Re: Update: mail/greyscanner to version 2.01
* Jan Stary h...@stare.cz [140130 14:01]: I have been running this for some days and see no regression. The false positives in the DNS checks seem to be gone. It's definitely an improvement to 1.02 However, reading the code, I see that there is still a hardcoded limit of 5 timeouts, after which _everything_ is blacklisted. Incorrect. Line 139 says: next unless ( $strikes{$h} == 2 ); Both DNS checks, MX and A, must fail to blacklist a host. If a host has timed out during a check, it won't have accumulated 2 strikes and therefore is skipped. Here's the relevant commit: https://bitbucket.org/bonetruck/greyscanner/commits/4816f27709527912172d81a80d184aaad4cc0a71 jim@ That don't seem to be right (not that I've bee nbit by it). Jan On Jan 23 09:25:52, j...@bonetruck.org wrote: *ping* * Jim Razmus j...@bonetruck.org [140121 13:34]: I've just released greyscanner version 2.01. Notable changes include: -config file moved from /etc to /etc/mail -now runs with privilege separation using the _greyscanner user Anyone using the external address checking feature should ensure those programs are executable by _greyscanner. This version includes bug fixes to address the false positives coming out of the DNS checking logic. The attached patch updates the port. ok to commit? jim@ Index: greyscanner//Makefile === RCS file: /cvs/ports/mail/greyscanner/Makefile,v retrieving revision 1.9 diff -u -p -r1.9 Makefile --- greyscanner//Makefile 5 Dec 2013 00:27:50 - 1.9 +++ greyscanner//Makefile 21 Jan 2014 19:28:51 - @@ -2,7 +2,7 @@ COMMENT =greytrapping daemon to complement OpenBSD spamd -DISTNAME = greyscanner-1.02 +DISTNAME = greyscanner-2.01 CATEGORIES = mail HOMEPAGE = https://bitbucket.org/bonetruck/greyscanner/ Index: greyscanner//distinfo === RCS file: /cvs/ports/mail/greyscanner/distinfo,v retrieving revision 1.2 diff -u -p -r1.2 distinfo --- greyscanner//distinfo 5 Dec 2013 00:27:50 - 1.2 +++ greyscanner//distinfo 21 Jan 2014 19:28:51 - @@ -1,2 +1,2 @@ -SHA256 (greyscanner-1.02.tar.gz) = +VUp/IRTWFVqVpZ9s4tYyy+zmo3XYixD1m6iYSKVSwg= -SIZE (greyscanner-1.02.tar.gz) = 6919 +SHA256 (greyscanner-2.01.tar.gz) = slAMP072Plahg7258zblHQ7zRusq5iQGJsOGOy0MXHI= +SIZE (greyscanner-2.01.tar.gz) = 7489 Index: greyscanner//pkg/PLIST === RCS file: /cvs/ports/mail/greyscanner/pkg/PLIST,v retrieving revision 1.2 diff -u -p -r1.2 PLIST --- greyscanner//pkg/PLIST1 May 2011 20:05:54 - 1.2 +++ greyscanner//pkg/PLIST21 Jan 2014 19:28:51 - @@ -1,4 +1,6 @@ @comment $OpenBSD: PLIST,v 1.2 2011/05/01 20:05:54 sthen Exp $ +@newgroup _greyscanner:729 +@newuser _greyscanner:729:729:daemon:greyscanner daemon:/nonexistent:/sbin/nologin @man man/man1/greyscanner.1 sbin/greyscanner share/examples/greyscanner/
Re: Update: mail/greyscanner to version 2.01
