Re: Possible to have a cron job to fix bug 8041?

[Kevin A. McGrail]

Probably just something to document in the release build readme to be 
honest.


On 9/10/2022 7:06 PM, Sidney Markowitz wrote:

I just opened
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8041

The issue is that the test spam t/data/spam/pyzor is a real world spam 
that is on the public pyzor server, but the server is apparently 
configured to expire spam reports. I'm guessing it has a one year 
expiry given that Giovanni had to update the test with a new spam 
about a year ago, and t/pyzor.t just started failing.


I ran

  pyzor report < t/data/spam/pyzor

and all was well again.

Is it reasonable for to put a cron job on one of our infrastructor 
machines that, perhaps once a month, or some other convenient 
interval, runs the pyzor report command to ensure that the test spam 
doesn't expire? Extra points for running pyzor check < 
t/data/spam/pyzor before and after the report to confirm that the 
report worked and incremented the count, but that is less important.


What do you all think about that?

 Sidney


--
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: sa-update.fossies.org (144.76.163.196) is longer down

[Kevin A. McGrail]

I hope you are having better luck with your server!
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Tue, Jul 26, 2022 at 6:37 PM Jens Schleusener <
jens.schleuse...@t-online.de> wrote:

> On Mon, 18 Jul 2022, Jens Schleusener wrote:
>
> > Hi,
> >
> > unfortunately the server sa-update.fossies.org (144.76.163.196) has
> after a
> > reboot (Mo Jul 18 15:36:32 CEST) strong hardware problems.
> >
> > Since there is no foreseeable end to the server outage, I propose to
> remove
> > the server from the mirror list.
>
> There are again problems (probably originally kernel based but now with
> internal ones). May be that is the end of the server fossies.org so
> please remove sa-update.fossies.org from the mirror list.
>
> Sorry
>
> Jens
>

Re: checkSAupdateMirrors.sh on sa-vm.apache.org - 1 mirror DOWN, 0 mirrors STALE

[Kevin A. McGrail]

I emailed M.Eng. René Schwarz  to see if there 
was a status on his mirror.


On 5/1/2022 12:18 AM, aut...@sa-vm.apache.org wrote:

https://sa-update.mailfud.org/ (5.196.88.134): UP (CURRENT)

http://sa-update.dnswl.org/ (116.203.4.105): UP (CURRENT)

https://www.sa-update.pccc.com/ (69.171.29.42): UP (CURRENT)

Failed to dig IPs for sa-update.space-pro.be

http://sa-update.ena.com/ (96.4.1.5): UP (CURRENT)

http://sa-update.ena.com/ (96.5.1.5): UP (CURRENT)

https://sa-update.razx.cloud/ (104.21.69.80): UP (CURRENT)

https://sa-update.razx.cloud/ (172.67.206.130): UP (CURRENT)

http://sa-update.fossies.org/ (144.76.163.196): UP (CURRENT)

http://sa-update.verein-clean.net/ (37.252.124.130): UP (CURRENT)

http://sa-update.verein-clean.net/ (37.252.120.157): UP (CURRENT)

https://sa-update-asf.snb.it/ (151.80.178.91): UP (CURRENT)

http://sa-update.spamassassin.org/ (64.142.56.146): UP (CURRENT)


--
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: HTTPS for mirrors

[Kevin A. McGrail]

Thanks, Henrik.  I'm agnostic on this change but I thought it was 
interesting it took Dave some trouble to setup http vs https.



On 4/30/2022 11:46 PM, Henrik K wrote:

If you look at current MIRRORED.BY, that's how it already done.

Only 3.3 skips any non-http:// lines.  So 3.3 rule updates need to be
officially deprecated before changing last http-mirror.  And amazingly there
are still active users as seen from the "if has()" reports..

I'll leave general timetable for the list consensus, it's up to the
volunteers..

On Sat, Apr 30, 2022 at 09:55:26PM -0400, Kevin A. McGrail wrote:

That's quite interesting, Dave.  Thanks.

Henrik, do we have a way of supporting both http and https?  So like one
config line is http and another is https?  Then we can ask mirrors to start
moving to https with a goal perhaps of next May?

Regards,

KAM

On 4/29/2022 12:27 AM, Dave Warren wrote:

On 2022-04-28 07:30, Bill Cole wrote:

I see no reason to make HTTPS mandatory for mirrors at this point.
It does mean an extra layer that can break and the impersonation
attacks that it enables would be extremely complicated to mount, so
may be entirely theoretical. I would rather keep unencrypted
mirrors for the sake of availability than drive away helpful
collaborators just because they haven't had a free hour recently to
make HTTPS work.

I don't care either way, but it is literally more work for me to
maintain a HTTP mirror than not.

Why? My web server configuration all starts with a default "HTTP? 301
redirect to HTTPS" rule, so getting HTTP content to bypass that is
literally more lines of configuration, and extra testing when upgrading
software or moving stuff around.

It isn't a big deal. The "work" is already done, and I mirror
torbrowser and sometimes tails as well and there is a stronger use-case
for maintaining HTTP indefinitely there, so adding one more hostname to
the "okay, serve it with http too" list isn't even on my radar of
things to care about.

I do care about encryption in general though.

HTTPS is an inconsequential amount of overhead and has been for a
decade or so (from my perspective). And I have trouble imagining any
machine that is simultaneously powerful enough to run SpamAssassin and
also finds the overhead of HTTPS as consequential.

As noted elsewhere in the thread, I'm one of the mirrors that offers
HTTPS already, this is because it is already part of my provisioning
system when I add a site and like allowing HTTP at all, it would be
more work to carve out an exception.

I have no preference or vote in either direction here specifically, but
for my part I consider HTTP legacy and am a strong believer in
replacing HTTP services with a static 301 response and calling it a
day.

--
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


--
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: HTTPS for mirrors

[Kevin A. McGrail]

That's quite interesting, Dave.  Thanks.

Henrik, do we have a way of supporting both http and https?  So like one 
config line is http and another is https?  Then we can ask mirrors to 
start moving to https with a goal perhaps of next May?


Regards,

KAM

On 4/29/2022 12:27 AM, Dave Warren wrote:

On 2022-04-28 07:30, Bill Cole wrote:
I see no reason to make HTTPS mandatory for mirrors at this point. It 
does mean an extra layer that can break and the impersonation attacks 
that it enables would be extremely complicated to mount, so may be 
entirely theoretical. I would rather keep unencrypted mirrors for the 
sake of availability than drive away helpful collaborators just 
because they haven't had a free hour recently to make HTTPS work.


I don't care either way, but it is literally more work for me to 
maintain a HTTP mirror than not.


Why? My web server configuration all starts with a default "HTTP? 301 
redirect to HTTPS" rule, so getting HTTP content to bypass that is 
literally more lines of configuration, and extra testing when 
upgrading software or moving stuff around.


It isn't a big deal. The "work" is already done, and I mirror 
torbrowser and sometimes tails as well and there is a stronger 
use-case for maintaining HTTP indefinitely there, so adding one more 
hostname to the "okay, serve it with http too" list isn't even on my 
radar of things to care about.


I do care about encryption in general though.

HTTPS is an inconsequential amount of overhead and has been for a 
decade or so (from my perspective). And I have trouble imagining any 
machine that is simultaneously powerful enough to run SpamAssassin and 
also finds the overhead of HTTPS as consequential.


As noted elsewhere in the thread, I'm one of the mirrors that offers 
HTTPS already, this is because it is already part of my provisioning 
system when I add a site and like allowing HTTP at all, it would be 
more work to carve out an exception.


I have no preference or vote in either direction here specifically, 
but for my part I consider HTTP legacy and am a strong believer in 
replacing HTTP services with a static 301 response and calling it a day.


--
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: HTTPS for mirrors

[Kevin A. McGrail]

By default, the data is cryptographically verified.  An admin has to
specifically turn off that feature.

There's little benefits of using HTTPS in this specific setting and it's
just an extra requirement on our volunteer mirrors.  It will add time, CPU
load, and even a small amount of bandwidth increase. All to achieve nothing.

>From a security analysis, this is public data so it's a very low risk with
no data toxicity.

I just don't see the benefit. As a security expert, I also make sure to
focus my time where it's best utilized.  So I am recommending that you and
I can spend our time elsewhere as well as our mirror volunteers :-)

-KAM

On Thu, Apr 28, 2022, 07:36 Henrik K  wrote:

> On Thu, Apr 28, 2022 at 07:26:41AM -0400, Kevin A. McGrail wrote:
> > We discussed this a year or two ago. The data on there is not sensitive
> and
> > is cryptographically verified by spamassassin before being used.  Can you
> > name a single reason the data needs to be encrypted in transit?  KAM
>
> It's only verified if the user chooses to do so, is not downloading stuff
> manually or whatever.  Regardless, can YOU name a single reason why
> transmitted data should not be encrypted in the year 2022, as it's trivial
> to do so?  Strange debate from a security expert.
>
>

Re: HTTPS for mirrors

[Kevin A. McGrail]

We discussed this a year or two ago. The data on there is not sensitive and
is cryptographically verified by spamassassin before being used.  Can you
name a single reason the data needs to be encrypted in transit?  KAM

On Thu, Apr 28, 2022, 07:17 Henrik K  wrote:

> On Thu, Apr 28, 2022 at 12:40:58PM +0200, Fossies Administrator wrote:
> > On Wed, 27 Apr 2022, Henrik K wrote:
> >
> > >
> > > There's really no reason these days for not using https.
> > >
> > > Only three mirrors work with it right now:
> > >
> > > sa-update.razx.cloud
> > > sa-update.pccc.com
> > > sa-update.mailfud.org
> > >
> > > Could maybe others prepare for it?  sa-update seems to happily use
> https://
> > > mirrors starting from 3.4.0, so there shouldn't be any reason not to
> update
> > > these.
> > >
> > > Btw I just updated DNS to https too:
> > > mirrors.updates.spamassassin.org.  "
> https://spamassassin.apache.org/updates/MIRRORED.BY;
> > >
> > > Apparently spamassassin.apache.org has had https-redirect for a long
> time,
> > > which broke the old checkSAupdateMirrors.sh script too.
> >
> > Unfortunately my server fossies.org currently uses a commercial
> certificate
> > only usable for the names "fossies.org" and "www.fossies.org" but not
> for
> > "sa-update.fossies.org" and some first general tests some months ago
> using
> > Let's Encrypt were not yet successful.
> >
> > Since I don't know when I have time for a new attempt (probably
> > summer/autumn after a big hardware migration) and the https request seems
> > understandable you may remove the server "sa-update.fossies.org"
> > if meaningful (relatively easy to get over, since it only has a weight
> of 1).
>
> I don't see it as a huge problem if we leave few mirrors as http:// - it
> enables ancient 3.3 clients to still get some updates..  dunno if that's
> good or bad.  Maybe let's try to convert all "this year"?
>
> Btw about mirror weights, how were they decided?  Basically weight=1 means
> there's a 1/50 chance to get a request, or 10 times less than the weight=10
> mirrors.  Is everyone happy about the amount of traffic they receive?  I'll
> probably bump mine up a bit since I have no traffic limits/costs..
>
> sa-update.verein-clean.net (1/4.8 chance)
> sa-update.spamassassin.org (1/4.8 chance)
> www.sa-update.pccc.com (1/9.6 chance)
> sa-update.ena.com (1/9.6 chance)
> sa-update.razx.cloud (1/9.6 chance)
> sa-update-asf.snb.it (1/9.6 chance)
> sa-update.dnswl.org (1/16.0 chance)
> sa-update.mailfud.org (1/16.0 chance)
> sa-update.space-pro.be (1/47.2 chance)
> sa-update.fossies.org (1/47.4 chance)
>
> Cheers,
> Henrik
>

Re: checkSAupdateMirrors.sh on sa-vm.apache.org - 0 mirrors DOWN, 2 mirrors STALE

[Kevin A. McGrail]

Might be worth clearing everything out on the mirror side if rsync is
stalling for some reason.

-KAM

On Wed, Apr 27, 2022, 08:29 Henrik K  wrote:

> On Tue, Apr 26, 2022 at 12:28:44AM -0600, Dave Warren wrote:
> > On 2022-04-25 22:18, aut...@sa-vm.apache.org wrote:
> > > http://sa-update.razx.cloud/  (172.67.206.130): UP (STALE since
> 1650939481, 2 hours)
> > >
> > > http://sa-update.razx.cloud/  (104.21.69.80): UP (STALE since
> 1650939481, 2 hours)
> >
> > Weird. Fixed for now, but I'll monitor tomorrow since it looks like it
> got
> > stuck a couple times.
>
> Any solution for this problem?
>
>

Re: checkSAupdateMirrors.sh on sa-vm.apache.org - 1 mirror DOWN, 0 mirrors STALE

[Kevin A. McGrail]

Did this ever resolve?  Perhaps something to ask users@infra about?

On 8/27/2021 2:57 AM, Giovanni Bechis wrote:

On Fri, Aug 27, 2021 at 06:18:07AM +, aut...@sa-vm.apache.org wrote:

Fetching sa-update URLs from http://spamassassin.apache.org/updates/MIRRORED.BY


[...]

http://sa-update-asf.snb.it/ (151.80.178.91): DOWN


I cannot ping nor connect to my vm from sa-vm but it works from
somewhere else.

Any idea what's going on ?

root@sa-vm:/home/gbechis# ping sa-update-asf.snb.it
PING sa-update.snb.it (151.80.178.91) 56(84) bytes of data.
 From 10.110.1.24 (10.110.1.24) icmp_seq=1 Time to live exceeded

root@sa-vm:/home/gbechis# curl -v sa-update-asf.snb.it
*   Trying 151.80.178.91:80...
* TCP_NODELAY set
* connect to 151.80.178.91 port 80 failed: No route to host
*   Trying 2001:41d0:12a:d100::91:80...
* TCP_NODELAY set
* Immediate connect fail for 2001:41d0:12a:d100::91: Network is unreachable
*   Trying 2001:41d0:12a:d100::91:80...
* TCP_NODELAY set
* Immediate connect fail for 2001:41d0:12a:d100::91: Network is unreachable
* Failed to connect to sa-update-asf.snb.it port 80: No route to host
* Closing connection 0
curl: (7) Failed to connect to sa-update-asf.snb.it port 80: No route to host


--
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: [External] ANNOUNCE: Apache SpamAssassin 3.4.6 available

[Kevin A. McGrail]

Yeah, I found what happened.  On 3/2 I called for a vote.  Then the 
pandemic hit and I drafted but did not send an email suggested we wait a 
few months.


Here's my notes on it:


*** On March 1, 2020, we will stop publishing rulesets with SHA-1 checksums.
    If you do not update to 3.4.2 or later, you will be stuck at the last
    ruleset with SHA-1 signatures. ***

Simply changing the dns to static is all what is primarily needed

1 - Confirm with private@ - EMAILED 3/2/20

Sent Mar 3 at 9:35AM
Barring objections in the next 48 hours, I will change the DNS entries 
to a static point in time so that updates on older versions are no 
longer produced. I will also work with sysadmin to turn off the creation 
of md5 and sha-1 signatures. I will also update the build readmes for 
trunk and 3.4 to know that those signature should not be produced again.


I think it's the community has so much upheaval about this they can 
easily download the rules updates sign them themselves and put them up 
on an alternate channel.



1a - Hold off due to pandemic


Want me to look into it again?

Regards,
KAM


On 4/13/2021 9:10 PM, Kevin A. McGrail wrote:
We should also update the zone file to static for the older versions 
too so they never try and get a newer update.


On Tue, Apr 13, 2021, 21:08 Sidney Markowitz <mailto:sid...@apache.org>> wrote:


Kevin A. McGrail wrote on 14/04/21 12:22 am:
> BTW, did we actually turn off the sha-1 signature generation?  I
think
> that was when David and the pandemic hit...

You are right.
http://sa-update.spamassassin.org/1888609.tar.gz.sha1
<http://sa-update.spamassassin.org/1888609.tar.gz.sha1> exists.

But now that it has been officially announced that we no longer
support
it we can turn it off.

I'm adding a Cc to sysadmins since that's where someone can go
ahead and
remove the generation of the sha1 files.

  Sidney


--


    

*Kevin A. McGrail*
/CEO Emeritus/
*Peregrine Computer Consultants Corporation*
+1.703.798.0171 kmcgr...@pccc.com
 https://pccc.com/  https://raptoremailsecurity.com

10311 Cascade Lane, Fairfax, Virginia 22032-2357 USA

Re: [External] ANNOUNCE: Apache SpamAssassin 3.4.6 available

[Kevin A. McGrail]

We should also update the zone file to static for the older versions too so
they never try and get a newer update.

On Tue, Apr 13, 2021, 21:08 Sidney Markowitz  wrote:

> Kevin A. McGrail wrote on 14/04/21 12:22 am:
> > BTW, did we actually turn off the sha-1 signature generation?  I think
> > that was when David and the pandemic hit...
>
> You are right. http://sa-update.spamassassin.org/1888609.tar.gz.sha1
> exists.
>
> But now that it has been officially announced that we no longer support
> it we can turn it off.
>
> I'm adding a Cc to sysadmins since that's where someone can go ahead and
> remove the generation of the sha1 files.
>
>   Sidney
>

Re: Are we ready in DNS for 3.4.5 release?

[Kevin A. McGrail]

Hi Sidney,

So if you ever need, there is more information here: 
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/InfraNotes2020


Yes, there is a 3.4.5 record

5.4.3.updates.spamassassin.org. 3599 IN CNAME 
3.3.3.updates.spamassassin.org.


Regards,
KAM

On 3/24/2021 1:23 PM, Sidney Markowitz wrote:
Here's a quote from build/README which says my next step in the 
release process is to ask you all if you have to do whatever this says 
has to be done.

So I'm asking...


Confirm with SpamAssassin SysAdmins group that we are ready in DNS for
  masscheck and rule updates for the next version

  For many years all releases since 3.3.3 use the same ruleset.
    3.4.2 already has a cname for this.
    3.3.2 and before are set to a static ruleset.

  We have been good on using version specific and plugin conditions to
  allow one ruleset to rule them all.

  Since we plan to release rules that continue to be version compatible
  back to 3.3.3, only a CNAME is needed for newer releases to point at
  3.3.3.


--
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: freqsd on sa-vm masscheck box?

[Kevin A. McGrail]

I am sure it was just missed.  Henrik did a great job on the box migration
but that was likely missed.

Any chance you can take a stab at it?

On Sat, Feb 20, 2021, 13:30 John Hardin  wrote:

> All:
>
> It seems that freqsd was never migrated to the new masscheck VM. I'm
> working on doing that now, but I was wondering whether anybody remembers
> deferring that for a specific reason...?
>
> I don't think this will affect masschecks and rule publication, it looks
> like it's just background processing to support the ruleqa website.
>
>
> --
>   John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
>   jhar...@impsec.org pgpk -a jhar...@impsec.org
>   key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> ---
>USMC Rules of Gunfighting #20: The faster you finish the fight,
>the less shot you will get.
> ---
>   2 days until George Washington's 289th Birthday
>

Re: Let's Encrypt certificate expiration notice for domain "*.spamassassin.org" (and 1 more)

[Kevin A. McGrail]

Henrik wrote on 10/21 that it could be ignored:

FYI this can be ignored, just some leftover..  sa-vm/ruleqa uses 
*.spamassassin.org cert.


Henrik, any guidance appreciated :-)

Regards,
KAM

On 12/23/2020 1:56 PM, John Hardin wrote:

On Sun, 13 Dec 2020, Let's Encrypt Expiry Bot wrote:

Your certificate (or certificates) for the names listed below will 
expire in 10 days (on 23 Dec 20 05:39 +). Please make sure to 
renew your certificate before then, or visitors to your website will 
encounter errors.


*.spamassassin.org
spamassassin.org


ruleqa.spamassassin.org is now throwing expired cert errors:

  ruleqa.spamassassin.org uses an invalid security certificate.
  The certificate expired on 12/22/2020 09:39 PM. The current time
  is 12/23/2020 10:45 AM.

It appears that while we may have been able to ignore the 
ruleqa.spamassassin.org cert warning as Henrik noted, this one is not 
one we can ignore.


Did we fail to set up auto-renewal of this certificate somewhere?



