Re: Patch for rules_du_jour
From: Phil Barnett [EMAIL PROTECTED] On Thursday 28 June 2007 15:22, Lindsay Haisley wrote: Attached is a proposed patch for /var/lib/spamassassin/rules_du_jour which addresses the problem of the refresh URL which Rules Emporium sometimes sends out instead of a valid cf file. Basically, this patch greps the downloaded file for the string META HTTP-EQUIV, which should never occur in a valid rules file, but is part if the refresh URL. If the downloaded file is a refresh URL, it's deleted, the script waits 1 second and tries again, up to 3 times. If the download fails after 3 tries, the bad file is deleted and the script moves on. You might try running rules_du_jour from a cron job with the -D option and redirecting the output to a /tmp file and see if you get any notices about Download of FAILED after 3 tries, in which case I've mis-diagnosed the problem somewhat. In any event, the problem file should be deleted rather than causing a --lint failure in spamassassin. I'm going to try this, but with a 5 minute wait. I run it in the middle of the night anyway, who cares how long it takes. Actually, the proper response might be a random wait. A constant one second wait at the end of each fetch loop works just peachy with a wget fetch. I cannot honestly speak for curl mode. My script does not use it. You will have to wait for up to a day for the Prolexic block to go away. An hour or two worked for me. A friend left it overnight and tried the delay trick after he got back from work. It's worked for me and for him. Although he did put in the random length wait. (I have quite a number of rule sets active here - roughty 40.) {^_^}Joanne, who has been suggesting this for weeks now.
Re: Patch for rules_du_jour
On Fri, 29 Jun 2007 10:13:24 -0500, Lindsay Haisley [EMAIL PROTECTED] wrote: On Fri, 2007-06-29 at 06:46 -0700, jdow wrote: You will have to wait for up to a day for the Prolexic block to go away. I got blocked for checking out their anti-DDoS measures. The block went away in about 15 minutes. Firstly, thanks for picking up on this. Your's (and others) inputs have been invaluable. Secondly, if anyone gets a working version running could they CC me a copy please? :-) Kind regards Nigel
Re: Patch for rules_du_jour
On Fri, 2007-06-29 at 06:46 -0700, jdow wrote: You will have to wait for up to a day for the Prolexic block to go away. I got blocked for checking out their anti-DDoS measures. The block went away in about 15 minutes. -- Lindsay Haisley |Fighting against human | PGP public key FMP Computer Services | creativity is like | available at 512-259-1190 | trying to eradicate |http://pubkeys.fmp.com http://www.fmp.com| dandelions | | (Pamela Jones) |
Re: Patch for rules_du_jour
On Thu, Jun 28, 2007 at 02:22:32PM -0500, Lindsay Haisley wrote: Attached is a proposed patch for /var/lib/spamassassin/rules_du_jour which addresses the problem of the refresh URL which Rules Emporium sometimes sends out instead of a valid cf file. Why not just use sa-update and not deal with this? -- Randomly Selected Tagline: L: Well... Do you have any kids? T: No... L: Oh. Well, do you have any grandkids? T: Ummm chuckle ... No ... - Telephone saleswoman trying to sell me a family portrait pgp9TrJCJAR4M.pgp Description: PGP signature
Re: Patch for rules_du_jour
On Thu, 2007-06-28 at 15:39 -0400, Theo Van Dinter wrote: Why not just use sa-update and not deal with this? sa-update and rules_du_jour deal with different rules repositories. I use both. -- Lindsay Haisley | In an open world,| PGP public key FMP Computer Services |who needs Windows | available at 512-259-1190 | or Gates| http://pubkeys.fmp.com http://www.fmp.com| |
Re: Patch for rules_du_jour
Lindsay Haisley wrote: On Thu, 2007-06-28 at 15:39 -0400, Theo Van Dinter wrote: Why not just use sa-update and not deal with this? sa-update and rules_du_jour deal with different rules repositories. I use both. sa-update can use both, if I'm not mistaken. I distantly remember configuring it to do so.
