /etc/mail/spamassassin/KAM.cfalthough you'll likely need to manually undo those changes when we ultimately do fix the issue, as that broken symlink will cause issues.
0 -
Thanks cPRex. Can we also include that we are able to add additional channels in the future like we used to be able to, and the cPanel-customized sa-update or sa-wrapper scripts will update any new channels we add? In addition, it is not just the KAM.cf file, but all the other files in that directory listed above except the CPANEL.cf (and the KAM.cf.orig which is a copy I made) are part of the KAM channel and should be updated. Thanks for the script above in the meantime, I can modify it to update the other KAM files.
Also, can you provide us a key and a channel for the CPANEL.cf so we can update it now also until the official fix is available?
0 -
I've just passed along that first paragraph to the team so they can reference that while they work on the case.
As far a a key and channel, I don't have anything I can pass on just yet until they actually take on that work - what you're seeing available is currently all we have to offer.
0 -
For anyone still hosting their email in cpanel, or anywhere else for that matter where you can implement your own spamassassin rules; after updating to current the KAM rulesets referenced above; our amount of spam decreased by a huge amount. These rules catch spam that quickly changes domain names, and other "difficult to filter out" spam. Highly recommend this KAM SA ruleset!
0 -
cPRex any update on HB-7927? I've been watching the 126 change log in hopes of seeing this cross the finish line.
Thanks 👍🏻
0 -
I don't have much on this one yet but I can confirm it's not going to reach version 126. The work *could* get done in version 128 but at this point I just don't have a lot of progress to share on this one.
0 -
cPRex before I start creating my own update script following the model above, can I just confirm the status of this issue in 130.0.16 is still pending?
My KAM.cf appears to have been updated on 2025-01-16, so it seems that there was a single update to the version that ships with cPanel on that date, but the channel isn't being regularly updated by cPanel's sa-update. Is that right?
I'd like to be updating the KAM ruleset using the channel at least once a week.0 -
@pkiff FYI, the KAM team has deprecated/or outdated the following rules, so DON'T copy/link to them so SA is using them. They are left in their ruleset in the event people have created their own customized rules off of them so they would still work. I would suggest not using them though if you are just starting out using KAM, results in lots of false positives. Using the other KAM rules without the below, I have had good success
kam_heavyweights.cf (replaced with kam_heavyweight.cf)
nonKAMrules.cf
P0f.cf0 -
I did want to confirm that these are updated for version 132 and will show up in the changelogs today or tomorrow!
0 -
But I am sure we could just run this and leave it even though it will duplicate rules. Shouldnt cause any harm surely. And if we wanted to we could then just until it in cpanel interface under exim config. because I notice my cpanel servers didnt update since January but my Directadmin servers updated with a March version. So just need confirmation please.
wget https://mcgrail.com/downloads/kam.sa-channels.mcgrail.com.key
sa-update --import kam.sa-channels.mcgrail.com.key
sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com0 -
Hostking Admin - are you still not seeing the rules updating automatically? Are you on cPanel version 134?
0 -
It seems to me, on a server that is updated to WHM 132, the KAM rules are updated one-time when the whm update is performed, but they are not added to the sa-update so the KAM rules are updated in the future.
0
Please sign in to leave a comment.
Comments
18 comments