--
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: New SA mirror

[Kevin A. McGrail]

Only a PMC member with Commit rates can do this themselves.  The scripts
that test will yell if your mirror is down or stale.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Wed, Nov 18, 2020 at 2:22 AM Giovanni Bechis  wrote:

> I have setup my mirror as per SaUpdateMirrorSetup[¹] and it's working.
> I do not think it's correct that I do everything on my own without other
> people
> testing it but if it's ok I will proceed this way.
>
> [¹]
> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/SaUpdateMirrorSetup
>
> On Tue, Nov 17, 2020 at 03:06:40PM -0500, Kevin A. McGrail wrote:
> > If you have everything working, you can update the MIRRORED.BY in this
> repo
> > https://svn.apache.org/repos/asf/spamassassin/site/updates and add your
> > mirror, contact info and weight in like and kind to what is there.
> > --
> > Kevin A. McGrail
> > Member, Apache Software Foundation
> > Chair Emeritus Apache SpamAssassin Project
> > https://www.linkedin.com/in/kmcgrail - 703.798.0171
> >
> >
> > On Sat, Nov 14, 2020 at 11:45 AM Giovanni Bechis 
> wrote:
> >
> > > Hi,
> > > I have a private mirror [http://sa-update.snb.it/asf] I am using for
> some
> > > time and I would like
> > > to make it public, what are next steps ?
> > >
> > >  Giovanni
> > >
>

Re: checkSAupdateMirrors.sh on sa-vm.apache.org - 1 mirror DOWN, 0 mirrors STALE

[Kevin A. McGrail]

This is the incoming box at sonic.  I was able to login and access but went
ahead and rebooted the box as well to install updates
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Sun, Oct 25, 2020 at 10:18 AM  wrote:

> Fetching sa-update URLs from
> http://spamassassin.apache.org/updates/MIRRORED.BY
>
> http://sa-update.dnswl.org/ (116.203.4.105): UP (CURRENT)
>
> http://www.sa-update.pccc.com/ (69.171.29.42): UP (CURRENT)
>
> http://sa-update.space-pro.be/ (176.28.55.20): UP (CURRENT)
>
> http://sa-update.ena.com/ (96.5.1.5): UP (CURRENT)
>
> http://sa-update.ena.com/ (96.4.1.5): UP (CURRENT)
>
> http://sa-update.razx.cloud/ (172.67.74.101): UP (CURRENT)
>
> http://sa-update.razx.cloud/ (104.26.3.18): UP (CURRENT)
>
> http://sa-update.razx.cloud/ (104.26.2.18): UP (CURRENT)
>
> http://sa-update.fossies.org/ (144.76.163.196): UP (CURRENT)
>
> http://sa-update.verein-clean.net/ (148.251.212.58): UP (CURRENT)
>
> http://sa-update.verein-clean.net/ (37.252.120.157): UP (CURRENT)
>
> http://sa-update.verein-clean.net/ (37.252.124.130): UP (CURRENT)
>
> http://sa-update.spamassassin.org/ (64.142.56.146): DOWN
>

Re: Let's Encrypt certificate expiration notice for domain "ruleqa.spamassassin.org"

[Kevin A. McGrail]

Thanks!
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Wed, Oct 21, 2020 at 6:15 AM Henrik K  wrote:

>
> FYI this can be ignored, just some leftover..  sa-vm/ruleqa uses *.
> spamassassin.org cert.
>
> On Tue, Oct 20, 2020 at 04:45:26PM +, Let's Encrypt Expiry Bot wrote:
> > Hello,
> >
> > Your certificate (or certificates) for the names listed below will
> expire in 20 days (on 09 Nov 20 16:47 +). Please make sure to renew
> your certificate before then, or visitors to your website will encounter
> errors.
> >
> > We recommend renewing certificates automatically when they have a third
> of their
> > total lifetime left. For Let's Encrypt's current 90-day certificates,
> that means
> > renewing 30 days before expiration. See
> > https://letsencrypt.org/docs/integration-guide/ for details.
> >
> > ruleqa.spamassassin.org
> >
> > For any questions or support, please visit
> https://community.letsencrypt.org/. Unfortunately, we can't provide
> support by email.
> >
> > For details about when we send these emails, please visit
> https://letsencrypt.org/docs/expiration-emails/. In particular, note that
> this reminder email is still sent if you've obtained a slightly different
> certificate by adding or removing names. If you've replaced this
> certificate with a newer one that covers more or fewer names than the list
> above, you may be able to ignore this message.
> >
> > If you are receiving this email in error, unsubscribe at
> http://mandrillapp.com/track/unsub.php?u=30850198=4ea059329d5f4adf921177e08090115d.bwhb%2FBPfWM93iQ5gciTRITHDm2Y%3D=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Ds%252A%252A%252A%252A%2540s%252A%252A%252A%252A.%252A%252A%252A
> >
> > Regards,
> > The Let's Encrypt Team
>

Re: New mirror, how to tell sa-update to use it?

[Kevin A. McGrail]

Are you trying to publish your own channel?  The sa-update channel? Both?
Are you rsyncing the current channel?

There is no concept of local waiting or GeoIP currently in sa-update.
Rules are cryptographically signed and relatively small that is really not
an issue BUT patches to add a specific URL would be welcome.  I can see
some large providers might want to use this.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Fri, Oct 23, 2020 at 5:18 AM Dan Malm  wrote:

> Hi,
>
> I've set up an SA Update mirror at https://mirror.one.com/spamassassin/
> if it is of any interest (I know it doesn't match the sa-update.
> convention, would that be a blocker?)
>
> For our own machines we'd like to set sa-update to use this mirror with
> highest priority but I'm failing to find a way to point sa-update to use
> any custom list of mirrors short of editing MIRRORED.BY, but since
> sa-update updates that file on a regular basis... Any pointers on how I
> would accomplish this?
>
> --
> BR/Mvh. Dan Malm, Systems Engineer, One.com
>

Re: Cron test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )

[Kevin A. McGrail]

David Jones is the most familiar with it.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Tue, Sep 29, 2020 at 1:07 PM Bill Cole <
sa-bugz-20080...@billmail.scconsult.com> wrote:

> This looks like the checkDNShosting script merging stdout and stdin
> somewhere and/or misparsing 'dig' output.
>
> Who is most familiar with that script?
>
>
> Forwarded message:
>
> > From: Chris Lambertus 
> > To: d...@spamassassin.apache.org
> > Cc: Apache root@ 
> > Subject: Fwd: Cron  test -x /usr/sbin/anacron || ( cd /
> > && run-parts --report /etc/cron.daily )
> > Date: Tue, 29 Sep 2020 08:31:01 -0700
> >
> > cron error from sa-vm1
> >
> >
> >> Begin forwarded message:
> >>
> >> From: r...@sa-vm1.apache.org (Cron Daemon)
> >> Subject: Cron  test -x /usr/sbin/anacron || ( cd / &&
> >> run-parts --report /etc/cron.daily )
> >> Date: September 28, 2020 at 11:25:26 PM PDT
> >> To: r...@sa-vm1.apache.org
> >>
> >> /etc/cron.daily/checkDNShosting:
> >> Usage: dns_compare [options]
> >>
> >> dns_compare: error: -s option requires an argument
> >> /etc/cron.daily/checkDNShosting: line 25: $XFR: ambiguous redirect
> >> /etc/cron.daily/checkDNShosting: line 26: $OUT: ambiguous redirect
> >> cat: '/tmp/;': No such file or directory
> >> cat: '(2': No such file or directory
> >> cat: servers: No such file or directory
> >> cat: 'found).out': No such file or directory
> >> /etc/cron.daily/checkDNShosting: line 25: $XFR: ambiguous redirect
> >> /etc/cron.daily/checkDNShosting: line 26: $OUT: ambiguous redirect
> >> cat: '/tmp/;;': No such file or directory
> >> cat: connection: No such file or directory
> >> cat: timed: No such file or directory
> >> cat: 'out;': No such file or directory
> >> cat: no: No such file or directory
> >> cat: servers: No such file or directory
> >> cat: could: No such file or directory
> >> cat: be: No such file or directory
> >> cat: reached.out: No such file or directory
> >> /etc/cron.daily/checkDNShosting: line 25: $XFR: ambiguous redirect
> >> /etc/cron.daily/checkDNShosting: line 26: $OUT: ambiguous redirect
> >> cat: '/tmp/;': No such file or directory
> >> cat: '<<>>': No such file or directory
> >> cat: dig: No such file or directory
> >> cat: 9.10.3-p4-ubuntu: No such file or directory
> >> cat: '<<>>': No such file or directory
> >> cat: @localhost: No such file or directory
> >> cat: spamassassin.org: No such file or directory
> >> cat: ns: No such file or directory
> >> cat: +short.out: No such file or directory
> >> /etc/cron.daily/checkDNShosting: line 25: $XFR: ambiguous redirect
> >> /etc/cron.daily/checkDNShosting: line 26: $OUT: ambiguous redirect
> >> cat: '/tmp/;;': No such file or directory
> >> cat: global: No such file or directory
> >> cat: 'options:': No such file or directory
> >> cat: +cmd.out: No such file or directory
>

Re: Something broken in MIRRORED.BY updating

[Kevin A. McGrail]

I've seen it be wonky too, it's not just you.

On 9/19/2020 12:39 PM, Bill Cole wrote:
> On 19 Sep 2020, at 12:34, Bill Cole wrote:
>
>> Both Kevin & I made changes to MIRRORED.BY with the goal of retiring
>> the Secnap mirror, and repeatedly it got reverted in the copy used by
>> the monitoring script.
>>
>> Don't believe it? Compare these:
>>
>> https://svn.apache.org/repos/asf/spamassassin/site/updates/MIRRORED.BY
>> http://spamassassin.apache.org/updates/MIRRORED.BY
>>
>
> And of course, now they're identical. I swear that they were not an
> hour ago.
>
> My suspicion is that there's an rsync mis-config somewhere.
>
-- 
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: checkSAupdateMirrors.sh on sa-vm.apache.org - 1 mirror DOWN, 0 mirrors STALE

[Kevin A. McGrail]

We are back online.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Sun, Sep 6, 2020 at 12:29 AM Kevin A. McGrail 
wrote:

> We are down for system maintenance.  ETA less than 1.5 hours to production
> status again.
>
>
>  Forwarded Message 
> Subject: checkSAupdateMirrors.sh on sa-vm.apache.org - 1 mirror DOWN, 0
> mirrors STALE
> Date: Sun, 6 Sep 2020 04:18:08 + (UTC)
> From: aut...@sa-vm.apache.org
> Reply-To: sysadmins@spamassassin.apache.org
> To: sysadmins@spamassassin.apache.org
>
> Fetching sa-update URLs from
> http://spamassassin.apache.org/updates/MIRRORED.BY
>
> http://sa-update.dnswl.org/ (116.203.4.105): UP (CURRENT)
>
> http://www.sa-update.pccc.com/ (69.171.29.42): DOWN
>
> http://sa-update.secnap.net/ (204.89.241.6): UP (CURRENT)
>
> http://sa-update.space-pro.be/ (176.28.55.20): UP (CURRENT)
>
> http://sa-update.ena.com/ (96.5.1.5): UP (CURRENT)
>
> http://sa-update.ena.com/ (96.4.1.5): UP (CURRENT)
>
> http://sa-update.razx.cloud/ (104.26.3.18): UP (CURRENT)
>
> http://sa-update.razx.cloud/ (104.26.2.18): UP (CURRENT)
>
> http://sa-update.razx.cloud/ (172.67.74.101): UP (CURRENT)
>
> http://sa-update.fossies.org/ (144.76.163.196): UP (CURRENT)
>
> http://sa-update.verein-clean.net/ (37.252.120.157): UP (CURRENT)
>
> http://sa-update.verein-clean.net/ (148.251.212.58): UP (CURRENT)
>
> http://sa-update.verein-clean.net/ (148.251.29.131): UP (CURRENT)
>
> http://sa-update.verein-clean.net/ (37.252.124.130): UP (CURRENT)
>
> http://sa-update.spamassassin.org/ (64.142.56.146): UP (CURRENT)
>

Fwd: checkSAupdateMirrors.sh on sa-vm.apache.org - 1 mirror DOWN, 0 mirrors STALE

[Kevin A. McGrail]

We are down for system maintenance.  ETA less than 1.5 hours to
production status again.



 Forwarded Message 
Subject:checkSAupdateMirrors.sh on sa-vm.apache.org - 1 mirror DOWN, 0
mirrors STALE
Date:   Sun, 6 Sep 2020 04:18:08 + (UTC)
From:   aut...@sa-vm.apache.org
Reply-To:   sysadmins@spamassassin.apache.org
To: sysadmins@spamassassin.apache.org



Fetching sa-update URLs from
http://spamassassin.apache.org/updates/MIRRORED.BY

http://sa-update.dnswl.org/ (116.203.4.105): UP (CURRENT)

http://www.sa-update.pccc.com/ (69.171.29.42): DOWN

http://sa-update.secnap.net/ (204.89.241.6): UP (CURRENT)

http://sa-update.space-pro.be/ (176.28.55.20): UP (CURRENT)

http://sa-update.ena.com/ (96.5.1.5): UP (CURRENT)

http://sa-update.ena.com/ (96.4.1.5): UP (CURRENT)

http://sa-update.razx.cloud/ (104.26.3.18): UP (CURRENT)

http://sa-update.razx.cloud/ (104.26.2.18): UP (CURRENT)

http://sa-update.razx.cloud/ (172.67.74.101): UP (CURRENT)

http://sa-update.fossies.org/ (144.76.163.196): UP (CURRENT)

http://sa-update.verein-clean.net/ (37.252.120.157): UP (CURRENT)

http://sa-update.verein-clean.net/ (148.251.212.58): UP (CURRENT)

http://sa-update.verein-clean.net/ (148.251.29.131): UP (CURRENT)

http://sa-update.verein-clean.net/ (37.252.124.130): UP (CURRENT)

http://sa-update.spamassassin.org/ (64.142.56.146): UP (CURRENT)

Re: checkSAupdateMirrors.sh on sa-vm.apache.org - 1 mirror DOWN, 0 mirrors STALE

[Kevin A. McGrail]

Hi Tobi, have you possibly blocked the ASF box that checks it? 

Dave, cc'd and bcc'd at his work address might have more insight!

Regards,
KAM

On 9/1/2020 9:52 AM, tobiswo...@gmail.com wrote:
> Has anyone an idea why one of my servers is considered down?
>
>> http://sa-update.verein-clean.net/ (148.251.29.131): DOWN
> if I login to that box and tail the nginx access log I can see normal
> GET requests which are all answered by 200 HTTP codes. In nginx error
> log I can only see the normal bots that try all kind of requests, but
> nothing legit so far.
>
> --
> Cheers
>
> tobi
>
>
> Am 30.08.20 um 12:18 schrieb aut...@sa-vm.apache.org:
>> Fetching sa-update URLs from 
>> http://spamassassin.apache.org/updates/MIRRORED.BY
>>
>> http://sa-update.dnswl.org/ (116.203.4.105): UP (CURRENT)
>>
>> http://www.sa-update.pccc.com/ (69.171.29.42): UP (CURRENT)
>>
>> http://sa-update.secnap.net/ (204.89.241.6): UP (CURRENT)
>>
>> http://sa-update.space-pro.be/ (176.28.55.20): UP (CURRENT)
>>
>> http://sa-update.ena.com/ (96.4.1.5): UP (CURRENT)
>>
>> http://sa-update.ena.com/ (96.5.1.5): UP (CURRENT)
>>
>> http://sa-update.razx.cloud/ (172.67.74.101): UP (CURRENT)
>>
>> http://sa-update.razx.cloud/ (104.26.2.18): UP (CURRENT)
>>
>> http://sa-update.razx.cloud/ (104.26.3.18): UP (CURRENT)
>>
>> http://sa-update.fossies.org/ (144.76.163.196): UP (CURRENT)
>>
>> http://sa-update.verein-clean.net/ (148.251.212.58): UP (CURRENT)
>>
>> http://sa-update.verein-clean.net/ (37.252.120.157): UP (CURRENT)
>>
>> http://sa-update.verein-clean.net/ (37.252.124.130): UP (CURRENT)
>>
>> http://sa-update.verein-clean.net/ (148.251.29.131): DOWN
>>
>> http://sa-update.spamassassin.org/ (64.142.56.146): UP (CURRENT)
>>
-- 
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: Cron ~/svn/trunk/build/mkupdates/run_nightly | /usr/bin/tee /var/www/automc.spamassassin.org/mkupdates/mkupdates.txt

[Kevin A. McGrail]

I don't think those are actually needed but the pubkey.txt at least
should be included.

On 8/10/2020 4:44 AM, Henrik K wrote:
> On Mon, Aug 10, 2020 at 08:32:35AM +, Cron Daemon wrote:
>> -rw-r--r-- 1 automc automc 320752 Aug  7 03:04 
>> /var/www/automc.spamassassin.org/updates/1880604.tar.gz
>> -rw-r--r-- 1 automc automc 254720 Aug  8 08:30 
>> /var/www/automc.spamassassin.org/updates/1880698.tar.gz
>> -rw-r--r-- 1 automc automc 254712 Aug  9 08:30 
>> /var/www/automc.spamassassin.org/updates/1880709.tar.gz
>> -rw-r--r-- 1 automc automc 319957 Aug 10 03:03 
>> /var/www/automc.spamassassin.org/updates/1880712.tar.gz
> Apparently the two previous smaller sized updates were missing these files..
>
> STATISTICS-set0-72_scores.cf.txt
> STATISTICS-set1-72_scores.cf.txt
> STATISTICS-set2-72_scores.cf.txt
> STATISTICS-set3-72_scores.cf.txt
> languages
> sa-update-pubkey.txt
> user_prefs.template
>
> Some script isn't handling errors or such properly it seems.  But none of
> those missing files doesn't seem to matter for usage.
>
-- 
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: checkSAupdateMirrors.sh on sa-vm.apache.org - 0 mirrors DOWN, 3 mirrors STALE

[Kevin A. McGrail]

Thanks Bill, I hope Jari is ok.

On 8/6/2020 3:48 PM, Bill Cole wrote:
> I also sent a heads-up to him, and got a delay warning back. I've
> commented his site out of MIRRORED.BY for now.
>
> On 4 Aug 2020, at 15:41, Kevin A. McGrail wrote:
>
>> Hi Jari, your SA Update mirrors are all stale.  Are you syncing by IP
>> address because we've changed the machine?
>>
>> Hope you are well,
>>
>> KAM
>>
>>
>>
>>  Forwarded Message 
>> Subject: checkSAupdateMirrors.sh on sa-vm.apache.org - 0 mirrors
>> DOWN,
>> 3 mirrors STALE
>> Date: Tue, 4 Aug 2020 19:18:10 + (UTC)
>> From: aut...@sa-vm.apache.org
>> Reply-To: sysadmins@spamassassin.apache.org
>> To: sysadmins@spamassassin.apache.org
>>
>>
>>
>> Fetching sa-update URLs from
>> http://spamassassin.apache.org/updates/MIRRORED.BY
>>
>> http://sa-update.dnswl.org/ (116.203.4.105): UP (CURRENT)
>>
>> http://www.sa-update.pccc.com/ (69.171.29.42): UP (CURRENT)
>>
>> http://sa-update.secnap.net/ (204.89.241.6): UP (CURRENT)
>>
>> http://sa-update.space-pro.be/ (176.28.55.20): UP (CURRENT)
>>
>> http://sa-update.ena.com/ (96.4.1.5): UP (CURRENT)
>>
>> http://sa-update.ena.com/ (96.5.1.5): UP (CURRENT)
>>
>> http://sa-update.razx.cloud/ (172.67.74.101): UP (CURRENT)
>>
>> http://sa-update.razx.cloud/ (104.26.2.18): UP (CURRENT)
>>
>> http://sa-update.razx.cloud/ (104.26.3.18): UP (CURRENT)
>>
>> http://sa-update.fossies.org/ (144.76.163.196): UP (CURRENT)
>>
>> http://sa-update.verein-clean.net/ (148.251.29.131): UP (CURRENT)
>>
>> http://sa-update.verein-clean.net/ (148.251.212.58): UP (CURRENT)
>>
>> http://sa-update.verein-clean.net/ (37.252.124.130): UP (CURRENT)
>>
>> http://sa-update.verein-clean.net/ (37.252.120.157): UP (CURRENT)
>>
>> http://sa-update.bitwell.fi/ (104.31.74.190): UP (STALE since
>> 1596136681)
>>
>> http://sa-update.bitwell.fi/ (104.31.75.190): UP (STALE since
>> 1596136681)
>>
>> http://sa-update.bitwell.fi/ (172.67.175.108): UP (STALE since
>> 1596136681)
>>
>> http://sa-update.spamassassin.org/ (64.142.56.146): UP (CURRENT)
>
>
-- 
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: Ezmlm assistance please Fwd: MODERATE for sysadmins@spamassassin.apache.org

[Kevin A. McGrail]

Thank you, that link for moderation was very helpful to get some of them
automatically going through.  I will open a jira on the other item:
https://issues.apache.org/jira/browse/INFRA-20637


Regards,

KAM

On 8/4/2020 9:27 AM, Drew Foulks wrote:
> Kevin,
>
> Here is some documentation on allowing posts from non
> subscribers: 
> https://infra.apache.org/mailing-list-moderation.html#allowing_posts.
> Please give that a shot and if it doesn't work, open an infra ticket
> and we'll get it taken care of.
>
>
> On Mon, Aug 3, 2020 at 4:50 PM Kevin A. McGrail  <mailto:kmcgr...@apache.org>> wrote:
>
> Hi Drew, with the change to sa-vm, can you A) approve all pending
> emails to sysadmins@ for the SA project and B) can you make it so
> that emails from the sa-vm system are approved without
> moderation.  This is how it works for the old machine but I do not
> know how to configure it with ezmlm.
>
> Regards,
>
> KAM
>
>
>
>  Forwarded Message 
> Subject:  MODERATE for sysadmins@spamassassin.apache.org
> <mailto:sysadmins@spamassassin.apache.org>
> Date: 3 Aug 2020 21:18:12 -
> From:
> 
> sysadmins-reject-1596489492.12665.faimkpfapkdkjnleb...@spamassassin.apache.org
> 
> <mailto:sysadmins-reject-1596489492.12665.faimkpfapkdkjnleb...@spamassassin.apache.org>
>
> Reply-To:
> 
> sysadmins-accept-1596489492.12665.faimkpfapkdkjnleb...@spamassassin.apache.org
> 
> <mailto:sysadmins-accept-1596489492.12665.faimkpfapkdkjnleb...@spamassassin.apache.org>
>
> CC:
> 
> sysadmins-allow-tc.1596489492.cdbbhlmnkplfecgkleke-automc=sa-vm.apache@spamassassin.apache.org
> 
> <mailto:sysadmins-allow-tc.1596489492.cdbbhlmnkplfecgkleke-automc=sa-vm.apache@spamassassin.apache.org>
>
>
>
>
>
> To approve:
> 
> sysadmins-accept-1596489492.12665.faimkpfapkdkjnleb...@spamassassin.apache.org
> 
> <mailto:sysadmins-accept-1596489492.12665.faimkpfapkdkjnleb...@spamassassin.apache.org>
> To reject:
> 
> sysadmins-reject-1596489492.12665.faimkpfapkdkjnleb...@spamassassin.apache.org
> 
> <mailto:sysadmins-reject-1596489492.12665.faimkpfapkdkjnleb...@spamassassin.apache.org>
> To give a reason to reject:
> %%% Start comment
> %%% End comment
>
>
>
>
> -- 
> Drew Foulks, ASF Infra
>
>
-- 
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Fwd: checkSAupdateMirrors.sh on sa-vm.apache.org - 0 mirrors DOWN, 3 mirrors STALE

[Kevin A. McGrail]

Hi Jari, your SA Update mirrors are all stale.  Are you syncing by IP
address because we've changed the machine?

