Test my auto-generated ruleset

(I posted this to the SA users and dev lists, too.)

I’ve been working on a new way to auto-generate body rules recently (see previous posts). The results are checked into SVN trunk daily in the “rulesrc/sandbox/jm/20_sought.cf” file.

We haven’t had much time to figure out how to produce auto-generated 3.2.x rule updates for our entire ruleset at updates.SpamAssassin.org, so instead of dealing with that, I’ve taken a shortcut around it ;) I’m now making just the “20_sought.cf” ruleset available as a standalone, unofficial sa-update ruleset at sought.rules.yerp.org.

Before using it, you’ll need the GPG key:

  wget http://yerp.org/rules/GPG.KEY
  sudo sa-update --import GPG.KEY                

then use this to update:

  sudo sa-update \
        --gpgkey 6C6191E3 --channel sought.rules.yerp.org \
        [...other channels...] \
        --channel updates.spamassassin.org

(similar to how you’d use Daryl’s sa-update version of the SARE rulesets.)

Feel free to run sa-update as frequently as you like.

Please consider it alpha; I may take it down in a few months depending on how it goes, or if we can get it working as part of the core updates. In the meantime though, I’m curious to hear how you get on with it. (In particular, copies of false positives would be very welcome.)

Update: it’s been very successful, so I’d now consider it in production.

This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.


  1. Al
    Posted March 8, 2012 at 18:07 | Permalink

    It seems there is no DNS record for sought.rules.yerp.org.

    I wanted to start using these rules, but it looks as if there is a problem. Am I missing something, have the rules moved, is this temporary, or are they gone for good ?

    Thanks for any information, and for the spam fighting efforts!


  2. James
    Posted May 9, 2012 at 10:47 | Permalink

    Hi Justin,

    __SEEK_0IKD76 seems to be firing on MailChimp standard headers. MailChimp are a known ESP with a fairly good reputation: I think this means you don’t have any of their email in your known good corpus.

    Al, if you’re still reading, there isn’t supposed to be a DNS record for sought.rules.yerp.org. Try

    dig -t txt +short 2.3.3.sought.rules.yerp.org
    nslookup -type=txt 2.3.3.sought.rules.yerp.org


  3. Evan Richardson
    Posted November 7, 2012 at 20:23 | Permalink

    Doesn’t seem to work for me. I tried following the directions:

    1.) download the gpg.key 2.) import gpgkey (sa-update –import GPG.KEY 3.) type the sa-update –gpgkey 6c6191e3 –channel sought.rules.yerp.org –channel updates.spamassassin.org but I get the following:

    “error: GPG validation failed! The update downloaded successfully, but the GPG signature verification failed. channel: GPG validation failed, channel failed”

  4. zq Freddie
    Posted February 16, 2013 at 13:17 | Permalink
  5. mso
    Posted February 17, 2013 at 15:58 | Permalink

    What zq Freddie says: For about a week now it’s constantly returning error 403 Forbidden from Amazon’s S3 service…

  6. Sudip
    Posted February 18, 2013 at 09:23 | Permalink

    I am also having the same error for last one/two weeks. This is the message :

    http: GET http://rules.yerp.org.s3.amazonaws.com/rules/stage/3302013021221.tar.gz request failed: 403 Forbidden: AccessDeniedAccess DeniedE91FEE743F37AB782jrZhtzJeiwRCD+L8OEsUoN5+HPaqqst2/9TP7oNDainn1sNF52HOXItmHOSs6bD channel: could not find working mirror, channel failed

    After a google search it turned out that many people are now having the same error. How do we change the mirror??

    Thanks in advance


  7. Andy
    Posted February 18, 2013 at 10:56 | Permalink

    As a quick fix to stop the error message you can rename the file “/etc/mail/spamassassin/channel.d/sought.conf” to anything that doesn’t end in “.conf”. This will obviously stop the rules from updating so you’ll need to monitor the situation and manually restore the file if/when the problem is resolved.

  8. mso
    Posted February 18, 2013 at 11:32 | Permalink

    @Andy: Thank you, will give it a try!

  9. Posted February 18, 2013 at 23:43 | Permalink

    hey folks — that should now be fixed. let me know if there are still problems!

  10. mso
    Posted February 19, 2013 at 00:41 | Permalink

    It looks good again. Thanks a lot!