Re: RulesDuJour lint failed. Updates rolled back.
for RULESET_NAME in ${TRUSTED_RULESETS} ; do
# Set up some array variables
INDEX=${!RULESET_NAME};
Sleep 1# --- add this line at the end of the for loop
done
{^_^}
- Original Message -
From: Dallas Engelken [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Thursday, 2007, June 28 15:31
Subject: Re: RulesDuJour lint failed. Updates rolled back.
This must be an issue that needs to be raised with Prolexic, as they are
doing the DDoS protection for rulesemporium.com.
Can anyone reproduce this redirect outside of RDJ, and give me a dump of
the full transaction including http headers?
I'd rather fix the actual problem and not patch around it.
Thanks,
Dallas
Lindsay Haisley wrote:
This problem is probably due to the way Rules Emporium is handling
traffic. If requests come too fast from the same address, or if their
server is busy, they send an HTML redirect page instructing the client
to try again in 0.1 second. Curl and wget don't understand meta
http-equiv=Refresh ... and simply store the refresh page as the
output of the request. rules_du_jour is just a shell script so a proper
fix should be pretty easy. The following is a quick and dirty patch
which sort of solves the problem, at least for the next run of
rules_du_jour.
cut here
--- /root/rules_du_jour.orig2007-06-17 21:01:24.0 -0500
+++ /var/lib/spamassassin/rules_du_jour 2007-06-18
12:37:44.0 -0500
@@ -907,6 +907,8 @@
[ ${SEND_THE_EMAIL} ] echo -e ${MESSAGES} | sh -c
${MAILCMD} -s \RulesDuJour Run Summary on ${HOSTNAME}\
${MAIL_ADDRESS};
fi
+grep -il 'META HTTP-EQUIV' ${TMPDIR}/*|xargs -n1 rm -f +
cd ${OLDDIR};
exit;
cut here
rules_du_jour will still fail, but this will clean up the mess and next
time (hopefully) it'll run properly. A proper fix would sense when this
happens and retry the download after a suitable short wait. It may also
be helpful to insert some sleep .5 instructions at appropriate points
(or sleep 1 if your implementation of sleep(1) doesn't understand
floating point numbers).
On Thu, 2007-06-28 at 11:22 +0100, Nigel Frankcom wrote:
On Wed, 27 Jun 2007 16:42:39 -0400, Daryl C. W. O'Shea
[EMAIL PROTECTED] wrote:
Nigel Frankcom wrote:
On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED]
wrote:
I?ve been getting the lint failures found below on my Rules Du Jour
updates for a few weeks now. Yes this would be since the DDoS
attacks
on rulesemporium. It looks like the same problem people have been
having with the tripwire but for me it?s the adult and since just
recently the spoof rules. The solutions I've seen don't seem to work
for me. I see that my cron job (run nightly) is pulling some HTML
source instead of the rules. I?ve tried removing the faulty
70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually
replacing it with the ?actual? file using wget. I?ve even manually
updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure
that it was correct. When I us ?wget
http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it
works without problems. Does anyone have any ideas on how I might fix
this problem?
snip
***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf
The quick cure is to delete anything in the
/etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand.
That worked for me on CentOS 4.5
The bug has been reported and a fix is due in 3.2.2 I believe.
Huh? What's SA have to do with RDJ triggering Prolexic's DoS
protection?
Daryl is right, there is no fix due in 3.2.2 - I got the RDJ and the
sa-update errors confused. I guess maybe I should dye my hair blonde.
Apologies for any confusion I've caused.
Kind regards
Nigel
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
Re: RulesDuJour lint failed. Updates rolled back.
On Wed, 27 Jun 2007 16:42:39 -0400, Daryl C. W. O'Shea [EMAIL PROTECTED] wrote: Nigel Frankcom wrote: On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED] wrote: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks on rulesemporium. It looks like the same problem people have been having with the tripwire but for me it?s the adult and since just recently the spoof rules. The solutions I've seen don't seem to work for me. I see that my cron job (run nightly) is pulling some HTML source instead of the rules. I?ve tried removing the faulty 70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually replacing it with the ?actual? file using wget. I?ve even manually updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure that it was correct. When I us ?wget http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it works without problems. Does anyone have any ideas on how I might fix this problem? snip ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf The quick cure is to delete anything in the /etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand. That worked for me on CentOS 4.5 The bug has been reported and a fix is due in 3.2.2 I believe. Huh? What's SA have to do with RDJ triggering Prolexic's DoS protection? Daryl is right, there is no fix due in 3.2.2 - I got the RDJ and the sa-update errors confused. I guess maybe I should dye my hair blonde. Apologies for any confusion I've caused. Kind regards Nigel
Re: RulesDuJour lint failed. Updates rolled back.