Hope you are well,

KAM



 Forwarded Message 
Subject:checkSAupdateMirrors.sh on sa-vm.apache.org - 0 mirrors DOWN,
3 mirrors STALE
Date:   Tue, 4 Aug 2020 19:18:10 + (UTC)
From:   aut...@sa-vm.apache.org
Reply-To:   sysadmins@spamassassin.apache.org
To: sysadmins@spamassassin.apache.org



Fetching sa-update URLs from
http://spamassassin.apache.org/updates/MIRRORED.BY

http://sa-update.dnswl.org/ (116.203.4.105): UP (CURRENT)

http://www.sa-update.pccc.com/ (69.171.29.42): UP (CURRENT)

http://sa-update.secnap.net/ (204.89.241.6): UP (CURRENT)

http://sa-update.space-pro.be/ (176.28.55.20): UP (CURRENT)

http://sa-update.ena.com/ (96.4.1.5): UP (CURRENT)

http://sa-update.ena.com/ (96.5.1.5): UP (CURRENT)

http://sa-update.razx.cloud/ (172.67.74.101): UP (CURRENT)

http://sa-update.razx.cloud/ (104.26.2.18): UP (CURRENT)

http://sa-update.razx.cloud/ (104.26.3.18): UP (CURRENT)

http://sa-update.fossies.org/ (144.76.163.196): UP (CURRENT)

http://sa-update.verein-clean.net/ (148.251.29.131): UP (CURRENT)

http://sa-update.verein-clean.net/ (148.251.212.58): UP (CURRENT)

http://sa-update.verein-clean.net/ (37.252.124.130): UP (CURRENT)

http://sa-update.verein-clean.net/ (37.252.120.157): UP (CURRENT)

http://sa-update.bitwell.fi/ (104.31.74.190): UP (STALE since 1596136681)

http://sa-update.bitwell.fi/ (104.31.75.190): UP (STALE since 1596136681)

http://sa-update.bitwell.fi/ (172.67.175.108): UP (STALE since 1596136681)

http://sa-update.spamassassin.org/ (64.142.56.146): UP (CURRENT)

Ezmlm assistance please Fwd: MODERATE for sysadmins@spamassassin.apache.org

[Kevin A. McGrail]

Hi Drew, with the change to sa-vm, can you A) approve all pending emails
to sysadmins@ for the SA project and B) can you make it so that emails
from the sa-vm system are approved without moderation.  This is how it
works for the old machine but I do not know how to configure it with ezmlm.

Regards,

KAM



 Forwarded Message 
Subject:MODERATE for sysadmins@spamassassin.apache.org
Date:   3 Aug 2020 21:18:12 -
From:
sysadmins-reject-1596489492.12665.faimkpfapkdkjnleb...@spamassassin.apache.org

Reply-To:
sysadmins-accept-1596489492.12665.faimkpfapkdkjnleb...@spamassassin.apache.org

CC:
sysadmins-allow-tc.1596489492.cdbbhlmnkplfecgkleke-automc=sa-vm.apache@spamassassin.apache.org





To approve:
sysadmins-accept-1596489492.12665.faimkpfapkdkjnleb...@spamassassin.apache.org
To reject:
sysadmins-reject-1596489492.12665.faimkpfapkdkjnleb...@spamassassin.apache.org
To give a reason to reject:
%%% Start comment
%%% End comment


--- Begin Message ---
Fetching sa-update URLs from http://spamassassin.apache.org/updates/MIRRORED.BY

http://sa-update.dnswl.org/ (116.203.4.105): UP (CURRENT)

http://www.sa-update.pccc.com/ (69.171.29.42): UP (CURRENT)

http://sa-update.secnap.net/ (204.89.241.6): UP (CURRENT)

http://sa-update.space-pro.be/ (176.28.55.20): UP (CURRENT)

http://sa-update.ena.com/ (96.5.1.5): UP (CURRENT)

http://sa-update.ena.com/ (96.4.1.5): UP (CURRENT)

http://sa-update.razx.cloud/ (104.26.2.18): UP (CURRENT)

http://sa-update.razx.cloud/ (104.26.3.18): UP (CURRENT)

http://sa-update.razx.cloud/ (172.67.74.101): UP (CURRENT)

http://sa-update.fossies.org/ (144.76.163.196): UP (CURRENT)

http://sa-update.verein-clean.net/ (37.252.120.157): UP (CURRENT)

http://sa-update.verein-clean.net/ (148.251.29.131): UP (CURRENT)

http://sa-update.verein-clean.net/ (37.252.124.130): UP (CURRENT)

http://sa-update.verein-clean.net/ (148.251.212.58): UP (CURRENT)

http://sa-update.bitwell.fi/ (104.31.75.190): UP (STALE since 1596136681)

http://sa-update.bitwell.fi/ (172.67.175.108): UP (STALE since 1596136681)

http://sa-update.bitwell.fi/ (104.31.74.190): UP (STALE since 1596136681)

http://sa-update.spamassassin.org/ (64.142.56.146): UP (CURRENT)


--- End Message ---

Re: Fwd: Mailspike rules all return 0.0

[Kevin A. McGrail]

BTW, That was sarcasm.  I am worried about rule generation and the box
switchover so I apologize if it seems accusatory.  Just trying to dial what
is/is not working and why. :-)
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Sun, Aug 2, 2020 at 11:36 AM Kevin A. McGrail 
wrote:

> Hege broke it is my new bumper sticker.
>
> On Sun, Aug 2, 2020, 10:38 Henrik K  wrote:
>
>>
>> Btw I grepped all update tarballs for the last year and it has been
>> always this way
>>
>> ./1864366/72_scores.cf:score RCVD_IN_MSPIKE_BL 0.001
>> 0.001 0.001 0.001
>> ./1864366/72_scores.cf:score RCVD_IN_MSPIKE_L5 0.001
>> 0.001 0.001 0.001
>> ...
>> ./1880477/72_scores.cf:score RCVD_IN_MSPIKE_BL 0.001
>> 0.001 0.001 0.001
>> ./1880477/72_scores.cf:score RCVD_IN_MSPIKE_L5 0.001
>> 0.001 0.001 0.001
>>
>> So please let's stop assuming every single thing is result of the
>> migration. :-D
>>
>>
>> On Wed, Jul 29, 2020 at 03:27:36PM -0400, Kevin A. McGrail wrote:
>> > Oh yes, the change one thing and wait 2 weeks...
>> >
>> >
>> > On 7/29/2020 3:21 PM, Henrik K wrote:
>> > > Juat have to wait and see what next weekend rescore does for net.  I
>> ran
>> > > many extra runs last time fixing things, who knows what happened..
>> > >
>> > > On Wed, Jul 29, 2020 at 02:52:17PM -0400, Kevin A. McGrail wrote:
>> > >> Henrik, might be something broken on the new system.
>> > >>
>> > >>
>> > >>
>> > >>  Forwarded Message 
>> > >> Subject:   Re: Mailspike rules all return 0.0
>> > >> Date:  Wed, 29 Jul 2020 12:38:37 -0400
>> > >> From:  Bill Cole 
>> > >> Reply-To:  us...@spamassassin.apache.org
>> > >> To:us...@spamassassin.apache.org
>> > >>
>> > >>
>> > >>
>> > >> On 29 Jul 2020, at 9:27, Simon Harwood wrote:
>> > >>
>> > >>> Hello,
>> > >>>
>> > >>> I have noticed that the mailspike rules are enabled in SpamAssasin
>> but
>> > >>> all return zero values:
>> > >>>
>> > >>> 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
>> > >>> 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
>> > >> This is actually a rounding issue: all RCVD_IN_MSPIKE_* rules are
>> being
>> > >> scored at +/- 0.001 by RuleQA so the score report rounds it to 0.0.
>> They
>> > >> are rescored that way because they are not hitting anything in the
>> > >> submitted corpora but have scores set in the static scores list.
>> > >>
>> > >> That MAY indicate a bug in RuleQA, since I don't believe that "net"
>> > >> rules like these should be rescored by RuleQA. Perhaps someone more
>> > >> familiar with the mechanics of RuleQA will correct me...
>> > >>
>> > >>
>> > >>> Please can you tell me where in the SpamAssassin configuration I
>> find
>> > >>> the setting(s) that need to be changed such that non-zero values are
>> > >>> returned.
>> > >>> I have been receiving large quantities of spam that instead of just
>> > >>> being flagged as spam would have met the conditions for being
>> rejected
>> > >>> completely if either of the mailspike values had been 0.1 or
>> greater.
>> > >> As Claudio said, local.cf is the place. Where your local.cf should
>> be
>> > >> depends on how your SpamAssassin was built, but there should be a
>> > >> baseline version in the site rules directory. You can find that with:
>> > >>
>> > >> spamassassin --lint -D config 2>&1 |grep 'site rules dir'
>> > >>
>> > >>
>> > >> --
>> > >> Bill Cole
>> > >> b...@scconsult.com or billc...@apache.org
>> > >> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
>> > >> Not For Hire (currently)
>> > >>
>> > --
>> > Kevin A. McGrail
>> > kmcgr...@apache.org
>> >
>> > Member, Apache Software Foundation
>> > Chair Emeritus Apache SpamAssassin Project
>> > https://www.linkedin.com/in/kmcgrail - 703.798.0171
>>
>

Re: Fwd: Mailspike rules all return 0.0

[Kevin A. McGrail]

Hege broke it is my new bumper sticker.

On Sun, Aug 2, 2020, 10:38 Henrik K  wrote:

>
> Btw I grepped all update tarballs for the last year and it has been always
> this way
>
> ./1864366/72_scores.cf:score RCVD_IN_MSPIKE_BL 0.001
> 0.001 0.001 0.001
> ./1864366/72_scores.cf:score RCVD_IN_MSPIKE_L5 0.001
> 0.001 0.001 0.001
> ...
> ./1880477/72_scores.cf:score RCVD_IN_MSPIKE_BL 0.001
> 0.001 0.001 0.001
> ./1880477/72_scores.cf:score RCVD_IN_MSPIKE_L5 0.001
> 0.001 0.001 0.001
>
> So please let's stop assuming every single thing is result of the
> migration. :-D
>
>
> On Wed, Jul 29, 2020 at 03:27:36PM -0400, Kevin A. McGrail wrote:
> > Oh yes, the change one thing and wait 2 weeks...
> >
> >
> > On 7/29/2020 3:21 PM, Henrik K wrote:
> > > Juat have to wait and see what next weekend rescore does for net.  I
> ran
> > > many extra runs last time fixing things, who knows what happened..
> > >
> > > On Wed, Jul 29, 2020 at 02:52:17PM -0400, Kevin A. McGrail wrote:
> > >> Henrik, might be something broken on the new system.
> > >>
> > >>
> > >>
> > >>  Forwarded Message 
> > >> Subject:   Re: Mailspike rules all return 0.0
> > >> Date:  Wed, 29 Jul 2020 12:38:37 -0400
> > >> From:  Bill Cole 
> > >> Reply-To:  us...@spamassassin.apache.org
> > >> To:us...@spamassassin.apache.org
> > >>
> > >>
> > >>
> > >> On 29 Jul 2020, at 9:27, Simon Harwood wrote:
> > >>
> > >>> Hello,
> > >>>
> > >>> I have noticed that the mailspike rules are enabled in SpamAssasin
> but
> > >>> all return zero values:
> > >>>
> > >>> 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
> > >>> 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
> > >> This is actually a rounding issue: all RCVD_IN_MSPIKE_* rules are
> being
> > >> scored at +/- 0.001 by RuleQA so the score report rounds it to 0.0.
> They
> > >> are rescored that way because they are not hitting anything in the
> > >> submitted corpora but have scores set in the static scores list.
> > >>
> > >> That MAY indicate a bug in RuleQA, since I don't believe that "net"
> > >> rules like these should be rescored by RuleQA. Perhaps someone more
> > >> familiar with the mechanics of RuleQA will correct me...
> > >>
> > >>
> > >>> Please can you tell me where in the SpamAssassin configuration I find
> > >>> the setting(s) that need to be changed such that non-zero values are
> > >>> returned.
> > >>> I have been receiving large quantities of spam that instead of just
> > >>> being flagged as spam would have met the conditions for being
> rejected
> > >>> completely if either of the mailspike values had been 0.1 or greater.
> > >> As Claudio said, local.cf is the place. Where your local.cf should be
> > >> depends on how your SpamAssassin was built, but there should be a
> > >> baseline version in the site rules directory. You can find that with:
> > >>
> > >> spamassassin --lint -D config 2>&1 |grep 'site rules dir'
> > >>
> > >>
> > >> --
> > >> Bill Cole
> > >> b...@scconsult.com or billc...@apache.org
> > >> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> > >> Not For Hire (currently)
> > >>
> > --
> > Kevin A. McGrail
> > kmcgr...@apache.org
> >
> > Member, Apache Software Foundation
> > Chair Emeritus Apache SpamAssassin Project
> > https://www.linkedin.com/in/kmcgrail - 703.798.0171
>

Re: Fwd: Mailspike rules all return 0.0

[Kevin A. McGrail]

Oh yes, the change one thing and wait 2 weeks...


On 7/29/2020 3:21 PM, Henrik K wrote:
> Juat have to wait and see what next weekend rescore does for net.  I ran
> many extra runs last time fixing things, who knows what happened..
>
> On Wed, Jul 29, 2020 at 02:52:17PM -0400, Kevin A. McGrail wrote:
>> Henrik, might be something broken on the new system.
>>
>>
>>
>>  Forwarded Message 
>> Subject: Re: Mailspike rules all return 0.0
>> Date:Wed, 29 Jul 2020 12:38:37 -0400
>> From:Bill Cole 
>> Reply-To:us...@spamassassin.apache.org
>> To:  us...@spamassassin.apache.org
>>
>>
>>
>> On 29 Jul 2020, at 9:27, Simon Harwood wrote:
>>
>>> Hello,
>>>
>>> I have noticed that the mailspike rules are enabled in SpamAssasin but
>>> all return zero values:
>>>
>>> 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
>>> 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
>> This is actually a rounding issue: all RCVD_IN_MSPIKE_* rules are being
>> scored at +/- 0.001 by RuleQA so the score report rounds it to 0.0. They
>> are rescored that way because they are not hitting anything in the
>> submitted corpora but have scores set in the static scores list.
>>
>> That MAY indicate a bug in RuleQA, since I don't believe that "net"
>> rules like these should be rescored by RuleQA. Perhaps someone more
>> familiar with the mechanics of RuleQA will correct me...
>>
>>
>>> Please can you tell me where in the SpamAssassin configuration I find
>>> the setting(s) that need to be changed such that non-zero values are
>>> returned.
>>> I have been receiving large quantities of spam that instead of just
>>> being flagged as spam would have met the conditions for being rejected
>>> completely if either of the mailspike values had been 0.1 or greater.
>> As Claudio said, local.cf is the place. Where your local.cf should be
>> depends on how your SpamAssassin was built, but there should be a
>> baseline version in the site rules directory. You can find that with:
>>
>> spamassassin --lint -D config 2>&1 |grep 'site rules dir'
>>
>>
>> -- 
>> Bill Cole
>> b...@scconsult.com or billc...@apache.org
>> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
>> Not For Hire (currently)
>>
-- 
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Fwd: Mailspike rules all return 0.0

[Kevin A. McGrail]

Henrik, might be something broken on the new system.



 Forwarded Message 
Subject:Re: Mailspike rules all return 0.0
Date:   Wed, 29 Jul 2020 12:38:37 -0400
From:   Bill Cole 
Reply-To:   us...@spamassassin.apache.org
To: us...@spamassassin.apache.org



On 29 Jul 2020, at 9:27, Simon Harwood wrote:

> Hello,
>
> I have noticed that the mailspike rules are enabled in SpamAssasin but
> all return zero values:
>
> 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
> 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)

This is actually a rounding issue: all RCVD_IN_MSPIKE_* rules are being
scored at +/- 0.001 by RuleQA so the score report rounds it to 0.0. They
are rescored that way because they are not hitting anything in the
submitted corpora but have scores set in the static scores list.

That MAY indicate a bug in RuleQA, since I don't believe that "net"
rules like these should be rescored by RuleQA. Perhaps someone more
familiar with the mechanics of RuleQA will correct me...


> Please can you tell me where in the SpamAssassin configuration I find
> the setting(s) that need to be changed such that non-zero values are
> returned.
> I have been receiving large quantities of spam that instead of just
> being flagged as spam would have met the conditions for being rejected
> completely if either of the mailspike values had been 0.1 or greater.

As Claudio said, local.cf is the place. Where your local.cf should be
depends on how your SpamAssassin was built, but there should be a
baseline version in the site rules directory. You can find that with:

spamassassin --lint -D config 2>&1 |grep 'site rules dir'


-- 
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)

Re: sa-vm1 -> sa-vm migration today

[Kevin A. McGrail]

Is there a change to https that darxus should make with the new server?
Did you setup le certs or something?

On Tue, Jul 28, 2020, 02:29 Henrik K  wrote:

> On Mon, Jul 27, 2020 at 07:01:35PM -0400, Bill Cole wrote:
> > On 27 Jul 2020, at 15:58, Kevin A. McGrail wrote:
> >
> > >Not seeing cron output on the mailing list since the 25th.  Are they
> being
> > >sent and maybe need moderation through because of the new server?
> >
> > Also, see the attached notice from darxus' update checker. Its
> explanation
> > implies that the RuleQA page no longer has information on ham and spam
> > counts which was formerly there.
>
> The script obviously doesn't handle http -> https redirect correctly and
> dies.
>

Re: sa-vm1 -> sa-vm migration today

[Kevin A. McGrail]

Not seeing cron output on the mailing list since the 25th.  Are they being
sent and maybe need moderation through because of the new server?
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Sun, Jul 26, 2020 at 11:20 AM Kevin A. McGrail 
wrote:

> Nicely done.  Can you add a to-do section to the InfraNotes 2020 wiki?
>
> On 7/26/2020 10:29 AM, Henrik K wrote:
> > It seems mkupdate-with-scores runs sa-update/lint tests for multiple
> > versions, currently 3.4.1 - 3.4.4.  But it proceeds even if only one of
> them
> > succeeds.  It would seem more appropriate to require all of them passing
> to
> > publish rules.  Also trunk should be added for testing.
> >
> > I'll leave that up to someone else, as I'll be on indefinite hiatus from
> the
> > project from now on.  I'll keep monitoring sa-vm for a little while.
> Have
> > fun.  :-)
> >
> >
> > On Sun, Jul 26, 2020 at 05:11:12PM +0300, Henrik K wrote:
> >> After many fixes for newer perl and stuff, first working sa-update was
> just
> >> published.  Hopefully smooth sailing from now on.
> >>
> >> On Sat, Jul 25, 2020 at 04:42:27PM +0300, Henrik K wrote:
> >>> Notice, will start migrating sa-vm1 to sa-vm.apache.org in an hour or
> two.
> >>>
> >>> ruleqa.spamassassin.org and rsync.spamassassin.org might be down for
> a bit.
> >>> Shouldn't affect much else.
> >>>
> >>> https://issues.apache.org/jira/browse/INFRA-20449
>
> --
> Kevin A. McGrail
> kmcgr...@apache.org
>
> Member, Apache Software Foundation
> Chair Emeritus Apache SpamAssassin Project
> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>
>

Re: sa-vm1 -> sa-vm migration today

[Kevin A. McGrail]

Nicely done.  Can you add a to-do section to the InfraNotes 2020 wiki?

On 7/26/2020 10:29 AM, Henrik K wrote:
> It seems mkupdate-with-scores runs sa-update/lint tests for multiple
> versions, currently 3.4.1 - 3.4.4.  But it proceeds even if only one of them
> succeeds.  It would seem more appropriate to require all of them passing to
> publish rules.  Also trunk should be added for testing.
>
> I'll leave that up to someone else, as I'll be on indefinite hiatus from the
> project from now on.  I'll keep monitoring sa-vm for a little while.  Have
> fun.  :-)
>
>
> On Sun, Jul 26, 2020 at 05:11:12PM +0300, Henrik K wrote:
>> After many fixes for newer perl and stuff, first working sa-update was just
>> published.  Hopefully smooth sailing from now on.
>>
>> On Sat, Jul 25, 2020 at 04:42:27PM +0300, Henrik K wrote:
>>> Notice, will start migrating sa-vm1 to sa-vm.apache.org in an hour or two.
>>>
>>> ruleqa.spamassassin.org and rsync.spamassassin.org might be down for a bit. 
>>> Shouldn't affect much else.
>>>
>>> https://issues.apache.org/jira/browse/INFRA-20449

-- 
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: svn commit: r1880308 - /spamassassin/trunk/masses/hit-frequencies

[Kevin A. McGrail]

Nice!

