SpamAssassin 3.4.2 -- RPM for CentOS 5

2018-11-08 Thread Amir Caspi 
Hi all,

I finally had some bandwidth and was able to get an RPM built for 
CentOS 5.  I used Kevin Fenzi's CentOS 6 source RPM from COPR rather than one 
from Fedora, though I imagine Fedora would probably work just fine.  The only 
thing I had to do to get this to work was to install the perl-interpreter and 
perl-generators dependencies, which had to also be built from SRPM (they are 
dummy packages but required, and not available on CentOS 5)... and to specify 
the buildroot for the SA SRPM.

For anyone still running this ancient and decrepit (and EOL) OS, here are 
instructions that should hopefully work:

1) Grab the perl-generators SRPM from Fedora..  We need this because it's not 
on CentOS 5, but is required by SA.
wget 
https://dl.fedoraproject.org/pub/epel/6/SRPMS/Packages/p/perl-generators-1.08-5.el6.src.rpm

2) As an unprivileged user (e.g., mockbuild), install the spec file:
rpm --nomd5 -i perl-generators-1.08-5.el6.src.rpm

3) Go to where the spec file was installed (probably /usr/src/redhat/SPECS 
unless you specified a different directory)
3.5) Edit the spec file: under perl-interpreter, change Version to 5.8.8 
(optionally change Epoch to 2).

4) Build and install the perl-generators RPM:
[NOT AS ROOT] rpmbuild -ba perl-generators.spec
[AS ROOT] yum localinstall --nogpgcheck 
/usr/src/redhat/RPMS/noarch/perl-interpreter-5.8.8-5.noarch.rpm 
/usr/src/redhat/RPMS/noarch/perl-generators-1.08-5.noarch.rpm

5) Grab the SA 3.4.2 SRPM from Kevin Fenzi (this may work fine with the Fedora 
SRPM too):
wget 
https://copr-be.cloud.fedoraproject.org/results/kevin/spamassassin-el/epel-6-x86_64/00801043-spamassassin/spamassassin-3.4.2-2.el6.src.rpm

6) As unprivileged, install the spec file:
rpm --nomd5 -i spamassassin-3.4.2-2.el6.src.rpm

7) Build and install... note that we have to specify BuildRoot because 
otherwise it will try to install into /usr/bin (not sure why this isn't 
defaulted):
[NOT AS ROOT] rpmbuild -ba --buildroot /var/tmp/build 
/usr/src/redhat/SPECS/spamassassin.spec
[AS ROOT] yum localinstall --nogpgcheck 
/usr/src/redhat/RPMS/$HOSTTYPE/spamassassin-3.4.2-2.i386.rpm

Of course, if you are missing any dependencies during step 6 or 7, install 
those, then try again...

So far, no problems here.

I can make the actual built RPMs available if anyone wants them...

Cheers.

--- Amir

Re: Spamassassin 3.4.2 RPM for CentOS 6

2018-10-22 Thread Kenneth Porter 
--On Monday, October 22, 2018 3:46 PM + Emanuel Gonzalez 
 wrote:



rpm for Centos 7???


If you're comfortable rebuilding a source RPM, see my thread on using the 
Fedora 29 SRPM on CentOS 7. If you've modified your sysconfig file, you'll 
need to remove the daemon switch to use it with that SRPM, as the new 
systemd unit no longer expects spamd to fork.

Re: Spamassassin 3.4.2 RPM for CentOS 6

2018-10-22 Thread Emanuel Gonzalez 
rpm for Centos 7???

Re: Using SpamAssassin 3.4.2 Fedora 29 package on CentOS 7

2018-10-10 Thread Henrik K 


On Wed, Oct 10, 2018 at 10:27:01PM -0700, Kenneth Porter wrote:
> On 10/10/2018 9:43 PM, Henrik K wrote:
> >There's no need to avoid editing .pre files.  They are versioned for reason
> >and old ones are never changed after release.
> 
> The SPF plugin is enabled in init.pre, so it isn't versioned. But it's
> marked as a config file in RPM so it won't be overwritten by a package
> update. Any replacement will be written as init.pre.rpmnew.

init.pre is the ancient original SpamAssassin file before versioning was
implemented, makes no difference, same applies.  SpamAssassin installer
never overwrites these, so any package installed would not either, unless
packager is doing something on his own.

Re: Using SpamAssassin 3.4.2 Fedora 29 package on CentOS 7

2018-10-10 Thread Kenneth Porter 

On 10/10/2018 9:43 PM, Henrik K wrote:

There's no need to avoid editing .pre files.  They are versioned for reason
and old ones are never changed after release.


The SPF plugin is enabled in init.pre, so it isn't versioned. But it's 
marked as a config file in RPM so it won't be overwritten by a package 
update. Any replacement will be written as init.pre.rpmnew.

Re: Using SpamAssassin 3.4.2 Fedora 29 package on CentOS 7

2018-10-10 Thread Henrik K 
On Wed, Oct 10, 2018 at 06:41:21PM -0700, Kenneth Porter wrote:
> (I'd wanted to avoid editing the distro-supplied file and change the
> setting in a subsequent site file but that's not possible to opt out of a
> loadplugin.)

There's no need to avoid editing .pre files.  They are versioned for reason
and old ones are never changed after release.

Using SpamAssassin 3.4.2 Fedora 29 package on CentOS 7

2018-10-10 Thread Kenneth Porter 
I'm trying to update my CentOS 7 distro 3.4.0 package to the 3.4.2 source 
package in the Fedora 29 repo and wanted to alert others to possible issues.


<https://dl.fedoraproject.org/pub/fedora/linux/development/29/Everything/source/tree/Packages/s/spamassassin-3.4.2-2.fc29.src.rpm>

(Why is there a Fedora 29 package but not one in the Rawhide directory? I 
usually go to Rawhide so I'm debugging the forward edge.)


I installed the build dependencies and added re2c so I could try the 
compiled regex feature before issuing "rpmbuild --rebuild" on the SRPM. I 
then ran yum update on the resulting RPM.


First, spamd kept restarting. It turns out my old 
/etc/sysconfig/spamassassin file was running spamd as a daemon and there 
was a .rpmnew file without -d, so I needed to copy that over the old file. 
Change in systemd file, I guess.


Next, the new sysconfig file had --razor-home-dir=/var/lib/razor and no 
such directory exists on an RHEL-based system. So I removed the razor 
parameters from the sysconfig file. (Does this prevent spamd from using 
razor? I do have perl-Razor-Agent-2.85 installed.)


I got a bunch of warnings about the SPF_ rule scores set to zero. It turned 
out I'd set them to 0 in local.cf as I don't want SPF. (It's an internal 
server.) So instead I commented out the loadplugin in init.pre. (I'd wanted 
to avoid editing the distro-supplied file and change the setting in a 
subsequent site file but that's not possible to opt out of a loadplugin.)


I tried enabling compiled regex support (I installed the re2c package and 
added loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody to a .pre file) 
and get this warning in maillog:


Can't locate Mail/SpamAssassin/CompiledRegexps/body_0.pm in @INC (@INC 
contains: /var/lib/spamassassin/compiled/5.016/3.004002 
/var/lib/spamassassin/compiled/5.016/3.004002/auto lib 
/usr/share/perl5/vendor_perl /usr/local/lib64/perl5 /usr/local/share/perl5 
/usr/lib64/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at (eval 
1213) line 1.


I've run sa-update so when should the rules get compiled and where should 
the result go?

Re: Spamassassin 3.4.2 RPM for CentOS 6

2018-10-10 Thread Ricky Gutierrez 
Thnk.

El El mié, oct. 10, 2018 a las 1:40 a. m., Alessio Cecchi 
escribió:

> Hi,
>
> if someone, like me, is interesting into spamassassin 3.4.2 rpm for CentOS
> 6 here you can find the right repo:
>
> https://copr.fedorainfracloud.org/coprs/kevin/spamassassin-el/packages/
>
> Ciao
>
>
> --
> Alessio Cecchi
> Postmaster @ http://www.qboxmail.ithttps://www.linkedin.com/in/alessice
>
> --
rickygm

http://gnuforever.homelinux.com

Spamassassin 3.4.2 RPM for CentOS 6

2018-10-10 Thread Alessio Cecchi 

Hi,

if someone, like me, is interesting into spamassassin 3.4.2 rpm for 
CentOS 6 here you can find the right repo:


https://copr.fedorainfracloud.org/coprs/kevin/spamassassin-el/packages/

Ciao

--
Alessio Cecchi
Postmaster @ http://www.qboxmail.it
https://www.linkedin.com/in/alessice

Re: spamassassin-3.4.2 and reload command

2018-10-07 Thread Vlad Shpolyanskiy 
Hi!
Yep, you are right!

After start the command looks like:
/usr/local/bin/perl -T -w /usr/local/bin/spamd -m 5 -4 -d -r
/var/run/spamd/spamd.pid

But after reload:
/usr/local/bin/perl5 -T -w /usr/local/bin/spamd -m 5 -4 -d -r
/var/run/spamd/spamd.pid

So, it is  perl vs perl5.
Probably that is the cause of failure for subsequent reloads.



--
Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html

Re: spamassassin-3.4.2 and reload command

2018-10-06 Thread RW 
On Sat, 6 Oct 2018 15:59:10 +0100
RW wrote:

> On Thu, 4 Oct 2018 12:39:06 -0700 (MST)
> Vlad Shpolyanskiy wrote:
> 
> > Hi All!
> > 
> > I have recently upgraded SA to the latest version.
> > I'm running SA on FreeBSD 11.2-RELEASE-p4, SA installed via pkg
> > utility with default set of options.
> > The running command looks like:
> > /usr/local/bin/perl -T -w /usr/local/bin/spamd -m 5 -4 -d -r
> > /var/run/spamd/spamd.pid
> > Now I have a problem with reloading SA, e.g. after sa-update.
> > Reloading first time works as expected, but second time fails with
> > error: spamd not running? (check /var/run/spamd/spamd.pid)
> > The pid file is present, the permissions are fine.  
> 
> But is spamd actually still running? Did you get the pid from the file
> and run:
> 
>ps 

What's going on is that when spamd starts-up, the command field in the
output of ps is: 

/usr/local/bin/perl -T -w /usr/local/bin/spamd ...

When the rc reload command is used (which sends HUP to spamd) this
changes to:

/usr/local/bin/perl5.26.2 -T -w /usr/local/bin/spamd ...

perl and perl5.26.2 are the same binary hard-linked.

The second version doesn't match what the rc scripts are expecting,
which makes it look like spamd has terminated and the pid has been
reassigned to a different process.

Re: spamassassin-3.4.2 and reload command

2018-10-06 Thread RW 
On Thu, 4 Oct 2018 12:39:06 -0700 (MST)
Vlad Shpolyanskiy wrote:

> Hi All!
> 
> I have recently upgraded SA to the latest version.
> I'm running SA on FreeBSD 11.2-RELEASE-p4, SA installed via pkg
> utility with default set of options.
> The running command looks like:
> /usr/local/bin/perl -T -w /usr/local/bin/spamd -m 5 -4 -d -r
> /var/run/spamd/spamd.pid
> Now I have a problem with reloading SA, e.g. after sa-update.
> Reloading first time works as expected, but second time fails with
> error: spamd not running? (check /var/run/spamd/spamd.pid)
> The pid file is present, the permissions are fine.

But is spamd actually still running? Did you get the pid from the file
and run:

   ps 


> If I use restart instead of  reload it works fine, no matter how many
> times.


On Thu, 4 Oct 2018 16:05:39 -0400
Kevin A. McGrail wrote:


> What command are you using to restart?  There was a small change in
> the process listing that might affect tools from distros.  I think it
> is this bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7594

If that were the case it would show in the reset as well.

Re: spamassassin-3.4.2 and reload command

2018-10-05 Thread Kevin A. McGrail 
On 10/5/2018 4:22 AM, Vlad Shpolyanskiy wrote:
> sa-spamd.sa-spamd
>   
> Just in case I have attached FreeBSD script.
> May be you are right, I posted to the wrong place, should address this to
> the FreeBSD port maintainer.
>
I would talk to the FreeBSD port maintainer.  That script is not all the
guts of how their system works and I'm not familiar with it.  I would
point out that one bug on the process name change.  I'd bet it has
something to do with it based on other distros.

-- 
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: spamassassin-3.4.2 and reload command

2018-10-05 Thread Vlad Shpolyanskiy 
sa-spamd.sa-spamd
  
Just in case I have attached FreeBSD script.
May be you are right, I posted to the wrong place, should address this to
the FreeBSD port maintainer.



--
Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html

Re: spamassassin-3.4.2 and reload command

2018-10-04 Thread Vlad Shpolyanskiy 
Kevin A. McGrail-5 wrote
> What command are you using to restart?  There was a small change in the
> process listing that might affect tools from distros.  I think it is this
> bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7594
> 
> -- 
> Kevin A. McGrail
> VP Fundraising, Apache Software Foundation
> Chair Emeritus Apache SpamAssassin
> Projecthttps://www.linkedin.com/in/kmcgrail - 703.798.0171

Hi Kevin, 
I'm using standart freebsd script from /usr/local/etc/rc.d.
For reload it's sa-spamd reload, for restart it's sa-spamd restart. 