Re: Patch for rules_du_jour
On Thursday 28 June 2007 15:22, Lindsay Haisley wrote: Attached is a proposed patch for /var/lib/spamassassin/rules_du_jour which addresses the problem of the refresh URL which Rules Emporium sometimes sends out instead of a valid cf file. Basically, this patch greps the downloaded file for the string META HTTP-EQUIV, which should never occur in a valid rules file, but is part if the refresh URL. If the downloaded file is a refresh URL, it's deleted, the script waits 1 second and tries again, up to 3 times. If the download fails after 3 tries, the bad file is deleted and the script moves on. You might try running rules_du_jour from a cron job with the -D option and redirecting the output to a /tmp file and see if you get any notices about Download of FAILED after 3 tries, in which case I've mis-diagnosed the problem somewhat. In any event, the problem file should be deleted rather than causing a --lint failure in spamassassin. I'm going to try this, but with a 5 minute wait. I run it in the middle of the night anyway, who cares how long it takes. Actually, the proper response might be a random wait. -- Phil Barnett AI4OF SKCC #600
Re: Patch for rules_du_jour
On Thu, 2007-06-28 at 23:18 +0300, Jari Fredriksson wrote: sa-update and rules_du_jour deal with different rules repositories. I use both. sa-update can use both, if I'm not mistaken. I distantly remember configuring it to do so. http://saupdates.openprotect.com/ has instructions for this, I see. I may try this. -- Lindsay Haisley | In an open world,| PGP public key FMP Computer Services |who needs Windows | available at 512-259-1190 | or Gates| http://pubkeys.fmp.com http://www.fmp.com| |
Re: Patch for rules_du_jour
On Thu, 2007-06-28 at 15:46 -0400, Phil Barnett wrote: I'm going to try this, but with a 5 minute wait. I run it in the middle of the night anyway, who cares how long it takes. Actually, the proper response might be a random wait. The HTML that gets sent by SARE is: HTMLHEADMETA HTTP-EQUIV=Refresh CONTENT=0.1 META HTTP-EQUIV=Pragma CONTENT=no-cache META HTTP-EQUIV=Expires CONTENT=-1 /HEAD/HTML If this were downloaded to a browser, it would cause the browser to refresh the page after .1 second and the page would not be cached. A five minute wait should certainly be more than adequate and might be appropriate if the refresh page were sent in response to excessive server load. I suspect, though, that it may be a pacer of some sort designed to deflect the kind of DDoS attack that brought down Rules Emporium earlier this month. I don't know what would be gained by a random wait. As a couple of people have pointed out to me, though, you can use sa-update to retrieve the same rules data as per the instructions at http://saupdates.openprotect.com . -- Lindsay Haisley | In an open world,| PGP public key FMP Computer Services |who needs Windows | available at 512-259-1190 | or Gates| http://pubkeys.fmp.com http://www.fmp.com| |
Re: Patch for rules_du_jour
I have a question regarding this. I have set up the sa_update channel for the SARE rules and run it. Everything worked OK BUT, I notice that sa_update is installing the rules in /var/lib/spamassassin/3.001007, while rulesdujour was instaling them in /etc/mail/spamassassin. Do I need to remove the rules, in /etc/mail/spamassassin, to prevent the older rules from overriding any updates that may come in? Thanks, On Thursday 28 June 2007 15:34, Lindsay Haisley wrote: On Thu, 2007-06-28 at 23:18 +0300, Jari Fredriksson wrote: sa-update and rules_du_jour deal with different rules repositories. I use both. sa-update can use both, if I'm not mistaken. I distantly remember configuring it to do so. http://saupdates.openprotect.com/ has instructions for this, I see. I may try this. -- Larry G. Starr - [EMAIL PROTECTED] or [EMAIL PROTECTED] Software Engineer: Full Compass Systems LTD. Phone: 608-831-7330 x 1347 FAX: 608-831-6330 === There are only three sports: bullfighting, mountaineering and motor racing, all the rest are merely games! - Ernest Hemmingway
Re: Patch for rules_du_jour
On Thu, Jun 28, 2007 at 04:33:43PM -0500, Larry Starr wrote: Do I need to remove the rules, in /etc/mail/spamassassin, to prevent the older rules from overriding any updates that may come in? Yes. -- Randomly Selected Tagline: I lost my foo. - Theo pgpgySBNRd9Tg.pgp Description: PGP signature
Re: Patch for rules_du_jour
On Thursday 28 June 2007 16:39, Theo Van Dinter wrote: On Thu, Jun 28, 2007 at 04:33:43PM -0500, Larry Starr wrote: Do I need to remove the rules, in /etc/mail/spamassassin, to prevent the older rules from overriding any updates that may come in? Yes. I suspected as much. Thank you, -- Larry G. Starr - [EMAIL PROTECTED] or [EMAIL PROTECTED] Software Engineer: Full Compass Systems LTD. Phone: 608-831-7330 x 1347 FAX: 608-831-6330 === There are only three sports: bullfighting, mountaineering and motor racing, all the rest are merely games! - Ernest Hemmingway
Re: Patch for rules_du_jour
On Thursday 28 June 2007 17:02, Lindsay Haisley wrote: I don't know what would be gained by a random wait. The idea of a random wait for contention resolution is long standing. It's built into the TCP/IP protocol for example. For example, say my cron job runs at 3 am. Lot's of them probably do. This causes the congestion. Waiting a random time makes the peaks gradually level out on the second retry. -- Phil Barnett AI4OF SKCC #600