On Sun, Jul 26, 2020, 01:50  wrote:

> Author: hege
> Date: Sun Jul 26 05:50:00 2020
> New Revision: 1880308
>
> URL: http://svn.apache.org/viewvc?rev=1880308=rev
> Log:
> Tweaks to increase speed, cut runtime in half
>
> Modified:
> spamassassin/trunk/masses/hit-frequencies
>
> Modified: spamassassin/trunk/masses/hit-frequencies
> URL:
> http://svn.apache.org/viewvc/spamassassin/trunk/masses/hit-frequencies?rev=1880308=1880307=1880308=diff
>
> ==
> --- spamassassin/trunk/masses/hit-frequencies (original)
> +++ spamassassin/trunk/masses/hit-frequencies Sun Jul 26 05:50:00 2020
> @@ -805,52 +805,48 @@ sub compute_overlaps_for_rule {
>my %overlaps_ham1r = ();
>my %overlaps_spam1r = ();
>
> -  foreach my $r2 (keys %hmap_spam) {
> -next if $r1 eq $r2;
> -
> -# require that both rules have at least 1 hit
> -next unless ($freq_spam{$r1} && $freq_spam{$r2});
> -
> -my ($a1ina2, $a2ina1) = _hmap_to_overlap_ratio ($r2, $r1,
> -$hmap_spam{$r2}, $hmap_spam{$r1});
> -
> -if ($a1ina2 > 0)
> -{
> -  $overlaps_spam1r{$r2} = $a1ina2;
> -
> -  if (exists $overlaps_spam1{$a1ina2})
> -  { $overlaps_spam1{$a1ina2} .= " ".$r2."[$a2ina1]"; }
> -  else { $overlaps_spam1{$a1ina2} = $r2."[$a2ina1]"; }
> -
> -  if (exists $overlaps_spam2{$a2ina1})
> -  { $overlaps_spam2{$a2ina1} .= " ".$r2."[$a2ina1]"; }
> -  else { $overlaps_spam2{$a2ina1} = $r2."[$a2ina1]"; }
> +  if ($freq_spam{$r1}) {
> +foreach my $r2 (keys %hmap_spam) {
> +  next if $r1 eq $r2;
> +
> +  my ($a1ina2, $a2ina1) = _hmap_to_overlap_ratio ($r2, $r1,
> +  $hmap_spam{$r2}, $hmap_spam{$r1});
> +
> +  if ($a1ina2 > 0)
> +  {
> +$overlaps_spam1r{$r2} = $a1ina2;
> +
> +if (exists $overlaps_spam1{$a1ina2})
> +{ $overlaps_spam1{$a1ina2} .= " ".$r2."[$a2ina1]"; }
> +else { $overlaps_spam1{$a1ina2} = $r2."[$a2ina1]"; }
> +
> +if (exists $overlaps_spam2{$a2ina1})
> +{ $overlaps_spam2{$a2ina1} .= " ".$r2."[$a2ina1]"; }
> +else { $overlaps_spam2{$a2ina1} = $r2."[$a2ina1]"; }
> +  }
>  }
> -
>}
>
> -  foreach my $r2 (keys %hmap_ham) {
> -next if $r1 eq $r2;
> -
> -# require that both rules have at least 1 hit
> -next unless ($freq_ham{$r1} && $freq_ham{$r2});
> -
> -my ($a1ina2, $a2ina1) = _hmap_to_overlap_ratio ($r1, $r2,
> -$hmap_ham{$r2}, $hmap_ham{$r1});
> -
> -if ($a1ina2 > 0)
> -{
> -  $overlaps_ham1r{$r2} = $a1ina2;
> -
> -  if (exists $overlaps_ham1{$a1ina2})
> -  { $overlaps_ham1{$a1ina2} .= " ".$r2."[$a2ina1]"; }
> -  else { $overlaps_ham1{$a1ina2} = $r2."[$a2ina1]"; }
> -
> -  if (exists $overlaps_ham2{$a2ina1})
> -  { $overlaps_ham2{$a2ina1} .= " ".$r2."[$a1ina2]"; }
> -  else { $overlaps_ham2{$a2ina1} = $r2."[$a1ina2]"; }
> +  if ($freq_ham{$r1}) {
> +foreach my $r2 (keys %hmap_ham) {
> +  next if $r1 eq $r2;
> +
> +  my ($a1ina2, $a2ina1) = _hmap_to_overlap_ratio ($r1, $r2,
> +  $hmap_ham{$r2}, $hmap_ham{$r1});
> +
> +  if ($a1ina2 > 0)
> +  {
> +$overlaps_ham1r{$r2} = $a1ina2;
> +
> +if (exists $overlaps_ham1{$a1ina2})
> +{ $overlaps_ham1{$a1ina2} .= " ".$r2."[$a2ina1]"; }
> +else { $overlaps_ham1{$a1ina2} = $r2."[$a2ina1]"; }
> +
> +if (exists $overlaps_ham2{$a2ina1})
> +{ $overlaps_ham2{$a2ina1} .= " ".$r2."[$a1ina2]"; }
> +else { $overlaps_ham2{$a2ina1} = $r2."[$a1ina2]"; }
> +  }
>  }
> -
>}
>
>_print_overlap_ratios($r1, \%overlaps_spam1, \%overlaps_spam2, "spam",
> \%overlaps_ham1r, "ham");
> @@ -934,25 +930,23 @@ sub _prettify_overlap_rules {
>  sub _hmap_to_overlap_ratio {
>my ($r1, $r2, $hmap1, $hmap2) = @_;
>
> -  $hmap1 ||= '';
> -  $hmap2 ||= '';
> -  if ($hmap1 !~ /[^\000]/ || $hmap2 !~ /[^\000]/) {
> -# no hits on either! this would normally give a 100% hitrate match,
> -# but that's misleading -- so hide it by giving it a 0% overlap.
> -#
> -# also, ignore cases where there are no hits on *one* of the rules,
> -# while there are hits on the other -- after all, if one rule doesn't
> -# have a single hit, it cannot overlap.
> -#
> -return (0,0);
> -  }
> -
># my $i; for ($i = 0; $i < length($hmap1)*8; $i++) { print
> vec($hmap1,$i,1); } print "\n"; for ($i = 0; $i < length($hmap2)*8; $i++) {
> print vec($hmap2,$i,1); } print "\n";
>
># count bits in each, so we can show when one is fully subsumed by
> another
># with perl's support for bitstring ops, we get C speed here, nice!
> +
> +  # no hits on either? this would normally give a 100% hitrate match,
> +  # but that's misleading -- so hide it by giving it a 0% overlap.
> +  #
> +  # also, ignore cases where there are no hits on *one* of 

Re: sa-vm1 -> sa-vm migration today

[Kevin A. McGrail]

Good luck.  Did you get the backups setup or need me to do that?

Recm6end you shutdown vm1 or put it in single user mode..

We can compare the cron output to old crons.

Lmk if you need help with the wiki updates.  That is probably my number one
concern.

After 2 weeks of good crons we can decomm vm1.

On Sat, Jul 25, 2020, 09:42 Henrik K  wrote:

>
> Notice, will start migrating sa-vm1 to sa-vm.apache.org in an hour or two.
>
> ruleqa.spamassassin.org and rsync.spamassassin.org might be down for a
> bit.
> Shouldn't affect much else.
>
> https://issues.apache.org/jira/browse/INFRA-20449
>
>

Re: sa-vm1 migration to Ubuntu 18.04 / Puppet 6

[Kevin A. McGrail]

Thanks., this appears to be the active.list error I was expecting.  I've
done an svn update and an svn revert on active.list.

If you can keep an eye out, we can see if that helps kick things in the
butt. I had a feeling modifying active.list was going to break things.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Tue, Jul 14, 2020 at 5:56 PM Giovanni Bechis  wrote:

> The script ~/svn/nitemc/corpora_runs is executed on Saturday (automc
> ~/svn/nitemc/corpora_runs >> ~/rsync/corpus/weekly-versions.txt) but I
> think that last Saturday it failed in some way, last line of
> weekly-versions.txt should contain the revision updated last Saturday
> ("2020-07-11  1879784") but "svn info" gives revision 1879467.
> "svn status --show-updates" tells that active.list is modified, I bet that
> running "svn update" by hand will fail and some errors should be fixed by
> hand.
> I think that, as you wrote, you should login, sudo to automc, svn up and
> then fix svn errors to be able to update the tree to latest revision.
>
>  Regards
>   Giovanni
>
> On 7/14/20 3:25 PM, Kevin A. McGrail wrote:
> > GB: I hadn't looked at masscheck as been sidetracked.  Henrik pointed
> out we fixed the lint warning issue on sa-update back with 3.4.3 so the
> people opening bugs are running old versions.  This isn't the lint issue,
> this is _check_whiitelist which is an internal function.  I fixed that on
> the 10th in revision 1879735 <
> https://svn.apache.org/viewvc?view=rev=1879735>
> >
> > From Memory, I think that SA will use the same version of the code for a
> week for masschecks but that could be an old system.
> >
> > Not sure if kicking the svn checkout.  Should I login, sudo to automc
> and go to /usr/local/spamassassin/svn/trunk and do svn up?  It's definitely
> running an older version from the 3rd, I checked on the server myself.
> >
> >
> > Hege: Thanks.  References to KAM's crashplan are out of date.  PCCC
> donates Crashplan services to the project / ASF formally since Spring
> 2018.  It's the project's crashplan and the credentials encrypted are
> stored in https://svn.apache.org/repos/asf/spamassassin/sysadmins/accounts
> so that two people had the credentials.
> >
> > Suggest you archive that 2017 Wiki Page and copy it to a new
> InfraNotes2020. Then you can rip and shred without any concerns.
> >
> > Regards,
> > KAM
> >
> > --
> > Kevin A. McGrail
> > Member, Apache Software Foundation
> > Chair Emeritus Apache SpamAssassin Project
> > https://www.linkedin.com/in/kmcgrail - 703.798.0171
> >
> >
> > On Tue, Jul 14, 2020 at 8:23 AM Henrik K  h...@hege.li>> wrote:
> >
> > On Tue, Jul 14, 2020 at 02:20:29PM +0200, Giovanni Bechis wrote:
> > >
> > > automc seems still broken atm (commit to active.list fails), I am
> pretty sure you are aware of it and it will be fixed on new vm.
> > > I do not want to touch sa-vm1 now, new vm could go out-of-sync.
> > > https://markmail.org/message/ijg75xj3mguzvaxa
> >
> > Nothing can go out-of-sync.  At the time of switchover, all
> processes/crons
> > are stopped and final rsync is made to new vm.
> >
>
>

Re: sa-vm1 migration to Ubuntu 18.04 / Puppet 6

[Kevin A. McGrail]

GB: I hadn't looked at masscheck as been sidetracked.  Henrik pointed out
we fixed the lint warning issue on sa-update back with 3.4.3 so the people
opening bugs are running old versions.  This isn't the lint issue, this is
_check_whiitelist which is an internal function.  I fixed that on the 10th
in revision 1879735 <https://svn.apache.org/viewvc?view=rev=1879735>

>From Memory, I think that SA will use the same version of the code for a
week for masschecks but that could be an old system.

Not sure if kicking the svn checkout.  Should I login, sudo to automc and
go to /usr/local/spamassassin/svn/trunk and do svn up?  It's definitely
running an older version from the 3rd, I checked on the server myself.


Hege: Thanks.  References to KAM's crashplan are out of date.  PCCC donates
Crashplan services to the project / ASF formally since Spring 2018.  It's
the project's crashplan and the credentials encrypted are stored in
https://svn.apache.org/repos/asf/spamassassin/sysadmins/accounts so that
two people had the credentials.

Suggest you archive that 2017 Wiki Page and copy it to a new
InfraNotes2020. Then you can rip and shred without any concerns.

Regards,
KAM

--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Tue, Jul 14, 2020 at 8:23 AM Henrik K  wrote:

> On Tue, Jul 14, 2020 at 02:20:29PM +0200, Giovanni Bechis wrote:
> >
> > automc seems still broken atm (commit to active.list fails), I am pretty
> sure you are aware of it and it will be fixed on new vm.
> > I do not want to touch sa-vm1 now, new vm could go out-of-sync.
> > https://markmail.org/message/ijg75xj3mguzvaxa
>
> Nothing can go out-of-sync.  At the time of switchover, all processes/crons
> are stopped and final rsync is made to new vm.
>
>

Re: sa-vm1 migration to Ubuntu 18.04 / Puppet 6

[Kevin A. McGrail]

No it's an asf project crashplan account and infra does not do backups.  We
almost lost the entire setup before and.my archives were all that saved
it.  Crashplan is important.

Let me.see what is in the documentation about it.

Have you compared a process list on the two boxes and an nmap scan?

I recommend you make a copy of every scrap of data on the old.box over to
the new.  When they decomm it you might need it.  We tried really hard to
document it all but it was a big project.

On Tue, Jul 14, 2020, 08:08 Henrik K  wrote:

>
> I have no clue about crashplan.  I assume that's your account, so please
> install as you see fit.  It seems ASF infra also does backuppc/rsync
> backups.
>
> Dunno but archives you are referring to, but I assume they would be under
> /usr/local/spamassassin.
>
>
> On Tue, Jul 14, 2020 at 08:00:15AM -0400, Kevin A. McGrail wrote:
> > I do not remember, sorry.  It's been 3 years since I contacted them
> last.  But
> > at least for one of the DNS hosters, Send an email to [1]
> supp...@pccc.com and I
> > will make sure that a ticket for that mirror is updated.
> >
> > Did you get crashplan working on the new box?
> >
> > Also did you copy over all the data on the box?  I remember there are
> archives
> > there.  I can look through my notes about that.
> >
> >
> >
> > On Tue, Jul 14, 2020, 07:20 Henrik K <[2]h...@hege.li> wrote:
> >
> >
> > Yes the new box is 100% identical in all aspects (pdns, rsync,
> masscheck,
> > ruleqa, certbot, perl/python modules, paths etc).  Only some minor
> tweaks
> > for Apache web server etc which make no difference documentation
> wise.
> >
> > Of course cron jobs are not yet running, they would mess around too
> much.
> >
> > I did not reach out to DNS people, I assume [3]
> grant.kel...@sonic.com is
> > still
> > correct as per documentation, you probably know better..
> >
> > Cheers,
> > Henrik
> >
> >
> > On Tue, Jul 14, 2020 at 07:10:45AM -0400, Kevin A. McGrail wrote:
> > > Nicely done.  Plus sysadmins list. Four key thought categories
> below;
> > >
> > > Did you go through the documentation and the new box does
> everything the
> > > old box did?  Like power DNS and the DNS GUI?  Rsync and the
> masscheck?
> > > Ruleqa? The cron jobs? Sending root email to the same places?
> > >
> > > Did you update the documentation?  We worked hard on it and don't
> want
> > that
> > > lost.
> > >
> > > Have you reached to the DNS providers yet?  We can likely ask for
> two ips
> > > to.allow xfer so no coordination is needed.
> > >
> > > Do you already have the cron jobs running?
> > >
> > > Beyond that we can switch any time you are around.  It will break
> > masschecl
> > > and everything and you might have to wait weeks to turn down the
> old box.
> > >
> > > I would especially reach out to Dave Jones and see if he gives it a
> > > greenlight.
> > >
> > > Thanks for working on this.  KAM
> > >
> > > On Tue, Jul 14, 2020, 06:57 Henrik K <[4]h...@hege.li> wrote:
> > >
> > > >
> > > > Preparations are pretty much finished.
> >     > >
> > > > Just need to agree on a date for the switchover.  What remains
> to be
> > done
> > > > then is changing/allowing the new master IP on DNS slaves,
> changing
> > sa-vm1
> > > > CNAMEs and final rsync.
> > > >
> > > > Could be for example next sunday or sometime next week.  Around
> 17:00
> > UTC
> > > > seems a quiet time on the box and everyone US/EU should be awake
> then..
> > > >
> > > >
> > > > On Sat, Jun 20, 2020 at 05:18:32PM -0400, Kevin A. McGrail wrote:
> > > > > Thanks Henrik for stepping up on it!
> > > > > --
> > > > > Kevin A. McGrail
> > > > > Member, Apache Software Foundation
> > > > > Chair Emeritus Apache SpamAssassin Project
> > > > > [1][5]https://www.linkedin.com/in/kmcgrail - 703.798.0171
> > > > >
> > > > >
> > > > > On Fri, Jun 19, 2020 at 3:50 PM Henrik K <[3][6]h...@hege.li>
> wrote:
> > > > >
> > > &g

Re: sa-vm1 migration to Ubuntu 18.04 / Puppet 6

[Kevin A. McGrail]

I do not remember, sorry.  It's been 3 years since I contacted them last.
But at least for one of the DNS hosters, Send an email to supp...@pccc.com
and I will make sure that a ticket for that mirror is updated.

Did you get crashplan working on the new box?

Also did you copy over all the data on the box?  I remember there are
archives there.  I can look through my notes about that.



On Tue, Jul 14, 2020, 07:20 Henrik K  wrote:

>
> Yes the new box is 100% identical in all aspects (pdns, rsync, masscheck,
> ruleqa, certbot, perl/python modules, paths etc).  Only some minor tweaks
> for Apache web server etc which make no difference documentation wise.
>
> Of course cron jobs are not yet running, they would mess around too much.
>
> I did not reach out to DNS people, I assume grant.kel...@sonic.com is
> still
> correct as per documentation, you probably know better..
>
> Cheers,
> Henrik
>
>
> On Tue, Jul 14, 2020 at 07:10:45AM -0400, Kevin A. McGrail wrote:
> > Nicely done.  Plus sysadmins list. Four key thought categories below;
> >
> > Did you go through the documentation and the new box does everything the
> > old box did?  Like power DNS and the DNS GUI?  Rsync and the masscheck?
> > Ruleqa? The cron jobs? Sending root email to the same places?
> >
> > Did you update the documentation?  We worked hard on it and don't want
> that
> > lost.
> >
> > Have you reached to the DNS providers yet?  We can likely ask for two ips
> > to.allow xfer so no coordination is needed.
> >
> > Do you already have the cron jobs running?
> >
> > Beyond that we can switch any time you are around.  It will break
> masschecl
> > and everything and you might have to wait weeks to turn down the old box.
> >
> > I would especially reach out to Dave Jones and see if he gives it a
> > greenlight.
> >
> > Thanks for working on this.  KAM
> >
> > On Tue, Jul 14, 2020, 06:57 Henrik K  wrote:
> >
> > >
> > > Preparations are pretty much finished.
> > >
> > > Just need to agree on a date for the switchover.  What remains to be
> done
> > > then is changing/allowing the new master IP on DNS slaves, changing
> sa-vm1
> > > CNAMEs and final rsync.
> > >
> > > Could be for example next sunday or sometime next week.  Around 17:00
> UTC
> > > seems a quiet time on the box and everyone US/EU should be awake then..
> > >
> > >
> > > On Sat, Jun 20, 2020 at 05:18:32PM -0400, Kevin A. McGrail wrote:
> > > > Thanks Henrik for stepping up on it!
> > > > --
> > > > Kevin A. McGrail
> > > > Member, Apache Software Foundation
> > > > Chair Emeritus Apache SpamAssassin Project
> > > > [1]https://www.linkedin.com/in/kmcgrail - 703.798.0171
> > > >
> > > >
> > > > On Fri, Jun 19, 2020 at 3:50 PM Henrik K <[3]h...@hege.li> wrote:
> > > >
> > > >
> > > > Fyi, answered in the ticket..
> > > >
> > > > On Fri, Jun 19, 2020 at 10:08:26AM -0500, Drew Foulks wrote:
> > > > > Greetings SpamAssassin PMC!
> > > > >
> > > > > It's come to my attention that the VM that y'all are using
> needs an
> > > > upgrade!
> > > > > I'd like to take care of that for you and can start working on
> > > this as
> > > > soon as
> > > > > y'all say go. In the meantime, I've created a ticket (and
> linked
> > > your
> > > > trouble
> > > > > ticket) so that we can discuss and track this upgrade.
> > > > >
> > > > > [1][4]https://issues.apache.org/jira/browse/INFRA-20449
> > > > >
> > > > > cheers,
> > > > > --
> > > > > Drew Foulks, ASF Infra
> > > > >
> > > > >
> > > > >
> > > > > References:
> > > > >
> > > > > [1] [5]https://issues.apache.org/jira/browse/INFRA-20449
> > > >
> > > >
> > > > References:
> > > >
> > > > [1] https://www.linkedin.com/in/kmcgrail
> > > > [3] mailto:h...@hege.li
> > > > [4] https://issues.apache.org/jira/browse/INFRA-20449
> > > > [5] https://issues.apache.org/jira/browse/INFRA-20449
> > >
>

Re: sa-vm1 migration to Ubuntu 18.04 / Puppet 6

[Kevin A. McGrail]

Nicely done.  Plus sysadmins list. Four key thought categories below;

Did you go through the documentation and the new box does everything the
old box did?  Like power DNS and the DNS GUI?  Rsync and the masscheck?
Ruleqa? The cron jobs? Sending root email to the same places?

Did you update the documentation?  We worked hard on it and don't want that
lost.

Have you reached to the DNS providers yet?  We can likely ask for two ips
to.allow xfer so no coordination is needed.

Do you already have the cron jobs running?

Beyond that we can switch any time you are around.  It will break masschecl
and everything and you might have to wait weeks to turn down the old box.

I would especially reach out to Dave Jones and see if he gives it a
greenlight.

Thanks for working on this.  KAM

On Tue, Jul 14, 2020, 06:57 Henrik K  wrote:

>
> Preparations are pretty much finished.
>
> Just need to agree on a date for the switchover.  What remains to be done
> then is changing/allowing the new master IP on DNS slaves, changing sa-vm1
> CNAMEs and final rsync.
>
> Could be for example next sunday or sometime next week.  Around 17:00 UTC
> seems a quiet time on the box and everyone US/EU should be awake then..
>
>
> On Sat, Jun 20, 2020 at 05:18:32PM -0400, Kevin A. McGrail wrote:
> > Thanks Henrik for stepping up on it!
> > --
> > Kevin A. McGrail
> > Member, Apache Software Foundation
> > Chair Emeritus Apache SpamAssassin Project
> > [1]https://www.linkedin.com/in/kmcgrail - 703.798.0171
> >
> >
> > On Fri, Jun 19, 2020 at 3:50 PM Henrik K <[3]h...@hege.li> wrote:
> >
> >
> > Fyi, answered in the ticket..
> >
> > On Fri, Jun 19, 2020 at 10:08:26AM -0500, Drew Foulks wrote:
> > > Greetings SpamAssassin PMC!
> > >
> > > It's come to my attention that the VM that y'all are using needs an
> > upgrade!
> > > I'd like to take care of that for you and can start working on
> this as
> > soon as
> > > y'all say go. In the meantime, I've created a ticket (and linked
> your
> > trouble
> > > ticket) so that we can discuss and track this upgrade.
> > >
> > > [1][4]https://issues.apache.org/jira/browse/INFRA-20449
> > >
> > > cheers,
> > > --
> > > Drew Foulks, ASF Infra
> > >
> > >
> > >
> > > References:
> > >
> > > [1] [5]https://issues.apache.org/jira/browse/INFRA-20449
> >
> >
> > References:
> >
> > [1] https://www.linkedin.com/in/kmcgrail
> > [3] mailto:h...@hege.li
> > [4] https://issues.apache.org/jira/browse/INFRA-20449
> > [5] https://issues.apache.org/jira/browse/INFRA-20449
>

Fwd: [auto] do-nightly-rescore-example return code 24

[Kevin A. McGrail]

FYI that RV 24:

sent 37,726,620,240 bytes  received 2,752 bytes  21,141,284.95 bytes/sec
rsync warning: some files vanished before they could be transferred (code
24) at main.c(1183) [sender=3.1.1]total size is 37,760,746,294  speedup is
1.00

+ RV=24
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


-- Forwarded message -
From: automc Cron 
Date: Mon, Mar 23, 2020 at 10:55 PM
Subject: [auto] do-nightly-rescore-example return code 24
To:


Exit Status 24 is not zero for do-nightly-rescore-example.

Re: BUG: wiki error

[Kevin A. McGrail]

Thanks.  I've updated that.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Thu, Mar 19, 2020 at 1:45 AM PGNet Dev  wrote:

>  fyi @
>
>
> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/IntegratedInMta#IntegratedInMta-IntegratedintoSendmail
>
> the line
>
> ...
> milter-spamd http://www.benzedrine.cx/milter-spamd.html is a
> simple BSD-licensed sendmail milter by Daniel Hartmeier.
> ...
>
> is incorrect; the URL domain is wrong, and has been for a very long while,
>
> -   http://www.benzedrine.cx/milter-spamd.html
> +   http://www.benzedrine.ch/milter-spamd.html
>
>

Re: Cron svn update /var/www/automc.spamassassin.org/updates > /dev/null

[Kevin A. McGrail]

OK, I'll keep an eye on things tonight and see if the automated
processes work better.