Daryl is right, there is no fix due in 3.2.2 - I got the RDJ and the sa-update errors confused. I guess maybe I should dye my hair blonde. Apologies for any confusion I've caused. Geez - blonde it is - it's sa-compile not sa-update! I wonder if McDonalds have any jobs going :-/ Kind regards Nigel
Re: RulesDuJour lint failed. Updates rolled back.
This problem is probably due to the way Rules Emporium is handling
traffic. If requests come too fast from the same address, or if their
server is busy, they send an HTML redirect page instructing the client
to try again in 0.1 second. Curl and wget don't understand meta
http-equiv=Refresh ... and simply store the refresh page as the
output of the request. rules_du_jour is just a shell script so a proper
fix should be pretty easy. The following is a quick and dirty patch
which sort of solves the problem, at least for the next run of
rules_du_jour.
cut here
--- /root/rules_du_jour.orig2007-06-17 21:01:24.0 -0500
+++ /var/lib/spamassassin/rules_du_jour 2007-06-18 12:37:44.0 -0500
@@ -907,6 +907,8 @@
[ ${SEND_THE_EMAIL} ] echo -e ${MESSAGES} | sh -c ${MAILCMD} -s
\RulesDuJour Run Summary on ${HOSTNAME}\ ${MAIL_ADDRESS};
fi
+grep -il 'META HTTP-EQUIV' ${TMPDIR}/*|xargs -n1 rm -f
+
cd ${OLDDIR};
exit;
cut here
rules_du_jour will still fail, but this will clean up the mess and next
time (hopefully) it'll run properly. A proper fix would sense when this
happens and retry the download after a suitable short wait. It may also
be helpful to insert some sleep .5 instructions at appropriate points
(or sleep 1 if your implementation of sleep(1) doesn't understand
floating point numbers).
On Thu, 2007-06-28 at 11:22 +0100, Nigel Frankcom wrote:
On Wed, 27 Jun 2007 16:42:39 -0400, Daryl C. W. O'Shea
[EMAIL PROTECTED] wrote:
Nigel Frankcom wrote:
On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED]
wrote:
I?ve been getting the lint failures found below on my Rules Du Jour
updates for a few weeks now. Yes this would be since the DDoS attacks
on rulesemporium. It looks like the same problem people have been
having with the tripwire but for me it?s the adult and since just
recently the spoof rules. The solutions I've seen don't seem to work
for me. I see that my cron job (run nightly) is pulling some HTML
source instead of the rules. I?ve tried removing the faulty
70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually
replacing it with the ?actual? file using wget. I?ve even manually
updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure
that it was correct. When I us ?wget
http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it
works without problems. Does anyone have any ideas on how I might fix
this problem?
snip
***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf
The quick cure is to delete anything in the
/etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand.
That worked for me on CentOS 4.5
The bug has been reported and a fix is due in 3.2.2 I believe.
Huh? What's SA have to do with RDJ triggering Prolexic's DoS protection?
Daryl is right, there is no fix due in 3.2.2 - I got the RDJ and the
sa-update errors confused. I guess maybe I should dye my hair blonde.
Apologies for any confusion I've caused.
Kind regards
Nigel
--
Lindsay Haisley [EMAIL PROTECTED]
FMP Computer Services
Re: RulesDuJour lint failed. Updates rolled back.
This must be an issue that needs to be raised with Prolexic, as they are
doing the DDoS protection for rulesemporium.com.
Can anyone reproduce this redirect outside of RDJ, and give me a dump of
the full transaction including http headers?
I'd rather fix the actual problem and not patch around it.
