sa-update error

[Almost-retired]

Greetings all;

Since the first of the year, I have had an alarming number of incoming posts sent to /dev/null if
SA returns a 6 * rating, or to the Trash directory by kmail if it has a 5 * rating.

3.2 of those points are coming from the time check rule, claiming the posts, which are dated currently, as being grossly in the  future.

So I became root and cd'd to /var/lib/spamassassin/3.003001, and ran (from the .cf file there)
sa-update && /etc/init.d/spamassassin reload
as shown in the sa-update manpage.

Unfortunately:
[gene@coyote 3.003001]$ sudo sa-update && /etc/init.d/spamassassin reload
Password:
gpg: WARNING: unsafe permissions on homedir `/etc/mail/spamassassin/sa-update-keys'
gpg: WARNING: unsafe permissions on homedir `/etc/mail/spamassassin/sa-update-keys'
error: GPG validation failed!
The update downloaded successfully, but the GPG signature verification
failed.
channel: GPG validation failed, channel failed

What is the usual fix, bearing in mind I have not previously performed this task since the original install?

Many Thanks

Gene

[Was_Just19]

I know little of SA but this command

[gene@coyote 3.003001]$ sudo sa-update && /etc/init.d/spamassassin reload

will not work as we do not use sudo in this form.

[Almost-retired]

Which seems odd as I have one similar line in my amanda build and installer script that does not make use of the && but the ; form because it must do a cd, and then execute the next step in that target of the cd, otherwise the cd dies with the sudo session.

The line snipped:
su - amanda -c "cd $VER; ./gh.cf"

Where the - in front of that user makes sure I get that "amanda" environment.  Without the - , the ./gh.cf will fail because the whoami still returns root when I am supposed to be amanda.  This requirement came along with my install of pclos as it apparently handles the su user environment differently that the fedora/ubunto distros do, so it needs the su - user syntax to do it right.  A shrug once one knows about it. But as a new user of pclos 6 months back, it did bite me a couple of times. ;-)

anyway, I just did it with the --nogpg option and it seemed to work, but wasn't at all verbose, so I wound up editing a couple of files in /usr/share/spamassassin, making the stanza at about line 548 into:
##{ FH_DATE_PAST_20XX
header   FH_DATE_PAST_20XX      Date =~ /20[0-9][0-9]/ [if-unset: 2006]^M
describe FH_DATE_PAST_20XX      The date is grossly in the future.^M
##} FH_DATE_PAST_20XX

The first [0-9] _was_ a [1-9] and its been hitting that rule since 01/01/2011  I don't believe it has hit on an incoming email in the 20 minutes since I changed that.

Then I went into 50_scores.cf and reduced that same hits score by a full point.  Now we sit and watch headers. And SA performance rates, which till the first of the year, had been excellent. ;-)

Thanks Just19.  If that is your age, you could be one of my younger grandchildren as I'm pretty close to your original nerd, I'm working on my 77th year here. Been chasing electrons for a living since I quit in the 9th grade to go fix tv's in late 1947.  That and another $1.33 will pay for a coffee to go at 7/11.  ;-)

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Psychiatry enables us to correct our faults by confessing our parents'
shortcomings.
                -- Laurence J. Peter, "Peter's Principles"

[Was_Just19]

Thanks Just19.  If that is your age,

Just shows that I am in my second - or maybe third - childhood.

I had tried some time ago to make use of SA, but gave up as it did not seem worth the effort.

As you know PCLOS does not use by default 'sudo' which is what stood out to me. For anyone else reading ......

su   <user> will switch to the specified user while remaining in the present directory.
su - <user> will switch to specified user and change directory to the user's /home (~)

The same applies to all users including root.

su   <root> will switch to root privileges while remaining in the the present directory
su - <root> will switch to root privileges and change directory to root's home.

If no user name is specified then root is assumed.

sudo is not setup like the Bunties ....  probably not in that manner by any other distro for all I know ... something I am thankful for.

Glad you got your SA sorted 

regards.

[Almost-retired]

[...]

Sorry about the implied insult about our relative ages.  To put that in perspective, there is a now 7 year old pix & my better half on my web page at:

<http://gene.homelinux.net:85/gene>

I have too damned many hobbies if you look around...

>I had tried some time ago to make use of SA, but gave up as it did not seem worth the effort.