On 12/2/2019 1:25 AM, Greg Stein wrote:
> We suffered a DDoS from some IP blocks, and blacklisted about a
> half-dozen /16 networks, a few days ago. We're working on the right
> balance/mitigation.
>
>
> On Sun, Dec 1, 2019 at 10:06 PM Kevin A. McGrail  <mailto:kmcgr...@apache.org>> wrote:
>
> Thanks Chris.  I don't want to raise a panic flag but the SVN has
> been very unstable for us since at least 11/27.  Timeouts, unable
> to connects, etc.
>
> On 12/1/2019 10:59 PM, Chris Lambertus wrote:
>> No, it is whitelisted
>>
>>
>>
>>> On Dec 1, 2019, at 5:39 PM, Kevin A. McGrail
>>> mailto:kmcgr...@apache.org>> wrote:
>>>
>>> Is something blocked for our ip for the sa-vm1.spamassassin.org
>>> <http://sa-vm1.spamassassin.org>?
>>>
>>>
>>>
>>>  Forwarded Message 
>>> Subject:Cron  svn update
>>> /var/www/automc.spamassassin.org/updates
>>> <http://automc.spamassassin.org/updates> > /dev/null
>>> Date:   Sun, 1 Dec 2019 21:17:08 + (UTC)
>>> From:   Cron Daemon 
>>> <mailto:r...@sa-vm1.apache.org>
>>> Reply-To:   sysadmins@spamassassin.apache.org
>>> <mailto:sysadmins@spamassassin.apache.org>
>>> To: sysadmins@spamassassin.apache.org
>>>     <mailto:sysadmins@spamassassin.apache.org>
>>>
>>>
>>>
>>> svn: E170013: Unable to connect to a repository at URL
>>> 'http://svn.apache.org/repos/asf/spamassassin/site/updates'
>>> svn: E000110: Error running context: Connection timed out
>>
> -- 
> Kevin A. McGrail
> kmcgr...@apache.org <mailto:kmcgr...@apache.org>
>
> Member, Apache Software Foundation
> Chair Emeritus Apache SpamAssassin Project
> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>
-- 
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: Is SVN having Issues?

[Kevin A. McGrail]

Thank you.  We'll have to figure out more about that.  We've run the
infrastructure here as fire and forget and the scripts have no retry so
we lose days of rule qa.

On 11/30/2019 11:24 PM, John Andrunas wrote:
> Not that I know of at this very moment, though we have been seeing a
> lot of load the last few days resulting in intermittent performance
> issues.
>
> On Sat, Nov 30, 2019 at 8:07 PM Kevin A. McGrail  wrote:
>> Infra,
>>
>> The SA project has checked the status page but has been seeing errors
>> like this.
>>
>> svn: E175012: Connection timed out (on 11/30)
>> &
>> svn: E000110: Error running context: Connection timed out (on 11/27)
>>
>> Is this a known issue?
>>
>> Regards,
>> KAM
>>
>> --
>> Kevin A. McGrail
>> kmcgr...@apache.org
>>
>> Member, Apache Software Foundation
>> Chair Emeritus Apache SpamAssassin Project
>> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>>
>
-- 
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: sa-vm1 cronjobs

[Kevin A. McGrail]

Very much so, thanks.


On 10/10/2019 2:27 PM, Chris Lambertus wrote:
>
> Hi SA folks,
>
> Are you still using the VM sa-vm1 ?
>
> It has been emitting cron errors to r...@apache.org
> <mailto:r...@apache.org> for some time now. Could someone please look
> into these, and fix the mailto so it goes to the SA team instead of
> root@a.o <mailto:root@a.o>?
>
>
> /etc/cron.hourly/checkMasscheckContribs:
> grep:
> /usr/local/spamassassin/automc/rsync/tagged_builds/weekly_mass_check/masses/svninfo.tmp:
> No such file or directory
>
>
>
> Thanks,
> Chris
>
-- 
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: Fwd: [auto] do-nightly-rescore-example return code 1

[Kevin A. McGrail]

NOTE: Henrik might have already fixed it with some rules checked in
failing lint.

On 10/10/2019 12:40 PM, Kevin A. McGrail wrote:
>
> Any thoughts on this error?
>
> From the cron logs, I think it's the "unknown revision":
>
> [ checking out code from svn repository ]
> + svn co -r unknown http://svn.apache.org/repos/asf/spamassassin/trunk 
> trunk-new-rules-set1
> svn: E205000: Syntax error in revision argument 'unknown'
> + exit 1
> + RV=1
> + '[' 1 -ne 0 ']'
> + echo 'Exit Status 1 is not zero for do-nightly-rescore-example'
> Exit Status 1 is not zero for do-nightly-rescore-example
> + echo 'From: nore...@spamassassin.apache.org (automc Cron)'
> + echo 'Subject: [auto] do-nightly-rescore-example return code 1'
> + echo ''
> + echo 'Exit Status 1 is not zero for do-nightly-rescore-example.'
> + /usr/sbin/sendmail -oi rul...@spamassassin.apache.org
>
>
>  Forwarded Message 
> Subject:  [auto] do-nightly-rescore-example return code 1
> Date: Thu, 10 Oct 2019 02:36:07 + (UTC)
> From: automc Cron 
> Reply-To: rul...@spamassassin.apache.org
>
>
>
> Exit Status 1 is not zero for do-nightly-rescore-example.

-- 
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Fwd: [auto] do-nightly-rescore-example return code 1

[Kevin A. McGrail]

Any thoughts on this error?

>From the cron logs, I think it's the "unknown revision":

[ checking out code from svn repository ]
+ svn co -r unknown http://svn.apache.org/repos/asf/spamassassin/trunk 
trunk-new-rules-set1
svn: E205000: Syntax error in revision argument 'unknown'
+ exit 1
+ RV=1
+ '[' 1 -ne 0 ']'
+ echo 'Exit Status 1 is not zero for do-nightly-rescore-example'
Exit Status 1 is not zero for do-nightly-rescore-example
+ echo 'From: nore...@spamassassin.apache.org (automc Cron)'
+ echo 'Subject: [auto] do-nightly-rescore-example return code 1'
+ echo ''
+ echo 'Exit Status 1 is not zero for do-nightly-rescore-example.'
+ /usr/sbin/sendmail -oi rul...@spamassassin.apache.org



 Forwarded Message 
Subject:[auto] do-nightly-rescore-example return code 1
Date:   Thu, 10 Oct 2019 02:36:07 + (UTC)
From:   automc Cron 
Reply-To:   rul...@spamassassin.apache.org



Exit Status 1 is not zero for do-nightly-rescore-example.

Fwd: [auto] do-nightly-rescore-example return code 24

[Kevin A. McGrail]

Looks like rsync failed?

 total size is 31,560,690,042  speedup is 1.00
rsync warning: some files vanished before they could be transferred (code 24) 
at main.c(1183) [sender=3.1.1]
+ RV=24
+ '[' 24 -ne 0 ']'
+ echo 'Exit Status 24 is not zero for do-nightly-rescore-example'



 Forwarded Message 
Subject:[auto] do-nightly-rescore-example return code 24
Date:   Sun, 11 Aug 2019 02:35:42 + (UTC)
From:   automc Cron 
Reply-To:   rul...@spamassassin.apache.org



Exit Status 24 is not zero for do-nightly-rescore-example.

Re: apachesf.sonic.net ethernet broken

[Kevin A. McGrail]

Thanks Joe,
Looks like the box has it as full duplex 100mb now:
Jul 17 13:16:23 apachesf kernel: bnx2 :0b:00.0 eth0: NIC Copper Link
is Up, 100 Mbps full duplex

Henrik, do you see the issue as resolved?
On 7/17/2019 4:34 PM, Joe Muller wrote:
> Not sure how I missed this earlier, but I've had our Network Operations team
> change the upstream switchport to auto-negotiation, as it was hard-coded to
> 100Mbps full-duplex before. Please let me know if you're still seeing a
> duplex
> mismatch or dropped packets.
>
> -- Joe Muller
> Sonic System Operations
>
> On 7/17/19 12:07 AM, Henrik K wrote:
>> Hello, there is still this issue..
>>
>> Cheers,
>> Henrik
>>
>>
>> On Sat, Jun 29, 2019 at 03:39:23PM +0300, Henrik K wrote:
>>> Hello Joe, could you have a look at the boxes network link, it's at 100M
>>> half duplex! Downloads are super slow..
>>>
>>> Likely something that should be fixed locally, probably end up with dead
>>> connection if I try to tinker with it remotely. :-)
>>>
>>> [   12.008332] bnx2 :0b:00.0 eth0: NIC Copper Link is Up, 100 Mbps half 
>>> duplex
>>> [   12.008426] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
>>>
>>> Cheers,
>>> Henrik
>>>
>>>
>>> On Thu, Jun 20, 2019 at 10:47:56PM -0400, Kevin A. McGrail wrote:
>>>> FYI that Joe swapped out the guts with a new motherboard and fixed the
>>>> network configuration and the box is back online!  Hurray for Joe and 
>>>> Sonic.
>>>>
>>>>
>>>>
>>>>  Forwarded Message 
>>>> Subject:   svn commit: r1861721 - /spamassassin/site/updates/MIRRORED.BY
>>>> Date:  Fri, 21 Jun 2019 02:46:27 -
>>>> From:  kmcgr...@apache.org
>>>> Reply-To:  SpamAssassin Dev 
>>>> To:comm...@spamassassin.apache.org
>>>>
>>>>
>>>>
>>>> Author: kmcgrail
>>>> Date: Fri Jun 21 02:46:27 2019
>>>> New Revision: 1861721
>>>>
>>>> URL: http://svn.apache.org/viewvc?rev=1861721=rev
>>>> Log:
>>>> sa-update.spamassassin.org back on-line
>>>>
>>>> Modified:
>>>> spamassassin/site/updates/MIRRORED.BY
>>>>
>>>> Modified: spamassassin/site/updates/MIRRORED.BY
>>>> URL:
>>>> http://svn.apache.org/viewvc/spamassassin/site/updates/MIRRORED.BY?rev=1861721=1861720=1861721=diff
>>>> ==
>>>> --- spamassassin/site/updates/MIRRORED.BY (original)
>>>> +++ spamassassin/site/updates/MIRRORED.BY Fri Jun 21 02:46:27 2019
>>>> @@ -46,5 +46,5 @@ http://sa-update.verein-clean.net/ weigh
>>>> http://sa-update.bitwell.fi/ weight=5
>>>> #CONTACT: sysadmins@spamassassin.apache.org
>>>> -# out of service per Joe Muller  2019-06-19
>>>> http://sa-update.spamassassin.org/ weight=10
>>>> +http://sa-update.spamassassin.org/ weight=10
>>>>
>>>>

-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Fwd: Rule updates are too old - 2019-07-17 3.3.0:2019-07-16 3.3.1:2019-07-16 3.3.2:2019-07-16

[Kevin A. McGrail]

Is this accurate? I thought we promoted and all looks ok but sometimes my
eyesight is bad so maybe a digit is off.

Can someone please confirm we promoted a set?

-- Forwarded message -
From: 
Date: Wed, Jul 17, 2019, 07:00
Subject: Rule updates are too old - 2019-07-17 3.3.0:2019-07-16
3.3.1:2019-07-16 3.3.2:2019-07-16
To: , 


SpamAssassin version 3.3.0 has not had a rule update since 2019-07-16.
SpamAssassin version 3.3.1 has not had a rule update since 2019-07-16.
SpamAssassin version 3.3.2 has not had a rule update since 2019-07-16.

20190716:  Spam and ham are above threshold of 150,000:
http://ruleqa.spamassassin.org/?daterev=20190716
20190716:  Spam: 909844, Ham: 452769


The spam and ham counts on which this script alerts are from
http://ruleqa.spamassassin.org/?daterev=20190716
Click "(source details)" (it's tiny and low contrast).
It's from the second and third columns of the line that ends with
"(all messages)"

The source to this script is
http://www.chaosreigns.com/sa/update-version-mon.pl

It looks like both the weekly and nightly masschecks need to have sufficient
corpora in order for an update to be generated.

Fwd: [jira] [Closed] (INFRA-18726) https://wiki.apache.org/spamassassin isn't redirecting to new wiki

[Kevin A. McGrail]

FYI that the issue should be resolved.



 Forwarded Message 
Subject:[jira] [Closed] (INFRA-18726)
https://wiki.apache.org/spamassassin isn't redirecting to new wiki
Date:   Mon, 15 Jul 2019 10:32:00 + (UTC)
From:   Gavin (JIRA) 
To: kmcgr...@apache.org




[
https://issues.apache.org/jira/browse/INFRA-18726?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Gavin closed INFRA-18726.
-
Resolution: Fixed

redirect added.

> https://wiki.apache.org/spamassassin isn't redirecting to new wiki
> --
>
> Key: INFRA-18726
> URL: https://issues.apache.org/jira/browse/INFRA-18726
> Project: Infrastructure
> Issue Type: Bug
> Components: Confluence
> Reporter: Kevin A. McGrail
> Assignee: Gavin
> Priority: Critical
>
> Instead of the expected old wiki -or- a redirect to the new wiki at
> https://cwiki.apache.org/confluence/display/SPAMASSASSIN, the old wiki
> url at https://wiki.apache.org/spamassassin shows "Not Found
> No wiki configuration matching the URL found!"



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Re: SpamAssassin wiki not working

[Kevin A. McGrail]

On 7/10/2019 3:52 PM, Sidney Markowitz wrote:
> Sidney Markowitz wrote on 11/07/19 7:30 AM:
>> Kevin A. McGrail wrote on 11/07/19 6:50 AM:
>>> On 7/10/2019 2:44 PM, Sidney Markowitz wrote:
>>> https://issues.apache.org/jira/browse/INFRA-18726 is open, thanks.
>>>
>>
>> Thanks. We should change the link in the web site to be the proper
>> one to cwiki.
>>
> I had to look up our InfraNotes wiki page to remind myself how to
> update the web site. I guess the top menu on the pages that has the
> wiki link is part of the minotaur configuration and is not in the site
> svn? Kevin, do you know how to change it?
>
It's not anything fancy like that.  Just checkout
https://svn.apache.org/repos/asf/spamassassin/site, update the .html
files manually and commit.

-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: SpamAssassin wiki not working

[Kevin A. McGrail]

On 7/10/2019 2:44 PM, Sidney Markowitz wrote:
> Kevin A. McGrail wrote on 11/07/19 6:28 AM:
>> On 7/10/2019 1:25 PM, Giovanni Bechis wrote:
>>> Hi,
>>> as of today SA wiki[¹] linked from homepage does not work, the
>>> webserver replies "No wiki configuration matching the URL
>>> found!".
>>> I think this is due to wiki migration to Confluence and maybe some
>>> bits are missing/unfinished.
>>>     Giovanni
>>>
>>> [¹] https://wiki.apache.org/spamassassin
>>
>> I think the wiki is now at
>> https://cwiki.apache.org/confluence/display/SPAMASSASSIN
>>
>> I thought it was going to redirect though.
>>
> If it doesn't redirect we need to open a ticket with Infra. I will
> check the wiki and open a ticket when I am on the bus to work in a
> short bit unless someone else has done that first.
>
>  Sidney
>
https://issues.apache.org/jira/browse/INFRA-18726 is open, thanks.

-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: SpamAssassin wiki not working

[Kevin A. McGrail]

On 7/10/2019 1:25 PM, Giovanni Bechis wrote:
> Hi,
> as of today SA wiki[¹] linked from homepage does not work, the webserver 
> replies "No wiki configuration matching the URL found!".
> I think this is due to wiki migration to Confluence and maybe some bits are 
> missing/unfinished.
>  
>  Giovanni
>
> [¹] https://wiki.apache.org/spamassassin

I think the wiki is now at
https://cwiki.apache.org/confluence/display/SPAMASSASSIN

I thought it was going to redirect though.

-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Fwd: run Net masscheck on Wednesdays too?

[Kevin A. McGrail]

FYI



 Forwarded Message 
Subject:run Net masscheck on Wednesdays too?
Date:   Wed, 10 Jul 2019 09:26:18 -0700 (PDT)
From:   John Hardin 
To: SpamAssassin Developers list 



On the users list there's another FP discussion starting up about
another rule with an apparent S/O drop that's causing stale net scores
to be problematic.

Potentially we could reduce the time needed for net scores to react to
rule/corpora changes by running them on Wednesdays in addition to weekends.

Would this be a change we want to make to the masscheck scripts (based
on the time it takes to run net checks, etc.)?

I would suggest that the majority of installations now have network
checks enabled, so running the net masschecks more frequently is
something we should seriously consider. As frequently as every other day
would probably be best if the resource usage from doing that isn't
problematic.


-- 
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Back in 1969 the technology to fake a Moon landing didn't exist,
  but the technology to actually land there did.
  Today, it is the opposite.   -- unknown
---
 10 days until the 50th anniversary of Apollo 11 landing on the Moon

Re: Number of SpamAssassin installations

[Kevin A. McGrail]

On 6/27/2019 4:40 AM, Jari Fredriksson wrote:
>
>> Kevin A. McGrail  kirjoitti 26.6.2019 kello 19.09:
>>
>> Agreed.  I think David just had a simple command he ran on his logs or
>> the project's mirror.  I can get you access to the mirror the project
>> runs if you want to look at it.
>>
>> On 6/26/2019 8:51 AM, Henrik K wrote:
>>> It's just simple awk/grep, no need for fancy scripts.. :-)
>>>
>>> One month from single mirror should be enough to get a ballpark, weight can 
>>> be
>>> calculated to it.
>>>
>>> On Wed, Jun 26, 2019 at 08:41:32AM -0400, Kevin A. McGrail wrote:
>>>> I seem to remember that yes, David Jones wrote a log parser for some
>>>> information on this but there is no centralization of logs.  Each mirror
>>>> would have to run and report.
>>>>
>>>> On 6/25/2019 8:33 AM, Henrik K wrote:
>>>>> Has someone calculated weekly/monthly unique IPs seen in some mirror 
>>>>> logs? 
>>>>> I'm curious how many active SA installations there actually are?  I 
>>>>> realize
>>>>> it's just a ballpark figure..
>>>>>
> Here is mine for 6 last months. This is sa-update.bitwell.fi
>
> jarif@gauntlet ~ $ wc -l /tmp/unique-combined.txt 
> 1700178 /tmp/unique-combined.txt
>
> Br. jarif

What command did you run to get that so I run the same and I'll get my
numbers.

-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: Number of SpamAssassin installations

[Kevin A. McGrail]

Agreed.  I think David just had a simple command he ran on his logs or
the project's mirror.  I can get you access to the mirror the project
runs if you want to look at it.

On 6/26/2019 8:51 AM, Henrik K wrote:
> It's just simple awk/grep, no need for fancy scripts.. :-)
>
> One month from single mirror should be enough to get a ballpark, weight can be
> calculated to it.
>
> On Wed, Jun 26, 2019 at 08:41:32AM -0400, Kevin A. McGrail wrote:
>> I seem to remember that yes, David Jones wrote a log parser for some
>> information on this but there is no centralization of logs.  Each mirror
>> would have to run and report.
>>
>> On 6/25/2019 8:33 AM, Henrik K wrote:
>>> Has someone calculated weekly/monthly unique IPs seen in some mirror logs? 
>>> I'm curious how many active SA installations there actually are?  I realize
>>> it's just a ballpark figure..
>>>
>> -- 
>> Kevin A. McGrail
>> Member, Apache Software Foundation
>> Chair Emeritus Apache SpamAssassin Project
>> https://www.linkedin.com/in/kmcgrail - 703.798.0171


-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: Number of SpamAssassin installations

[Kevin A. McGrail]

I seem to remember that yes, David Jones wrote a log parser for some
information on this but there is no centralization of logs.  Each mirror
would have to run and report.

On 6/25/2019 8:33 AM, Henrik K wrote:
> Has someone calculated weekly/monthly unique IPs seen in some mirror logs? 
> I'm curious how many active SA installations there actually are?  I realize
> it's just a ballpark figure..
>

-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Fwd: [Bug 6596] Text that looks like URL without a valid TLD is not parsed as a hot link

[Kevin A. McGrail]

If a sysadmin is looking for a task that would be good to automate,  bug
7165 would be good.



 Forwarded Message 
Subject:[Bug 6596] Text that looks like URL without a valid TLD is not
parsed as a hot link
Date:   Mon, 24 Jun 2019 15:10:45 +
From:   bugzilla-dae...@spamassassin.apache.org
To: d...@spamassassin.apache.org



https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6596

Kevin A. McGrail  changed:

What |Removed |Added

Resolution|--- |WONTFIX
Status|NEW |RESOLVED

--- Comment #6 from Kevin A. McGrail  ---
(In reply to Giovanni Bechis from comment #5)
> IMHO, if we keep our TLD list accurate it makes no sense to fix this it.
> -1 for me.

Agreed. Closing as won't fix. bug 7165 is open for this purpose if someone
can run it and figure out how to automated it.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Fwd: svn commit: r1861721 - /spamassassin/site/updates/MIRRORED.BY

[Kevin A. McGrail]

FYI that Joe swapped out the guts with a new motherboard and fixed the
network configuration and the box is back online!  Hurray for Joe and Sonic.



 Forwarded Message 
Subject:svn commit: r1861721 - /spamassassin/site/updates/MIRRORED.BY
Date:   Fri, 21 Jun 2019 02:46:27 -
From:   kmcgr...@apache.org
Reply-To:   SpamAssassin Dev 
To: comm...@spamassassin.apache.org



Author: kmcgrail
Date: Fri Jun 21 02:46:27 2019
New Revision: 1861721

URL: http://svn.apache.org/viewvc?rev=1861721=rev
Log:
sa-update.spamassassin.org back on-line

Modified:
spamassassin/site/updates/MIRRORED.BY

Modified: spamassassin/site/updates/MIRRORED.BY
URL:
http://svn.apache.org/viewvc/spamassassin/site/updates/MIRRORED.BY?rev=1861721=1861720=1861721=diff
==
--- spamassassin/site/updates/MIRRORED.BY (original)
+++ spamassassin/site/updates/MIRRORED.BY Fri Jun 21 02:46:27 2019
@@ -46,5 +46,5 @@ http://sa-update.verein-clean.net/ weigh
http://sa-update.bitwell.fi/ weight=5
#CONTACT: sysadmins@spamassassin.apache.org
-# out of service per Joe Muller  2019-06-19
http://sa-update.spamassassin.org/ weight=10
+http://sa-update.spamassassin.org/ weight=10

Re: Who runs sa-update.spamassassin.org/?

[Kevin A. McGrail]

Thanks, Joe!

I think CentOS likely does have the Mac Addresses in the interface
config files.  They like to do that.

Send me your cell and I'll text you admin creds.