--
Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html

Re: spamassassin-3.4.2 and reload command

2018-10-04 Thread Kevin A. McGrail 
 On 10/4/2018 3:39 PM, Vlad Shpolyanskiy wrote:

Hi All!

I have recently upgraded SA to the latest version.
I'm running SA on FreeBSD 11.2-RELEASE-p4, SA installed via pkg utility with
default set of options.
The running command looks like:
/usr/local/bin/perl -T -w /usr/local/bin/spamd -m 5 -4 -d -r
/var/run/spamd/spamd.pid
Now I have a problem with reloading SA, e.g. after sa-update.
Reloading first time works as expected, but second time fails with error:
spamd not running? (check /var/run/spamd/spamd.pid)
The pid file is present, the permissions are fine.
If I use restart instead of  reload it works fine, no matter how many times.
spamassassin-3.4.1_12 does not have this problem.
Please, advice.
Thank you!

What command are you using to restart?  There was a small change in the
process listing that might affect tools from distros.  I think it is this
bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7594

-- 
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin
Projecthttps://www.linkedin.com/in/kmcgrail - 703.798.0171

spamassassin-3.4.2 and reload command

2018-10-04 Thread Vlad Shpolyanskiy 
Hi All!

I have recently upgraded SA to the latest version.
I'm running SA on FreeBSD 11.2-RELEASE-p4, SA installed via pkg utility with
default set of options.
The running command looks like:
/usr/local/bin/perl -T -w /usr/local/bin/spamd -m 5 -4 -d -r
/var/run/spamd/spamd.pid
Now I have a problem with reloading SA, e.g. after sa-update.
Reloading first time works as expected, but second time fails with error:
spamd not running? (check /var/run/spamd/spamd.pid)
The pid file is present, the permissions are fine.
If I use restart instead of  reload it works fine, no matter how many times.
spamassassin-3.4.1_12 does not have this problem.
Please, advice.
Thank you!



--
Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html

Re: SpamAssassin 3.4.2 - errors Util.pm

2018-09-21 Thread Mateusz Krawczyk 
Good to know that I'm not the only one with Util.pm warnings.

Debug logs from "spamd -D" :

Sep 21 13:59:31 spamd[15151]: check: check_main, time limit in 299.874 s
Sep 21 13:59:31 spamd[15151]: check: running tests for priority: -1000
Sep 21 13:59:31 spamd[15244]: get_user_groups: uid is 507
Sep 21 13:59:31 spamd[15244]: Use of uninitialized value $( in numeric ne
(!=) at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1510,  line
23.
Sep 21 13:59:31 spamd[15244]: Use of uninitialized value $( in
concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Util.pm
line 1513,  line 23.
Sep 21 13:59:31 spamd[15244]: util: changing real primary gid from 1 2 3 4
6 10 484 to 510 and supplemental groups to 510 to match effective uid 507
Sep 21 13:59:31 spamd[15244]: util: POSIX::setgid(510) set errno to 0
Sep 21 13:59:31 spamd[15244]: util: assignment $) = 510 510 set errno to 0
Sep 21 13:59:31 spamd[15244]: util: changing real uid from 0 to match
effective uid 507
Sep 21 13:59:31 spamd[15244]: util: setuid: ruid=507 euid=507 rgid=510
egid=510
Sep 21 13:59:32 spamd[15245]: get_user_groups: uid is 507
Sep 21 13:59:32 spamd[15245]: Use of uninitialized value $( in numeric ne
(!=) at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1510.
Sep 21 13:59:32 spamd[15245]: Use of uninitialized value $( in
concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Util.pm
line 1513.
Sep 21 13:59:32 spamd[15245]: util: changing real primary gid from 1 2 3 4
6 10 484 to 510 and supplemental groups to 510 to match effective uid 507
Sep 21 13:59:32 spamd[15245]: util: POSIX::setgid(510) set errno to 0
Sep 21 13:59:32 spamd[15245]: util: assignment $) = 510 510 set errno to 0
Sep 21 13:59:32 spamd[15245]: util: changing real uid from 0 to match
effective uid 507
Sep 21 13:59:32 spamd[15245]: util: setuid: ruid=507 euid=507 rgid=510
egid=510
Sep 21 13:59:32 spamd[15056]: prefork: child 15151: entering state 1

No problem. I can test patches if I find time.

Regards,
Mateusz


2018-09-21 13:40 GMT+02:00 Kevin A. McGrail :

> We have another report on this issue at https://bz.apache.org/
> SpamAssassin/show_bug.cgi?id=7629
>
> Can you add debug output?  Are you able to test if we can get you a patch?
>
> Bill, it looks like get_user_groups is not always working in Util.pm
>
> Adding this as a blocker for 3.4.3
>
> Regards,
> KAM
>
> On 9/21/2018 1:48 AM, Mateusz Krawczyk wrote:
>
> Hello,
>
> I have just upgraded SA from 3.4.1 to 3.4.2.
>
> OS: Centos 6.10
>
> spamassassin -V
>
> SpamAssassin version 3.4.2
>   running on Perl version 5.10.1
>
> During message scanning there are errors in /var/log/maillog:
>
> Sep 20 11:50:38 spamd[13369]: Use of uninitialized value $( in numeric ne
> (!=) at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1510,  line
> 23.
> Sep 20 11:50:38 spamd[13369]: Use of uninitialized value $( in
> concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Util.pm
> line 1513,  line 23.
> Sep 20 11:50:38 spamd[13369]: util: setuid: ruid=507 euid=507 rgid=510
> egid=510
> Sep 20 11:50:38 spamd[13370]: Use of uninitialized value $( in numeric ne
> (!=) at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1510.
> Sep 20 11:50:38 spamd[13370]: Use of uninitialized value $( in
> concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Util.pm
> line 1513.
>
> Any help will be appreciated.
>
> Kind regards,
> Mateusz Krawczyk
>
>
> --
> Kevin A. McGrail
> VP Fundraising, Apache Software Foundation
> Chair Emeritus Apache SpamAssassin 
> Projecthttps://www.linkedin.com/in/kmcgrail - 703.798.0171
>
>

Re: SpamAssassin 3.4.2 - errors Util.pm

2018-09-21 Thread Kevin A. McGrail 
We have another report on this issue at
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7629

Can you add debug output?  Are you able to test if we can get you a patch?

Bill, it looks like get_user_groups is not always working in Util.pm

Adding this as a blocker for 3.4.3

Regards,
KAM
On 9/21/2018 1:48 AM, Mateusz Krawczyk wrote:
> Hello,
>
> I have just upgraded SA from 3.4.1 to 3.4.2.
>
> OS: Centos 6.10
>
> spamassassin -V
>
> SpamAssassin version 3.4.2
>   running on Perl version 5.10.1
>
> During message scanning there are errors in /var/log/maillog:
>
> Sep 20 11:50:38 spamd[13369]: Use of uninitialized value $( in numeric
> ne (!=) at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1510,
>  line 23.
> Sep 20 11:50:38 spamd[13369]: Use of uninitialized value $( in
> concatenation (.) or string at
> /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1513,  line 23.
> Sep 20 11:50:38 spamd[13369]: util: setuid: ruid=507 euid=507 rgid=510
> egid=510
> Sep 20 11:50:38 spamd[13370]: Use of uninitialized value $( in numeric
> ne (!=) at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1510.
> Sep 20 11:50:38 spamd[13370]: Use of uninitialized value $( in
> concatenation (.) or string at
> /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1513.
>
> Any help will be appreciated.
>
> Kind regards,
> Mateusz Krawczyk


-- 
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

SpamAssassin 3.4.2 - errors Util.pm

2018-09-20 Thread Mateusz Krawczyk 
Hello,

I have just upgraded SA from 3.4.1 to 3.4.2.

OS: Centos 6.10

spamassassin -V

SpamAssassin version 3.4.2
  running on Perl version 5.10.1

During message scanning there are errors in /var/log/maillog:

Sep 20 11:50:38 spamd[13369]: Use of uninitialized value $( in numeric ne
(!=) at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1510,  line
23.
Sep 20 11:50:38 spamd[13369]: Use of uninitialized value $( in
concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Util.pm
line 1513,  line 23.
Sep 20 11:50:38 spamd[13369]: util: setuid: ruid=507 euid=507 rgid=510
egid=510
Sep 20 11:50:38 spamd[13370]: Use of uninitialized value $( in numeric ne
(!=) at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1510.
Sep 20 11:50:38 spamd[13370]: Use of uninitialized value $( in
concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Util.pm
line 1513.

Any help will be appreciated.

Kind regards,
Mateusz Krawczyk

Re: ***UNCHECKED*** Re: SpamAssassin 3.4.2. - err.h requirement

2018-09-19 Thread Kevin A. McGrail 
Thanks for the feedback!

On Sep 19, 2018 03:14, "Groach"  wrote:

Thanks Kevin

Both of my installations had stopped updating since 11th September due to
this.  Now the updates are working again.

>From this:

11th Sep

20:00:26.57 Performing Spamassassin Update check...
Update available for channel updates.spamassassin.org: 1840397 -> 1840441
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 500 SSL
negotiation failed:
Update failed, exiting with code 4

to this:

20:00:35.98 Performing Spamassassin Update check...
Update available for channel updates.spamassassin.org: 1840397 -> 1841055
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 200 OK
http: (lwp) GET http://sa-update.verein-clean.net/1841055.tar.gz, 200 OK
http: (lwp) GET http://sa-update.verein-clean.net/1841055.tar.gz.sha1, 200 OK
Update was available, and was downloaded and installed successfully

Im sure many others would have been suffering too.

Thanks again.



On 18/09/2018 18:24, Kevin A. McGrail wrote:

Thanks.  Had to add the path but now
http://spamassassin.apache.org/updates/MIRRORED.BY is exempted from SSL
redirection.  This will help with older clients.
--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Tue, Sep 18, 2018 at 8:22 AM Henrik K  wrote:

>
> On Tue, Sep 18, 2018 at 07:41:09AM -0400, Kevin A. McGrail wrote:
> > Hi Bill, I think it might be an older wget or LWP or what not that can't
> > deal with MIRRORED.BY being https.  Michael from linuxmagic also
> > reported a similar issue.
> >
> > Can anyone help with a .htaccess that exempts the MIRRORED.BY?
> >
> > Current lines:
> >
> > RewriteEngine On
> > RewriteCond %{SERVER_PORT} 80
>
> Add here
> RewriteCond %{REQUEST_URI} !^/MIRRORED\.BY$
>
> > RewriteRule ^(.*)$ https://spamassassin.apache.org/$1 [R,L]
>

***UNCHECKED*** Re: SpamAssassin 3.4.2. - err.h requirement

2018-09-19 Thread Groach 

Thanks Kevin

Both of my installations had stopped updating since 11th September due 
to this.  Now the updates are working again.


From this:

11th Sep

20:00:26.57 Performing Spamassassin Update check...
Update available for channel updates.spamassassin.org: 1840397 -> 1840441
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 500 
SSL negotiation failed:

Update failed, exiting with code 4

to this:

20:00:35.98 Performing Spamassassin Update check...
Update available for channel updates.spamassassin.org: 1840397 -> 1841055
http: (lwp) GEThttp://spamassassin.apache.org/updates/MIRRORED.BY, 200 OK
http: (lwp) GEThttp://sa-update.verein-clean.net/1841055.tar.gz, 200 OK
http: (lwp) GEThttp://sa-update.verein-clean.net/1841055.tar.gz.sha1, 200 OK
Update was available, and was downloaded and installed successfully

Im sure many others would have been suffering too.

Thanks again.



On 18/09/2018 18:24, Kevin A. McGrail wrote:
Thanks.  Had to add the path but now 
http://spamassassin.apache.org/updates/MIRRORED.BY is exempted from 
SSL redirection.  This will help with older clients.

