1SA-UPDATE(1) User Contributed Perl Documentation SA-UPDATE(1)
2
3
4
6 sa-update - automate SpamAssassin rule updates
7
9 sa-update [options]
10
11 Options:
12
13 --channel channel Retrieve updates from this channel
14 Use multiple times for multiple channels
15 --channelfile file Retrieve updates from the channels in the file
16 --checkonly Check for update availability, do not install
17 --install filename Install updates directly from this file. Signature
18 verification will use "file.asc", "file.sha256",
19 and "file.sha512".
20 --allowplugins Allow updates to load plugin code
21 --gpgkey key Trust the key id to sign releases
22 Use multiple times for multiple keys
23 --gpgkeyfile file Trust the key ids in the file to sign releases
24 --gpghomedir path Store the GPG keyring in this directory
25 --gpg and --nogpg Use (or do not use) GPG to verify updates
26 (--gpg is assumed by use of the above
27 --gpgkey and --gpgkeyfile options)
28 --import file Import GPG key(s) from file into sa-update's
29 keyring. Use multiple times for multiple files
30 --updatedir path Directory to place updates, defaults to the
31 SpamAssassin site rules directory
32 (default: /var/lib/spamassassin/3.004002)
33 --refreshmirrors Force the MIRRORED.BY file to be updated
34 -D, --debug [area=n,...] Print debugging messages
35 -v, --verbose Be verbose, like print updated channel names;
36 For more verbosity specify multiple times
37 -V, --version Print version
38 -h, --help Print usage message
39 -4 Force using the inet protocol (IPv4), not inet6
40 -6 Force using the inet6 protocol (IPv6), not inet
41
43 sa-update automates the process of downloading and installing new rules
44 and configuration, based on channels. The default channel is
45 updates.spamassassin.org, which has updated rules since the previous
46 release.
47
48 Update archives are verified using SHA256 and SHA512 hashes and GPG
49 signatures, by default.
50
51 Note that "sa-update" will not restart "spamd" or otherwise cause a
52 scanner to reload the now-updated ruleset automatically. Instead,
53 "sa-update" is typically used in something like the following manner:
54
55 sa-update && /etc/init.d/spamassassin reload
56
57 This works because "sa-update" only returns an exit status of 0 if it
58 has successfully downloaded and installed an updated ruleset.
59
60 The program sa-update uses the underlying operating system umask for
61 the updated rule files it installs. You may wish to run sa-update from
62 a script that sets the umask prior to calling sa-update. For example:
63
64 #!/bin/sh
65 umask 022
66 sa-update
67
69 --channel
70 sa-update can update multiple channels at the same time. By
71 default, it will only access "updates.spamassassin.org", but more
72 channels can be specified via this option. If there are multiple
73 additional channels, use the option multiple times, once per
74 channel. i.e.:
75
76 sa-update --channel foo.example.com --channel bar.example.com
77
78 --channelfile
79 Similar to the --channel option, except specify the additional
80 channels in a file instead of on the commandline. This is useful
81 when there are a lot of additional channels.
82
83 --checkonly
84 Only check if an update is available, don't actually download and
85 install it. The exit code will be 0 or 1 as described below.
86
87 --install
88 Install updates "offline", from the named tar.gz file, instead of
89 performing DNS lookups and HTTP invocations.
90
91 Files named file.sha256, file.sha512, and file.asc will be used for
92 the SHA256 and SHA512 hashes and the GPG signature, respectively.
93 The filename provided must contain a version number of at least 3
94 digits, which will be used as the channel's update version number.
95
96 Multiple --channel switches cannot be used with --install. To
97 install multiple channels from tarballs, run "sa-update" multiple
98 times with different --channel and --install switches, e.g.:
99
100 sa-update --channel foo.example.com --install foo-34958.tgz
101 sa-update --channel bar.example.com --install bar-938455.tgz
102
103 --allowplugins
104 Allow downloaded updates to activate plugins. The default is not
105 to activate plugins; any "loadplugin" or "tryplugin" lines will be
106 commented in the downloaded update rules files.
107
108 --gpg, --nogpg
109 sa-update by default will verify update archives by use of SHA256
110 and SHA512 checksums and GPG signature. SHA* hashes can verify
111 whether or not the downloaded archive has been corrupted, but it
112 does not offer any form of security regarding whether or not the
113 downloaded archive is legitimate (aka: non-modifed by evildoers).
114 GPG verification of the archive is used to solve that problem.
115
116 If you wish to skip GPG verification, you can use the --nogpg
117 option to disable its use. Use of the following gpgkey-related
118 options will override --nogpg and keep GPG verification enabled.