Thanks,
Dallas
Lindsay Haisley wrote:
This problem is probably due to the way Rules Emporium is handling
traffic. If requests come too fast from the same address, or if their
server is busy, they send an HTML redirect page instructing the client
to try again in 0.1 second. Curl and wget don't understand meta
http-equiv=Refresh ... and simply store the refresh page as the
output of the request. rules_du_jour is just a shell script so a proper
fix should be pretty easy. The following is a quick and dirty patch
which sort of solves the problem, at least for the next run of
rules_du_jour.
cut here
--- /root/rules_du_jour.orig2007-06-17 21:01:24.0 -0500
+++ /var/lib/spamassassin/rules_du_jour 2007-06-18 12:37:44.0 -0500
@@ -907,6 +907,8 @@
[ ${SEND_THE_EMAIL} ] echo -e ${MESSAGES} | sh -c ${MAILCMD} -s
\RulesDuJour Run Summary on ${HOSTNAME}\ ${MAIL_ADDRESS};
fi
+grep -il 'META HTTP-EQUIV' ${TMPDIR}/*|xargs -n1 rm -f
+
cd ${OLDDIR};
exit;
cut here
rules_du_jour will still fail, but this will clean up the mess and next
time (hopefully) it'll run properly. A proper fix would sense when this
happens and retry the download after a suitable short wait. It may also
be helpful to insert some sleep .5 instructions at appropriate points
(or sleep 1 if your implementation of sleep(1) doesn't understand
floating point numbers).
On Thu, 2007-06-28 at 11:22 +0100, Nigel Frankcom wrote:
On Wed, 27 Jun 2007 16:42:39 -0400, Daryl C. W. O'Shea
[EMAIL PROTECTED] wrote:
Nigel Frankcom wrote:
On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED]
wrote:
I?ve been getting the lint failures found below on my Rules Du Jour
updates for a few weeks now. Yes this would be since the DDoS attacks
on rulesemporium. It looks like the same problem people have been
having with the tripwire but for me it?s the adult and since just
recently the spoof rules. The solutions I've seen don't seem to work
for me. I see that my cron job (run nightly) is pulling some HTML
source instead of the rules. I?ve tried removing the faulty
70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually
replacing it with the ?actual? file using wget. I?ve even manually
updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure
that it was correct. When I us ?wget
http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it
works without problems. Does anyone have any ideas on how I might fix
this problem?
snip
***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf
The quick cure is to delete anything in the
/etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand.
That worked for me on CentOS 4.5
The bug has been reported and a fix is due in 3.2.2 I believe.
Huh? What's SA have to do with RDJ triggering Prolexic's DoS protection?
Daryl is right, there is no fix due in 3.2.2 - I got the RDJ and the
sa-update errors confused. I guess maybe I should dye my hair blonde.
Apologies for any confusion I've caused.
Kind regards
Nigel
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
Re: RulesDuJour lint failed. Updates rolled back.
On Thu, 2007-06-28 at 17:31 -0500, Dallas Engelken wrote:
This must be an issue that needs to be raised with Prolexic, as they are
doing the DDoS protection for rulesemporium.com.
Can anyone reproduce this redirect outside of RDJ, and give me a dump of
the full transaction including http headers?
Dallas,
By running a curl hit repeatedly on the RE server I reproduced the
problem. The cmd sent was:
curl -w %{http_code} --compressed -D /tmp/curl_headers -O -R -s -S
http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf
The headers sent back were as follows:
HTTP/1.0 200 OK
Connection: Close
Pragma: no-cache
cache-control: no-cache
Content-Type: text/html; charset=iso-8859-1
The page body returned was:
HTMLHEADMETA HTTP-EQUIV=Refresh CONTENT=0.1
META HTTP-EQUIV=Pragma CONTENT=no-cache
META HTTP-EQUIV=Expires CONTENT=-1
/HEAD/HTML
A normal fetch of the actual .cf file returns these headers:
HTTP/1.1 200 OK
Age: 882
Date: Thu, 28 Jun 2007 22:41:08 GMT
Connection: Keep-Alive
Via: NS-CACHE-7.0: 1
ETag: 389f7-dbae-eb58c6c0
Server: Apache/2.0.54 (Gentoo/Linux) DAV/2 SVN/1.2.0 PHP/4.3.11
Last-Modified: Thu, 02 Jun 2005 00:00:03 GMT
Accept-Ranges: bytes
Content-Length: 56238
Keep-Alive: timeout=15, max=99
Content-Type: text/plain; charset=ISO-8859-1
I'd rather fix the actual problem and not patch around it.
Absolutely!!
--
Lindsay Haisley | In an open world,| PGP public key
FMP Computer Services |who needs Windows | available at
512-259-1190 | or Gates| http://pubkeys.fmp.com
http://www.fmp.com| |
Re: RulesDuJour lint failed. Updates rolled back.