--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Tue, Sep 18, 2018 at 8:22 AM Henrik K > wrote:



On Tue, Sep 18, 2018 at 07:41:09AM -0400, Kevin A. McGrail wrote:
> Hi Bill, I think it might be an older wget or LWP or what not
that can't
> deal with MIRRORED.BY  being https.  Michael
from linuxmagic also
> reported a similar issue.
>
> Can anyone help with a .htaccess that exempts the MIRRORED.BY
?
>
> Current lines:
>
> RewriteEngine On
> RewriteCond %{SERVER_PORT} 80

Add here
RewriteCond %{REQUEST_URI} !^/MIRRORED\.BY$

> RewriteRule ^(.*)$ https://spamassassin.apache.org/$1 [R,L]

Re: SpamAssassin 3.4.2. - err.h requirement

2018-09-18 Thread Kevin A. McGrail 
Thanks.  Had to add the path but now
http://spamassassin.apache.org/updates/MIRRORED.BY is exempted from SSL
redirection.  This will help with older clients.
--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Tue, Sep 18, 2018 at 8:22 AM Henrik K  wrote:

>
> On Tue, Sep 18, 2018 at 07:41:09AM -0400, Kevin A. McGrail wrote:
> > Hi Bill, I think it might be an older wget or LWP or what not that can't
> > deal with MIRRORED.BY being https.  Michael from linuxmagic also
> > reported a similar issue.
> >
> > Can anyone help with a .htaccess that exempts the MIRRORED.BY?
> >
> > Current lines:
> >
> > RewriteEngine On
> > RewriteCond %{SERVER_PORT} 80
>
> Add here
> RewriteCond %{REQUEST_URI} !^/MIRRORED\.BY$
>
> > RewriteRule ^(.*)$ https://spamassassin.apache.org/$1 [R,L]
>

Re: SpamAssassin 3.4.2. - err.h requirement

2018-09-18 Thread Henrik K 


On Tue, Sep 18, 2018 at 07:41:09AM -0400, Kevin A. McGrail wrote:
> Hi Bill, I think it might be an older wget or LWP or what not that can't
> deal with MIRRORED.BY being https.  Michael from linuxmagic also
> reported a similar issue.
> 
> Can anyone help with a .htaccess that exempts the MIRRORED.BY?
> 
> Current lines:
> 
> RewriteEngine On
> RewriteCond %{SERVER_PORT} 80

Add here
RewriteCond %{REQUEST_URI} !^/MIRRORED\.BY$

> RewriteRule ^(.*)$ https://spamassassin.apache.org/$1 [R,L]

Re: SpamAssassin 3.4.2. - err.h requirement

2018-09-18 Thread Kevin A. McGrail 
Hi Bill, I think it might be an older wget or LWP or what not that can't
deal with MIRRORED.BY being https.  Michael from linuxmagic also
reported a similar issue.

Can anyone help with a .htaccess that exempts the MIRRORED.BY?

Current lines:

Redirect /favicon.ico https://spamassassin.apache.org/images/favicon.ico
Redirect /downloads.html https://spamassassin.apache.org/downloads.cgi

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://spamassassin.apache.org/$1 [R,L]

RewriteBase /
RewriteRule ^doc/(.*)$ https://spamassassin.apache.org/full/3.4.x/doc/$1
[R=permanent]
RewriteRule ^doc.html/(.*)$
https://spamassassin.apache.org/full/3.4.x/doc/$1 [R=permanent]
RewriteRule ^dist/(.*)$
https://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_current_release_3.4.x/$1
[R=permanent]
RewriteRule ^full/3.4.x/dist/doc/(.*)$
https://spamassassin.apache.org/full/3.4.x/doc/$1 [R=permanent]
RewriteRule ^full/3.4.x/dist/(.*)$
https://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_current_release_3.4.x/$1
[R=permanent]
RewriteRule ^doc$ https://spamassassin.apache.org/full/3.4.x/doc/
[R=permanent]

ErrorDocument 404 https://spamassassin.apache.org/404.html

On 9/18/2018 12:03 AM, Bill Cole wrote:
> On 17 Sep 2018, at 22:57, James Hsieh wrote:
>
>> So this is odd:
>>
>> I finally started this without the daemonize option to see if it gave
>> me anything more enlightening and got:
>>
>> Sep 17 22:44:15.326 [21704] error: config: no rules were found! Do
>> you need to run 'sa-update'?
>> config: no rules were found!  Do you need to run 'sa-update'?
>>
>> Sure enough /var/lib/spamassassin/3.004002/updates_spamassassin_org
>> is empty.
>>
>> /usr/local/bin/curl -s -L -O --remote-time -g --max-redirs 2
>> --connect-timeout 30 --max-time 300 --fail -o MIRRORED.BY --
>> http://spamassassin.apache.org/updates/MIRRORED.BY
>> 
>>
>> This is what appears to have failed.  It didn't download anything.
>>
>> superchicken:root# host spamassassin.apache.org
>> spamassassin.apache.org has address 95.216.24.32
>> spamassassin.apache.org has address 40.79.78.1
>> spamassassin.apache.org has IPv6 address 2a01:4f9:2a:185f::2
>> spamassassin.apache.org mail is handled by 10 mx1-lw-eu.apache.org.
>> spamassassin.apache.org mail is handled by 10 mx1-lw-us.apache.org.
>> superchicken:root#
>>
>> The issue is with the mirror at 95.216.24.32 - it's returning a 404
>> for the file.  If you go to
>>
>> http://95.216.24.32/updates/MIRRORED.BY
>> 
>>
>> you get a not found.
>
> Yes, because that webserver uses name-based virtual hosts: you can't
> just use the IP in the URL, you need to make sure you send the proper
> hostname. You also need to follow HTTP redirects, because the http URL
> redirects to a https URL. Like this:
>
> $ curl -sOL -H 'Host: spamassassin.apache.org'
> http://95.216.24.32/updates/MIRRORED.BY
> $ ls -l MIRRORED.BY
> -rw-r--r--  1 bill  staff  1400 Sep 18 00:01 MIRRORED.BY
> $ head MIRRORED.BY
> #HOW TO UPDATE
> #
> # SOURCE: https://svn.apache.org/repos/asf/spamassassin/site/updates/
> #
> # 'svn checkout' the repo, update this file, and commit it
> #
> # A svnpubsub update on spamassassin.apache.org will instantly pull
> # from SVN after the commit.
> #
> # A cron'd update on sa-vm1.apache.org will also automatically pull
>
>
>> I copied the MIRRORED.BY file from the 3.004001 directory then re-ran
>> sa-update.  It pulled down rules and I'm in business.
>>
>> Kevin, thanks for the patch.  It works.  Sorry for the extra noise
>> and perhaps we need to do something about that broken mirror?
>
> The mirror doesn't look broken from here.


-- 
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: SpamAssassin 3.4.2. - err.h requirement

2018-09-17 Thread Bill Cole 

On 17 Sep 2018, at 22:57, James Hsieh wrote:


So this is odd:

I finally started this without the daemonize option to see if it gave 
me anything more enlightening and got:


Sep 17 22:44:15.326 [21704] error: config: no rules were found! Do you 
need to run 'sa-update'?

config: no rules were found!  Do you need to run 'sa-update'?

Sure enough /var/lib/spamassassin/3.004002/updates_spamassassin_org is 
empty.


/usr/local/bin/curl -s -L -O --remote-time -g --max-redirs 2 
--connect-timeout 30 --max-time 300 --fail -o MIRRORED.BY -- 
http://spamassassin.apache.org/updates/MIRRORED.BY 



This is what appears to have failed.  It didn't download anything.

superchicken:root# host spamassassin.apache.org
spamassassin.apache.org has address 95.216.24.32
spamassassin.apache.org has address 40.79.78.1
spamassassin.apache.org has IPv6 address 2a01:4f9:2a:185f::2
spamassassin.apache.org mail is handled by 10 mx1-lw-eu.apache.org.
spamassassin.apache.org mail is handled by 10 mx1-lw-us.apache.org.
superchicken:root#

The issue is with the mirror at 95.216.24.32 - it's returning a 404 
for the file.  If you go to


http://95.216.24.32/updates/MIRRORED.BY 



you get a not found.


Yes, because that webserver uses name-based virtual hosts: you can't 
just use the IP in the URL, you need to make sure you send the proper 
hostname. You also need to follow HTTP redirects, because the http URL 
redirects to a https URL. Like this:


$ curl -sOL -H 'Host: spamassassin.apache.org' 
http://95.216.24.32/updates/MIRRORED.BY

$ ls -l MIRRORED.BY
-rw-r--r--  1 bill  staff  1400 Sep 18 00:01 MIRRORED.BY
$ head MIRRORED.BY
#HOW TO UPDATE
#
# SOURCE: https://svn.apache.org/repos/asf/spamassassin/site/updates/
#
# 'svn checkout' the repo, update this file, and commit it
#
# A svnpubsub update on spamassassin.apache.org will instantly pull
# from SVN after the commit.
#
# A cron'd update on sa-vm1.apache.org will also automatically pull


I copied the MIRRORED.BY file from the 3.004001 directory then re-ran 
sa-update.  It pulled down rules and I'm in business.


Kevin, thanks for the patch.  It works.  Sorry for the extra noise and 
perhaps we need to do something about that broken mirror?


The mirror doesn't look broken from here.

Re: SpamAssassin 3.4.2. - err.h requirement

2018-09-17 Thread Bill Cole 

On 17 Sep 2018, at 22:03 (-0400), Kevin A. McGrail wrote:


Interesting I think Bill added that code.


Nope. From svn:

3042	mmartinec	810883	die sprintf("child process [%s] exited or 
timed out ".
3043	 	 	"without signaling production of a PID file: 
%s",
3044	 	 	$pid, exit_status_str($child_stat,0)) unless 
$serverstarted;




On 9/17/2018 9:16 PM, James Hsieh wrote:
This does help things to build.  I can build successfully.  I now 
have a problem where spamd seems to be jumping out of the startup 
wait loop.


I keep hitting this code:

die sprintf("child process [%s] exited or timed out ".
"without signaling production of a PID file: %s",
$pid, exit_status_str($child_stat,0)) unless 
$serverstarted;


However, there's no waiting for things to start.  I'm investigating 
this now.


--James

On Sep 17, 2018, at 4:53 PM, Kevin A. McGrail  
wrote:


This patch was added for windows.  Does it help you?  It switches to 
errno.h


--- getopt.c2018-09-13 21:27:52.0 -0400
+++ ../../3.4/spamc/getopt.c2018-09-17 07:12:38.758722882 -0400
@@ -21,7 +21,7 @@
 #include 
 #include 
 #include 
-#include 
+#include 
 #include "getopt.h"

 #ifdef WIN32
@@ -246,7 +246,8 @@
   if((bp = strchr(longopt, '='))) {
  opt = strdup(bp+1);
  if (opt == NULL) {
-err(1, NULL);
+fprintf(stderr, "%s: %s\n", argv[0], strerror(errno));
+exit(1);
  }
  longoptlen -= strlen(bp);
   }

On 9/17/2018 4:37 PM, James Hsieh wrote:
So this isn't a complaint.  I think the SA team has done a great 
job getting this release out and yes, it works fine for me under 
Linux.


However, any creative ways for getting around the fact that err.h 
is now part of spamc/getopt.c?  This breaks older OSes (which 
admittedly I probably shouldn't care about or use anymore) such as 
Solaris 10.  For a double dot release, this seems a bit unfortunate 
though I agree, really need to get this system on to something more 
modern.


make -f spamc/Makefile spamc/spamc
/usr/local/bin/gcc  -g spamc/spamc.c spamc/getopt.c 
spamc/libspamc.c spamc/utils.c \
   -o spamc/spamc -L/usr/lib -L/usr/ccs/lib 
-L/opt/solarisstudio12.3/prod/lib/sparc 
-L/opt/solarisstudio12.3/prod/lib -L/lib -L/usr/local/lib  -ldl -lz 
-lnsl -lsocket

spamc/getopt.c:24:17: fatal error: err.h: No such file or directory
compilation terminated.
*** Error code 1
make: Fatal error: Command failed for target `spamc/spamc'
Current working directory /export/src/Mail-SpamAssassin-3.4.2
*** Error code 1
make: Fatal error: Command failed for target `spamc/spamc'

--James


--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171



--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steadier Work: https://linkedin.com/in/billcole

Re: SpamAssassin 3.4.2. - err.h requirement

2018-09-17 Thread James Hsieh 
So this is odd:

I finally started this without the daemonize option to see if it gave me 
anything more enlightening and got:

Sep 17 22:44:15.326 [21704] error: config: no rules were found! Do you need to 
run 'sa-update'?
config: no rules were found!  Do you need to run 'sa-update'?

Sure enough /var/lib/spamassassin/3.004002/updates_spamassassin_org is empty.

/usr/local/bin/curl -s -L -O --remote-time -g --max-redirs 2 --connect-timeout 
30 --max-time 300 --fail -o MIRRORED.BY -- 
http://spamassassin.apache.org/updates/MIRRORED.BY 
<http://spamassassin.apache.org/updates/MIRRORED.BY>

This is what appears to have failed.  It didn't download anything.

superchicken:root# host spamassassin.apache.org
spamassassin.apache.org has address 95.216.24.32
spamassassin.apache.org has address 40.79.78.1
spamassassin.apache.org has IPv6 address 2a01:4f9:2a:185f::2
spamassassin.apache.org mail is handled by 10 mx1-lw-eu.apache.org.
spamassassin.apache.org mail is handled by 10 mx1-lw-us.apache.org.
superchicken:root#

The issue is with the mirror at 95.216.24.32 - it's returning a 404 for the 
file.  If you go to 

http://95.216.24.32/updates/MIRRORED.BY 
<http://95.216.24.32/updates/MIRRORED.BY>

you get a not found.

I copied the MIRRORED.BY file from the 3.004001 directory then re-ran 
sa-update.  It pulled down rules and I'm in business.

Kevin, thanks for the patch.  It works.  Sorry for the extra noise and perhaps 
we need to do something about that broken mirror?