I'm still seeking an OK to commit this update. Any porters out there willing to yield one? jim@ * Jim Razmus j...@bonetruck.org [140121 13:34]: I've just released greyscanner version 2.01. Notable changes include: -config file moved from /etc to /etc/mail -now runs with privilege separation using the _greyscanner user Anyone using the external address checking feature should ensure those programs are executable by _greyscanner. This version includes bug fixes to address the false positives coming out of the DNS checking logic. The attached patch updates the port. ok to commit? jim@ Index: greyscanner//Makefile === RCS file: /cvs/ports/mail/greyscanner/Makefile,v retrieving revision 1.9 diff -u -p -r1.9 Makefile --- greyscanner//Makefile 5 Dec 2013 00:27:50 - 1.9 +++ greyscanner//Makefile 21 Jan 2014 19:28:51 - @@ -2,7 +2,7 @@ COMMENT =greytrapping daemon to complement OpenBSD spamd -DISTNAME = greyscanner-1.02 +DISTNAME = greyscanner-2.01 CATEGORIES = mail HOMEPAGE = https://bitbucket.org/bonetruck/greyscanner/ Index: greyscanner//distinfo === RCS file: /cvs/ports/mail/greyscanner/distinfo,v retrieving revision 1.2 diff -u -p -r1.2 distinfo --- greyscanner//distinfo 5 Dec 2013 00:27:50 - 1.2 +++ greyscanner//distinfo 21 Jan 2014 19:28:51 - @@ -1,2 +1,2 @@ -SHA256 (greyscanner-1.02.tar.gz) = +VUp/IRTWFVqVpZ9s4tYyy+zmo3XYixD1m6iYSKVSwg= -SIZE (greyscanner-1.02.tar.gz) = 6919 +SHA256 (greyscanner-2.01.tar.gz) = slAMP072Plahg7258zblHQ7zRusq5iQGJsOGOy0MXHI= +SIZE (greyscanner-2.01.tar.gz) = 7489 Index: greyscanner//pkg/PLIST === RCS file: /cvs/ports/mail/greyscanner/pkg/PLIST,v retrieving revision 1.2 diff -u -p -r1.2 PLIST --- greyscanner//pkg/PLIST1 May 2011 20:05:54 - 1.2 +++ greyscanner//pkg/PLIST21 Jan 2014 19:28:51 - @@ -1,4 +1,6 @@ @comment $OpenBSD: PLIST,v 1.2 2011/05/01 20:05:54 sthen Exp $ +@newgroup _greyscanner:729 +@newuser _greyscanner:729:729:daemon:greyscanner daemon:/nonexistent:/sbin/nologin @man man/man1/greyscanner.1 sbin/greyscanner share/examples/greyscanner/
Re: Update: mail/greyscanner to version 2.01
On Feb 02 08:26:24, j...@bonetruck.org wrote: * Jan Stary h...@stare.cz [140130 14:01]: I have been running this for some days and see no regression. The false positives in the DNS checks seem to be gone. It's definitely an improvement to 1.02 However, reading the code, I see that there is still a hardcoded limit of 5 timeouts, after which _everything_ is blacklisted. Incorrect. Line 139 says: next unless ( $strikes{$h} == 2 ); Ah, yes. Sorry for the misinterpretatiton. Both DNS checks, MX and A, must fail to blacklist a host. If a host has timed out during a check, it won't have accumulated 2 strikes and therefore is skipped. Here's the relevant commit: https://bitbucket.org/bonetruck/greyscanner/commits/4816f27709527912172d81a80d184aaad4cc0a71 jim@ That don't seem to be right (not that I've bee nbit by it). Jan On Jan 23 09:25:52, j...@bonetruck.org wrote: *ping* * Jim Razmus j...