On 6/19/2019 9:39 PM, Joe Muller wrote:
> Quick update - the server refused to post - gave an obscure board-level
> hardware error.
> I've swapped the drives, CPUs, and RAM over to a known-good spare, which
> has been
> re-configured and put back in the rack. I think the OS is either
> enumerating the extra
> add-on 10G interfaces first or the configuration was locked down to the
> MAC address
> on the old motherboard. I'll see about getting it fixed up tomorrow morning.
>
> -- Joe
>
>
> On 6/19/19 12:02 PM, Kevin A. McGrail wrote:
>> Thanks, Joe!
>>
>> On 6/19/2019 2:38 PM, Joe Muller wrote:
>>> Hi Kevin,
>>>
>>>    The server was off displaying error 'F7' on the diagnostics display
>>> and a board fault.
>>> I've pulled it out of the rack and will be checking it out on the
>>> workbench. If you have
>>> an alternate IP to route traffic to, I recommend doing so until I can
>>> provide better info
>>> on the condition of the box.
>>>
>>> -- Joe
>>>
>>> On 6/19/19 6:45 AM, Kevin A. McGrail wrote:
>>>> On 6/19/2019 9:42 AM, Bill Cole wrote:
>>>>> The sa-update.spamassassin.org mirror is a host at sonic.net and it
>>>>> has been dead for the past 2 days. I can't find any contact
>>>>> information for it.
>>>>>
>>>> Thanks for the notice.  I stupidly thought that as sa-vm1 but it's not,
>>>> it's a box Sonic donates that we admin. 
>>>>
>>>> +Joe Muller
>>>>
>>>> Joe, can you tell us if the box from sonic for SA is off?
>>>>
>>>> Regards,
>>>>
>>>> KAM
>>>>

-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: Who runs sa-update.spamassassin.org/?

[Kevin A. McGrail]

Thanks, Joe!

On 6/19/2019 2:38 PM, Joe Muller wrote:
> Hi Kevin,
>
>    The server was off displaying error 'F7' on the diagnostics display
> and a board fault.
> I've pulled it out of the rack and will be checking it out on the
> workbench. If you have
> an alternate IP to route traffic to, I recommend doing so until I can
> provide better info
> on the condition of the box.
>
> -- Joe
>
> On 6/19/19 6:45 AM, Kevin A. McGrail wrote:
>> On 6/19/2019 9:42 AM, Bill Cole wrote:
>>> The sa-update.spamassassin.org mirror is a host at sonic.net and it
>>> has been dead for the past 2 days. I can't find any contact
>>> information for it.
>>>
>> Thanks for the notice.  I stupidly thought that as sa-vm1 but it's not,
>> it's a box Sonic donates that we admin. 
>>
>> +Joe Muller
>>
>> Joe, can you tell us if the box from sonic for SA is off?
>>
>> Regards,
>>
>> KAM
>>

-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: Who runs sa-update.spamassassin.org/?

[Kevin A. McGrail]

On 6/19/2019 9:42 AM, Bill Cole wrote:
> The sa-update.spamassassin.org mirror is a host at sonic.net and it
> has been dead for the past 2 days. I can't find any contact
> information for it.
>
Thanks for the notice.  I stupidly thought that as sa-vm1 but it's not,
it's a box Sonic donates that we admin. 

+Joe Muller

Joe, can you tell us if the box from sonic for SA is off?

Regards,

KAM

-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: checkSAupdateMirrors.sh on sa-vm1.apache.org - 1 mirror DOWN, 0 mirrors STALE

[Kevin A. McGrail]

CLARIFY: I did a systemctl restart apache2 on sa-vm1.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Mon, Jun 17, 2019 at 8:31 PM Kevin A. McGrail 
wrote:

> I did a restart on sa-vm1 but about to hop on a plane.  It was running not
> sure why our own mirror is down.
> --
> Kevin A. McGrail
> Member, Apache Software Foundation
> Chair Emeritus Apache SpamAssassin Project
> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>
>
> On Mon, Jun 17, 2019 at 8:17 PM root  wrote:
>
>> Fetching sa-update URLs from
>> http://spamassassin.apache.org/updates/MIRRORED.BY
>>
>> http://sa-update.dnswl.org/ (116.203.4.105): UP (CURRENT)
>>
>> http://www.sa-update.pccc.com/ (69.171.29.42): UP (CURRENT)
>>
>> http://sa-update.secnap.net/ (204.89.241.6): UP (CURRENT)
>>
>> http://sa-update.space-pro.be/ (176.28.55.20): UP (CURRENT)
>>
>> http://sa-update.ena.com/ (96.4.1.5): UP (CURRENT)
>>
>> http://sa-update.ena.com/ (96.5.1.5): UP (CURRENT)
>>
>> http://sa-update.razx.cloud/ (104.27.153.42): UP (CURRENT)
>>
>> http://sa-update.razx.cloud/ (104.27.152.42): UP (CURRENT)
>>
>> http://sa-update.fossies.org/ (138.201.17.217): UP (CURRENT)
>>
>> http://sa-update.verein-clean.net/ (37.252.124.130): UP (CURRENT)
>>
>> http://sa-update.verein-clean.net/ (148.251.29.131): UP (CURRENT)
>>
>> http://sa-update.verein-clean.net/ (37.252.120.157): UP (CURRENT)
>>
>> http://sa-update.verein-clean.net/ (148.251.212.58): UP (CURRENT)
>>
>> http://sa-update.bitwell.fi/ (104.31.74.190): UP (CURRENT)
>>
>> http://sa-update.bitwell.fi/ (104.31.75.190): UP (CURRENT)
>>
>> http://sa-update.spamassassin.org/ (64.142.56.146): DOWN
>>
>

Re: checkSAupdateMirrors.sh on sa-vm1.apache.org - 1 mirror DOWN, 0 mirrors STALE

[Kevin A. McGrail]

I did a restart on sa-vm1 but about to hop on a plane.  It was running not
sure why our own mirror is down.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Mon, Jun 17, 2019 at 8:17 PM root  wrote:

> Fetching sa-update URLs from
> http://spamassassin.apache.org/updates/MIRRORED.BY
>
> http://sa-update.dnswl.org/ (116.203.4.105): UP (CURRENT)
>
> http://www.sa-update.pccc.com/ (69.171.29.42): UP (CURRENT)
>
> http://sa-update.secnap.net/ (204.89.241.6): UP (CURRENT)
>
> http://sa-update.space-pro.be/ (176.28.55.20): UP (CURRENT)
>
> http://sa-update.ena.com/ (96.4.1.5): UP (CURRENT)
>
> http://sa-update.ena.com/ (96.5.1.5): UP (CURRENT)
>
> http://sa-update.razx.cloud/ (104.27.153.42): UP (CURRENT)
>
> http://sa-update.razx.cloud/ (104.27.152.42): UP (CURRENT)
>
> http://sa-update.fossies.org/ (138.201.17.217): UP (CURRENT)
>
> http://sa-update.verein-clean.net/ (37.252.124.130): UP (CURRENT)
>
> http://sa-update.verein-clean.net/ (148.251.29.131): UP (CURRENT)
>
> http://sa-update.verein-clean.net/ (37.252.120.157): UP (CURRENT)
>
> http://sa-update.verein-clean.net/ (148.251.212.58): UP (CURRENT)
>
> http://sa-update.bitwell.fi/ (104.31.74.190): UP (CURRENT)
>
> http://sa-update.bitwell.fi/ (104.31.75.190): UP (CURRENT)
>
> http://sa-update.spamassassin.org/ (64.142.56.146): DOWN
>

Re: checkSAupdateMirrors.sh on sa-vm1.apache.org - 1 mirror DOWN, 0 mirrors STALE

[Kevin A. McGrail]

I like having a dozen or so and there is really zero security issue since
the rules are crytographically signed.

I would definitely open a bug if that retry doesn't work.  I didn't know
that.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Wed, Jun 12, 2019 at 12:13 PM Henrik K  wrote:

>
> The embarassing truth is that mirror retry doesn't work in 3.4.2.  So any
> of
> the mirrors not working might delay updates for some people by a day or
> so.
> Atleast I cron once a night..
>
> I always wondered if we actually need this many mirrors?  10(!!) is quite a
> lot.  Anyone can easily churn 5 TB of data with 5 eur/month kimsufi server
> or similar, but it would seem more practical maintenance wise to have only
> few very well maintained ones (and I mean this also security wise).
>
>
> On Wed, Jun 12, 2019 at 12:00:23PM -0400, Kevin A. McGrail wrote:
> > Should we do that when just 1 of their sub-A records is down?
> > --
> > Kevin A. McGrail
> > Member, Apache Software Foundation
> > Chair Emeritus Apache SpamAssassin Project
> > https://www.linkedin.com/in/kmcgrail - 703.798.0171
> >
> >
> > On Wed, Jun 12, 2019 at 11:59 AM Bill Cole <
> > sa-bugz-20080...@billmail.scconsult.com> wrote:
> >
> > > I've commented out sa-update.verein-clean.net in
> > > /site/updates/MIRRORED.BY to quiet the notices.
> > >
> > > Tobi: Please inform sysadmins@spamassassin.apache.org when/if
> > > 148.251.212.58 is working or no longer in DNS for
> > > sa-update.verein-clean.net
> > >
> > >
> > > On 12 Jun 2019, at 11:18, root wrote:
> > >
> > > [...]
> > > >
> > > > http://sa-update.verein-clean.net/ (148.251.212.58): DOWN
> > > >
> > > [...]
> > >
> > > --
> > > Bill Cole
> > > b...@scconsult.com or billc...@apache.org
> > > (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> > > Not Currently Available For Hire
> > >
>

Re: checkSAupdateMirrors.sh on sa-vm1.apache.org - 1 mirror DOWN, 0 mirrors STALE

[Kevin A. McGrail]

Should we do that when just 1 of their sub-A records is down?
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Wed, Jun 12, 2019 at 11:59 AM Bill Cole <
sa-bugz-20080...@billmail.scconsult.com> wrote:

> I've commented out sa-update.verein-clean.net in
> /site/updates/MIRRORED.BY to quiet the notices.
>
> Tobi: Please inform sysadmins@spamassassin.apache.org when/if
> 148.251.212.58 is working or no longer in DNS for
> sa-update.verein-clean.net
>
>
> On 12 Jun 2019, at 11:18, root wrote:
>
> [...]
> >
> > http://sa-update.verein-clean.net/ (148.251.212.58): DOWN
> >
> [...]
>
> --
> Bill Cole
> b...@scconsult.com or billc...@apache.org
> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> Not Currently Available For Hire
>

Re: mmiroslaw & llanga please ping me off-list - Fwd: [corpus-cleanup] Early runners

[Kevin A. McGrail]

Hi Marcin!  Sorry I lost your email address. 

Paul, can you look at Marcin's question for masscheck below, please?

On 6/8/2019 11:42 AM, Marcin Mirosław wrote:
> W dniu 2019-06-08 o 13:49, Kevin A. McGrail pisze:
>> We have lost track of the email addresses to contact these accounts for 
>> ruleqa.  Please contact me off-list.
> [..]
>> and [mmiroslaw] Possibly resolved already!
>
> Hi Kevin!
> I changed hour when masscheck starts. What is the latest time to start
> masscheck? Now I run near highnoo but I prefere to do it at night time.
> Have  nice day,
> Marcin


-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: Cron . /etc/profile; /usr/local/bin/runRuleQArefresh.sh > /dev/null

[Kevin A. McGrail]

I appreciate the noise.

For the record, when the system catastrophically failed, I rebuilt it
from the ground up on a new server with just the cron log output :-)

On 6/2/2019 3:41 AM, Paul Stead wrote:
> Looks good now - I've made the lock fail error a bit quieter but the lock
> fails since my last email are valid - just the hourly is running for long
> time -
>
> ---8<---
> automc   20493  5.3  0.1  43140 21496 ?SN   04:05  11:34
> /usr/bin/perl -w
> /usr/local/spamassassin/automc/svn/masses/rule-qa/corpus-hourly
> --dir=/usr/local/spamassassin/automc/rsync/corpus
> pds@sa-vm1:~$ date
> Sun Jun  2 07:41:23 UTC 2019
> ---8<---
>
> Paul
>

-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: Cron . /etc/profile; /usr/local/bin/runRuleQArefresh.sh > /dev/null

[Kevin A. McGrail]

Good signs that something is working because things are breaking, Paul.  :-)

Thanks for working on this and I just wanted to +1 to break some eggs to
make some omelets.  David and I concur that this scripts are one of the
more complicated things we've worked on in our lives so don't be afraid
to get dirty!

On 6/1/2019 9:05 AM, Cron Daemon wrote:
> lock failed, PID 30743 is active
> Exit: ENO_LOCKFAIL(2)


-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: Disappearing corpus

[Kevin A. McGrail]

Thanks for working on this.  I'm +1 without a technical review.

On 5/30/2019 3:27 PM, Paul Stead wrote:
> I'm at the root of the issue and ready to commit changes around this:
>
> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7715
>
> The changes will not affect how ruleqa works or how submissions should
> be done - please continue to submit *after 0900 UTC*
>
> Any feedback appreciated, will be applying after 1st June unless
> feedback received.
>
> Paul


-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Fwd: Disappearing Corpus

[Kevin A. McGrail]

FYI


 Forwarded Message 
Subject:Disappearing Corpus
Date:   Wed, 15 May 2019 13:42:39 +0100
From:   Paul Stead 
Reply-To:   rul...@spamassassin.apache.org
To: rul...@spamassassin.apache.org



Hiya,

Over the last few days I thought I'd noticed nightlies going missing
from the QA website.

Attached are two images - the first taken last night at around 21:44 -
notice we have quite a few corpus' in the list,

The second attachment shows the same date-rev as of a few minutes ago -
many corpus have gone missing - including my pds one - can anyone think
what might be going on here?

I've a feeling this might be causing some "tromboning" of some of the
rules - they are popping in and out of the active.list daily

Paul

Fwd: Cron ~/svn/trunk/build/mkupdates/run_nightly | /usr/bin/tee /var/www/automc.spamassassin.org/mkupdates/mkupdates.txt

[Kevin A. McGrail]

So I didn't quite find the Root Cause but I think it's working
normally.  Paul, do you concur?



 Forwarded Message 
Subject:Cron  ~/svn/trunk/build/mkupdates/run_nightly |
/usr/bin/tee /var/www/automc.spamassassin.org/mkupdates/mkupdates.txt
Date:   Wed, 8 May 2019 08:31:04 + (UTC)
From:   Cron Daemon 
Reply-To:   sysadmins@spamassassin.apache.org
To: sysadmins@spamassassin.apache.org



+ promote_active_rules
+ pwd
+ /usr/bin/perl build/mkupdates/listpromotable
/usr/local/spamassassin/automc/svn/trunk
HTTP get: https://ruleqa.spamassassin.org/1-days-ago?xml=1
HTTP get: https://ruleqa.spamassassin.org/2-days-ago?xml=1
HTTP get: https://ruleqa.spamassassin.org/3-days-ago?xml=1
+ mv rules/active.list.new rules/active.list
+ svn diff rules
+ cat /var/www/ruleqa.spamassassin.org/reports/LATEST
Index: rules/active.list
===
--- rules/active.list (revision 1858833)
+++ rules/active.list (working copy)
@@ -1,6 +1,6 @@
# DO NOT EDIT: file generated by build/mkupdates/listpromotable
# active ruleset list, automatically generated from
https://ruleqa.spamassassin.org/
-# with results from: day 1: axb-coi-bulk axb-generic axb-ham-misc
darxus ena-week0 ena-week1 ena-week2 ena-week3 ena-week4 giovanni-ham
giovanni-spam giovanni-spammy grenier hege jarif jbrooks pds sihde
spamsponge thendrikx; day 2: ena-week3 ena-week4 giovanni-ham
giovanni-spam giovanni-spammy jarif llanga mmiroslaw-mails-ham
mmiroslaw-mails-spam; day 3: axb-coi-bulk axb-generic axb-ham-misc
ena-week1 ena-week4 giovanni-ham giovanni-spam giovanni-spammy jarif
jbrooks llanga mmiroslaw-mails-ham mmiroslaw-mails-spam sihde
+# with results from: day 1: axb-coi-bulk axb-generic axb-ham-misc
darxus ena-week0 ena-week1 ena-week2 ena-week3 ena-week4 giovanni-ham
giovanni-spam giovanni-spammy grenier hege jarif jbrooks
mmiroslaw-mails-ham mmiroslaw-mails-spam pds sihde spamsponge thendrikx;
day 2: axb-coi-bulk axb-generic axb-ham-misc ena-week1 ena-week2
ena-week3 ena-week4 giovanni-ham giovanni-spam giovanni-spammy jarif
jbrooks llanga mmiroslaw-mails-ham mmiroslaw-mails-spam sihde; day 3:
ena-week3 ena-week4 giovanni-ham giovanni-spam giovanni-spammy jarif
llanga mmiroslaw-mails-ham mmiroslaw-mails-spam
# tflags publish
AC_BR_BONANZA
+ echo 'Committing promotions in rules/active.list...'
Committing promotions in rules/active.list...
+ svn commit -m 'promotions validated' rules/active.list
Sending rules/active.list
Transmitting file data .done
Committing transaction...
Committed revision 1858900.
+ /usr/bin/perl masses/rule-qa/list-bad-rules
++ date +%w
+ [[ 3 = 3 ]]
+ echo 'From: nore...@sa-vm1.apache.org (Rules Report Cron)'
+ echo 'Subject: [auto] bad sandbox rules report'
+ echo
+ cat /var/www/ruleqa.spamassassin.org/reports/badrules.txt
+ /usr/sbin/sendmail -oi d...@spamassassin.apache.org
+ for VER in '$VERSIONS'
+ make_tarball_for_version 3.4.2
+ version=3.4.2
+ tmpdir=/usr/local/spamassassin/automc/tmp/stage/3.4.2
+ rm -rf /usr/local/spamassassin/automc/tmp/stage/3.4.2
+ mkdir -p /usr/local/spamassassin/automc/tmp/stage/3.4.2
+ make clean
rm -f \
SpamAssassin.bso SpamAssassin.def \
SpamAssassin.exp SpamAssassin.x \
blib/arch/auto/Mail/SpamAssassin/extralibs.all \
blib/arch/auto/Mail/SpamAssassin/extralibs.ld Makefile.aperl \
*.a *.o \
*perl.core MYMETA.json \
MYMETA.yml blibdirs.ts \
core core.*perl.*.? \
core.[0-9] core.[0-9][0-9] \
core.[0-9][0-9][0-9] core.[0-9][0-9][0-9][0-9] \
core.[0-9][0-9][0-9][0-9][0-9] libSpamAssassin.def \
mon.out perl \
perl perl.exe \
perlmain.c pm_to_blib \
pm_to_blib.ts so_locations \
tmon.out rm -rf \
*.cache blib \
doc pod2htm* \
qmail rules/*.pm \
rules/70_inactive.cf sa-awl \
sa-check_spamd sa-compile \
sa-learn sa-update \
spamassassin spamc/*.cache \
spamc/*.o* spamc/*.so \
spamc/Makefile spamc/config.h \
spamc/config.log spamc/config.status \
spamc/qmail-spamc spamc/replace/*.o* \
spamc/spamc spamc/spamc.h \
spamc/version.h spamd/*spamc* \
spamd/spamd t/bayessql.cf \
t/do_net t/log \
t/sql_based_whitelist.cf version.env mv Makefile Makefile.old >
/dev/null 2>&1
+ /usr/bin/perl Makefile.PL
PREFIX=/usr/local/spamassassin/automc/tmp/stage/3.4.2
What email address or URL should be used in the suspected-spam report
text for users who want more information on your filter installation?
(In particular, ISPs should change this to a local Postmaster contact)
default text: [the administrator of that system] the administrator of
that system

NOTE: settings for "make test" are now controlled using "t/config.dist".
See that file if you wish to customize what tests are run, and how.

checking module dependencies and their versions...

***
NOTE: the optional Digest::SHA1 module is not installed.

The Digest::SHA1 module is still required by the Razor2 plugin.
Other modules prefer Digest::SHA, which is a Perl base module.

Re: /tags nightly commits

[Kevin A. McGrail]

Resending with correct dev list :-)

On 5/5/2019 6:10 AM, Paul Stead wrote:
> Promotions and tags still seem to be a little problematic at the moment. A
> run of build/mkupdates/listpromotable locally shows +300 lines difference
> to active.list over the one being submitted.

Before I deal with this issue:

+Dev.

TL;DR: REMINDER: PLEASE use a make test on your local checkout before
committing!

We had two issues.  It appears an svn commit failed on a release and
that left cruft that was colliding for commit.  That issue was caused by
a manual edit to active.list:

Revision *1854477*
 - (view
)
(download
)
(annotate
)
- [select for diffs]


Modified /Wed Feb 27 18:16:20 2019 UTC/ (2 months ago) by /gbechis/
File length: 15052 byte(s)
Diff to previous 1854447

(colored
)


Switch to https and fix some 404 errors
bz #7652

The second issue is a continuing one and that is committers submitting
without 'make test' first.  This occurred in January when I tried to
build the last release.  If the svn for trunk including rules is broken,
it will break masscheck, etc.  We are currently passing again so just a
friendly reminder.  It takes a village to stop a spammer :-)


So  now, what I see in the logs is that the commit didn't occur but
there is no error, nothing.  Checking
http://svn.apache.org/viewvc/spamassassin/trunk/rules/active.list?view=log
concurs:

5/5 (note that Committing promotions is NOT followed by an svn commit)

+ echo 'Committing promotions in rules/active.list...'
+ svn commit -m 'promotions validated' rules/active.list
Committing promotions in rules/active.list...
+ /usr/bin/perl masses/rule-qa/list-bad-rules

5/4 (example where the commit worked)
+ echo 'Committing promotions in rules/active.list...'
Committing promotions in rules/active.list...
+ svn commit -m 'promotions validated' rules/active.list
Sendingrules/active.list
Transmitting file data .done
Committing transaction...
Committed revision 1858595.


I'm out of time to keep pursuing this but hoping someone else can look
at it.

Regards,

KAM

Re: /tags nightly commits

[Kevin A. McGrail]

On 5/5/2019 6:10 AM, Paul Stead wrote:
> Promotions and tags still seem to be a little problematic at the moment. A
> run of build/mkupdates/listpromotable locally shows +300 lines difference
> to active.list over the one being submitted.

Before I deal with this issue:

+Dev.

TL;DR: REMINDER: PLEASE use a make test on your local checkout before
committing!

