1SA-UPDATE(1) User Contributed Perl Documentation SA-UPDATE(1)
2
6 sa-update - automate SpamAssassin rule updates
7
9 sa-update [options]
10 Options:
12 --channel channel Retrieve updates from this channel
14 Use multiple times for multiple channels
15 --channelfile file Retrieve updates from the channels in the file
16 --checkonly Check for update availability, do not install
17 --allowplugins Allow updates to load plugin code
18 --gpgkey key Trust the key id to sign releases
19 Use multiple times for multiple keys
20 --gpgkeyfile file Trust the key ids in the file to sign releases
21 --gpghomedir path Store the GPG keyring in this directory
22 --gpg and --nogpg Use (or do not use) GPG to verify updates
23 (--gpg is assumed by use of the above
24 --gpgkey and --gpgkeyfile options)
25 --import file Import GPG key(s) from file into sa-update's
26 keyring. Use multiple times for multiple files
27 --updatedir path Directory to place updates, defaults to the
28 SpamAssassin site rules directory
29 (default: /var/lib/spamassassin/<version>)
30 -D, --debug [area=n,...] Print debugging messages
31 -V, --version Print version
32 -h, --help Print usage message
33
35 sa-update automates the process of downloading and installing new rules
36 and configuration, based on channels. The default channel is
37 updates.spamassassin.org, which has updated rules since the previous
38 release.
39 Update archives are verified using SHA1 hashes and GPG signatures, by
41 default.
42 Note that "sa-update" will not restart "spamd" or otherwise cause a
44 scanner to reload the now-updated ruleset automatically. Instead,
45 "sa-update" is typically used in something like the following manner:
46 sa-update && /etc/init.d/spamassassin reload
48 This works because "sa-update" only returns an exit status of 0 if it
50 has successfully downloaded and installed an updated ruleset.
51
53 --channel
54 sa-update can update multiple channels at the same time. By
55 default, it will only access "updates.spamassassin.org", but more
56 channels can be specified via this option. If there are multiple
57 additional channels, use the option multiple times, once per chan‐
58 nel. i.e.:
59 sa-update --channel foo.example.com --channel bar.example.com
61 --channelfile
63 Similar to the --channel option, except specify the additional
64 channels in a file instead of on the commandline. This is useful
65 when there are a lot of additional channels.
66 --checkonly
68 Only check if an update is available, don't actually download and
69 install it. The exit code will be 0 or 1 as described below.
70 --allowplugins
72 Allow downloaded updates to activate plugins. The default is not
73 to activate plugins; any "loadplugin" or "tryplugin" lines will be
74 commented in the downloaded update rules files.
75 --gpg, --nogpg
77 sa-update by default will verify update archives by use of a SHA1
78 checksum and GPG signature. SHA1 hashes can verify whether or not
79 the downloaded archive has been corrupted, but it does not offer
80 any form of security regarding whether or not the downloaded ar‐
81 chive is legitimate (aka: non-modifed by evildoers). GPG verifica‐
82 tion of the archive is used to solve that problem.
83 If you wish to skip GPG verification, you can use the --nogpg
85 option to disable its use. Use of the following gpgkey-related
86 options will override --nogpg and keep GPG verification enabled.
87 Note: Currently, only GPG itself is supported (ie: not PGP). v1.2
89 has been tested, although later versions ought to work as well.
90 --gpgkey
92 sa-update has the concept of "release trusted" GPG keys. When an
93 archive is downloaded and the signature verified, sa-update
94 requires that the signature be from one of these "release trusted"
95 keys or else verification fails. This prevents third parties from
96 manipulating the files on a mirror, for instance, and signing with
97 their own key.
98 By default, sa-update trusts key id "265FA05B", which is the stan‐
100 dard SpamAssassin release key. Use this option to trust additional
101 keys. See the --import option for how to add keys to sa-update's
102 keyring. For sa-update to use a key it must be in sa-update's
103 keyring and trusted.
104 For multiple keys, use the option multiple times. i.e.:
106 sa-update --gpgkey E580B363 --gpgkey 298BC7D0
108 Note: use of this option automatically enables GPG verification.
110 --gpgkeyfile
112 Similar to the --gpgkey option, except specify the additional keys
113 in a file instead of on the commandline. This is extremely useful
114 when there are a lot of additional keys that you wish to trust.
115 --gpghomedir
117 Specify a directory path to use as a storage area for the
118 "sa-update" GPG keyring. By default, this is
119 /etc/mail/spamassassin/sa-update-keys
121 --import
123 Use to import GPG key(s) from a file into the sa-update keyring
124 which is located in the directory specified by --gpghomedir.
125 Before using channels from third party sources, you should use this
126 option to import the GPG key(s) used by those channels. You must
127 still use the --gpgkey or --gpgkeyfile options above to get sa-
128 update to trust imported keys.
129 To import multiple keys, use the option multiple times. i.e.:
131 sa-update --import channel1-GPG.KEY --import channel2-GPG.KEY
133 Note: use of this option automatically enables GPG verification.
135 --updatedir
137 By default, "sa-update" will use the system-wide rules update
138 directory:
139 /var/lib/spamassassin/spamassassin/3.002004
141 If the updates should be stored in another location, specify it
143 here.
144 Note that use of this option is not recommended; if you're just
146 using sa-update to download updated rulesets for a scanner, and sa-
147 update is placing updates in the wrong directory, you probably need
148 to rebuild SpamAssassin with different "Makefile.PL" arguments,
149 instead of overriding sa-update's runtime behaviour.
150 -D [area,...], --debug [area,...]
152 Produce debugging output. If no areas are listed, all debugging
153 information is printed. Diagnostic output can also be enabled for
154 each area individually; area is the area of the code to instrument.
155 For example, to produce diagnostic output on channel, gpg, and
156 http, use:
157 sa-update -D channel,gpg,http
159 For more information about which areas (also known as channels) are
161 available, please see the documentation at
162 <http://wiki.apache.org/spamassassin/DebugChannels>.
163 -h, --help
165 Print help message and exit.
166 -V, --version
168 Print sa-update version and exit.
169
171 An exit code of 0 means an update was available, and was downloaded and
172 installed successfully if --checkonly was not specified.
173 An exit code of 1 means no fresh updates were available.
175 An exit code of 2 means that at least one update is available but that
177 a lint check of the site pre files failed. The site pre files must
178 pass a lint check before any updates are attempted.
179 An exit code of 4 or higher, indicates that errors occurred while
181 attempting to download and extract updates.
182
184 Mail::SpamAssassin(3) Mail::SpamAssassin::Conf(3) spamassassin(1)
185 spamd(1) <http://wiki.apache.org/spamassassin/RuleUpdates>
186
188 "Mail::SpamAssassin"
189
191 See <http://issues.apache.org/SpamAssassin/>
192
194 The Apache SpamAssassin(tm) Project <http://spamassassin.apache.org/>
195
197 SpamAssassin is distributed under the Apache License, Version 2.0, as
198 described in the file "LICENSE" included with the distribution.
199perl v5.8.8 2008-01-29 SA-UPDATE(1)