On Thu, 2007-06-28 at 18:56 -0500, Lindsay Haisley wrote: By running a curl hit repeatedly on the RE server I reproduced the problem. By running this test a couple of times I'm apparently now blocked by RE :-P Oh well . Hope the info I sent was useful. -- Lindsay Haisley | In an open world,| PGP public key FMP Computer Services |who needs Windows | available at 512-259-1190 | or Gates| http://pubkeys.fmp.com http://www.fmp.com| |
Re: RulesDuJour lint failed. Updates rolled back.
David Boltz schrieb: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks [RDJ Problems ...] btw: Are there any additional things to know/caveats if i want to use sa-update channels for RDJ: (besides adding the default channel as described in: http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt) Regards, Dave B. -- Grüsse/Greetings MH Dont send mail to: [EMAIL PROTECTED] --
Re: RulesDuJour lint failed. Updates rolled back.
On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED] wrote: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks on rulesemporium. It looks like the same problem people have been having with the tripwire but for me it?s the adult and since just recently the spoof rules. The solutions I've seen don't seem to work for me. I see that my cron job (run nightly) is pulling some HTML source instead of the rules. I?ve tried removing the faulty 70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually replacing it with the ?actual? file using wget. I?ve even manually updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure that it was correct. When I us ?wget http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it works without problems. Does anyone have any ideas on how I might fix this problem? snip ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf The quick cure is to delete anything in the /etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand. That worked for me on CentOS 4.5 The bug has been reported and a fix is due in 3.2.2 I believe. Regards Nigel
Re: RulesDuJour lint failed. Updates rolled back.
Nigel Frankcom schrieb: On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED] wrote: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks on rulesemporium. It looks like the same problem people have been having with the tripwire but for me it?s the adult and since just recently the spoof rules. The solutions I've seen don't seem to work for me. I see that my cron job (run nightly) is pulling some HTML source instead of the rules. I?ve tried removing the faulty 70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually replacing it with the ?actual? file using wget. I?ve even manually updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure that it was correct. When I us ?wget http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it works without problems. Does anyone have any ideas on how I might fix this problem? snip ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf The quick cure is to delete anything in the /etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand. That works, until the next run, then same error here ... That worked for me on CentOS 4.5 The bug has been reported and a fix is due in 3.2.2 I believe. Regards Nigel -- Grüsse/Greetings MH Dont send mail to: [EMAIL PROTECTED] --
Re: RulesDuJour lint failed. Updates rolled back.
On Wed, 27 Jun 2007 16:18:28 +0200, Matthias Haegele [EMAIL PROTECTED] wrote: Nigel Frankcom schrieb: On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED] wrote: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks on rulesemporium. It looks like the same problem people have been having with the tripwire but for me it?s the adult and since just recently the spoof rules. The solutions I've seen don't seem to work for me. I see that my cron job (run nightly) is pulling some HTML source instead of the rules. I?ve tried removing the faulty 70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually replacing it with the ?actual? file using wget. I?ve even manually updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure that it was correct. When I us ?wget http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it works without problems. Does anyone have any ideas on how I might fix this problem? snip ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf The quick cure is to delete anything in the /etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand. That works, until the next run, then same error here ... That worked for me on CentOS 4.5 The bug has been reported and a fix is due in 3.2.2 I believe. Regards Nigel I had that a couple of times initially, but repeating the process and since running RDJ manually I haven't had a recurrence. RDJ doesn't change that often and it is no big deal here to add a manual RDJ to my manual morning admin chores (spam checks, logs, updates etc.) KR Nigel
Re: RulesDuJour lint failed. Updates rolled back.
Nigel Frankcom wrote: On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED] wrote: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks on rulesemporium. It looks like the same problem people have been having with the tripwire but for me it?s the adult and since just recently the spoof rules. The solutions I've seen don't seem to work for me. I see that my cron job (run nightly) is pulling some HTML source instead of the rules. I?ve tried removing the faulty 70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually replacing it with the ?actual? file using wget. I?ve even manually updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure that it was correct. When I us ?wget http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it works without problems. Does anyone have any ideas on how I might fix this problem? snip ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf The quick cure is to delete anything in the /etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand. That worked for me on CentOS 4.5 The bug has been reported and a fix is due in 3.2.2 I believe. Huh? What's SA have to do with RDJ triggering Prolexic's DoS protection? Daryl