We had two issues.  It appears an svn commit failed on a release and
that left cruft that was colliding for commit.  That issue was caused by
a manual edit to active.list:

Revision *1854477*
 - (view
)
(download
)
(annotate
)
- [select for diffs]


Modified /Wed Feb 27 18:16:20 2019 UTC/ (2 months ago) by /gbechis/
File length: 15052 byte(s)
Diff to previous 1854447

(colored
)


Switch to https and fix some 404 errors
bz #7652

The second issue is a continuing one and that is committers submitting
without 'make test' first.  This occurred in January when I tried to
build the last release.  If the svn for trunk including rules is broken,
it will break masscheck, etc.  We are currently passing again so just a
friendly reminder.  It takes a village to stop a spammer :-)


So  now, what I see in the logs is that the commit didn't occur but
there is no error, nothing.  Checking
http://svn.apache.org/viewvc/spamassassin/trunk/rules/active.list?view=log
concurs:

5/5 (note that Committing promotions is NOT followed by an svn commit)

+ echo 'Committing promotions in rules/active.list...'
+ svn commit -m 'promotions validated' rules/active.list
Committing promotions in rules/active.list...
+ /usr/bin/perl masses/rule-qa/list-bad-rules

5/4 (example where the commit worked)
+ echo 'Committing promotions in rules/active.list...'
Committing promotions in rules/active.list...
+ svn commit -m 'promotions validated' rules/active.list
Sendingrules/active.list
Transmitting file data .done
Committing transaction...
Committed revision 1858595.


I'm out of time to keep pursuing this but hoping someone else can look
at it.

Regards,

KAM

Re: /tags nightly commits

[Kevin A. McGrail]

Adding sysadmins@

Dave, I am guessing something got left in a previous run when svn
commit's failed.  Can you or I delete a check out dir that is cruft? 
I'm thinking a run went bad in february and couldn't commit.  I figure
it should re-export, etc.?

Regards,KAM

On 5/1/2019 5:59 AM, Paul Stead wrote:
> Howdy!
>
> As per -
> https://lists.apache.org/thread.html/984ee3c26163e0281727256eabf0f29079a3fc053664416f58581ba0@%3Csysadmins.spamassassin.apache.org%3E
>
> It looks as though the /tags commit is broken too -
> http://svn.apache.org/viewvc/spamassassin/tags/?view=log
>
> ---8<---
>
> t/basic_lint_without_sandbox.t ..
> okhttps://lists.apache.org/thread.html/984ee3c26163e0281727256eabf0f29079a3fc053664416f58581ba0@%3Csysadmins.spamassassin.apache.org%3E
> depends on __DKIMWL_WL_HI which is nonexistent
> FSL_BULK_SIG depends on __DKIMWL_WL_HI which is nonexistent
>
> #   Failed test at t/basic_meta.t line 93.
> # Looks like you failed 1 test of 2.
> t/basic_meta.t ..
> Dubious, test returned 1 (wstat 256, 0x100)
> Failed 1/2 subtests
>
> ---8<---
>
> The sub rule does exist, but FSL_BULK_SIG doesn't depend on
> __DKIMWL_WL_HI any more.
>
> It looks as though the SVN that is being worked with isn't up to date
> for some reason.
>
> Paul
>

-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Fwd: checkDNShosting.sh on sa-vm1.apache.org - 110 DNS hosting issues found

[Kevin A. McGrail]

Looks like maybe sonic has lost a name server?



 Forwarded Message 
Subject:checkDNShosting.sh on sa-vm1.apache.org - 110 DNS hosting
issues found
Date:   Wed, 1 May 2019 07:20:52 + (UTC)
From:   root 
Reply-To:   sysadmins@spamassassin.apache.org
To: sysadmins@spamassassin.apache.org




spamassassin.org:
=
Registry Expiry Date: 2019-12-17T02:01:49Z

a.auth-ns.sonic.net:
-
..done

Results:
Matches: 110
Mis-matches: 0

b.auth-ns.sonic.net:
-
X
(MIS-MATCH) query: 134.88.73.210.sb.dnsbltest.spamassassin.org.
Expected: 3600 IN TXT "0-0=1|1=Spammer
Networks|2=7.2|3=7.1|4=1537186|6=1060085863|7=80|8=12288|9=129|20=yh6.|21=example.com|23=6.5|24=6.1|25=1080071572|40=6.3|41=6.1|45=N|49=1.00"
Received: None
X
(MIS-MATCH) query: www.eu3.spamassassin.org.
Expected: 3600 IN CNAME www.apache.org.
Received: None
X
(MIS-MATCH) query: au.spamassassin.org.
Expected: 3600 IN CNAME www.apache.org.
Received: None
X
(MIS-MATCH) query: eu.spamassassin.org.
Expected: 3600 IN CNAME www.apache.org.
Received: None
X
(MIS-MATCH) query: bbmass-trunk.spamassassin.org.
Expected: 3600 IN CNAME sa-vm1.apache.org.
Received: None
X
(MIS-MATCH) query: apachesf.spamassassin.org.
Expected: 3600 IN A 64.142.56.146
Received: None
X
(MIS-MATCH) query: 0.0.4.updates.spamassassin.org.
Expected: 3600 IN CNAME 3.3.3.updates.spamassassin.org.
Received: None
X
(MIS-MATCH) query: 0.4.3.updates.spamassassin.org.
Expected: 3600 IN TXT "1858410"
Received: None
X
(MIS-MATCH) query: mirrors.updates.spamassassin.org.
Expected: 3600 IN TXT "http://spamassassin.apache.org/updates/MIRRORED.BY;
Received: None
X
(MIS-MATCH) query: bugzilla.spamassassin.org.
Expected: 3600 IN CNAME issues.apache.org.
Received: None
X
(MIS-MATCH) query: www.spamassassin.org.
Expected: 3600 IN CNAME www.apache.org.
Received: None
X
(MIS-MATCH) query: ena.com.dnsbltest.spamassassin.org.
Expected: 3600 IN A 127.0.0.8
Received: None
X
(MIS-MATCH) query: t2048b._domainkey.sa-test.spamassassin.org.
Expected: 3600 IN TXT "v=DKIM1; " "n=A very long human-readable note
text, intended to result in " "a DNS UDP response exceeding the 512
bytes limit, requiring a " "resolver to use a TCP query or EDNS support
at both ends, and " "no broken or misconfigured firewall inbetween; p="
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eISVGRr1njbT7LVYOp6"
"LxNGlry1t65IVpFfvgIdGeF3hW3f3CXHsmVWGtb3nLFpelsTeXIVwHUE81xAHN6V"
"eMiCoRcQffES5Z5/k68N+UxsLuLq3uiZNXcKLew6SDB06oRSvBbvskjNes1z4Tpg"
"QnUFWCzb5STMUZxG65a4Mkk7mX9X3sRrvm97EZ8U/LeLOz4IUmv7HbHph5CSyuf4"
"fQrUN0GFr2HydC4/DbPqWdCmx4bq+7slE609dUL19ZMv9LYI7E6cpVeX7RmciRTn"
"H7jOVQ6RvIav2REzY5KksgL7eAeV/QYLqSAaFZqYKJjYiZj+6p47ef5u+Cd8GrCj"
"WQIDAQAB"
Received: None
X
(MIS-MATCH) query: uswest.spamassassin.org.
Expected: 3600 IN CNAME www.apache.org.
Received: None
X
(MIS-MATCH) query: ns1.kluge.net.dnsbltest.spamassassin.org.
Expected: 3600 IN A 127.0.0.16
Received: None
X
(MIS-MATCH) query: sa-update.spamassassin.org.
Expected: 3600 IN A 64.142.56.146
Received: None
X
(MIS-MATCH) query: t1536._domainkey.sa-test.spamassassin.org.
Expected: 3600 IN TXT "v=DKIM1; p="
"MIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQDIAN5z8+epaLN3gZs8M7ePZJCU"
"DgZQ14pSaf2BsTBfyfUXyNEgpAGtxVWFMIrdpt+WJ7Hs2kLYFqhpQeOPp3EpI2cZ"
"zczEgVzRylC6pkWUVnkl1o0uot7TAcJNY6bbsBo9O5Ln7Ob+kfSJOvxNmtekgNox"
"PSDVq4cABT66ImJg6NraPUwNBbOl3iGWmArs3NWJtSIN7kOghTW0zC4dzLWbsqQj"
"nWPotZ3PJAhBs2u3XT1e9t0fl2unuDtNTjXhV+cCAwEAAQ=="
Received: None
X
(MIS-MATCH) query: 0.3.3.updates.spamassassin.org.
Expected: 3600 IN TXT "1858410"
Received: None
X
(MIS-MATCH) query: _adsp._domainkey.unk.sa-test.spamassassin.org.
Expected: 86400 IN TXT "dkim=unknown"
Received: None
X
(MIS-MATCH) query: *.1.3.sought.updates.spamassassin.org.
Expected: 3600 IN TXT "310795847"
Received: None
X
(MIS-MATCH) query: eu3.spamassassin.org.
Expected: 3600 IN CNAME www.apache.org.
Received: None
X
(MIS-MATCH) query: ie.spamassassin.org.
Expected: 3600 IN CNAME www.apache.org.
Received: None
X
(MIS-MATCH) query: _adsp._domainkey.foo.sa-test.spamassassin.org.
Expected: 86400 IN TXT "dkim=foobar"
Received: None
X
(MIS-MATCH) query: _adsp._domainkey.dis.sa-test.spamassassin.org.
Expected: 86400 IN TXT "dkim=discardable"
Received: None
X
(MIS-MATCH) query: 226.149.120.193.dnsbltest.spamassassin.org.
Expected: 3600 IN A 127.0.0.1
Received: None
X
(MIS-MATCH) query: 226.149.120.193.dnsbltest.spamassassin.org.
Expected: 3600 IN TXT "whitelisted sender"
Received: None
X
(MIS-MATCH) query: uribl-example-c.com.dnsbltest.spamassassin.org.
Expected: 3600 IN A 127.0.0.6
Received: None
X
(MIS-MATCH) query: spamassassin.org.
Expected: 3600 IN SOA ns2.pccc.com. pmc.spamassassin.apache.org.
2019050105 7200 3600 604800 3600
Received: None
X
(MIS-MATCH) query: spamassassin.org.
Expected: 3600 IN A 192.87.106.226
Received: None
X
(MIS-MATCH) query: 

Re: Promotions?

[Kevin A. McGrail]

Good find.

I've moved the files to a dir in my home dir

/home/kmcgrail/conflict-2019-04-30/

-rw-rw-r-- 1 automc   automc   14679 Apr 30 18:00 active.list
-rw-rw-r-- 1 automc   automc   14462 Feb 28 08:31 active.list.mine
-rw-rw-r-- 1 automc   automc   15051 Feb 28 08:31 active.list.r1854447
-rw-rw-r-- 1 automc   automc   15052 Feb 28 08:31 active.list.r1854508

I then reverted active.list and expect tonight it should run ok...

On 4/30/2019 1:21 PM, Paul Stead wrote:
> I've found the nightly cron output:
>
> https://lists.apache.org/thread.html/e4723655cd8ed1101e5911b3d9ba8682b3f25c0ad52db4202ed72366@%3Csysadmins.spamassassin.apache.org%3E
>
> ...
> + svn commit -m 'promotions validated' rules/active.list
> svn: E155015: Commit failed (details follow):
> svn: E155015: Aborting commit:
> '/usr/local/spamassassin/automc/svn/trunk/rules/active.list' remains
> in conflict
> + /usr/bin/perl masses/rule-qa/list-bad-rules
> ...
>
>
> There's a conflict on the svn, cleaning up the repo might be all it needs
>
> On Tue, 30 Apr 2019 at 18:13, Paul Stead  wrote:
>
>> Hmm - still no updates. It seems that the affected lines are in
>>
>> build/mkupdates/run_nightly
>>
>> Line 23-28 is where it looks like the commit happens - line 23 has an
>> output file that does seem to be being updated if the HTTP date is to be
>> trusted (it's changed the last two days):
>>
>> https://ruleqa.spamassassin.org/reports/LATEST
>>
>> So I think I've found the problematic line - I don't have any access to
>> the infra for ruleqa - does anyone have the ability to give the box a poke?
>> I'd also be happy to look at this if required and access could be provided?
>>
>>
>> Paul
>>
>> On Mon, 29 Apr 2019 at 17:15, Giovanni Bechis  wrote:
>>
>>> On 4/29/19 6:01 PM, Paul Stead wrote:
>>>> Hiya,
>>>>
>>>> I've had my eye on some rules in QA over the last few months, rules
>>> I've expected to be promoted haven't been.
>>>> I notice that
>>> http://svn.apache.org/viewvc/spamassassin/trunk/rules/active.list?view=log
>>> stopped being updated since Wed Feb 27 08:30:20 2019 UTC
>>>> Does this look right?
>>>>
>>> No,
>>> and the latest commit to build/mkrules has been done on 2019-02-26
>>> 01:13:11 +0100
>>>
>>>  Giovanni
>>>

-- 
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Fwd: Rule updates are too old - 2019-04-23 3.3.0:2019-04-22 3.3.1:2019-04-22 3.3.2:2019-04-22

[Kevin A. McGrail]

I noticed a crashplan failure.  Does sa vm1 need a reboot?

-- Forwarded message -
From: 
Date: Tue, Apr 23, 2019, 07:00
Subject: Rule updates are too old - 2019-04-23 3.3.0:2019-04-22
3.3.1:2019-04-22 3.3.2:2019-04-22
To: , 


SpamAssassin version 3.3.0 has not had a rule update since 2019-04-22.
SpamAssassin version 3.3.1 has not had a rule update since 2019-04-22.
SpamAssassin version 3.3.2 has not had a rule update since 2019-04-22.

20190422:  Spam and ham are above threshold of 150,000:
http://ruleqa.spamassassin.org/?daterev=20190422
20190422:  Spam: 1865859, Ham: 357633


The spam and ham counts on which this script alerts are from
http://ruleqa.spamassassin.org/?daterev=20190422
Click "(source details)" (it's tiny and low contrast).
It's from the second and third columns of the line that ends with
"(all messages)"

The source to this script is
http://www.chaosreigns.com/sa/update-version-mon.pl

It looks like both the weekly and nightly masschecks need to have sufficient
corpora in order for an update to be generated.

Fwd: Mass-check RSYNC

[Kevin A. McGrail]

FYI



 Forwarded Message 
Subject:Re: Mass-check RSYNC
Date:   Sat, 20 Apr 2019 14:29:36 +0100
From:   Paul Stead 
To: priv...@spamassassin.apache.org



Didn't mention this is manually scored and sorted ham/spam from domains
I personally own

Thanks!

On Sat, 20 Apr 2019 at 14:24, Paul Stead mailto:paul.st...@gmail.com>> wrote:

Hiya,

Can I get a masscheck rsync account please? Ready to start
contributing my corpus.

Paul

Fwd: [Bug 7706] New: Connection to spamassassin.apache.org times out

[Kevin A. McGrail]

Anyone have a thought?



 Forwarded Message 
Subject:[Bug 7706] New: Connection to spamassassin.apache.org times out
Date:   Thu, 11 Apr 2019 13:44:14 +
From:   bugzilla-dae...@spamassassin.apache.org
To: d...@spamassassin.apache.org



https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7706

Bug ID: 7706
Summary: Connection to spamassassin.apache.org times out
Product: Spamassassin
Version: 3.4.0
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sa-update
Assignee: d...@spamassassin.apache.org
Reporter: ma...@entekadesign.com
Target Milestone: Undefined

I am running spamassassin 3.4.0 on Centos 7.6 in a DigitalOcean VPS. The
following cronjob runs nightly, returning the following error:

/usr/share/spamassassin/sa-update.cron

error: unable to refresh mirrors file for channel updates.spamassassin.org,
using old file

Apparently, my droplet isn't reaching the relevant servers. Testing
connection
with telnet:

[root@mail ~]# telnet -d spamassassin.apache.org 443
Trying 95.216.24.32...
telnet: connect to address 95.216.24.32: Connection timed out
Trying 40.79.78.1...
telnet: connect to address 40.79.78.1: Connection timed out
Trying 2a01:4f9:2a:185f::2...
telnet: connect to address 2a01:4f9:2a:185f::2: Network is unreachable

Testing connection with curl:

[root@mail ~]# curl -v -I spamassassin.apache.org
* About to connect() to spamassassin.apache.org port 80 (#0)
* Trying 95.216.24.32...
* Connection timed out
* Trying 40.79.78.1...
* After 86336ms connect time, move on!
* Trying 2a01:4f9:2a:185f::2...
* Failed to connect to 2a01:4f9:2a:185f::2: Network is unreachable
* Failed connect to spamassassin.apache.org:80; Network is unreachable
* Closing connection 0
curl: (7) Failed to connect to 2a01:4f9:2a:185f::2: Network is unreachable

Testing with traceroute:

[root@mail ~]# traceroute -T spamassassin.apache.org
traceroute to spamassassin.apache.org (40.79.78.1), 30 hops max, 60 byte
packets
1 67.205.144.253 (67.205.144.253) 0.868 ms 67.205.144.254 (67.205.144.254)
0.848 ms 0.827 ms
2 138.197.251.98 (138.197.251.98) 2.929 ms 138.197.248.86 (138.197.248.86)
0.870 ms 138.197.251.98 (138.197.251.98) 2.903 ms
3 138.197.248.70 (138.197.248.70) 0.780 ms nyc-76e-1.ntwk.msn.net
(198.32.118.18) 1.097 ms 138.197.248.70 (138.197.248.70) 0.757 ms
4 nyc-76e-1.ntwk.msn.net (198.32.118.18) 0.998 ms
be-75-0.ibr02.nyc30.ntwk.msn.net (104.44.10.99) 11.754 ms
nyc-76e-1.ntwk.msn.net (198.32.118.18) 1.064 ms
5 be-75-0.ibr02.nyc30.ntwk.msn.net (104.44.10.99) 11.856 ms 11.838 ms
11.744 ms
6 be-5-0.ibr01.bn6.ntwk.msn.net (104.44.16.47) 11.726 ms
be-7-0.ibr02.bn6.ntwk.msn.net (104.44.16.49) 11.283 ms
be-5-0.ibr01.bn6.ntwk.msn.net (104.44.16.47) 11.205 ms
7 be-5-0.ibr01.bn6.ntwk.msn.net (104.44.16.47) 11.310 ms
ae163-0.icr04.bn6.ntwk.msn.net (104.44.21.76) 13.312 ms
be-5-0.ibr01.bn6.ntwk.msn.net (104.44.16.47) 11.101 ms
8 * ae160-0.icr01.bn6.ntwk.msn.net (104.44.21.70) 10.754 ms
ae143-0.icr04.bn6.ntwk.msn.net (104.44.21.68) 10.744 ms
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
DigitalOcean support can't help. Could my IP be blocked? What else could
explain this behavior? Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.

Re: Let's Encrypt certificate expiration notice for domain "ruleqa.spamassassin.org"

[Kevin A. McGrail]

I moderated this through.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Tue, Apr 2, 2019 at 7:00 PM Let's Encrypt Expiry Bot <
exp...@letsencrypt.org> wrote:

> Hello,
>
> Your certificate (or certificates) for the names listed below will expire
> in 19 days (on 22 Apr 19 22:20 +). Please make sure to renew your
> certificate before then, or visitors to your website will encounter errors.
>
> We recommend renewing certificates automatically when they have a third of
> their
> total lifetime left. For Let's Encrypt's current 90-day certificates, that
> means
> renewing 30 days before expiration. See
> https://letsencrypt.org/docs/integration-guide/ for details.
>
> ruleqa.spamassassin.org
>
> For any questions or support, please visit
> https://community.letsencrypt.org/. Unfortunately, we can't provide
> support by email.
>
> If you are receiving this email in error, unsubscribe at
> http://mandrillapp.com/track/unsub.php?u=30850198=e536edf83678494ea281fd558714e45a.o7n7n7eL6dS9%2FSnODhkdlF5fmSw%3D=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dsysadmins%2540spamassassin.apache.org
>
> You may need to update your client to the latest version in case it is
> still using the deprecated TLS-SNI-01 validation method.
> https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209
>
> Step-by-step instructions for updating Certbot are here:
> https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210
>
> Regards,
> The Let's Encrypt Team
>

Re: checkSAupdateMirrors.sh on sa-vm1.apache.org - 0 mirrors DOWN, 16 mirrors STALE

[Kevin A. McGrail]

I think rsync might be down if anyone can look.

On Sat, Mar 23, 2019, 00:43 root  Fetching sa-update URLs from
> http://spamassassin.apache.org/updates/MIRRORED.BY
>
> http://sa-update.dnswl.org/ (116.203.4.105): UP (STALE since 1553307421)
>
> http://www.sa-update.pccc.com/ (69.171.29.42): UP (STALE since 1553307421)
>
> http://sa-update.secnap.net/ (204.89.241.6): UP (STALE since 1553307421)
>
> http://sa-update.space-pro.be/ (176.28.55.20): UP (STALE since 1553307421)
>
> http://sa-update.ena.com/ (96.4.1.5): UP (STALE since 1553307421)
>
> http://sa-update.ena.com/ (96.5.1.5): UP (STALE since 1553307421)
>
> http://sa-update.razx.cloud/ (104.27.152.42): UP (STALE since 1553307421)
>
> http://sa-update.razx.cloud/ (104.27.153.42): UP (STALE since 1553307421)
>
> http://sa-update.fossies.org/ (138.201.17.217): UP (STALE since
> 1553307421)
>
> http://sa-update.verein-clean.net/ (37.252.120.157): UP (STALE since
> 1553307421)
>
> http://sa-update.verein-clean.net/ (148.251.212.58): UP (STALE since
> 1553307421)
>
> http://sa-update.verein-clean.net/ (148.251.29.131): UP (STALE since
> 1553307421)
>
> http://sa-update.verein-clean.net/ (37.252.124.130): UP (STALE since
> 1553307421)
>
> http://sa-update.bitwell.fi/ (104.31.74.190): UP (STALE since 1553307421)
>
> http://sa-update.bitwell.fi/ (104.31.75.190): UP (STALE since 1553307421)
>
> http://sa-update.spamassassin.org/ (64.142.56.146): UP (STALE since
> 1553307421)
>

Fwd: rsync account request

[Kevin A. McGrail]

FYI, can the sysadmins group address this, please?



 Forwarded Message 
Subject:rsync account request
Date:   Thu, 14 Feb 2019 10:45:42 +
From:   Paul Fowler 
To: priv...@spamassassin.apache.org 



Hi,

 

It is unclear from the spamassassin wiki if you are still excepting
masscheck contributors as the acceptance date was over 6 years ago. If
you are then I believe I can contribute.

