SpamAssassin Upgrade Notes for Custom Installs AUTHOR: Kevin A. McGrail / kmcgrail@pccc.com As noted before, we rely heavily on a small subset of programs to work for our servers. This includes Apache, Perl, SpamAsasssin, and a few other items. Because of this, we are simply too paranoid to run with any sort of "out of the box" solution. This is the notes on how we upgrade from SA 2.6 to 3.1. It was updated for version 3.1.7 on Nov 12, 2006. #GET ALL THE FILES cd /files wget http://www.peregrinehw.com/downloads/SpamAssassin/razor-agents-2.82.tar.bz2 wget http://www.peregrinehw.com/downloads/SpamAssassin/Net-DNS-0.59.tar.gz wget http://www.peregrinehw.com/downloads/SpamAssassin/Net-IP-1.24.tar.gz wget http://www.peregrinehw.com/downloads/SpamAssassin/Net-CIDR-Lite-0.18.tar.gz wget http://www.peregrinehw.com/downloads/SpamAssassin/Sys-Hostname-Long-1.4.tar.gz wget http://www.peregrinehw.com/downloads/SpamAssassin/Mail-SPF-Query-1.997.tar.gz wget http://www.peregrinehw.com/downloads/SpamAssassin/Mail-SpamAssassin-3.1.7.tar.bz2 wget http://www.peregrinehw.com/downloads/SpamAssassin/Getopt-Long-2.34.tar.gz wget http://www.peregrinehw.com/downloads/SpamAssassin/Mail-DomainKeys-0.88.tar.gz wget http://www.peregrinehw.com/downloads/SpamAssassin/Crypt-OpenSSL-Random-0.03.tar.gz wget http://www.peregrinehw.com/downloads/SpamAssassin/Crypt-OpenSSL-RSA-0.23.tar.gz wget http://www.peregrinehw.com/downloads/SpamAssassin/Storable-2.15.tar.gz wget http://www.peregrinehw.com/downloads/SpamAssassin/Crypt-OpenSSL-Bignum-0.03.tar.gz # First, installed Razor Client v2.82 (and without requiring the taint patch) # Install Razor Agents v2.82 # http://razor.sourceforge.net/ cd /usr/src tar jxvf /files/razor-agents-2.82.tar.bz2 cd razor-agents-2.82 perl Makefile.PL make make test && make install #Create a Razor Client Identity #NOTE: Sometimes it puts these in /usr/local/ but I haven't figured out why... #RAZOR CLIENT NO LONGER NECESSARY /usr/bin/razor-client /usr/bin/razor-admin -create /usr/bin/razor-admin -register #... Repeat register until successful # Installed Net::IP (Required for latest Net::DNS) # http://search.cpan.org/~manu/Net-IP-1.24/ cd /usr/src tar zxvf /files/Net-IP-1.24.tar.gz cd Net-IP-1.24 perl Makefile.PL make make test && make install # Upgraded to newest, non-developer release of Net::DNS # http://search.cpan.org/~olaf/Net-DNS-0.59/ # # Nov 1, 2005 - After carefully researching all versions from .50 to .53_02 developer release, I decided on .53 # w/ a small patch backported from Net-DNS-0.53_02 developer release for a clean make test. # Nov 12, 2006 - I love this program and I don't envy all the small nuances they have to deal with to make a new version! cd /usr/src tar zxvf /files/Net-DNS-0.59.tar.gz cd Net-DNS-0.59 perl Makefile.PL --online-tests make # NOTE ABOUT MAKE TEST - the 01-resolver-file test requires file ownership. I added a chown line for this reason. chown root.root -R t/ make test make install # Added Net::Cidr::Lite # http://search.cpan.org/~dougw/Net-CIDR-Lite-0.18/ cd /usr/src tar zxvf /files/Net-CIDR-Lite-0.18.tar.gz cd Net-CIDR-Lite-0.18 perl Makefile.PL make make test && make install # Added Sys::Hostname::Long # http://search.cpan.org/~scott/Sys-Hostname-Long-1.4/ cd /usr/src tar zxvf /files/Sys-Hostname-Long-1.4.tar.gz cd Sys-Hostname-Long-1.4 perl Makefile.PL make test && make install # Added Mail::SPF::Query # http://search.cpan.org/~freeside/Mail-SPF-Query-1.997/ cd /usr/src tar zxvf /files/Mail-SPF-Query-1.997.tar.gz cd Mail-SPF-Query-1.997 perl Makefile.PL make test && make install #Not Running Perl 5.8? Run perl -V to check. Maybe you need Storable: #http://search.cpan.org/~ams/Storable-2.15/ cd /usr/src tar zxvf /files/Storable-2.15.tar.gz cd Storable-2.15 perl Makefile.PL make test && make install # Updated to latest Getopt::Long # http://search.cpan.org/~jv/Getopt-Long-2.34/ cd /usr/src tar zxvf /files/Getopt-Long-2.34.tar.gz cd Getopt-Long-2.34/ perl Makefile.PL #*Interactive* make test && make install #Install SpamAssassin 3.1.X cd /usr/src tar jxvf /files/Mail-SpamAssassin-3.1.7.tar.bz2 cd Mail-SpamAssassin-3.1.7/ perl Makefile.PL #*INTERACTIVE* Note: I usually say yes, run the tests make #NOTE: BEFORE running the tests, you should cd t and copy config.dist to config and edit the options to your tastes. # You might need to enter some user information for databases and I typically configure run_net_tests=y at a minimum make test #NOTE: You may need to run the make test more than once as some of the tests, like Razor, seem to fail the first # time they are run. make install # Install Crypt Random cd /usr/src tar zxvf /files/Crypt-OpenSSL-Random-0.03.tar.gz cd Crypt-OpenSSL-Random-0.03 perl Makefile.PL make test && make install # Install Crypt RSA cd /usr/src tar zxvf /files/Crypt-OpenSSL-RSA-0.23.tar.gz cd Crypt-OpenSSL-RSA-0.23 perl Makefile.PL make test && make install # Install Bignum cd /usr/src tar zxvf /files/Crypt-OpenSSL-Bignum-0.03.tar.gz cd Crypt-OpenSSL-Bignum-0.03 perl Makefile.PL make test && make install # Install Domain Keys cd /usr/src tar zxvf /files/Mail-DomainKeys-0.88.tar.gz cd Mail-DomainKeys-0.88 perl Makefile.PL #*INTERACTIVE* make test && make install # # # At this point, you have finished installing the programs and you are ready to start dealing with the configuration changes. The configuration changes can be a bit daunting but in this case I will be documenting a real-world machine running perl 5.6.1, Mail::SpamAssassin 2.63 & MIMEDefang 2.38. We are running SpamD/SpamC because MIMEDefang is not performing our SpamAssassin tests. I'll try and document the problems and solutions needed for this configuration to help others. Step 1 will be to upgrade to a more recent MIMEDefang because v2.42 of MIMEDefang was released to allow for the SpamAssasin 3.0 API. We cover MIMEDefang at http://www.pccc.com/downloads/MIMEDefang/. Step 2 was to move all the old rules out of /etc/mail/spamassassin and make sure I was running all good rules for my current version. There is no magic to this step and it is quite difficult. If you would like a list of rules I am running on a specific version, I will do my best to respond to requests for this information via email. I also use ImageInfo, TextCat, DomainKeys, SPF. After I got all my rules and plugins working, I ran spamassassin -d --lint just to make sure everything was ok! Step 3 was to convert Bayes, SQL and AWL to SQL instead of DB Files. I have found that using SQL is more effective than using DB Files for data. To use a database for SpamAssassin, create a database called spamassassin and configure SpamAssassin to use it /usr/local/mysql/bin/mysqladmin -p create spamassassin mysql -p GRANT ALL PRIVILEGES ON spamassassin.* TO spamassassin identified by ''; quit #ran make test, got lots of errors. Figured it doesn't make the tables automatically # #Fixed by adding the tables. Used the default tables that SpamAssassin includes SQL format information to create: mysql -p spamassassin < /usr/src/Mail-SpamAssassin-3.1.7/sql/bayes_mysql.sql mysql -p spamassassin < /usr/src/Mail-SpamAssassin-3.1.7/sql/awl_mysql.sql mysql -p spamassassin < /usr/src/Mail-SpamAssassin-3.1.7/sql/userpref_mysql.sql #For MIMEDefang, I've edited the /etc/mail/sa-mimedefang.cf (and deleted other local.cf and sa-mimedefang.cf in /etc/mail/spamassassin). I then modified my mimedefang filter minorly: use Mail::SpamAssassin::SQLBasedAddrList; my $awl = Mail::SpamAssassin::SQLBasedAddrList->new(); #This allowed me to use the AWL via mysql. I know DB, etc. might be faster but I like mysql's stability and ability to run #without negatively impacting server performance unexpectedly. Seems to be working fine so far! #NOTE for those using SPAMD/SPAMC & Procmail: I use SPAMDOPTIONS="-d -m2 -q -x -u spamd --round-robin" The round-robin was needed because the new childing spawning was causing issues. This option enabled the old spawning method and I have not revisited if it is fixed.