1SA-UPDATE(1) User Contributed Perl Documentation SA-UPDATE(1)
2
6 sa-update - automate SpamAssassin rule updates
7
9 sa-update [options]
10 Options:
12 --channel channel Retrieve updates from this channel
14 Use multiple times for multiple channels
15 --channelfile file Retrieve updates from the channels in the file
16 --checkonly Check for update availability, do not install
17 --install filename Install updates directly from this file. Signature
18 verification will use "file.asc" and "file.sha1"
19 --allowplugins Allow updates to load plugin code
20 --gpgkey key Trust the key id to sign releases
21 Use multiple times for multiple keys
22 --gpgkeyfile file Trust the key ids in the file to sign releases
23 --gpghomedir path Store the GPG keyring in this directory
24 --gpg and --nogpg Use (or do not use) GPG to verify updates
25 (--gpg is assumed by use of the above
26 --gpgkey and --gpgkeyfile options)
27 --import file Import GPG key(s) from file into sa-update's
28 keyring. Use multiple times for multiple files
29 --updatedir path Directory to place updates, defaults to the
30 SpamAssassin site rules directory
31 (default: /var/lib/spamassassin/3.004000)
32 --refreshmirrors Force the MIRRORED.BY file to be updated
33 -D, --debug [area=n,...] Print debugging messages
34 -v, --verbose Be verbose, like print updated channel names;
35 For more verbosity specify multiple times
36 -V, --version Print version
37 -h, --help Print usage message
38 -4 Force using the inet protocol (IPv4), not inet6
39 -6 Force using the inet6 protocol (IPv6), not inet
40
42 sa-update automates the process of downloading and installing new rules
43 and configuration, based on channels. The default channel is
44 updates.spamassassin.org, which has updated rules since the previous
45 release.
46 Update archives are verified using SHA1 hashes and GPG signatures, by
48 default.
49 Note that "sa-update" will not restart "spamd" or otherwise cause a
51 scanner to reload the now-updated ruleset automatically. Instead,
52 "sa-update" is typically used in something like the following manner:
53 sa-update && /etc/init.d/spamassassin reload
55 This works because "sa-update" only returns an exit status of 0 if it
57 has successfully downloaded and installed an updated ruleset.
58 The program sa-update uses the underlying operating system umask for
60 the updated rule files it installs. You may wish to run sa-update from
61 a script that sets the umask prior to calling sa-update. For example:
62 #!/bin/sh
64 umask 022
65 sa-update
66
68 --channel
69 sa-update can update multiple channels at the same time. By
70 default, it will only access "updates.spamassassin.org", but more
71 channels can be specified via this option. If there are multiple
72 additional channels, use the option multiple times, once per
73 channel. i.e.:
74 sa-update --channel foo.example.com --channel bar.example.com
76 --channelfile
78 Similar to the --channel option, except specify the additional
79 channels in a file instead of on the commandline. This is useful
80 when there are a lot of additional channels.
81 --checkonly
83 Only check if an update is available, don't actually download and
84 install it. The exit code will be 0 or 1 as described below.
85 --install
87 Install updates "offline", from the named tar.gz file, instead of
88 performing DNS lookups and HTTP invocations.
89 Files named file.sha1 and file.asc will be used for the SHA-1 and
91 GPG signature, respectively. The filename provided must contain a
92 version number of at least 3 digits, which will be used as the
93 channel's update version number.
94 Multiple --channel switches cannot be used with --install. To
96 install multiple channels from tarballs, run "sa-update" multiple
97 times with different --channel and --install switches, e.g.:
98 sa-update --channel foo.example.com --install foo-34958.tgz
100 sa-update --channel bar.example.com --install bar-938455.tgz
101 --allowplugins
103 Allow downloaded updates to activate plugins. The default is not
104 to activate plugins; any "loadplugin" or "tryplugin" lines will be
105 commented in the downloaded update rules files.
106 --gpg, --nogpg
108 sa-update by default will verify update archives by use of a SHA1
109 checksum and GPG signature. SHA1 hashes can verify whether or not
110 the downloaded archive has been corrupted, but it does not offer
111 any form of security regarding whether or not the downloaded
112 archive is legitimate (aka: non-modifed by evildoers). GPG
113 verification of the archive is used to solve that problem.
114 If you wish to skip GPG verification, you can use the --nogpg
116 option to disable its use. Use of the following gpgkey-related
117 options will override --nogpg and keep GPG verification enabled.