--James

> On Sep 17, 2018, at 10:17 PM, Bill Cole  wrote:
> 
> On 17 Sep 2018, at 22:03 (-0400), Kevin A. McGrail wrote:
> 
>> Interesting I think Bill added that code.
> 
> Nope. From svn:
> 
> 3042  mmartinec   810883  die sprintf("child process [%s] exited or 
> timed out ".
> 3043  "without signaling production of a PID 
> file: %s",
> 3044  $pid, exit_status_str($child_stat,0)) 
> unless $serverstarted;
> 
>> 
>> On 9/17/2018 9:16 PM, James Hsieh wrote:
>>> This does help things to build.  I can build successfully.  I now have a 
>>> problem where spamd seems to be jumping out of the startup wait loop.
>>> 
>>> I keep hitting this code:
>>> 
>>>die sprintf("child process [%s] exited or timed out ".
>>>"without signaling production of a PID file: %s",
>>>$pid, exit_status_str($child_stat,0)) unless $serverstarted;
>>> 
>>> However, there's no waiting for things to start.  I'm investigating this 
>>> now.
>>> 
>>> --James
>>> 
>>>> On Sep 17, 2018, at 4:53 PM, Kevin A. McGrail  wrote:
>>>> 
>>>> This patch was added for windows.  Does it help you?  It switches to 
>>>> errno.h
>>>> 
>>>> --- getopt.c2018-09-13 21:27:52.0 -0400
>>>> +++ ../../3.4/spamc/getopt.c2018-09-17 07:12:38.758722882 -0400
>>>> @@ -21,7 +21,7 @@
>>>> #include 
>>>> #include 
>>>> #include 
>>>> -#include 
>>>> +#include 
>>>> #include "getopt.h"
>>>> 
>>>> #ifdef WIN32
>>>> @@ -246,7 +246,8 @@
>>>>   if((bp = strchr(longopt, '='))) {
>>>>  opt = strdup(bp+1);
>>>>  if (opt == NULL) {
>>>> -err(1, NULL);
>>>> +fprintf(stderr, "%s: %s\n", argv[0], strerror(errno));
>>>> +exit(1);
>>>>  }
>>>>  longoptlen -= strlen(bp);
>>>>   }
>>>> 
>>>> On 9/17/2018 4:37 PM, James Hsieh wrote:
>>>>> So this isn't a complaint.  I think the SA team has done a great job 
>>>>> getting this release out and yes, it works fine for me under Linux.
>>>>> 
>>>>> However, any creative ways for getting around the fact that err.h is now 
>>>>> part of spamc/getopt.c?  This breaks older OSes (which admittedly I 
>>>>> probably shouldn't care about or use anymore) such as Solaris 10.  For a 
>>>>> double dot release, this seems a bit unfortunate though I agree, really 
>>>>> need to get this system on to something more modern.
>>>>> 
>>>>> make -f spamc/Makefile spamc/spamc
>>>>> /usr/local/bin/gcc  -g spamc/spamc.c spamc/getopt.c spamc/libspamc.c 
>>>>> spamc/utils.c \
>>>>>   -o spamc/spamc -L/usr/lib -L/usr/ccs/lib 
>>>>> -L/o

Re: SpamAssassin 3.4.2. - err.h requirement

2018-09-17 Thread Kevin A. McGrail 
Interesting I think Bill added that code.

On 9/17/2018 9:16 PM, James Hsieh wrote:
> This does help things to build.  I can build successfully.  I now have a 
> problem where spamd seems to be jumping out of the startup wait loop.
>
> I keep hitting this code:
>
> die sprintf("child process [%s] exited or timed out ".
> "without signaling production of a PID file: %s",
> $pid, exit_status_str($child_stat,0)) unless $serverstarted;
>
> However, there's no waiting for things to start.  I'm investigating this now.
>
> --James
>
>> On Sep 17, 2018, at 4:53 PM, Kevin A. McGrail  wrote:
>>
>> This patch was added for windows.  Does it help you?  It switches to errno.h
>>
>> --- getopt.c2018-09-13 21:27:52.0 -0400
>> +++ ../../3.4/spamc/getopt.c2018-09-17 07:12:38.758722882 -0400
>> @@ -21,7 +21,7 @@
>>  #include 
>>  #include 
>>  #include 
>> -#include 
>> +#include 
>>  #include "getopt.h"
>>  
>>  #ifdef WIN32
>> @@ -246,7 +246,8 @@
>>if((bp = strchr(longopt, '='))) {
>>   opt = strdup(bp+1);
>>   if (opt == NULL) {
>> -err(1, NULL);
>> +fprintf(stderr, "%s: %s\n", argv[0], strerror(errno));
>> +exit(1);
>>   } 
>>   longoptlen -= strlen(bp);
>>}
>>
>> On 9/17/2018 4:37 PM, James Hsieh wrote:
>>> So this isn't a complaint.  I think the SA team has done a great job 
>>> getting this release out and yes, it works fine for me under Linux.
>>>
>>> However, any creative ways for getting around the fact that err.h is now 
>>> part of spamc/getopt.c?  This breaks older OSes (which admittedly I 
>>> probably shouldn't care about or use anymore) such as Solaris 10.  For a 
>>> double dot release, this seems a bit unfortunate though I agree, really 
>>> need to get this system on to something more modern.
>>>
>>> make -f spamc/Makefile spamc/spamc
>>> /usr/local/bin/gcc  -g spamc/spamc.c spamc/getopt.c spamc/libspamc.c 
>>> spamc/utils.c \
>>>-o spamc/spamc -L/usr/lib -L/usr/ccs/lib 
>>> -L/opt/solarisstudio12.3/prod/lib/sparc -L/opt/solarisstudio12.3/prod/lib 
>>> -L/lib -L/usr/local/lib  -ldl -lz -lnsl -lsocket
>>> spamc/getopt.c:24:17: fatal error: err.h: No such file or directory
>>> compilation terminated.
>>> *** Error code 1
>>> make: Fatal error: Command failed for target `spamc/spamc'
>>> Current working directory /export/src/Mail-SpamAssassin-3.4.2
>>> *** Error code 1
>>> make: Fatal error: Command failed for target `spamc/spamc'
>>>
>>> --James
>>>
>> -- 
>> Kevin A. McGrail
>> VP Fundraising, Apache Software Foundation
>> Chair Emeritus Apache SpamAssassin Project
>> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>>

-- 
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: SpamAssassin 3.4.2. - err.h requirement

2018-09-17 Thread James Hsieh 
This does help things to build.  I can build successfully.  I now have a 
problem where spamd seems to be jumping out of the startup wait loop.

I keep hitting this code:

die sprintf("child process [%s] exited or timed out ".
"without signaling production of a PID file: %s",
$pid, exit_status_str($child_stat,0)) unless $serverstarted;

However, there's no waiting for things to start.  I'm investigating this now.

--James

> On Sep 17, 2018, at 4:53 PM, Kevin A. McGrail  wrote:
> 
> This patch was added for windows.  Does it help you?  It switches to errno.h
> 
> --- getopt.c2018-09-13 21:27:52.0 -0400
> +++ ../../3.4/spamc/getopt.c2018-09-17 07:12:38.758722882 -0400
> @@ -21,7 +21,7 @@
>  #include 
>  #include 
>  #include 
> -#include 
> +#include 
>  #include "getopt.h"
>  
>  #ifdef WIN32
> @@ -246,7 +246,8 @@
>if((bp = strchr(longopt, '='))) {
>   opt = strdup(bp+1);
>   if (opt == NULL) {
> -err(1, NULL);
> +fprintf(stderr, "%s: %s\n", argv[0], strerror(errno));
> +exit(1);
>   } 
>   longoptlen -= strlen(bp);
>}
> 
> On 9/17/2018 4:37 PM, James Hsieh wrote:
>> So this isn't a complaint.  I think the SA team has done a great job getting 
>> this release out and yes, it works fine for me under Linux.
>> 
>> However, any creative ways for getting around the fact that err.h is now 
>> part of spamc/getopt.c?  This breaks older OSes (which admittedly I probably 
>> shouldn't care about or use anymore) such as Solaris 10.  For a double dot 
>> release, this seems a bit unfortunate though I agree, really need to get 
>> this system on to something more modern.
>> 
>> make -f spamc/Makefile spamc/spamc
>> /usr/local/bin/gcc  -g spamc/spamc.c spamc/getopt.c spamc/libspamc.c 
>> spamc/utils.c \
>>-o spamc/spamc -L/usr/lib -L/usr/ccs/lib 
>> -L/opt/solarisstudio12.3/prod/lib/sparc -L/opt/solarisstudio12.3/prod/lib 
>> -L/lib -L/usr/local/lib  -ldl -lz -lnsl -lsocket
>> spamc/getopt.c:24:17: fatal error: err.h: No such file or directory
>> compilation terminated.
>> *** Error code 1
>> make: Fatal error: Command failed for target `spamc/spamc'
>> Current working directory /export/src/Mail-SpamAssassin-3.4.2
>> *** Error code 1
>> make: Fatal error: Command failed for target `spamc/spamc'
>> 
>> --James
>> 
> 
> -- 
> Kevin A. McGrail
> VP Fundraising, Apache Software Foundation
> Chair Emeritus Apache SpamAssassin Project
> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-17 Thread Ricky Gutierrez 
El El dom, sep. 16, 2018 a las 11:31 p. m., Reio Remma 
escribió:

>
> Download link @WeTransfer:
>
> https://we.tl/t-CbvKhwJoCA
>
> spamassassin-3.4.2-0.el7.x86_64.rpm
>
> Will be deleted on 24 September, 2018.
>
> Good luck,
> Reio


Thnk

>
> --
rickygm

http://gnuforever.homelinux.com

Re: SpamAssassin 3.4.2. - err.h requirement

2018-09-17 Thread Kevin A. McGrail 
This patch was added for windows.  Does it help you?  It switches to errno.h

--- getopt.c    2018-09-13 21:27:52.0 -0400
+++ ../../3.4/spamc/getopt.c    2018-09-17 07:12:38.758722882 -0400
@@ -21,7 +21,7 @@
 #include 
 #include 
 #include 
-#include 
+#include 
 #include "getopt.h"
 
 #ifdef WIN32
@@ -246,7 +246,8 @@
   if((bp = strchr(longopt, '='))) {
  opt = strdup(bp+1);
  if (opt == NULL) {
-    err(1, NULL);
+    fprintf(stderr, "%s: %s\n", argv[0], strerror(errno));
+    exit(1);
  } 
  longoptlen -= strlen(bp);
   }

On 9/17/2018 4:37 PM, James Hsieh wrote:
> So this isn't a complaint.  I think the SA team has done a great job getting 
> this release out and yes, it works fine for me under Linux.
>
> However, any creative ways for getting around the fact that err.h is now part 
> of spamc/getopt.c?  This breaks older OSes (which admittedly I probably 
> shouldn't care about or use anymore) such as Solaris 10.  For a double dot 
> release, this seems a bit unfortunate though I agree, really need to get this 
> system on to something more modern.
>
> make -f spamc/Makefile spamc/spamc
> /usr/local/bin/gcc  -g spamc/spamc.c spamc/getopt.c spamc/libspamc.c 
> spamc/utils.c \
> -o spamc/spamc -L/usr/lib -L/usr/ccs/lib 
> -L/opt/solarisstudio12.3/prod/lib/sparc -L/opt/solarisstudio12.3/prod/lib 
> -L/lib -L/usr/local/lib  -ldl -lz -lnsl -lsocket
> spamc/getopt.c:24:17: fatal error: err.h: No such file or directory
> compilation terminated.
> *** Error code 1
> make: Fatal error: Command failed for target `spamc/spamc'
> Current working directory /export/src/Mail-SpamAssassin-3.4.2
> *** Error code 1
> make: Fatal error: Command failed for target `spamc/spamc'
>
> --James
>

-- 
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

SpamAssassin 3.4.2. - err.h requirement

2018-09-17 Thread James Hsieh 
So this isn't a complaint.  I think the SA team has done a great job getting 
this release out and yes, it works fine for me under Linux.

However, any creative ways for getting around the fact that err.h is now part 
of spamc/getopt.c?  This breaks older OSes (which admittedly I probably 
shouldn't care about or use anymore) such as Solaris 10.  For a double dot 
release, this seems a bit unfortunate though I agree, really need to get this 
system on to something more modern.

make -f spamc/Makefile spamc/spamc
/usr/local/bin/gcc  -g spamc/spamc.c spamc/getopt.c spamc/libspamc.c 
spamc/utils.c \
-o spamc/spamc -L/usr/lib -L/usr/ccs/lib 
-L/opt/solarisstudio12.3/prod/lib/sparc -L/opt/solarisstudio12.3/prod/lib 
-L/lib -L/usr/local/lib  -ldl -lz -lnsl -lsocket
spamc/getopt.c:24:17: fatal error: err.h: No such file or directory
compilation terminated.
*** Error code 1
make: Fatal error: Command failed for target `spamc/spamc'
Current working directory /export/src/Mail-SpamAssassin-3.4.2
*** Error code 1
make: Fatal error: Command failed for target `spamc/spamc'

--James

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-17 Thread Kenneth Porter 
--On Monday, September 17, 2018 3:13 PM -0400 "Kevin A. McGrail" 
 wrote:



You can install the srpm and then in
/usr/src/RedHat you get various files like tar files and patches with a
spec file that says how to build it.