119
120 Note: Currently, only GPG itself is supported (ie: not PGP). v1.2
121 has been tested, although later versions ought to work as well.
122
123 --gpgkey
124 sa-update has the concept of "release trusted" GPG keys. When an
125 archive is downloaded and the signature verified, sa-update
126 requires that the signature be from one of these "release trusted"
127 keys or else verification fails. This prevents third parties from
128 manipulating the files on a mirror, for instance, and signing with
129 their own key.
130
131 By default, sa-update trusts key ids "24F434CE" and "5244EC45",
132 which are the standard SpamAssassin release key and its sub-key.
133 Use this option to trust additional keys. See the --import option
134 for how to add keys to sa-update's keyring. For sa-update to use a
135 key it must be in sa-update's keyring and trusted.
136
137 For multiple keys, use the option multiple times. i.e.:
138
139 sa-update --gpgkey E580B363 --gpgkey 298BC7D0
140
141 Note: use of this option automatically enables GPG verification.
142
143 --gpgkeyfile
144 Similar to the --gpgkey option, except specify the additional keys
145 in a file instead of on the commandline. This is extremely useful
146 when there are a lot of additional keys that you wish to trust.
147
148 --gpghomedir
149 Specify a directory path to use as a storage area for the
150 "sa-update" GPG keyring. By default, this is
151
152 /etc/mail/spamassassin/sa-update-keys
153
154 --import
155 Use to import GPG key(s) from a file into the sa-update keyring
156 which is located in the directory specified by --gpghomedir.
157 Before using channels from third party sources, you should use this
158 option to import the GPG key(s) used by those channels. You must
159 still use the --gpgkey or --gpgkeyfile options above to get sa-
160 update to trust imported keys.
161
162 To import multiple keys, use the option multiple times. i.e.:
163
164 sa-update --import channel1-GPG.KEY --import channel2-GPG.KEY
165
166 Note: use of this option automatically enables GPG verification.
167
168 --refreshmirrors
169 Force the list of sa-update mirrors for each channel, stored in the
170 MIRRORED.BY file, to be updated. By default, the MIRRORED.BY file
171 will be cached for up to 7 days after each time it is downloaded.
172
173 --updatedir
174 By default, "sa-update" will use the system-wide rules update
175 directory:
176
177 /var/lib/spamassassin/3.004002
178
179 If the updates should be stored in another location, specify it
180 here.
181
182 Note that use of this option is not recommended; if you're just
183 using sa-update to download updated rulesets for a scanner, and sa-
184 update is placing updates in the wrong directory, you probably need
185 to rebuild SpamAssassin with different "Makefile.PL" arguments,
186 instead of overriding sa-update's runtime behaviour.
187
188 -D [area,...], --debug [area,...]
189 Produce debugging output. If no areas are listed, all debugging
190 information is printed. Diagnostic output can also be enabled for
191 each area individually; area is the area of the code to instrument.
192 For example, to produce diagnostic output on channel, gpg, and
193 http, use:
194
195 sa-update -D channel,gpg,http
196
197 For more information about which areas (also known as channels) are
198 available, please see the documentation at
199 <http://wiki.apache.org/spamassassin/DebugChannels>.
200
201 -h, --help
202 Print help message and exit.
203
204 -V, --version
205 Print sa-update version and exit.
206
208 In absence of a --checkonly option, an exit code of 0 means: an update
209 was available, and was downloaded and installed successfully. If
210 --checkonly was specified, an exit code of 0 means: an update was
211 available.
212
213 An exit code of 1 means no fresh updates were available.
214
215 An exit code of 2 means that at least one update is available but that
216 a lint check of the site pre files failed. The site pre files must
217 pass a lint check before any updates are attempted.
218
219 An exit code of 3 means that at least one update succeeded while other
220 channels failed. If using sa-compile, you should proceed with it.
221
222 An exit code of 4 or higher, indicates that errors occurred while
223 attempting to download and extract updates, and no channels were
224 updated.
225
227 Mail::SpamAssassin(3) Mail::SpamAssassin::Conf(3) spamassassin(1)
228 spamd(1) <http://wiki.apache.org/spamassassin/RuleUpdates>
229
231 "Mail::SpamAssassin"
232
234 See <http://issues.apache.org/SpamAssassin/>
235
237 The Apache SpamAssassin(tm) Project <http://spamassassin.apache.org/>
238
240 SpamAssassin is distributed under the Apache License, Version 2.0, as
241 described in the file "LICENSE" included with the distribution.
242
243 Copyright (C) 2015 The Apache Software Foundation
244
245
246
247perl v5.26.3 2019-05-14 SA-UPDATE(1)