118 Note: Currently, only GPG itself is supported (ie: not PGP). v1.2
120 has been tested, although later versions ought to work as well.
121 --gpgkey
123 sa-update has the concept of "release trusted" GPG keys. When an
124 archive is downloaded and the signature verified, sa-update
125 requires that the signature be from one of these "release trusted"
126 keys or else verification fails. This prevents third parties from
127 manipulating the files on a mirror, for instance, and signing with
128 their own key.
129 By default, sa-update trusts key ids "24F434CE" and "5244EC45",
131 which are the standard SpamAssassin release key and its sub-key.
132 Use this option to trust additional keys. See the --import option
133 for how to add keys to sa-update's keyring. For sa-update to use a
134 key it must be in sa-update's keyring and trusted.
135 For multiple keys, use the option multiple times. i.e.:
137 sa-update --gpgkey E580B363 --gpgkey 298BC7D0
139 Note: use of this option automatically enables GPG verification.
141 --gpgkeyfile
143 Similar to the --gpgkey option, except specify the additional keys
144 in a file instead of on the commandline. This is extremely useful
145 when there are a lot of additional keys that you wish to trust.
146 --gpghomedir
148 Specify a directory path to use as a storage area for the
149 "sa-update" GPG keyring. By default, this is
150 /etc/mail/spamassassin/sa-update-keys
152 --import
154 Use to import GPG key(s) from a file into the sa-update keyring
155 which is located in the directory specified by --gpghomedir.
156 Before using channels from third party sources, you should use this
157 option to import the GPG key(s) used by those channels. You must
158 still use the --gpgkey or --gpgkeyfile options above to get sa-
159 update to trust imported keys.
160 To import multiple keys, use the option multiple times. i.e.:
162 sa-update --import channel1-GPG.KEY --import channel2-GPG.KEY
164 Note: use of this option automatically enables GPG verification.
166 --refreshmirrors
168 Force the list of sa-update mirrors for each channel, stored in the
169 MIRRORED.BY file, to be updated. By default, the MIRRORED.BY file
170 will be cached for up to 7 days after each time it is downloaded.
171 --updatedir
173 By default, "sa-update" will use the system-wide rules update
174 directory:
175 /var/lib/spamassassin/3.004000
177 If the updates should be stored in another location, specify it
179 here.
180 Note that use of this option is not recommended; if you're just
182 using sa-update to download updated rulesets for a scanner, and sa-
183 update is placing updates in the wrong directory, you probably need
184 to rebuild SpamAssassin with different "Makefile.PL" arguments,
185 instead of overriding sa-update's runtime behaviour.
186 -D [area,...], --debug [area,...]
188 Produce debugging output. If no areas are listed, all debugging
189 information is printed. Diagnostic output can also be enabled for
190 each area individually; area is the area of the code to instrument.
191 For example, to produce diagnostic output on channel, gpg, and
192 http, use:
193 sa-update -D channel,gpg,http
195 For more information about which areas (also known as channels) are
197 available, please see the documentation at
198 <http://wiki.apache.org/spamassassin/DebugChannels>.
199 -h, --help
201 Print help message and exit.
202 -V, --version
204 Print sa-update version and exit.
205
207 An exit code of 0 means an update was available, and was downloaded and
208 installed successfully if --checkonly was not specified.
209 An exit code of 1 means no fresh updates were available.
211 An exit code of 2 means that at least one update is available but that
213 a lint check of the site pre files failed. The site pre files must
214 pass a lint check before any updates are attempted.
215 An exit code of 3 means that at least one update succeeded while other
217 channels failed. If using sa-compile, you should proceed with it.
218 An exit code of 4 or higher, indicates that errors occurred while
220 attempting to download and extract updates, and no channels were
221 updated.
222
224 Mail::SpamAssassin(3) Mail::SpamAssassin::Conf(3) spamassassin(1)
225 spamd(1) <http://wiki.apache.org/spamassassin/RuleUpdates>
226
228 "Mail::SpamAssassin"
229
231 See <http://issues.apache.org/SpamAssassin/>
232
234 The Apache SpamAssassin(tm) Project <http://spamassassin.apache.org/>
235
237 SpamAssassin is distributed under the Apache License, Version 2.0, as
238 described in the file "LICENSE" included with the distribution.
239perl v5.16.3 2018-10-15 SA-UPDATE(1)