That path would be if you were building as root, which is not recommended. 
I suggest creating a user just for making RPMs. Switch to that user and run 
rpmdev-setuptree to set up your packaging environment under ~/rpmbuild.


Some initial help to get one started:

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-17 Thread Kenneth Porter 
--On Monday, September 17, 2018 3:13 PM -0400 "Kevin A. McGrail" 
 wrote:



You can install the srpm and then in
/usr/src/RedHat you get various files like tar files and patches with a
spec file that says how to build it.


That path would be if you were building as root, which is not recommended. 
I suggest creating a user just for making RPMs. Switch to that user and run 
rpmdev-setuptree to set up your packaging environment under ~/rpmbuild.


Some initial help to get one started:

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-17 Thread Dianne Skoll 
On Mon, 17 Sep 2018 15:22:48 -0400
"Kevin A. McGrail"  wrote:

[snip]

> Good to know. Did the Makefile.PL gracefully tell you that your
> Makemaker was too old?

It did indeed, which made the fix very simple.  Thanks for your hard work!

Regards,

Dianne.

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-17 Thread Kevin A. McGrail 
On 9/17/2018 3:05 PM, Dianne Skoll wrote:
> On Mon, 17 Sep 2018 13:22:32 -0400
> "Kevin A. McGrail"  wrote:
>
>> I'd be pretty shocked if you have to do very much to that src rpm for
>> 3.4.1 to get 3.4.2 working.
> I ran into one gotcha on (ancient) Debian 5; the version of
> ExtUtils::MakeMaker was too old.  Installing from CPAN did the trick.  I'd
> imagine something similar might happen on ancient Red Hat Enterprise Linux 5.
Good to know.  Did the Makefile.PL gracefully tell you that your
Makemaker was too old?

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-17 Thread Dianne Skoll 
On Mon, 17 Sep 2018 13:22:32 -0400
"Kevin A. McGrail"  wrote:

> I'd be pretty shocked if you have to do very much to that src rpm for
> 3.4.1 to get 3.4.2 working.

I ran into one gotcha on (ancient) Debian 5; the version of
ExtUtils::MakeMaker was too old.  Installing from CPAN did the trick.  I'd
imagine something similar might happen on ancient Red Hat Enterprise Linux 5.

Regards,

Dianne.

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-17 Thread Kevin A. McGrail 
Recommend you might take a look.  You can install the srpm and then in
/usr/src/RedHat you get various files like tar files and patches with a
spec file that says how to build it.  Some are complex, some are easy. 
Then you rpmbuild to make an RPM that you can install.

If you can do a batch file, you can likely use an rpm spec file.

Regards,
KAM

On 9/17/2018 1:58 PM, Amir Caspi wrote:
>> On Sep 17, 2018, at 11:22 AM, Kevin A. McGrail  wrote:
>>
>> I'd be pretty shocked if you have to do very much to that src rpm for
>> 3.4.1 to get 3.4.2 working. 
> Possibly if I knew what I was doing with src rpms, that would be the case. 
> ;-)  Hoping someone who knows a lot more than I do is already working on it...
>
> --- Amir
>

-- 
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-17 Thread Amir Caspi 
> On Sep 17, 2018, at 11:22 AM, Kevin A. McGrail  wrote:
> 
> I'd be pretty shocked if you have to do very much to that src rpm for
> 3.4.1 to get 3.4.2 working. 

Possibly if I knew what I was doing with src rpms, that would be the case. ;-)  
Hoping someone who knows a lot more than I do is already working on it...

--- Amir

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-17 Thread Kevin A. McGrail 
I'd be pretty shocked if you have to do very much to that src rpm for
3.4.1 to get 3.4.2 working. 

On 9/17/2018 1:19 PM, Amir Caspi wrote:
> Is there anyone so kind as to perhaps make an RPM for CentOS 5?  There are 
> still more than a few dinosaurs running that OS that can't upgrade but would 
> love to have SA.
>
> I could probably build it from the src rpm but I'm not an expert...
>
> Kevin Fenzi has a repo with 3.4.1 for CentOS 5 and 6, but I don't know if he 
> plans to update it with 3.4.2...
>
> Cheers.
>
> --- Amir
>
>> On Sep 16, 2018, at 11:30 PM, Reio Remma  wrote:
>>
>> On 17.09.2018 4:13, Ricky Gutierrez wrote:
>>> Reio hi, Could you please share the rpm o src for centOS?
>> Download link @WeTransfer:
>>
>> https://we.tl/t-CbvKhwJoCA
>>
>> spamassassin-3.4.2-0.el7.x86_64.rpm
>>
>> Will be deleted on 24 September, 2018.
>>
>> Good luck,
>> Reio


-- 
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-17 Thread Amir Caspi 
Is there anyone so kind as to perhaps make an RPM for CentOS 5?  There are 
still more than a few dinosaurs running that OS that can't upgrade but would 
love to have SA.

I could probably build it from the src rpm but I'm not an expert...

Kevin Fenzi has a repo with 3.4.1 for CentOS 5 and 6, but I don't know if he 
plans to update it with 3.4.2...

Cheers.

--- Amir

> On Sep 16, 2018, at 11:30 PM, Reio Remma  wrote:
> 
> On 17.09.2018 4:13, Ricky Gutierrez wrote:
>> Reio hi, Could you please share the rpm o src for centOS?
> 
> Download link @WeTransfer:
> 
> https://we.tl/t-CbvKhwJoCA
> 
> spamassassin-3.4.2-0.el7.x86_64.rpm
> 
> Will be deleted on 24 September, 2018.
> 
> Good luck,
> Reio

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-16 Thread Reio Remma 

On 17.09.2018 4:13, Ricky Gutierrez wrote:

Reio hi, Could you please share the rpm o src for centOS?


Download link @WeTransfer:

https://we.tl/t-CbvKhwJoCA

spamassassin-3.4.2-0.el7.x86_64.rpm

Will be deleted on 24 September, 2018.

Good luck,
Reio

Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781

2018-09-16 Thread Kevin A. McGrail 
Reindl,

I question whether I should bother rewarding your bad behavior and again
ask.you if you find your negative attitude gets you where you want to be in
life?  But for others, here are the facts and the policy.

"we see that you mentioned these CVE names public at

https://lists.apache.org/thread.html/a3dc4c9d2a942d550e834df8f423eedeb042fdb69f4a83df26f1446b@%3Cdev.spamassassin.apache.org%3E

Once names are mentioned in public it starts a clock and we usually have 24
hours to send the information to Mitre, see process at
https://apache.org/security/committers.html";

That was 4 days ago and we worked the process with ethical disclosures and
attention to good security hygiene.

Spend your energy elsewhere as I dnftec.

On Sun, Sep 16, 2018, 22:26 Reindl Harald  wrote:

>
>
> Am 17.09.18 um 02:44 schrieb Kevin A. McGrail:
> > Thanks for the post.  The bug is way out of line though.
> >
> > We posted release candidate 1 on the 12th noting the 4 CVE issues
> > coming.  I also backchanneled with RH as a heads up.  We do have a
> brain...
>
> no you don't or why is the httpd project capable to bring CVE details a
> few days *after* release anncouncement (besides that they manage
> regulary releases at all)
>
> what you do with that way of announcemnt is trigger pressure for no good
> reason
>

Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781

2018-09-16 Thread Kenneth Porter 

On 9/16/2018 5:44 PM, Kevin A. McGrail wrote:

Thanks for the post.  The bug is way out of line though.


Earlier bug that should probably be the one tracked:

https://bugzilla.redhat.com/show_bug.cgi?id=1629474

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-16 Thread Ricky Gutierrez 
Reio hi, Could you please share the rpm o src for centOS?

El El dom, sep. 16, 2018 a las 2:10 p. m., Reio Remma 
escribió:

>
>
> Wonderful, thank you all for your hard work!
>
> I encountered no problems at all when building a new RPM for CentOS 7.
>
> Thanks and good luck,
> Reio
>
-- 
rickygm

http://gnuforever.homelinux.com

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-16 Thread Chris 
On Sun, 2018-09-16 at 20:54 -0400, Kevin A. McGrail wrote:
> Please point them here if they need help.  It is a good drop in
> upgrade.

I would assume it being a security update they'd be on the ball. I'll
wait a few days before I ask about it. I could install via cpan but
would rather wait on the package since that's what was installed when I
did the 16.04->18.04 upgrade.
apt-cache policy spamassassinspamassassin:  Installed: 3.4.1-8build1 
Candidate: 3.4.1-8build1Version table: *** 3.4.1-8build1 500500
http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
> On Sun, Sep 16, 2018, 20:45 Chris  wrote:
> > On Sun, 2018-09-16 at 11:03 -0400, Kevin A. McGrail wrote:
> > 
> > > Good Morning,
> > 
> > > 
> > 
> > > On behalf of the Apache SpamAssassin Project Management
> > Committee, I
> > 
> > > am
> > 
> > > very pleased to announce the release of Apache SpamAssassin
> > v3.4.2. 
> > 
> > > This release contains security bug fixes.  A security
> > announcement
> > 
> > > will
> > 
> > > follow within the next 24 hours.
> > 
> > > 
> > 
> > > Apache SpamAssassin can be downloaded from
> > 
> > > https://spamassassin.apache.org/downloads.cgi and via cpan
> > 
> > > (Mail::SpamAssassin).
> > 
> > > 
> > 
> > I assume that once the Ubuntu folks get the security announcement
> > 
> > they'll build and release the 3.4.2 package?
> > 
> > 
> > 
> > > 
> > 
-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
20:02:34 up 1 day, 2:33, 2 users, load average: 0.99, 0.79, 0.87
Description:Ubuntu 18.04.1 LTS, kernel 4.15.0-34-generic


signature.asc
Description: This is a digitally signed message part

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-16 Thread Kevin A. McGrail 
Please point them here if they need help.  It is a good drop in upgrade.
On Sun, Sep 16, 2018, 20:45 Chris  wrote:

> On Sun, 2018-09-16 at 11:03 -0400, Kevin A. McGrail wrote:
> > Good Morning,
> >
> > On behalf of the Apache SpamAssassin Project Management Committee, I
> > am
> > very pleased to announce the release of Apache SpamAssassin v3.4.2.
> > This release contains security bug fixes.  A security announcement
> > will
> > follow within the next 24 hours.
> >
> > Apache SpamAssassin can be downloaded from
> > https://spamassassin.apache.org/downloads.cgi and via cpan
> > (Mail::SpamAssassin).
> >
> I assume that once the Ubuntu folks get the security announcement
> they'll build and release the 3.4.2 package?
>
> >
> --
> Chris
> KeyID 0xE372A7DA98E6705C
> 31.11972; -97.90167 (Elev. 1092 ft)
> 19:44:06 up 1 day, 2:14, 2 users, load average: 0.89, 1.11, 1.00
> Description:Ubuntu 18.04.1 LTS, kernel 4.15.0-34-generic
>

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-16 Thread Chris 
On Sun, 2018-09-16 at 11:03 -0400, Kevin A. McGrail wrote:
> Good Morning,
> 
> On behalf of the Apache SpamAssassin Project Management Committee, I
> am
> very pleased to announce the release of Apache SpamAssassin v3.4.2. 
> This release contains security bug fixes.  A security announcement
> will
> follow within the next 24 hours.
> 
> Apache SpamAssassin can be downloaded from
> https://spamassassin.apache.org/downloads.cgi and via cpan
> (Mail::SpamAssassin).
> 
I assume that once the Ubuntu folks get the security announcement
they'll build and release the 3.4.2 package?

> 
-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
19:44:06 up 1 day, 2:14, 2 users, load average: 0.89, 1.11, 1.00
Description:Ubuntu 18.04.1 LTS, kernel 4.15.0-34-generic


signature.asc
Description: This is a digitally signed message part

Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781

2018-09-16 Thread Kevin A. McGrail 
Thanks for the post.  The bug is way out of line though.

We posted release candidate 1 on the 12th noting the 4 CVE issues coming.
I also backchanneled with RH as a heads up.  We do have a brain...

I have 3.4.2 installed on centos 7 and it was drop-in other than the redhat
specific paths, systemd, config locations, etc.

Hopefully they will push the new version.  A backport is not going to be
easy.

