The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Upgrade SA to newer release

   KB 23862        Last updated on 2020-10-18  

(0 votes)


Updating Spamassassin to a newer version from say 3.4.1 which is the current version for 8.7.11. Note: rules are only on main branch in SA github so we grab those first. I am using this in production as there are a few DoS against the SA versions that Zimbra ships in production. If you are hit with one of these email bombs, you can expect to see amavisd's that are 100% CPU bound and will takes about 15 minutes to timeout. You will also see postfix disconnect with END-OF-MESSAGE followed by a disconnect. After 15 mins, the email will be moved to the deferred queue. Amavisd will respond after 15 mins with a log message that it lost connection with while sending data - message may be sent more than once". A previous version of this article was for SA 3.4.2 and this is updated for the latest SA 3.4.4

Backup Current Version

Files are located under /opt/zimbra/common/lib/perl5/Mail/Spamassassin and /opt/zimbra/data/spamassassin/ Note: the '*' with tar as we are grabbing both the spamassassin.pm and the directory spamassassin.

Here is what the general structure looks like with Zimbra/SA:

/opt/zimbra/data/spamassassin/rules/* ---- rules with the distribution
/opt/zimbra/data/spamassassin/state/  ---- rules from sa-update
/opt/zimbra/data/spamassassin/state/3.004001/updates_spamassassin_org.cf  # --- rules to include

run tar as root or zimbra because need GPG stuff and all keys in that directory are 700 perms
   rwx------ zimbra/zimbra      0 2019-05-21 10:00 opt/zimbra/data/spamassassin/localrules/sa-update-keys/
    --- /opt/zimbra/commong/lib/perl5/Mail/Spamassassin ---- perms: root:root
    /opt/zimbra/data/spamassassin  perms: zimbra:zimbra

Use this command to backup existing Zimbra SA install should you need to revert back:

su - zimbra -c "tar zcvf /tmp/SA_backup.tar.gz /opt/zimbra/common/lib/perl5/Mail/SpamAssassin* \
        /opt/zimbra/data/spamassassin \
        /opt/zimbra/common/bin/sa-check_spamd \
        /opt/zimbra/common/bin/sa-update \
        /opt/zimbra/common/bin/spamassassin \
        /opt/zimbra/common/bin/sa-learn \
        /opt/zimbra/common/bin/sa-compile \
        /opt/zimbra/common/bin/spamc \
        /opt/zimbra/common/share/man/man1/sa-compile.1 \
        /opt/zimbra/common/share/man/man1/spamc.1 \
        /opt/zimbra/common/share/man/man1/sa-awl.1 \
        /opt/zimbra/common/share/man/man1/sa-learn.1 \
        /opt/zimbra/common/share/man/man1/sa-update.1 \
        /opt/zimbra/common/share/man/man1/spamd.1 \
        /opt/zimbra/common/share/man/man1/spamassassin-run.1 \
        /opt/zimbra/common/share/man/man3/Mail::SpamAssassin* \

Get and Install newer version

git clone https://github.com/apache/spamassassin.git
cd spamassassin
tar cvf ../rules.tar rules*
git checkout spamassassin_release_3_4_4
tar xvf ../rules.tar

where build_zimbra.sh is:


export PERL5LIB=/opt/zimbra/common/lib/perl5/x86_64-linux-thread-multi:/opt/zimbra/common/lib/perl5
export PERLLIB=/opt/zimbra/common/lib/perl5/x86_64-linux-thread-multi:/opt/zimbra/common/lib/perl5

/usr/bin/perl Makefile.PL \
     PREFIX=/opt/zimbra/common \
     LIB=/opt/zimbra/common/lib/perl5 \
     DATADIR=/opt/zimbra/data/spamassassin/rules \
     CONFDIR=/opt/zimbra/data/spamassassin/localrules \

make install
chown -R zimbra:zimbra /opt/zimbra/common/lib/perl5/Mail/SpamAssassin*
chown -R zimbra:zimbra /opt/zimbra/data/spamassassin/

Verify rules still update

Rules are updated by cron. Run this command to verify that still works. You will have a state/3.004004 directory

# su - zimbra
% /opt/zimbra/common/bin/sa-update -v --allowplugins --refreshmirrors

General Notes

#Default configuration data is loaded from the first existing directory in:
#    /opt/zimbra/data/spamassassin/state/3.004002
#    /opt/zimbra/data/spamassassin/rules
#    /opt/zimbra/common/share/spamassassin
#    /usr/local/share/spamassassin
#    /usr/share/spamassassin

# Site-specific configuration data is used to override any values which
#    had already been set. This is loaded from the first existing directory in:
#    /opt/zimbra/data/spamassassin/localrules
#    /opt/zimbra/common/etc/mail/spamassassin
#    /opt/zimbra/common/etc/spamassassin
#    /usr/local/etc/spamassassin
#    /usr/pkg/etc/spamassassin
#    /usr/etc/spamassassin
#    /etc/mail/spamassassin
#    /etc/spamassassin

#  From those 3 directories, SpamAssassin will first read file ending in ".pre" in lexical order
#      and then read files ending in ".cf" in lexical order.
#  In other words, it will read init.pre first, then 10_default_prefs.cf
#    before 50_scores.cf and 20_body_tests.cf before 20_head_tests.cf.
#  SA 4.0 requires newer perl version that exists with RHEL6/Centos6

Script to install if you don't want to install in the buildZimbra.sh step


export PERL5LIB=/opt/zimbra/common/lib/perl5/x86_64-linux-thread-multi:/opt/zimbra/common/lib/perl5
export PERLLIB=/opt/zimbra/common/lib/perl5/x86_64-linux-thread-multi:/opt/zimbra/common/lib/perl5

#As root
make install
chown -R zimbra:zimbra /opt/zimbra/data/spamassassin

To verify what version you now have running, do this:

# su - zimbra
$ spamassassin -V
SpamAssassin version 3.4.4
  running on Perl version 5.10.1

More articles written by me, https://wiki.zimbra.com/wiki/JDunphy-Notes

Jump to: navigation, search