I am working on a small project to improve our custom rules. I have
setup and tested locally masscheck against some small spam and ham data
set’s and I would like to take it one step further and start
contributing data back to the project. I am currently working on putting
together some decent corpus to run larger tests with. Ideally my plan
would be to run 2 jobs, one for our own rules and one for spamassassin
rules.

 

Thanks & Regards,

Paul  

Re: Action required: Let's Encrypt certificate renewals

[Kevin A. McGrail]

Thanks.

On 1/29/2019 11:19 PM, Dave Jones wrote:
> On 1/29/19 1:35 PM, Kevin A. McGrail wrote:
>> On 1/29/2019 2:25 PM, Dave Jones wrote:
>>> On 1/29/19 10:20 AM, Bill Cole wrote:
>>>> On 29 Jan 2019, at 10:25, Kevin A. McGrail wrote:
>>>
>>> So is this fixed on the sa-vm1.apache.org server or do I need to fix
>>> it still?
>>>
>>> FYI, I found a better method for LE verification using the DNS-01
>>> method and a wrapper hook to ACME DNS:
>>>
>>> http://docs.cert-manager.io/en/master/reference/issuers/acme/dns01/acme-dns.html
>>>
>>>
>>>
>>> I setup the ACME DNS go server on auth.ena.net so I can host my own
>>> _acme-challenge records via a CNAME.  You can use the author's
>>> auth.acme-dns.io server to get started.  At home I set this up on my
>>> pfSense firewall using the acme package.  Now I have a wildcard cert
>>> that I pull from my pfSense firewall to my raspi and push out to all
>>> of my web servers so I have https everywhere and no annoying cert
>>> warnings.
>>>
>>> ACME DNS allows for a server that is not reachable by the Internet to
>>> be a central repository for all of your LE certs and automated
>>> renewals. Then you push out the certs to all of your servers using
>>> your favorite tool like Ansible, Puppet, Chef, Salt, shell script, etc.
>>>
>>> Dave
>>
>> This is NOT fixed.  Bill and I were talking about it at work on a non-SA
>> box and I thought it was interesting.
>>
>
> I changed the challenge to use acme-dns and generated a wildcard cert
> successfully which is live now.
>
> https://www.ssllabs.com/ssltest/analyze.html?d=ruleqa.spamassassin.org
>
> # cat /etc/letsencrypt/renewal/spamassassin.org.conf
> [renewalparams]
> pref_challs = dns-01,
> manual_auth_hook = /etc/letsencrypt/acme-dns-auth.py
>
>
> # head /etc/letsencrypt/acme-dns-auth.py
> .
> .
> .
> # URL to acme-dns instance
> ACMEDNS_URL = "https://auth.acme-dns.io;
>
>
> Dave


-- 
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Fwd: Action required: Let's Encrypt certificate renewals

[Kevin A. McGrail]

FYI, I think this is your territory, Dave

Bill had some interesting experience with the issue so cc'ing him.



 Forwarded Message 
Subject:Action required: Let's Encrypt certificate renewals
Date:   Tue, 29 Jan 2019 02:14:39 +
From:   nore...@letsencrypt.org
Reply-To:   sysadmins@spamassassin.apache.org
To: sysadmins@spamassassin.apache.org



Hello,

Action may be required to prevent your Let's Encrypt certificate renewals
from breaking.

If you already received a similar e-mail, this one contains updated
information.

Your Let's Encrypt client used ACME TLS-SNI-01 domain validation to issue
a certificate in the past 60 days. Below is a list of names and IP
addresses validated (max of one per account):

ruleqa.spamassassin.org (62.210.60.231) on 2018-11-23

TLS-SNI-01 validation is reaching end-of-life. It will stop working
temporarily on February 13th, 2019, and permanently on March 13th, 2019.
Any certificates issued before then will continue to work for 90 days
after their issuance date.

You need to update your ACME client to use an alternative validation
method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your
certificate renewals will break and existing certificates will start to
expire.

Our staging environment already has TLS-SNI-01 disabled, so if you'd like
to test whether your system will work after February 13, you can run
against staging: https://letsencrypt.org/docs/staging-environment/

If you're a Certbot user, you can find more information here:
https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210

Our forum has many threads on this topic. Please search to see if your
question has been answered, then open a new thread if it has not:
https://community.letsencrypt.org/

For more information about the TLS-SNI-01 end-of-life please see our API
announcement:
https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209

Thank you,
Let's Encrypt Staff

Re: Review of Targeted Sponsorship offerings for Apache SpamAssassin

[Kevin A. McGrail]

Conflict of Interest Disclosure, sorry about that.

On 1/19/2019 4:25 PM, Sidney Markowitz wrote:
> Hi Kevin,
>
> That looks fine as a response except that I have no idea what "COID"
> means and neither does a Google search.
>
>  Sidney
>
> > Draft Response:
> >
> > Hi Sally, Please keep the SA targeted sponsors the same for 2019.
> >
> > Sonic donates DNS and updates via a machine donation  which is also
> sa-update.spamassassin.org.
> > PCCC donates DNS and updates.  COID this is my old firm.
> > ENA donates DNS and updates.
> >
> > Regards,
> > KAM on behalf of the SA PMC
> >


-- 
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: Review of Targeted Sponsorship offerings for Apache SpamAssassin

[Kevin A. McGrail]

It's all good.  I was looking for ENA not Education Networks of America.
False alarm on that part.
--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Sat, Jan 19, 2019 at 11:56 AM David Jones  wrote:

> I thought I had sent back the signed last page of the agreement on Feb 5,
> 2018 but I may have forwarded it incorrectly.  Kevin, should I send it to
> you now?
>
> Thanks,
> Dave
>
> --
> *From:* Kevin A. McGrail 
> *Sent:* Saturday, January 19, 2019 8:07 AM
> *To:* Sidney Markowitz
> *Cc:* SpamAssassin PMC List; SpamAssassin Sysadmins; David Jones
> *Subject:* Re: Review of Targeted Sponsorship offerings for Apache
> SpamAssassin
>
> +sysadmins
>
> Hi Sidney,
>
> Sure, I can take point.
>
> All, I don't recommend any changes for 2019 for our targeted sponsors.
> Here's the sponsors we have:
> Sonic.net Bronze SpamAssassin Revisit Annually on 12/31 to confirm
> Y sonic.net MACHINE, DNS & SA-UPDATES done Joe Muller
>  
> PCCC.com Bronze SpamAssassin Revisit Annually on 12/31 to confirm
> Y www.pccc.com DNS & SA-UPDATES done kevin.mcgr...@pccc.com
> ENA Bronze SpamAssassin Revisit Annually on 12/31 to confirm
> Y
> DNS & SA-UPDATES Done David Jones  
>
> From my notes from last year and those who donate SA mirrors: "After more
> discussions re: ASF Mirrors and Infra, we are not recognizing these. "
>
> David, it doesn't look like we recognize ENA on the thanks page.  What was
> the status on that?  Were we still held up on the agreement?
>
> Perhaps this information could be added to our wiki as a thanks page?  I
> always had access to it in the master sponsor spreadsheet
>
> Draft Response:
>
> Hi Sally, Please keep the SA targeted sponsors the same for 2019.
>
> Sonic donates DNS and updates via a machine donation  which is also
> sa-update.spamassassin.org.
> PCCC donates DNS and updates.  COID this is my old firm.
> ENA donates DNS and updates.
>
> Regards,
> KAM on behalf of the SA PMC
>
>
> I vote +1 on the response but very open to changes from wordsmithing to
> changing the plan.  Please respond my 1/23 so we can meet fundraising's
> deadline.
>
> Regards,
> KAM
>
> On 1/19/2019 12:06 AM, Sidney Markowitz wrote:
>
> Hi Kevin,
>
> You are more on top of these than I am. Can you take point on formulating
> a reply (with suitable participation by everyone in as much as "what we
> would like" is a matter of PMC policy) and also consider where such things
> could be documented so that they are available to the PMC instead of in
> someone's head?
>
> Thanks,
>
>  Sidney
>
> Sally Khudairi wrote on 19/01/19 5:33 PM:
>
> Hello Apache SpamAssassin PMC --I hope you are all well.
>
> A quick note to let you know that I will be your primary point of contact
> at the ASF with regard to Targeted Sponsorships alongside VP Fundraising
> Daniel Ruggeri (copied).
>
> I understand that services from ENA, PCCC.com, and Sonic.net have been
> offered to your project as a Targeted Sponsorship to the ASF.
>
> I was wondering if you'd be able to fill me in on the details with respect
> to the services each sponsor provides, and to let me know which sponsors
> you'd like us to:
>
> a) keep the same arrangement for 2019 (or longer);
> b) keep the sponsorship but upgrade it to XYZ (I can bring you in when the
> time comes);
> c) terminate the relationship
>
>
> Would it be possible to have this information by Wednesday 23 January?
> Many thanks in advance for your help with this!
>
> Warmest regards,
> Sally
>
> - - -
> Vice President Marketing & Publicity
> Vice President Sponsor Relations
> The Apache Software Foundation
>
> Tel +1 617 921 8656 | s...@apache.org
>
>
>
> --
> Kevin A. McGrail
> VP Fundraising, Apache Software Foundation
> Chair Emeritus Apache SpamAssassin 
> Projecthttps://www.linkedin.com/in/kmcgrail - 703.798.0171
>
>

Re: Review of Targeted Sponsorship offerings for Apache SpamAssassin

[Kevin A. McGrail]

+sysadmins

Hi Sidney,

Sure, I can take point. 

All, I don't recommend any changes for 2019 for our targeted sponsors. 
Here's the sponsors we have:
Sonic.net   Bronze  SpamAssassinRevisit Annually on 12/31 to confirm
Y   sonic.net <http://sonic.net>MACHINE, DNS & SA-UPDATES   
doneJoe
Muller 
PCCC.com <http://PCCC.com>  Bronze  SpamAssassinRevisit Annually on
12/31 to confirm
Y   www.pccc.com <http://www.pccc.com>  DNS & SA-UPDATES
done
kevin.mcgr...@pccc.com
ENA Bronze  SpamAssassinRevisit Annually on 12/31 to confirm
Y   
DNS & SA-UPDATESDoneDavid Jones 


>From my notes from last year and those who donate SA mirrors: "After
more discussions re: ASF Mirrors and Infra, we are not recognizing these. "

David, it doesn't look like we recognize ENA on the thanks page.  What
was the status on that?  Were we still held up on the agreement?

Perhaps this information could be added to our wiki as a thanks page?  I
always had access to it in the master sponsor spreadsheet

Draft Response:

Hi Sally, Please keep the SA targeted sponsors the same for 2019.

Sonic donates DNS and updates via a machine donation  which is also
sa-update.spamassassin.org. 
PCCC donates DNS and updates.  COID this is my old firm.
ENA donates DNS and updates. 

Regards,
KAM on behalf of the SA PMC


I vote +1 on the response but very open to changes from wordsmithing to
changing the plan.  Please respond my 1/23 so we can meet fundraising's
deadline.

Regards,
KAM

On 1/19/2019 12:06 AM, Sidney Markowitz wrote:
> Hi Kevin,
>
> You are more on top of these than I am. Can you take point on
> formulating a reply (with suitable participation by everyone in as
> much as "what we would like" is a matter of PMC policy) and also
> consider where such things could be documented so that they are
> available to the PMC instead of in someone's head?
>
> Thanks,
>
>  Sidney
>
> Sally Khudairi wrote on 19/01/19 5:33 PM:
>> Hello Apache SpamAssassin PMC --I hope you are all well.
>>
>> A quick note to let you know that I will be your primary point of
>> contact at the ASF with regard to Targeted Sponsorships alongside VP
>> Fundraising Daniel Ruggeri (copied).
>>
>> I understand that services from ENA, PCCC.com, and Sonic.net have
>> been offered to your project as a Targeted Sponsorship to the ASF.
>>
>> I was wondering if you'd be able to fill me in on the details with
>> respect to the services each sponsor provides, and to let me know
>> which sponsors you'd like us to:
>>
>> a) keep the same arrangement for 2019 (or longer);
>> b) keep the sponsorship but upgrade it to XYZ (I can bring you in
>> when the time comes);
>> c) terminate the relationship
>>
>>
>> Would it be possible to have this information by Wednesday 23
>> January? Many thanks in advance for your help with this!
>>
>> Warmest regards,
>> Sally
>>
>> - - -
>> Vice President Marketing & Publicity
>> Vice President Sponsor Relations
>> The Apache Software Foundation
>>
>> Tel +1 617 921 8656 | s...@apache.org
>>
>

-- 
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: DNS is broken for spamassassin.org

[Kevin A. McGrail]

Interesting. I show a zone transfer:

Jan  7 04:30:00 ns2 named[2465]: zone spamassassin.org/IN: transferred
serial 2019010705
Jan  7 04:30:00 ns2 named[2465]: transfer of 'spamassassin.org/IN' from
62.210.60.231#53: Transfer completed: 4 messages, 117 records, 6716
bytes, 0.277 secs (24245 bytes/sec)

And data in the zone.

But I agree it's acting odd.  These errors look odd to me and a dig -t
any isn't  coming back.

Jan  7 22:06:27 ns2 named[2465]: error (network unreachable) resolving
'spamasssassin.org/SOA/IN': 2001:500:12::d0d#53
Jan  7 22:06:27 ns2 named[2465]: error (network unreachable) resolving
'spamasssassin.org/SOA/IN': 2001:dc3::35#53
Jan  7 22:06:27 ns2 named[2465]: error (network unreachable) resolving
'spamasssassin.org/SOA/IN': 2001:500:48::1#53
Jan  7 22:06:27 ns2 named[2465]: error (network unreachable) resolving
'spamasssassin.org/SOA/IN': 2001:500:b::1#53
Jan  7 22:06:27 ns2 named[2465]: error (network unreachable) resolving
'spamasssassin.org/SOA/IN': 2001:500:e::1#53
Jan  7 22:06:27 ns2 named[2465]: error (network unreachable) resolving
'spamasssassin.org/SOA/IN': 2001:500:c::1#53

Dave, any ideas?

On 1/7/2019 4:42 PM, Bill Cole wrote:
> The last SVN commit has a SOA serial of 2019010505 and it looks good,
> but ns2.ena.com and ns2.pccc.com are both saying the serial is
> 2019010705 and nothing in the zone resolves.


-- 
*Kevin A. McGrail*
CEO Emeritus

Peregrine Computer Consultants Corporation
10311 Cascade Lane
Fairfax, VA 22032

http://www.pccc.com/

703-359-9700 / 800-823-8402 (Toll-Free)
703-798-0171 (wireless)
kmcgr...@pccc.com <mailto:kmcgr...@pccc.com>

https://www.linkedin.com/in/kmcgrail

Fwd: Cron ~/svn/trunk/build/mkupdates/run_nightly | /usr/bin/tee /var/www/automc.spamassassin.org/mkupdates/mkupdates.txt

[Kevin A. McGrail]

Rules runs still failing lint...  snippet below

ERROR: LINT FAILED, suppressing output: rules/72_active.cf

 ifplugin Mail::SpamAssassin::Plugin::FreeMail due to tflags nopublish
(tflags nopublish)
make: *** [build_rules] Error 2
+ exit 2
Makefile:1790: recipe for target 'build_rules' failed


Merry xmas if you celebrate, KAM

Re: sa-update is broken on updates.spamassassin.org channel [was: Re: config: warning: description exists for non-existent rule EXCUSE_24]

[Kevin A. McGrail]

Wouildn't an easier fix would be curl on the yesterday's update and
sa-update from a file?
--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Thu, Dec 20, 2018 at 5:56 PM Bill Cole <
sa-bugz-20080...@billmail.scconsult.com> wrote:

> On 20 Dec 2018, at 17:04, Kevin A. McGrail wrote:
>
> > So this will resolve with the masscheck tonight and subsequent rule
> build?
>
> Yes. Also see my latest post to the Users list for an immediate workaround.
>
>

Re: sa-update is broken on updates.spamassassin.org channel [was: Re: config: warning: description exists for non-existent rule EXCUSE_24]

[Kevin A. McGrail]

So this will resolve with the masscheck tonight and subsequent rule build?
--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Thu, Dec 20, 2018 at 4:58 PM Bill Cole <
sa-bugz-20080...@billmail.scconsult.com> wrote:

> Fixed.
>
> It turns out that bug 7302 exists and I misinterpreted a response to the
> immediate case as an actual fix for the underlying flaw. I have now
> committed a real fix.
>
>
>
> On 20 Dec 2018, at 16:14, Kevin A. McGrail wrote:
>
> > +1
> > --
> > Kevin A. McGrail
> > VP Fundraising, Apache Software Foundation
> > Chair Emeritus Apache SpamAssassin Project
> > https://www.linkedin.com/in/kmcgrail - 703.798.0171
> >
> >
> > On Thu, Dec 20, 2018 at 4:04 PM Bill Cole <
> > sa-bugz-20080...@billmail.scconsult.com> wrote:
> >
> >> On 20 Dec 2018, at 15:53, Bill Cole wrote:
> >>
> >>> On 20 Dec 2018, at 14:25, Bill Cole wrote:
> >>>
> >>>> This caused a failure in the run_nightly script which apparently
> >>>> doesn't prevent a broken update from being built and distributed.
> >>>>
> >>>> I'm looking at run_nightly...
> >>>
> >>> It's a problem in the 'make' step: a lint failure emits a nice
> >>> obvious
> >>> error message:
> >>>
> >>>   ERROR: LINT FAILED, suppressing output: rules/72_active.cf
> >>>
> >>> But then the make succeeds. Seems like a poor choice...
> >>>
> >>> Still working...
> >>
> >> It's a build/mkrules problem:
> >>
> >>  if (lint_rule_text($text) != 0) {
> >>warn "\nERROR: LINT FAILED, suppressing output: $file\n\n";
> >>
> >># don't suppress entirely, otherwise 'make
> >> distcheck'/'disttest'
> >># will fail since the MANIFEST-listed output files will be
> >># empty.
> >>
> >># delete $output_file_text->{$file};
> >>$output_file_text->{$file} = '';
> >>  }
> >>
> >> Seems like a poor choice. IMHO make dist* *SHOULD* fail if the rules
> >> can't pass lint.
> >>
>

Re: sa-update is broken on updates.spamassassin.org channel [was: Re: config: warning: description exists for non-existent rule EXCUSE_24]

[Kevin A. McGrail]

+1
--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Thu, Dec 20, 2018 at 4:04 PM Bill Cole <
sa-bugz-20080...@billmail.scconsult.com> wrote:

> On 20 Dec 2018, at 15:53, Bill Cole wrote:
>
> > On 20 Dec 2018, at 14:25, Bill Cole wrote:
> >
> >> This caused a failure in the run_nightly script which apparently
> >> doesn't prevent a broken update from being built and distributed.
> >>
> >> I'm looking at run_nightly...
> >
> > It's a problem in the 'make' step: a lint failure emits a nice obvious
> > error message:
> >
> >   ERROR: LINT FAILED, suppressing output: rules/72_active.cf
> >
> > But then the make succeeds. Seems like a poor choice...
> >
> > Still working...
>
> It's a build/mkrules problem:
>
>  if (lint_rule_text($text) != 0) {
>warn "\nERROR: LINT FAILED, suppressing output: $file\n\n";
>
># don't suppress entirely, otherwise 'make distcheck'/'disttest'
># will fail since the MANIFEST-listed output files will be
># empty.
>
># delete $output_file_text->{$file};
>$output_file_text->{$file} = '';
>  }
>
> Seems like a poor choice. IMHO make dist* *SHOULD* fail if the rules
> can't pass lint.
>

Fwd: sa-update is broken on updates.spamassassin.org channel [was: Re: config: warning: description exists for non-existent rule EXCUSE_24]

[Kevin A. McGrail]

Interesting...

-- Forwarded message -
From: Marcus Schopen 
Date: Thu, Dec 20, 2018, 11:55
Subject: sa-update is broken on updates.spamassassin.org channel [was: Re:
config: warning: description exists for non-existent rule EXCUSE_24]
To: 


Am Donnerstag, den 20.12.2018, 12:35 +0100 schrieb Marcus Schopen:
> Hi,
>
> I get a warning, when updating the channel:
>
> --
> config: warning: description exists for non-existent rule EXCUSE_24
>
> channel: lint check of update failed, channel failed
> sa-update failed for unknown reasons
> --

seems not to be a problem of the EXCUSE_24 rule, but a general problem
with sa-update, as other users do have the same problem since today.

Re: checkMasscheckContribs.sh on sa-vm1.apache.org - not enough contributors for SVN 1848129

[Kevin A. McGrail]

On 12/4/2018 11:46 AM, Jari Fredriksson wrote:
> I seem to be part of the problem now! I have a massive preemptive VM in 
> Google Cloud for this, and it has been running really nicely two last years.
>
> But now for two days SpamAssassin automasscheck has behaved oddly. While it 
> is running, all 32 threads are created but only 2 of them are actually doing 
> something at 100% cpu load! That makes the process really slow and it never 
> finishes as the task is cancelled eventually.
>
> I now went and run on a local Core i7 920 box and wait until this is fixed. 
> There must be some change in mass check code that gets uploaded in the 
> beginning of the task.
Interesting. I don't think any masscheck code has changed but you could
be right.

Re: spamassassin_role

[Kevin A. McGrail]

Probably make a commit manually and enter the password and have it save it.
--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Thu, Nov 15, 2018 at 8:48 AM Dave Jones  wrote:

> On 11/14/18 7:43 PM, Kevin A. McGrail wrote:
> > Roger that Gav.  Alerting the System Admins for SA.
> >
> > On 11/14/2018 7:35 PM, Gavin McDonald wrote:
> >> Hi Kevin,
> >>
> >> I need to change the password of this svn role acct.
> >>
> >> Will do this soon and let you know what it is so you can change things
> >> your end
> >>
> >> Gav...
> >>
> >
>
> It's stored on the sa-vm1.apache.org server as a hidden dot file
> somewhere.  I was not able to figure out how to set this a couple of
> years ago when we had to setup sa-vm1 so I simply copied over the whole
> dir tree and it started working.
>
> Anyone know how to properly change this stored password using the svn
> command?
>
> Dave
>

Re: spamassassin_role

[Kevin A. McGrail]

Roger that Gav.  Alerting the System Admins for SA.

On 11/14/2018 7:35 PM, Gavin McDonald wrote:
> Hi Kevin,
>
> I need to change the password of this svn role acct.
>
> Will do this soon and let you know what it is so you can change things
> your end
>
> Gav...
>

-- 
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171