On Sun, Sep 16, 2018, 19:34 Kenneth Porter  wrote:

> Here's the Red Hat Bugzilla bug requesting a new package for Fedora/RHEL
> be issued ASAP:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1629491
>
> Once the official package drops, you should be able to download the SRPM
> here:
>
>
> https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/SRPMS/Packages/s/
>
> The 3.4.1 package is there as I type this, and I see it has a lot of
> patches marked 3.4.1. So it's probably not as easy as just dropping the
> 3.4.2 tarball into it.
>
>

Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781

2018-09-16 Thread Kenneth Porter 
Here's the Red Hat Bugzilla bug requesting a new package for Fedora/RHEL 
be issued ASAP:


https://bugzilla.redhat.com/show_bug.cgi?id=1629491

Once the official package drops, you should be able to download the SRPM 
here:


https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/SRPMS/Packages/s/

The 3.4.1 package is there as I type this, and I see it has a lot of 
patches marked 3.4.1. So it's probably not as easy as just dropping the 
3.4.2 tarball into it.

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-16 Thread Ricky Gutierrez 
Thank you for gr8 software.

El El dom, sep. 16, 2018 a las 9:03 a. m., Kevin A. McGrail <
kmcgr...@apache.org> escribió:

> Good Morning,
>
> On behalf of the Apache SpamAssassin Project Management Committee, I am
> very pleased to announce the release of Apache SpamAssassin v3.4.2.
> This release contains security bug fixes.  A security announcement will
> follow within the next 24 hours.
>
> Apache SpamAssassin can be downloaded from
> https://spamassassin.apache.org/downloads.cgi and via cpan
> (Mail::SpamAssassin).
>
> Our project website is https://spamassassin.apache.org/
>
> Our DOAP is available at https://spamassassin.apache.org/doap.rdf
>
> Questions?  Please post on our Users mailing list.  More information on
> joining our mailing lists is available at
> https://wiki.apache.org/spamassassin/MailingLists
>
> -KAM
>
>
> Release Notes -- Apache SpamAssassin -- Version 3.4.2
>
> Introduction
> 
>
> Apache SpamAssassin 3.4.2 contains numerous tweaks and bug fixes over the
> past three and 1/2 years.  As we release 3.4.2, we are preparing 4.0.0
> which
> will move us into a full UTF-8 environment.  We expect one final 3.4.3
> release.
>
> As with any release there are a number of functional patches,
> improvements as
> well as security reasons to upgrade to 3.4.2.  In this case we have over 3
> years of issues being resolved at once.  And we are laying thr
> groundwork for
> version 4.0 which is is designed to more natively handle UTF-8.
>
> However, there is one specific pressing reason to upgrade.
> Specifically, we
> will stop producing SHA-1 signatures for rule updates.  This means that
> while
> we produce rule updates with the focus on them working for any release from
> v3.3.2 forward, they will start failing SHA-1 validation for sa-update.
>
> *** If you do not update to 3.4.2, you will be stuck at the last ruleset
> with SHA-1 signatures in the near future. ***
>
> Many thanks to the committers, contributors, rule testers, mass checkers,
> and code testers who have made this release possible.
>
> Thanks to David Jones for stepping up and helping us found our SpamAssassin
> SysAdmin's group.
>
> And thanks to cPanel for helping making this release possible and
> contributing
> to the continued development of SpamAssassin.  Please visit
> support.cpanel.net
> with any issues involving cPanel & WHM's integration with SpamAssassin.
>
> Notable features:
> =
>
> New plugins
> ---
> There are four new plugins added with this release:
>
>   Mail::SpamAssassin::Plugin::HashBL
>
> The HashBL plugin is the interface to The Email Blocklist (EBL).
> The EBL is intended to filter spam that is sent from IP addresses
> and domains that cannot be blocked without causing significant
> numbers of false positives.
>
>   Mail::SpamAssassin::Plugin::ResourceLimits
>
> This plugin leverages BSD::Resource to assure your spamd child processes
> do not exceed specified CPU or memory limit. If this happens, the child
> process will die. See the BSD::Resource for more details.
>
>   Mail::SpamAssassin::Plugin::FromNameSpoof
>
> This plugin allows for detection of the From:name field being used to
> mislead
> recipients into thinking an email is from another address.  The man page
> includes examples and we expect to put test rules for this plugin into
> rulesrc soon!
>
>   Mail::SpamAssassin::Plugin::Phishing
>
> This plugin finds uris used in phishing campaigns detected by
> OpenPhish (https://openphish.com) or PhishTank (https://phishtank.com)
> feeds.
>
> These plugins are disabled by default. To enable, uncomment
> the loadplugin configuration options in file v342.pre, or add it to
> some local .pre file such as local.pre .
>
> Notable changes
> ---
>
> For security reasons SSLv3 support has been removed from spamc(1).
>
> The spamd(1) daemon now is faster to start, thanks to code optimizations.
>
> Four CVE security bug fixes are included in this release for PDFInfo.pm and
> the SA core:
>  CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781
>
> In sa-update script, optional support for SHA-256 / SHA-512 in addition
> to or instead of SHA1 has been added for better validation of rules.
> See https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7614 for
> information
> on the end of SHA-1 signatures which will be the end of rule updates for
> releases prior to 3.4.2.
>
> Security updates include security improvements for TxRep, tmp file creation
> was hardened, the group list and setuid is hardened for spamd workers,
> eval tests have been hardened (Thanks to the cPane

Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781

2018-09-16 Thread Kevin A. McGrail 
Per the asf security team, mitre considers the public rc1 from a few days
ago as the start of the clock for the publishing so we were already way
past the 24 hour windiw.

Hopefully, the announcements and reports are obfuscated and bugzilla ia
private so it'll be contained.

On Sun, Sep 16, 2018, 16:59 Reindl Harald  wrote:

> i doubt that it is wiese to blwo out security notes *that short* after
> release and *that long* after the last release
>
> Am 16.09.18 um 18:59 schrieb Kevin A. McGrail:
> > Apache SpamAssassin 3.4.2 was recently released [1], and fixes several
> > issues of security note.
> >
> > First, a denial of service vulnerability that exists in all modern
> versions.
> >
> > The vulnerability arises with certain unclosed tags in emails that cause
> > markup to be handled incorrectly leading to scan timeouts.
> >
> > In Apache SpamAssassin, using HTML::Parser, we setup an object and hook
> > into the begin and end tag event handlers  In both cases, the "open"
> > event is immediately followed by a "close" event - even if the tag *does
> > not* close in the HTML being parsed.
> >
> > Because of this, we are missing the "text" event to deal with the object
> > normally.  This can cause carefully crafted emails that might take more
> > scan time than expected leading to a Denial of Service.
> >
> > The issue is possibly a bug or design decision in HTML::Parser that
> > specifically impacts the way Apache SpamAssassin uses the module with
> > poorly formed html.
> >
> > The exploit has been seen in the wild but not believe to have been
> > purposefully part of a Denial of Service attempt.  We are concerned that
> > there may be attempts to abuse the vulnerability in the future.
> > Therefore, we strongly recommend all users of these versions upgrade to
> > Apache SpamAssassin 3.4.2 as soon as possible.
> >
> > This issue has been assigned CVE id CVE-2017-15705 [2].
> >
> >
> > Second, this release also fixes a reliance on "." in @INC in one
> > configuration script.  Whether this can be exploited in any way is
> > uncertain.
> >
> > This issue has been assigned CVE id CVE-2016-1238 [3].
> >
> >
> > Third, this release fixes a potential Remote Code Execution bug with the
> > PDFInfo plugin.  Thanks to cPanel Security Team for their report of this
> > issue.
> >
> > This issue has been assigned CVE id CVE-2018-11780 [4].
> >
> >
> > Fourth, this release fixes a local user code injection in the meta rule
> > syntax. Thanks again to cPanel Security Team for their report of this
> issue.
> >
> > This issue has been assigned CVE id CVE-2018-11781 [5].
> >
> >
> > To contact the Apache SpamAssassin security team, please e-mail
> > security at spamassassin.apache.org.  For more information about Apache
> > SpamAssassin, visit the http://spamassassin.apache.org/ web site.
> >
> > Apache SpamAssassin Security Team
> >
> > [1]:
> >
> https://lists.apache.org/thread.html/1ac11532235b5459aa16c4e9d636bf4aa0b141d347d1361e40cc1b78@%3Cannounce.apache.org%3E
> >
> > [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15705
> >
> > [3]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1238
> >
> > [4]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11780
> >
> > [5]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11781
>

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-16 Thread Reio Remma 

On 16.09.2018 18:03, Kevin A. McGrail wrote:

Good Morning,

On behalf of the Apache SpamAssassin Project Management Committee, I am
very pleased to announce the release of Apache SpamAssassin v3.4.2.
This release contains security bug fixes.  A security announcement will
follow within the next 24 hours.



Wonderful, thank you all for your hard work!

I encountered no problems at all when building a new RPM for CentOS 7.

Thanks and good luck,
Reio

[SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781

2018-09-16 Thread Kevin A. McGrail 
Apache SpamAssassin 3.4.2 was recently released [1], and fixes several
issues of security note.

First, a denial of service vulnerability that exists in all modern versions.

The vulnerability arises with certain unclosed tags in emails that cause
markup to be handled incorrectly leading to scan timeouts.

In Apache SpamAssassin, using HTML::Parser, we setup an object and hook
into the begin and end tag event handlers  In both cases, the "open"
event is immediately followed by a "close" event - even if the tag *does
not* close in the HTML being parsed.

Because of this, we are missing the "text" event to deal with the object
normally.  This can cause carefully crafted emails that might take more
scan time than expected leading to a Denial of Service.

The issue is possibly a bug or design decision in HTML::Parser that
specifically impacts the way Apache SpamAssassin uses the module with
poorly formed html.

The exploit has been seen in the wild but not believe to have been
purposefully part of a Denial of Service attempt.  We are concerned that
there may be attempts to abuse the vulnerability in the future. 
Therefore, we strongly recommend all users of these versions upgrade to
Apache SpamAssassin 3.4.2 as soon as possible.

This issue has been assigned CVE id CVE-2017-15705 [2].


Second, this release also fixes a reliance on "." in @INC in one
configuration script.  Whether this can be exploited in any way is
uncertain.

This issue has been assigned CVE id CVE-2016-1238 [3].


Third, this release fixes a potential Remote Code Execution bug with the
PDFInfo plugin.  Thanks to cPanel Security Team for their report of this
issue.

This issue has been assigned CVE id CVE-2018-11780 [4].


Fourth, this release fixes a local user code injection in the meta rule
syntax. Thanks again to cPanel Security Team for their report of this issue.

This issue has been assigned CVE id CVE-2018-11781 [5].


To contact the Apache SpamAssassin security team, please e-mail
security at spamassassin.apache.org.  For more information about Apache
SpamAssassin, visit the http://spamassassin.apache.org/ web site.

Apache SpamAssassin Security Team

[1]:
https://lists.apache.org/thread.html/1ac11532235b5459aa16c4e9d636bf4aa0b141d347d1361e40cc1b78@%3Cannounce.apache.org%3E

[2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15705

[3]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1238

[4]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11780

[5]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11781

-- 
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

[ANNOUNCE] Apache SpamAssassin 3.4.2 available

2018-09-16 Thread Kevin A. McGrail 
Good Morning,

On behalf of the Apache SpamAssassin Project Management Committee, I am
very pleased to announce the release of Apache SpamAssassin v3.4.2. 
This release contains security bug fixes.  A security announcement will
follow within the next 24 hours.

Apache SpamAssassin can be downloaded from
https://spamassassin.apache.org/downloads.cgi and via cpan
(Mail::SpamAssassin).

Our project website is https://spamassassin.apache.org/

Our DOAP is available at https://spamassassin.apache.org/doap.rdf

Questions?  Please post on our Users mailing list.  More information on
joining our mailing lists is available at
https://wiki.apache.org/spamassassin/MailingLists

-KAM


Release Notes -- Apache SpamAssassin -- Version 3.4.2

Introduction


Apache SpamAssassin 3.4.2 contains numerous tweaks and bug fixes over the
past three and 1/2 years.  As we release 3.4.2, we are preparing 4.0.0
which
will move us into a full UTF-8 environment.  We expect one final 3.4.3
release.

As with any release there are a number of functional patches,
improvements as
well as security reasons to upgrade to 3.4.2.  In this case we have over 3
years of issues being resolved at once.  And we are laying thr
groundwork for
version 4.0 which is is designed to more natively handle UTF-8.

However, there is one specific pressing reason to upgrade. 
Specifically, we
will stop producing SHA-1 signatures for rule updates.  This means that
while
we produce rule updates with the focus on them working for any release from
v3.3.2 forward, they will start failing SHA-1 validation for sa-update. 

*** If you do not update to 3.4.2, you will be stuck at the last ruleset
    with SHA-1 signatures in the near future. ***

Many thanks to the committers, contributors, rule testers, mass checkers,
and code testers who have made this release possible. 

Thanks to David Jones for stepping up and helping us found our SpamAssassin
SysAdmin's group. 

And thanks to cPanel for helping making this release possible and
contributing
to the continued development of SpamAssassin.  Please visit
support.cpanel.net
with any issues involving cPanel & WHM's integration with SpamAssassin.

Notable features:
=

New plugins
---
There are four new plugins added with this release:

  Mail::SpamAssassin::Plugin::HashBL

The HashBL plugin is the interface to The Email Blocklist (EBL).
The EBL is intended to filter spam that is sent from IP addresses
and domains that cannot be blocked without causing significant
numbers of false positives.

