JDunphy-SA-Upgrade
Upgrade SA to newer release
Introduction
Updating Spamassassin to a newer version from say 3.4.1 which is the current version for 8.7.11. Note: rules are only on main branch in SA github so we grab those first. I am using this in production as there are a few DoS against the SA versions that Zimbra ships in production. If you are hit with one of these email bombs, you can expect to see amavisd's that are 100% CPU bound and will takes about 15 minutes to timeout. You will also see postfix disconnect with END-OF-MESSAGE followed by a disconnect. After 15 mins, the email will be moved to the deferred queue. Amavisd will respond after 15 mins with a log message that it lost connection with 127.0.0.0 while sending data - message may be sent more than once". A previous version of this article was for SA 3.4.2 and this is updated for the latest SA 3.4.4
Backup Current Version
Files are located under /opt/zimbra/common/lib/perl5/Mail/Spamassassin and /opt/zimbra/data/spamassassin/ Note: the '*' with tar as we are grabbing both the spamassassin.pm and the directory spamassassin.
Here is what the general structure looks like with Zimbra/SA:
/opt/zimbra/common/lib/perl5/Mail/SpamAssassin/
/opt/zimbra/common/lib/perl5/Mail/SpamAssassin/SpamAssassin.pm
/opt/zimbra/data/spamassassin/localrules/
/opt/zimbra/data/spamassassin/rules/* ---- rules with the distribution
/opt/zimbra/data/spamassassin/state/ ---- rules from sa-update
/opt/zimbra/data/spamassassin/state/{3.00400|3.00401}/updates_spamassassin_org/
/opt/zimbra/data/spamassassin/state/3.004001/updates_spamassassin_org
/opt/zimbra/data/spamassassin/state/3.004001/updates_spamassassin_org.cf # --- rules to include
run tar as root or zimbra because need GPG stuff and all keys in that directory are 700 perms
rwx------ zimbra/zimbra 0 2019-05-21 10:00 opt/zimbra/data/spamassassin/localrules/sa-update-keys/
--- /opt/zimbra/commong/lib/perl5/Mail/Spamassassin ---- perms: root:root
/opt/zimbra/data/spamassassin perms: zimbra:zimbra
Use this command to backup existing Zimbra SA install should you need to revert back:
su - zimbra -c "tar zcvf /tmp/SA_backup.tar.gz /opt/zimbra/common/lib/perl5/Mail/SpamAssassin* \
/opt/zimbra/data/spamassassin \
/opt/zimbra/common/bin/sa-check_spamd \
/opt/zimbra/common/bin/sa-update \
/opt/zimbra/common/bin/spamassassin \
/opt/zimbra/common/bin/sa-learn \
/opt/zimbra/common/bin/sa-compile \
/opt/zimbra/common/bin/spamc \
/opt/zimbra/common/share/man/man1/sa-compile.1 \
/opt/zimbra/common/share/man/man1/spamc.1 \
/opt/zimbra/common/share/man/man1/sa-awl.1 \
/opt/zimbra/common/share/man/man1/sa-learn.1 \
/opt/zimbra/common/share/man/man1/sa-update.1 \
/opt/zimbra/common/share/man/man1/spamd.1 \
/opt/zimbra/common/share/man/man1/spamassassin-run.1 \
/opt/zimbra/common/share/man/man3/Mail::SpamAssassin* \
/opt/zimbra/common/share/man/man3/spamassassin-run.3pm"
Get and Install newer version
git clone https://github.com/apache/spamassassin.git cd spamassassin tar cvf ../rules.tar rules* git checkout spamassassin_release_3_4_4 tar xvf ../rules.tar
where build_zimbra.sh is:
#!/bin/bash
export PERL5LIB=/opt/zimbra/common/lib/perl5/x86_64-linux-thread-multi:/opt/zimbra/common/lib/perl5
export PERLLIB=/opt/zimbra/common/lib/perl5/x86_64-linux-thread-multi:/opt/zimbra/common/lib/perl5
/usr/bin/perl Makefile.PL \
PREFIX=/opt/zimbra/common \
LIB=/opt/zimbra/common/lib/perl5 \
DATADIR=/opt/zimbra/data/spamassassin/rules \
CONFDIR=/opt/zimbra/data/spamassassin/localrules \
LOCALSTATEDIR=/opt/zimbra/data/spamassassin/state
make
make install
chown -R zimbra:zimbra /opt/zimbra/common/lib/perl5/Mail/SpamAssassin*
chown -R zimbra:zimbra /opt/zimbra/data/spamassassin/
Verify rules still update
Rules are updated by cron. Run this command to verify that still works. You will have a state/3.004004 directory
# su - zimbra % /opt/zimbra/common/bin/sa-update -v --allowplugins --refreshmirrors
General Notes
#Default configuration data is loaded from the first existing directory in: # # /opt/zimbra/data/spamassassin/state/3.004002 # /opt/zimbra/data/spamassassin/rules # /opt/zimbra/common/share/spamassassin # /usr/local/share/spamassassin # /usr/share/spamassassin # Site-specific configuration data is used to override any values which # had already been set. This is loaded from the first existing directory in: # # /opt/zimbra/data/spamassassin/localrules # /opt/zimbra/common/etc/mail/spamassassin # /opt/zimbra/common/etc/spamassassin # /usr/local/etc/spamassassin # /usr/pkg/etc/spamassassin # /usr/etc/spamassassin # /etc/mail/spamassassin # /etc/spamassassin # From those 3 directories, SpamAssassin will first read file ending in ".pre" in lexical order # and then read files ending in ".cf" in lexical order. # In other words, it will read init.pre first, then 10_default_prefs.cf # before 50_scores.cf and 20_body_tests.cf before 20_head_tests.cf. # SA 4.0 requires newer perl version that exists with RHEL6/Centos6
Script to install if you don't want to install in the buildZimbra.sh step
#!/bin/bash export PERL5LIB=/opt/zimbra/common/lib/perl5/x86_64-linux-thread-multi:/opt/zimbra/common/lib/perl5 export PERLLIB=/opt/zimbra/common/lib/perl5/x86_64-linux-thread-multi:/opt/zimbra/common/lib/perl5 #As root make install chown -R zimbra:zimbra /opt/zimbra/data/spamassassin
To verify what version you now have running, do this:
# su - zimbra $ spamassassin -V SpamAssassin version 3.4.4 running on Perl version 5.10.1
More articles written by me, https://wiki.zimbra.com/wiki/JDunphy-Notes
