Add SpamAssassin KAM

[georglauterbach]

Description

Adds KAM (https://mcgrail.com/template/projects#KAM1) to SpamAssassin (SA) if SA is enabled. If not, there is no effect.

Closes #2412

Type of change

• New feature (non-breaking change which adds functionality)

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (README.md or the documentation under docs/)
• If necessary I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[casperklein]

I can only speak for myself, but I never heared about KAM before the mentioned issue. So a quick explanation what KAM is or at least a link to the homepage/documentation should be in environment.md and 'mailserver.env.

[georglauterbach]

I can only speak for myself, but I never heared about KAM before the mentioned issue. So a quick explanation what KAM is or at least a link to the homepage/documentation should be in environment.md and 'mailserver.env.

I will add this. I can, if you like, change the default to 0 too, if you think this is more appropriate?

[casperklein]

I will add this.

Oh, I didn't see that you answered meanwhile 😉

[casperklein]

I will add this. I can, if you like, change the default to 0 too, if you think this is more appropriate?

I think that's a good idea. I don't use KAM and don't see a reason to do so at the moment. I am very satisfied, how SA performs in the current state. Enabling KAM per default might lead to new problems / more false positives for new users.

[github-actions]

Documentation preview for this PR is ready! 🎉

Built with commit: 1fa81ef

[ghnp5]

Hey @georglauterbach
Thanks for this!

Did you test sa-update on this?

For some reason, --gpgkey 24C063D8 doesn't work for me.
When there is an actual update, sa-update it fails with:

 The update downloaded successfully, but it was not signed with a trusted GPG
 key.  Instead, it was signed with the following keys:
     24C063D8 

So I had to change the command to --nogpg.

sa-update --nogpg --channel kam.sa-channels.mcgrail.com --gpghomedir /var/lib/spamassassin/sa-update-keys -v 2>&1

[georglauterbach]

When there is an actual update, sa-update it fails with:

 The update downloaded successfully, but it was not signed with a trusted GPG

 key.  Instead, it was signed with the following keys:

     24C063D8 

So I had to change the command to --nogpg.

sa-update --nogpg --channel kam.sa-channels.mcgrail.com --gpghomedir /var/lib/spamassassin/sa-update-keys -v 2>&1

I experienced a similar issue, but (as I did with this PR) I did not use --nogpg, but I removed the --gpghomedir /var/lib/spamassassin/sa-update-keys option which was messing with the command. Without this option, all should work well. This PR makes use of that as well.

[ghnp5]

ah nice one! Thanks very much. 👍👍

[williamdes]

the GPG key is a bit small, could a full one be used ?

[georglauterbach]

If you find the complete key, please, feel free to open a PR :D

[williamdes]

https://mcgrail.com/template/kam.cf_channel
I will let you do it if you want ;)

[georglauterbach]

The link you posted shows the very same key this PR uses...

[williamdes]

Yeah, but for some reason they do use a short version.

[georglauterbach]

I believe this to be fine :D