@bonetruck.org [140121 13:34]: I've just released greyscanner version 2.01. Notable changes include: -config file moved from /etc to /etc/mail -now runs with privilege separation using the _greyscanner user Anyone using the external address checking feature should ensure those programs are executable by _greyscanner. This version includes bug fixes to address the false positives coming out of the DNS checking logic. The attached patch updates the port. ok to commit? jim@ Index: greyscanner//Makefile === RCS file: /cvs/ports/mail/greyscanner/Makefile,v retrieving revision 1.9 diff -u -p -r1.9 Makefile --- greyscanner//Makefile 5 Dec 2013 00:27:50 - 1.9 +++ greyscanner//Makefile 21 Jan 2014 19:28:51 - @@ -2,7 +2,7 @@ COMMENT = greytrapping daemon to complement OpenBSD spamd -DISTNAME = greyscanner-1.02 +DISTNAME = greyscanner-2.01 CATEGORIES = mail HOMEPAGE = https://bitbucket.org/bonetruck/greyscanner/ Index: greyscanner//distinfo === RCS file: /cvs/ports/mail/greyscanner/distinfo,v retrieving revision 1.2 diff -u -p -r1.2 distinfo --- greyscanner//distinfo 5 Dec 2013 00:27:50 - 1.2 +++ greyscanner//distinfo 21 Jan 2014 19:28:51 - @@ -1,2 +1,2 @@ -SHA256 (greyscanner-1.02.tar.gz) = +VUp/IRTWFVqVpZ9s4tYyy+zmo3XYixD1m6iYSKVSwg= -SIZE (greyscanner-1.02.tar.gz) = 6919 +SHA256 (greyscanner-2.01.tar.gz) = slAMP072Plahg7258zblHQ7zRusq5iQGJsOGOy0MXHI= +SIZE (greyscanner-2.01.tar.gz) = 7489 Index: greyscanner//pkg/PLIST === RCS file: /cvs/ports/mail/greyscanner/pkg/PLIST,v retrieving revision 1.2 diff -u -p -r1.2 PLIST --- greyscanner//pkg/PLIST 1 May 2011 20:05:54 - 1.2 +++ greyscanner//pkg/PLIST 21 Jan 2014 19:28:51 - @@ -1,4 +1,6 @@ @comment $OpenBSD: PLIST,v 1.2 2011/05/01 20:05:54 sthen Exp $ +@newgroup _greyscanner:729 +@newuser _greyscanner:729:729:daemon:greyscanner daemon:/nonexistent:/sbin/nologin @man man/man1/greyscanner.1 sbin/greyscanner share/examples/greyscanner/
Re: Update: mail/greyscanner to version 2.01
I have been running this for some days and see no regression. The false positives in the DNS checks seem to be gone. It's definitely an improvement to 1.02 However, reading the code, I see that there is still a hardcoded limit of 5 timeouts, after which _everything_ is blacklisted. That don't seem to be right (not that I've bee nbit by it). Jan On Jan 23 09:25:52, j...@bonetruck.org wrote: *ping* * Jim Razmus j...@bonetruck.org [140121 13:34]: I've just released greyscanner version 2.01. Notable changes include: -config file moved from /etc to /etc/mail -now runs with privilege separation using the _greyscanner user Anyone using the external address checking feature should ensure those programs are executable by _greyscanner. This version includes bug fixes to address the false positives coming out of the DNS checking logic. The attached patch updates the port. ok to commit? jim@ Index: greyscanner//Makefile === RCS file: /cvs/ports/mail/greyscanner/Makefile,v retrieving revision 1.9 diff -u -p -r1.9 Makefile --- greyscanner//Makefile 5 Dec 2013 00:27:50 - 1.9 +++ greyscanner//Makefile 21 Jan 2014 19:28:51 - @@ -2,7 +2,7 @@ COMMENT = greytrapping daemon to complement OpenBSD spamd -DISTNAME = greyscanner-1.02 +DISTNAME = greyscanner-2.01 CATEGORIES = mail HOMEPAGE = https://bitbucket.org/bonetruck/greyscanner/ Index: greyscanner//distinfo === RCS file: /cvs/ports/mail/greyscanner/distinfo,v retrieving revision 1.2 diff -u -p -r1.2 distinfo --- greyscanner//distinfo 5 Dec 2013 00:27:50 - 1.2 +++ greyscanner//distinfo 21 Jan 2014 19:28:51 - @@ -1,2 +1,2 @@ -SHA256 (greyscanner-1.02.tar.gz) = +VUp/IRTWFVqVpZ9s4tYyy+zmo3XYixD1m6iYSKVSwg= -SIZE (greyscanner-1.02.tar.gz) = 6919 +SHA256 (greyscanner-2.01.tar.gz) = slAMP072Plahg7258zblHQ7zRusq5iQGJsOGOy0MXHI= +SIZE (greyscanner-2.01.tar.gz) = 7489 Index: greyscanner//pkg/PLIST === RCS file: /cvs/ports/mail/greyscanner/pkg/PLIST,v retrieving revision 1.2 diff -u -p -r1.2 PLIST --- greyscanner//pkg/PLIST 1 May 2011 20:05:54 - 1.2 +++ greyscanner//pkg/PLIST 21 Jan 2014 19:28:51 - @@ -1,4 +1,6 @@ @comment $OpenBSD: PLIST,v 1.2 2011/05/01 20:05:54 sthen Exp $ +@newgroup _greyscanner:729 +@newuser _greyscanner:729:729:daemon:greyscanner daemon:/nonexistent:/sbin/nologin @man man/man1/greyscanner.1 sbin/greyscanner share/examples/greyscanner/
Re: Update: mail/greyscanner to version 2.01
*ping* * Jim Razmus j...@bonetruck.org [140121 13:34]: I've just released greyscanner version 2.01. Notable changes include: -config file moved from /etc to /etc/mail -now runs with privilege separation using the _greyscanner user Anyone using the external address checking feature should ensure those programs are executable by _greyscanner. This version includes bug fixes to address the false positives coming out of the DNS checking logic. The attached patch updates the port. ok to commit? jim@ Index: greyscanner//Makefile === RCS file: /cvs/ports/mail/greyscanner/Makefile,v retrieving revision 1.9 diff -u -p -r1.9 Makefile --- greyscanner//Makefile 5 Dec 2013 00:27:50 - 1.9 +++ greyscanner//Makefile 21 Jan 2014 19:28:51 - @@ -2,7 +2,7 @@ COMMENT =greytrapping daemon to complement OpenBSD spamd -DISTNAME = greyscanner-1.02 +DISTNAME = greyscanner-2.01 CATEGORIES = mail HOMEPAGE = https://bitbucket.org/bonetruck/greyscanner/ Index: greyscanner//distinfo === RCS file: /cvs/ports/mail/greyscanner/distinfo,v retrieving revision 1.2 diff -u -p -r1.2 distinfo --- greyscanner//distinfo 5 Dec 2013 00:27:50 - 1.2 +++ greyscanner//distinfo 21 Jan 2014 19:28:51 - @@ -1,2 +1,2 @@ -SHA256 (greyscanner-1.02.tar.gz) = +VUp/IRTWFVqVpZ9s4tYyy+zmo3XYixD1m6iYSKVSwg= -SIZE (greyscanner-1.02.tar.gz) = 6919 +SHA256 (greyscanner-2.01.tar.gz) = slAMP072Plahg7258zblHQ7zRusq5iQGJsOGOy0MXHI= +SIZE (greyscanner-2.01.tar.gz) = 7489 Index: greyscanner//pkg/PLIST === RCS file: /cvs/ports/mail/greyscanner/pkg/PLIST,v retrieving revision 1.2 diff -u -p -r1.2 PLIST --- greyscanner//pkg/PLIST1 May 2011 20:05:54 - 1.2 +++ greyscanner//pkg/PLIST21 Jan 2014 19:28:51 - @@ -1,4 +1,6 @@ @comment $OpenBSD: PLIST,v 1.2 2011/05/01 20:05:54 sthen Exp $ +@newgroup _greyscanner:729 +@newuser _greyscanner:729:729:daemon:greyscanner daemon:/nonexistent:/sbin/nologin @man man/man1/greyscanner.1 sbin/greyscanner share/examples/greyscanner/