Re: private networks are default rbl tested :/
On Wed, 07 Nov 2018 00:27:27 +0100 Benny Pedersen wrote: > RW skrev den 2018-11-06 02:04: > > On Mon, 05 Nov 2018 23:37:59 +0100 > > Benny Pedersen wrote: > > > >> https://en.wikipedia.org/wiki/Private_network > >> > >> why are this network not default internal_networks trusted_networks > >> msa_networks > > > > They are if you let SA guess your networks. If you specify the > > networks manually you have to specify everything > > is this dokumented somewhere ? Yes, under trusted_networks in the main configuration documentation. > >> spamassassin makes many wasted rbl tests with not knowing what to > >> skip > > > > Do you have any evidence that that is happening? > > i will reverse this to, is there any rbl servers with lists > 192.168.1.1 being blocked ? Private addresses shouldn't be queried, there is code to ignore them.
Re: private networks are default rbl tested :/
RW skrev den 2018-11-06 02:04: On Mon, 05 Nov 2018 23:37:59 +0100 Benny Pedersen wrote: https://en.wikipedia.org/wiki/Private_network why are this network not default internal_networks trusted_networks msa_networks They are if you let SA guess your networks. If you specify the networks manually you have to specify everything is this dokumented somewhere ? as i know only 127.0.0.1 is default if none config is done spamassassin makes many wasted rbl tests with not knowing what to skip Do you have any evidence that that is happening? i will reverse this to, is there any rbl servers with lists 192.168.1.1 being blocked ? The network configuration would only affect private addresses that are internal and/or trusted, so it can't be the mechanism that prevents wasted lookups on private addresses. would be good this was default in spamassassin local.cf, so users could just clear this listnings, or keep good defaults
Re: private networks are default rbl tested :/
On 5 Nov 2018, at 20:04, RW wrote: On Mon, 05 Nov 2018 23:37:59 +0100 Benny Pedersen wrote: https://en.wikipedia.org/wiki/Private_network why are this network not default internal_networks trusted_networks msa_networks They are if you let SA guess your networks. If you specify the networks manually you have to specify everything And the reason for that is simply that not everyone trusts all of the machines on reachable RFC1918 networks. For example, I worked for some years at a multinational where 10/8 was allocated globally and was routed globally. I had a list of specific non-local machines I was supposed to trust for outbound relay (and use when my outbounds couldn't use the local external link) but there was no way I could also trust the tens of thousands of other 10.* machines around the world that could very well be compromised personal desktops. I didn't even trust my own local personal desktops.
Re: Error running sa-update - cannot refresh mirrors file
On Friday, 2 November 2018 3:45:08 ACDT RW wrote: > On Wed, 31 Oct 2018 22:59:55 +1030 > > Rodney Baker wrote: > > On Wednesday, 31 October 2018 7:29:51 ACDT RW wrote: > > > curl --verbose -L -O --remote-time -g --max-redirs 2 > > > --connect-timeout 30 --max-time 300 > > > http://spamassassin.apache.org/updates/MIRRORED.BY > > > > Here's the output from that command: > > > > > > < HTTP/1.1 200 OK > > ... > > > { [data not shown] > > So curl is working. So, I got the error reported again. I tried running the curl command suggested above, and it appeared to complete successfully. I then ran sa-update, and got the error message. root@mailpi ~ # curl --verbose -L -O --remote-time -g --max-redirs 2 -- connect-timeout 30 --max-time 300 http://spamassassin.apache.org/updates/ MIRRORED.BY * Hostname was NOT found in DNS cache % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 95.216.24.32... 0 00 00 0 0 0 --:--:-- 0:00:01 --:--:-- 0* Connected to spamassassin.apache.org (95.216.24.32) port 80 (#0) > GET /updates/MIRRORED.BY HTTP/1.1 > User-Agent: curl/7.38.0 > Host: spamassassin.apache.org > Accept: */* > < HTTP/1.1 200 OK < Date: Tue, 06 Nov 2018 11:36:32 GMT * Server Apache/2.4.18 (Ubuntu) is not blacklisted < Server: Apache/2.4.18 (Ubuntu) < Last-Modified: Sat, 27 Oct 2018 16:35:00 GMT < ETag: "576-579386aca20a2" < Accept-Ranges: bytes < Content-Length: 1398 < { [data not shown] 100 1398 100 13980 0615 0 0:00:02 0:00:02 --:--:-- 615 * Connection #0 to host spamassassin.apache.org left intact root@mailpi ~ # sa-update error: unable to refresh mirrors file for channel updates.spamassassin.org, using old file root@mailpi ~ # --- This does not appear to be a problem with curl, per se, but rather something related to sa-update. -- == Rodney Baker rod...@jeremiah31-10.net CCNA #CSCO12880208 ==