  Mail::SpamAssassin::Plugin::ResourceLimits

This plugin leverages BSD::Resource to assure your spamd child processes
do not exceed specified CPU or memory limit. If this happens, the child
process will die. See the BSD::Resource for more details.

  Mail::SpamAssassin::Plugin::FromNameSpoof

This plugin allows for detection of the From:name field being used to
mislead
recipients into thinking an email is from another address.  The man page
includes examples and we expect to put test rules for this plugin into
rulesrc soon!

  Mail::SpamAssassin::Plugin::Phishing

This plugin finds uris used in phishing campaigns detected by
OpenPhish (https://openphish.com) or PhishTank (https://phishtank.com)
feeds.

These plugins are disabled by default. To enable, uncomment
the loadplugin configuration options in file v342.pre, or add it to
some local .pre file such as local.pre .

Notable changes
---

For security reasons SSLv3 support has been removed from spamc(1).

The spamd(1) daemon now is faster to start, thanks to code optimizations.

Four CVE security bug fixes are included in this release for PDFInfo.pm and
the SA core:
 CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781

In sa-update script, optional support for SHA-256 / SHA-512 in addition
to or instead of SHA1 has been added for better validation of rules.
See https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7614 for information
on the end of SHA-1 signatures which will be the end of rule updates for
releases prior to 3.4.2.

Security updates include security improvements for TxRep, tmp file creation
was hardened, the group list and setuid is hardened for spamd workers,
eval tests have been hardened (Thanks to the cPanel Security Team!),
a bug in earlier Perl versions that caused URIs to be skipped has been
identified, and UTF-16 support is improved.

GeoIP2 support has been added to RelayCountry and URILocalBL plugins due
to GeoIP legacy API deprecations.

New configuration options
-

A new template tag _DKIMSELECTOR_ that maps to the DKIM selector (the
's' tag)
from valid signatures has been added.

A 'uri_block_cont' option to URILocalBL plugin to score uris per
continent has been added.
Possible continent codes are:
af, as, eu, na, oc, sa for Africa, Asia, Europe, North America,
Oceania and South America.

The 'country_db_type' and 'country_db

Apache SpamAssassin 3.4.2 Release Candidate 1 is available

2018-09-08 Thread Kevin A. McGrail 
Hello all,

The Apache SpamAssassin 3.4.2 release candidate 1 files are available at
http://talon2.pccc.com/~kmcgrail/devel/

The Project Management Committee believes these are release worthy and
invites you to give feedback to prepare a full release in the imminent
future.

The Release Notes as they stand today are included below.

Regards,
KAM


Release Notes -- Apache SpamAssassin -- Version 3.4.2

Introduction


Apache SpamAssassin 3.4.2 contains numerous tweaks and bug fixes over the
past three and 1/2 years.  As we release 3.4.2, we are preparing 4.0.0
which
will move us into a full UTF-8 environment.  We expect one final 3.4.3
release.

As with any release there are a number of functional patches,
improvements as
well as security reasons to upgrade to 3.4.2.  In this case we have over 3
years of issues being resolved at once.  And we are laying thr
groundwork for
version 4.0 which is is designed to more natively handle UTF-8.

However, there is one specific pressing reason to upgrade. 
Specifically, we
will stop producing SHA-1 signatures for rule updates.  This means that
while
we produce rule updates with the focus on them working for any release from
v3.3.2 forward, they will start failing SHA-1 validation for sa-update.  

*** If you do not update to 3.4.2, you will be stuck at the last ruleset
    with SHA-1 signatures in the near future. ***

Many thanks to the committers, contributors, rule testers, mass checkers,
and code testers who have made this release possible.  

Thanks to David Jones for stepping up and helping us found our SpamAssassin
SysAdmin's group.  

And thanks to cPanel for helping making this release possible and
contributing
to the continued development of SpamAssassin.  Please visit
support.cpanel.net
with any issues involving cPanel & WHM's integration with SpamAssassin.

Notable features:
=

New plugins
---
There are four new plugins added with this release:

  Mail::SpamAssassin::Plugin::HashBL

The HashBL plugin is the interface to The Email Blocklist (EBL).
The EBL is intended to filter spam that is sent from IP addresses
and domains that cannot be blocked without causing significant
numbers of false positives.

  Mail::SpamAssassin::Plugin::ResourceLimits

This plugin leverages BSD::Resource to assure your spamd child processes
do not exceed specified CPU or memory limit. If this happens, the child
process will die. See the BSD::Resource for more details.

  Mail::SpamAssassin::Plugin::FromNameSpoof

This plugin allows for detection of the From:name field being used to
mislead
recipients into thinking an email is from another address.  The man page
includes examples and we expect to put test rules for this plugin into
rulesrc soon!

  Mail::SpamAssassin::Plugin::Phishing

This plugin finds uris used in phishing campaigns detected by
OpenPhish (https://openphish.com) or PhishTank (https://phishtank.com)
feeds.

These plugins are disabled by default. To enable, uncomment
the loadplugin configuration options in file v342.pre, or add it to
some local .pre file such as local.pre .

Notable changes
---

For security reasons SSLv3 support has been removed from spamc(1).

The spamd(1) daemon now is faster to start, thanks to code optimizations.

Four CVE security bugs are included in this release for PDFInfo.pm and the
SA core:
 CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781

In sa-update script, optional support for SHA-256 / SHA-512 in addition
to or instead of SHA1 has been added for better validation of rules.
See https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7614 for information
on the end of SHA-1 signatures which will be the end of rule updates for
releases prior to 3.4.2.

Security updates include security improvements for TxRep, tmp file creation
was hardened, the group list and setuid is hardened for spamd workers,
eval tests have been hardened (Thanks to the cPanel Security Team!),
a bug in earlier Perl versions that caused URIs to be skipped has been
identified, and UTF-16 support is improved.

GeoIP2 support has been added to RelayCountry and URILocalBL plugins due
to GeoIP legacy API deprecations.

New configuration options
-

A new template tag _DKIMSELECTOR_ that maps to the DKIM selector (the
's' tag)
from valid signatures has been added.

A 'uri_block_cont' option to URILocalBL plugin to score uris per
continent has been added.
Possible continent codes are:
af, as, eu, na, oc, sa for Africa, Asia, Europe, North America,
Oceania and South America.

The 'country_db_type' and 'country_db_path' options has been added to be
able
to choose in RelayCountry plugin between GeoIP legacy
(discontinued from 04/01/2018), GeoIP2, IP::Country::Fast
and IP::Country::DB_File.
GeoIP legacy is still the default option but it will be deprecated
in future releases.

A config option 'uri_country_db_path' has been adde

Re: SpamAssassin 3.4.2.

2018-04-17 Thread John Hardin 

On Tue, 17 Apr 2018, David Jones wrote:

Fedora is way too unstable to use for a server that you want to keep around 
for years.


Accepted in general, not necessarily for SA. We're only talking about the 
Fedora SA packages.


There is so much tweaking and customization to setting up a mail 
filtering server, that would be tough to maintain on Fedora unless you do a 
vanilla install of everything and stop in which case you aren't going to get 
very good results in the mail filtering accuracy.


w/r/t SA, how does RHEL/CentOS differ? In either case you get the SA app + 
the current base rules (after the initial sa-update) + an empty Bayes DB. 
You then have to administer it.


I didn't see the recompiled Fedora RPM installing any customized rules. 
Did I miss something?



As I see it we have some options:

(1) on the SA wiki publish instructions for RHEL and Centos describing how 
to download the Fedora SA SRPM and recompile it for RHEL and Centos.


(2) on the SA wiki publish a reference to a dedicated SA repo like what 
Kevin Fenzi set up, assuming it's being kept current, as Amir suggests.


(3) provide "official" RPMs (and/or other packaged installs).

I suspect (3) is not practical unless we get some volunteers who are 
strongly familiar with the various distros and are willing to do package 
management.


Any others?

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Our government should bear in mind the fact that the American
  Revolution was touched off by the then-current government
  attempting to confiscate firearms from the people.
---
 2 days until the 243rd anniversary of The Shot Heard 'Round The World

Re: SpamAssassin 3.4.2.

2018-04-17 Thread Amir Caspi 
On Apr 17, 2018, at 4:23 PM, Bill Cole 
 wrote:
> 
> At my last job where there were supported RHEL machines, I asked a RH support 
> person a similar question regarding Postfix and got the answer: "If you want 
> Fedora, you know where to get it."

I'd personally prefer using one of the 3rd-party repos like RPMforge, or a 
dedicated SA-only repo like what Kevin Fenzi set up a few years ago (current to 
3.4.1, BTW).  The benefit of these is that they are specifically matched to 
RHEL/CentOS release version and architecture.  Figuring out which version of 
Fedora corresponds to the correct RHEL/CentOS release may not be intuitive for 
everyone.

Having a dedicated SA repo would be particularly useful if SA would be willing 
to support older (EOL'd) OSs like RHEL/CentOS 5/6.

Could the rule updates server and/or SVN server also serve as a yum repo?  Then 
SA could provide up-to-date packages (including nightly builds) for all OSs 
where upstream remains fixed, like RH.

Cheers.

--- Amir

Re: SpamAssassin 3.4.2.

2018-04-17 Thread David Jones 

On 04/17/2018 05:19 PM, Bill Cole wrote:

On 17 Apr 2018, at 16:54, John Hardin wrote:


On Tue, 17 Apr 2018, David Jones wrote:


On 04/17/2018 03:29 PM, Kevin A. McGrail wrote:

Dave, why would it go into EPEL?  SpamAssassin is a core RPM.


I will be updating my main SA platform servers to CentOS 7 this 
summer so this should be good timing to get SA 3.4.2 from the core 
repo update.  :)


RHEL 7 / CentOS 7 core is still on SA 3.4.0 - I had to manually roll 
my own SA 3.4.1 RPMs from Fedora SRPMs.


Anybody here from RH that can commit to packaging SA 3.4.2 for a RHEL 
7 core update or explain why it's behind?


It's a Red Hat long-standing stability policy. They backport security 
and some bugfix patches (which is why they have a version '3.4.0-2' RPM) 
but they do not generally import any upstream version updates that have 
any potential backward compatibility risk at all except at major EL 
version releases. So EL7 systems will never get anything but a patched 
3.4.0.




They won't go to 3.5 or 4.0 for sure and they do backport security 
patches in the dash versions but I would think they would do minor 
(third dot point) updates from 3.4.0 to 3.4.1.  Well if they don't then 
I guess we can find someone to help with the RPM building and put it 
somewhere that we can refer to on the wiki or on this list when people ask.


If you want to track current releases of software on something like 
RHEL, use Fedora.


Fedora is way too unstable to use for a server that you want to keep 
around for years.  There is so much tweaking and customization to 
setting up a mail filtering server, that would be tough to maintain on 
Fedora unless you do a vanilla install of everything and stop in which 
case you aren't going to get very good results in the mail filtering 
accuracy.


--
David Jones

Re: SpamAssassin 3.4.2.

2018-04-17 Thread Bill Cole 

On 17 Apr 2018, at 18:13, David Jones wrote:


 Why hasn't the packaging in RHEL/CentOS been updated to 3.4.1?


At my last job where there were supported RHEL machines, I asked a RH 
support person a similar question regarding Postfix and got the answer: 
"If you want Fedora, you know where to get it."

Re: SpamAssassin 3.4.2.

2018-04-17 Thread Bill Cole 

On 17 Apr 2018, at 16:54, John Hardin wrote:


On Tue, 17 Apr 2018, David Jones wrote:


On 04/17/2018 03:29 PM, Kevin A. McGrail wrote:

Dave, why would it go into EPEL?  SpamAssassin is a core RPM.


I will be updating my main SA platform servers to CentOS 7 this 
summer so this should be good timing to get SA 3.4.2 from the core 
repo update.  :)


RHEL 7 / CentOS 7 core is still on SA 3.4.0 - I had to manually roll 
my own SA 3.4.1 RPMs from Fedora SRPMs.


Anybody here from RH that can commit to packaging SA 3.4.2 for a RHEL 
7 core update or explain why it's behind?


It's a Red Hat long-standing stability policy. They backport security 
and some bugfix patches (which is why they have a version '3.4.0-2' RPM) 
but they do not generally import any upstream version updates that have 
any potential backward compatibility risk at all except at major EL 
version releases. So EL7 systems will never get anything but a patched 
3.4.0.


If you want to track current releases of software on something like 
RHEL, use Fedora.

Re: SpamAssassin 3.4.2.

2018-04-17 Thread David Jones 

On 04/17/2018 04:39 PM, Bill Cole wrote:

On 17 Apr 2018, at 16:38, David Jones wrote:


On 04/17/2018 03:29 PM, Kevin A. McGrail wrote:

Dave, why would it go into EPEL?  SpamAssassin is a core RPM.