Its a bit difficult to get setup initially because it needs to be trained with at least 200 examples of ham, and 200 example of spam before it actually starts working
TBT, I occasionally cheat on the training, and just have it go over a kmail cur directory that contains a few thousand known good messages.  Spam OTOH, is in somewhat shorter supply, so I have manually moved the spam that does get through to a spam dir, and (I'm a lazy old fart) a cron script sends sa-learn --spam after that directory about noonish every day, so it gets another 3-6 messages to look at and learn from a day.  In procmail, which I use for the MTA, anything that comes back from an SA scan with 7 *'s or more gets a free ride to /.dev/null so that collects the gross majority of it right there.  Then kmail is trained to send anything with 5 *'s to the Trash dir and mark it unread, so I can look at the borderline cases and move it to either the ham dir or the spam dir for sa-learns next run.  The script that drives sa-learn also deletes the spam once its look at it, but leaves the ham so I can move it back to wherever.  Once its running, its maybe a 30 seconds a day job for me to drag & drop.  Easy maintenance IMO.

And FWIW, since I made those changes in the rules shown a couple of messages back, I have not had a hit on that rule, which subtracts 3.2 points from otherwise good mail.

>As you know PCLOS does not use by default 'sudo' which is what stood out to me. For anyone else reading ......

Oh?  I guess I am a power user then. ;-)

>su   <user> will switch to the specified user while remaining in the present directory.

I did not find that to be the case as it was reverting to that users home dir even w/o the dash, plus I needed an su that died at the end of the command.  Hence the sudo.

>su - <user> will switch to specified user and change directory to the user's /home (~)

Yes.  And remain at that user.  Is there an exit strategy? su'ing back to root from an su user seems like a waste of stack space if nothing else.  ISTR it also asked for the root pw, and that is a showstopper for a script.

>The same applies to all users including root.

I did not find that to be the case at all, as shown by the relative diffs in the env's displayed when I was troubleshooting  why a nearly 10 year old build/install script for amanda was failing on pclos, but maybe I didn't try your method either.  And short term memory (2-3 days) is still clear, 6 months ago is hazy, and 40 years ago is still clear, goes with the age they keep telling me. ;-)
 
The problem in writing an amanda build and install script is that you actually need two scripts, one of which, the configure and build script, MUST be run by the user, taking a tsk tsk exit if root attempts to run it.  In fact, part of amandas security model is no more privs that it needs to do the job, and root actually can't run it.  I use the scripts because there is a list of build options I use that are dead consistent and not dependent on my wet ram. ;-)

But, because the "sudo user cd subdir" is local to that invocation of sudo, (The su or sudo user was putting that user back in the ~ directory and the script it needed to exec (the master copy does exist there too) was not finding any of its resources, I had to combine the cd and script execution within a single instance of sudo.  When the subscript is finished, then the environment of root, already cd'd to that directory, is restored, and then root can do the make install portion and get all the perms set correctly.

Hopefully that is a clear description of the flow.  I have been playing canary in the coal mine for amanda for almost 12 years, running the almost daily snapshots and reporting any errors back to the amanda list, hopefully before it bites a major user such as the NY State Dept of Health, who for obvious reasons run somewhat older, known stable versions.  And they are known stable because of a couple of old hand users like me who aren't afraid to lose a little blood once in a while.  I try to keep mental band-aids handy. ;-)

Thanks Just19

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Question: Is it better to abide by the rules until they're changed or
help speed the change by breaking them?

[Was_Just19]

Sorry about the implied insult about our relative ages.

       I must be slowing up ......  I spotted no implication at all   

 

Thanks for the detailed explanation of the processes you use.

Regarding the 'su'/'su-' thingy .........  check for an alias ......  I seem to recall some post about this ..... it is the only thing I can suggest at present that might account for the 'sameness' of result.

$ alias

should give you a list of the aliases set up in your account.

Take care.   

regards.

[Almost-retired]

It doesn't look as if its there:
[gene@coyote linux-2.6.37-rc8]$ alias
alias KDE='xinit /usr/bin/startkde'
alias cd..='cd ..'
alias cp='cp -i'
alias d='ls'
alias df='df -h -x supermount'
alias du='du -h'
alias egrep='egrep --color'                                                                                                                       
alias fgrep='fgrep --color'                                                                                                                       
alias grep='grep --color=auto'                                                                                                                     
alias kde='xinit /usr/bin/startkde'                                                                                                               
alias l='ls'                                                                                                                                       
alias la='ls -a'                                                                                                                                   
alias ll='ls -l'                                                                                                                                   
alias ls='ls -F --color=auto'
alias lsd='ls -d */'
alias mc='. /usr/lib/mc/mc-wrapper.sh'
alias md='mkdir'
alias mv='mv -i'
alias p='cd -'
alias rd='rmdir'
alias rm='rm -i'
alias s='cd ..'
[gene@coyote linux-2.6.37-rc8]$

Or I need new glasses

Thanks Just19
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The days are all empty and the nights are unreal.