Oh yeh.  I guess because it's been so long since we had an update and 
my main boxes are running CentOS/SL 6.9 that I forgot it was a core 
package.  The CentOS 5 and 6 boxes out there aren't going to get the 
new version unless it gets put in some other repo like EPEL or another 
third party since they are not getting any updates.


My understanding of EPEL policy is that its packages never replace the 
EL base packages.


It is often possible to install RPMs from the Fedora updates repos that 
are analogous to your EL/CentOS version.





You are correct.  When 3.4.2 is released soon, we (the SA team) should 
come up with an "official" way to install it on the wiki or something 
for all major OSes to promote upgrading.  Many currently supported and 
updated OSes would simply be handled by the core/primary packaging 
methods but there will be some older OSes that need to be handled 
differently.


This page is a bit outdated:
https://wiki.apache.org/spamassassin/UpgradingVersion

Even the latest versions of CentOS and RHEL 7 only have 3.4.0.  It 
should have 3.4.1 years ago and 3.4.2 in a couple of months.  Why hasn't 
the packaging in RHEL/CentOS been updated to 3.4.1?


--
David Jones

Re: SpamAssassin 3.4.2.

2018-04-17 Thread Bill Cole 

On 17 Apr 2018, at 16:38, David Jones wrote:


On 04/17/2018 03:29 PM, Kevin A. McGrail wrote:

Dave, why would it go into EPEL?  SpamAssassin is a core RPM.



Oh yeh.  I guess because it's been so long since we had an update and 
my main boxes are running CentOS/SL 6.9 that I forgot it was a core 
package.  The CentOS 5 and 6 boxes out there aren't going to get the 
new version unless it gets put in some other repo like EPEL or another 
third party since they are not getting any updates.


My understanding of EPEL policy is that its packages never replace the 
EL base packages.


It is often possible to install RPMs from the Fedora updates repos that 
are analogous to your EL/CentOS version.

Re: SpamAssassin 3.4.2.

2018-04-17 Thread John Hardin 

On Tue, 17 Apr 2018, David Jones wrote:


On 04/17/2018 03:29 PM, Kevin A. McGrail wrote:

Dave, why would it go into EPEL?  SpamAssassin is a core RPM.


I will be updating my main SA platform servers to CentOS 7 this summer so 
this should be good timing to get SA 3.4.2 from the core repo update.  :)


RHEL 7 / CentOS 7 core is still on SA 3.4.0 - I had to manually roll my 
own SA 3.4.1 RPMs from Fedora SRPMs.


Anybody here from RH that can commit to packaging SA 3.4.2 for a RHEL 7 
core update or explain why it's behind?



--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Our government should bear in mind the fact that the American
  Revolution was touched off by the then-current government
  attempting to confiscate firearms from the people.
---
 2 days until the 243rd anniversary of The Shot Heard 'Round The World

Re: SpamAssassin 3.4.2.

2018-04-17 Thread Amir Caspi 
On Apr 17, 2018, at 2:38 PM, David Jones  wrote:
> 
> The CentOS 5 and 6 boxes out there aren't going to get the new version unless 
> it gets put in some other repo like EPEL or another third party since they 
> are not getting any updates.

EPEL 5 is frozen AFAIK.  This would have to go into a 3rd-party repo like Kevin 
Fenzi's private repo, or places like RPMforge, Atomic, ATrpms, etc.

Not sure about EPEL 6.

I'd definitely like a CentOS 5 RPM, despite it being EOL...

--- Amir

Re: SpamAssassin 3.4.2.

2018-04-17 Thread David Jones 

On 04/17/2018 03:29 PM, Kevin A. McGrail wrote:

Dave, why would it go into EPEL?  SpamAssassin is a core RPM.



Oh yeh.  I guess because it's been so long since we had an update and my 
main boxes are running CentOS/SL 6.9 that I forgot it was a core 
package.  The CentOS 5 and 6 boxes out there aren't going to get the new 
version unless it gets put in some other repo like EPEL or another third 
party since they are not getting any updates.


I will be updating my main SA platform servers to CentOS 7 this summer 
so this should be good timing to get SA 3.4.2 from the core repo update.  :)



--
Kevin A. McGrail
Asst. Treasurer & VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

On Tue, Apr 17, 2018 at 3:19 PM, Amir Caspi > wrote:


On Apr 17, 2018, at 1:12 PM, David Jones mailto:djo...@ena.com>> wrote:
> 
> Once 3.4.2 comes out soon, we need to get an official version in EPEL or something.  Hopefully someone knows someone at EPEL to make this happen.  I think everyone had to build 3.4.1 themselves from the Fedora RPM spec file.  That hinders adoption of new versions in the RPM-based OSes then we on this list have to address issues that have been solved already by the new version.  :)


One of the Fedora maintainers, Kevin Fenzi, had previously set up a
repo for SpamAssassin.  If he's still on this list, he can post the
info.  I'm not sure if that personal repo is still maintained or not
... but that's how I got 3.3.2 and subsequent releases up to 3.4.1
on my CentOS system.

Speaking of which, even though CentOS 5 is EOL, I hope that he (or
someone else) will release a 3.4.2 RPM for RHEL 5.  Unfortunately
there are still a number of production systems out there that can't
be upgraded yet...

Cheers.

--- Amir





--
David Jones

Re: SpamAssassin 3.4.2.

2018-04-17 Thread Kevin A. McGrail 
Dave, why would it go into EPEL?  SpamAssassin is a core RPM.

--
Kevin A. McGrail
Asst. Treasurer & VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

On Tue, Apr 17, 2018 at 3:19 PM, Amir Caspi  wrote:

> On Apr 17, 2018, at 1:12 PM, David Jones  wrote:
> >
> > Once 3.4.2 comes out soon, we need to get an official version in EPEL or
> something.  Hopefully someone knows someone at EPEL to make this happen.  I
> think everyone had to build 3.4.1 themselves from the Fedora RPM spec
> file.  That hinders adoption of new versions in the RPM-based OSes then we
> on this list have to address issues that have been solved already by the
> new version.  :)
>
> One of the Fedora maintainers, Kevin Fenzi, had previously set up a repo
> for SpamAssassin.  If he's still on this list, he can post the info.  I'm
> not sure if that personal repo is still maintained or not ... but that's
> how I got 3.3.2 and subsequent releases up to 3.4.1 on my CentOS system.
>
> Speaking of which, even though CentOS 5 is EOL, I hope that he (or someone
> else) will release a 3.4.2 RPM for RHEL 5.  Unfortunately there are still a
> number of production systems out there that can't be upgraded yet...
>
> Cheers.
>
> --- Amir
>
>

Re: SpamAssassin 3.4.2.

2018-04-17 Thread Amir Caspi 
On Apr 17, 2018, at 1:12 PM, David Jones  wrote:
> 
> Once 3.4.2 comes out soon, we need to get an official version in EPEL or 
> something.  Hopefully someone knows someone at EPEL to make this happen.  I 
> think everyone had to build 3.4.1 themselves from the Fedora RPM spec file.  
> That hinders adoption of new versions in the RPM-based OSes then we on this 
> list have to address issues that have been solved already by the new version. 
>  :)

One of the Fedora maintainers, Kevin Fenzi, had previously set up a repo for 
SpamAssassin.  If he's still on this list, he can post the info.  I'm not sure 
if that personal repo is still maintained or not ... but that's how I got 3.3.2 
and subsequent releases up to 3.4.1 on my CentOS system.

Speaking of which, even though CentOS 5 is EOL, I hope that he (or someone 
else) will release a 3.4.2 RPM for RHEL 5.  Unfortunately there are still a 
number of production systems out there that can't be upgraded yet...

Cheers.

--- Amir

Re: SpamAssassin 3.4.2.

2018-04-17 Thread David Jones 

On 04/17/2018 02:00 PM, Reio Remma wrote:

Mkay. Half an evening of figuring out how RPM building works and voila.

Let the testing commence. :)

Running transaction
   Updating   : spamassassin-3.4.2-0.el7.centos.x86_64
   Cleanup    : spamassassin-3.4.1-17.el7.centos.x86_64
   Verifying  : spamassassin-3.4.2-0.el7.centos.x86_64
   Verifying  : spamassassin-3.4.1-17.el7.centos.x86_64



Once 3.4.2 comes out soon, we need to get an official version in EPEL or 
something.  Hopefully someone knows someone at EPEL to make this happen. 
 I think everyone had to build 3.4.1 themselves from the Fedora RPM 
spec file.  That hinders adoption of new versions in the RPM-based OSes 
then we on this list have to address issues that have been solved 
already by the new version.  :)




On 17.04.2018 18:49, Kevin A. McGrail wrote:
Svn for 3.4 is very stable and suitable for most production level 
machines IMO.


--
Kevin A. McGrail
Asst. Treasurer & VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

On Tue, Apr 17, 2018 at 10:45 AM, Alex <mailto:mysqlstud...@gmail.com>> wrote:


Hi,

> Can't wait for all the little fixes. For now I've carried some
over by hand
> to cut down on log errors (TxRep etc).

Are you pulling from svn? I've been doing that for some time and it's
stable and I'm assuming has all the current fixes.

It requires you to build it yourself from scratch, but it compiles and
builds easily.
https://wiki.apache.org/spamassassin/DownloadFromSvn
<https://wiki.apache.org/spamassassin/DownloadFromSvn>



>
> Reio
>







--
David Jones

Re: SpamAssassin 3.4.2.

2018-04-17 Thread Reio Remma 

Mkay. Half an evening of figuring out how RPM building works and voila.

Let the testing commence. :)

Running transaction
  Updating   : spamassassin-3.4.2-0.el7.centos.x86_64
  Cleanup    : spamassassin-3.4.1-17.el7.centos.x86_64
  Verifying  : spamassassin-3.4.2-0.el7.centos.x86_64
  Verifying  : spamassassin-3.4.1-17.el7.centos.x86_64

On 17.04.2018 18:49, Kevin A. McGrail wrote:
Svn for 3.4 is very stable and suitable for most production level 
machines IMO.


--
Kevin A. McGrail
Asst. Treasurer & VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

On Tue, Apr 17, 2018 at 10:45 AM, Alex <mailto:mysqlstud...@gmail.com>> wrote:


Hi,

> Can't wait for all the little fixes. For now I've carried some
over by hand
> to cut down on log errors (TxRep etc).

Are you pulling from svn? I've been doing that for some time and it's
stable and I'm assuming has all the current fixes.

It requires you to build it yourself from scratch, but it compiles and
builds easily.
https://wiki.apache.org/spamassassin/DownloadFromSvn
<https://wiki.apache.org/spamassassin/DownloadFromSvn>



>
> Reio
>

Re: SpamAssassin 3.4.2.

2018-04-17 Thread Kevin A. McGrail 
Svn for 3.4 is very stable and suitable for most production level machines
IMO.

--
Kevin A. McGrail
Asst. Treasurer & VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

On Tue, Apr 17, 2018 at 10:45 AM, Alex  wrote:

> Hi,
>
> > Can't wait for all the little fixes. For now I've carried some over by
> hand
> > to cut down on log errors (TxRep etc).
>
> Are you pulling from svn? I've been doing that for some time and it's
> stable and I'm assuming has all the current fixes.
>
> It requires you to build it yourself from scratch, but it compiles and
> builds easily.
> https://wiki.apache.org/spamassassin/DownloadFromSvn
>
>
>
> >
> > Reio
> >
>

Re: SpamAssassin 3.4.2.

2018-04-17 Thread Alex 
Hi,

> Can't wait for all the little fixes. For now I've carried some over by hand
> to cut down on log errors (TxRep etc).

Are you pulling from svn? I've been doing that for some time and it's
stable and I'm assuming has all the current fixes.

It requires you to build it yourself from scratch, but it compiles and
builds easily.
https://wiki.apache.org/spamassassin/DownloadFromSvn



>
> Reio
>

Re: SpamAssassin 3.4.2.

2018-04-17 Thread Reio Remma 

On 17.04.18 16:16, Kevin A. McGrail wrote:
It was squashed by the pmc when the ruleqa was broken but happy to say 
it's in progress again and I will have an rc building again soon.


On Tue, Apr 17, 2018, 09:13 Reio Remma > wrote:


Greetings,

any new on 3.4.2 release? I read that testing was done a year ago,
but
everything is silent after that. :)

Thanks!
Reio



Thanks!

Can't wait for all the little fixes. For now I've carried some over by 
hand to cut down on log errors (TxRep etc).


Reio

Re: SpamAssassin 3.4.2.

2018-04-17 Thread Kevin A. McGrail 
It was squashed by the pmc when the ruleqa was broken but happy to say it's
in progress again and I will have an rc building again soon.

On Tue, Apr 17, 2018, 09:13 Reio Remma  wrote:

> Greetings,
>
> any new on 3.4.2 release? I read that testing was done a year ago, but
> everything is silent after that. :)
>
> Thanks!
> Reio
>

SpamAssassin 3.4.2.

2018-04-17 Thread Reio Remma 

Greetings,

any new on 3.4.2 release? I read that testing was done a year ago, but 
everything is silent after that. :)


Thanks!
Reio