Warning: Your Pyzor may be broken.
I was working on a mail system today and inadvertently noticed that its Pyzor was broken. When I tried to reinstall Pyzor according to the web documentation with "pip3 install pyzor" I got what claimed to be v1.0.0 and no complaints from the installer but when running the pyzor client tool, it kicked out errors indicating to me that the program had not been even trivially updated to work with Python 3. I did the absolute hackiest thing I could to make it work (blanket s/iteritems/items/ and s/xrange/range/ to address specific error messages) and it did so, but that's not acceptable. Neither is reinstalling a Python2 world. I went looking for a better fix and found a reported issue at https://github.com/SpamExperts/pyzor/issues/155 matching my original symptoms in which a workaround was provided: install directly from the GitHub project's master.zip link, i.e. a snapshot assembled from the current state of the repo, which claims to be v1.1.1. I do not like that solution at all, and added a comment to that issue suggesting that they fix the problem by cutting a release for PyPI. No response yet, but it has only been a matter of minutes. FOR NOW: If you are running a system where Python 2.x no longer exists (that should be everywhere...) and you've never confirmed that Pyzor is working for you, do so now. If you pipe a message to 'pyzor check' and it gives you a response like this you're fine: public.pyzor.org:24441 (200, 'OK') 0 0 If instead you get a Python stack trace, obviously it's broken. I don't feel great recommending any of the obvious mitigations. They are: 1. Install Python 2.7 and pyzor 1.0.0 from PyPI. 2. Hand-patch pyzor 1.0.0 minimally to get it to work with Python 3. 3. Install the head of the development tree from GitHub, whatever that happens to be at the moment. I've chosen #3 for myself, but it's not great. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Warning: Your Pyzor may be broken.
Bill Cole skrev den 2024-06-08 20:45: I've chosen #3 for myself, but it's not great. is why cpanel provided a perl pyzor client ? ifplugin Mail::SpamAssassin::Plugin::Pyzor use_pyzor 1 pyzor_count_min 1 pyzor_welcomelist_min 1 pyzor_welcomelist_factor 0.2 pyzor_fork 0 pyzor_perl 1 pyzor_timeout 120 # pyzor_options options # pyzor_path STRING # pyzor_server_file FILE pyzor_server_file /etc/mail/spamassassin/pyzor_server_file.conf # Pyzor servers configuration file path, used by Pyzor Perl implementation. # By default Pyzor will connect to public.pyzor.org on port 24441. endif # Mail::SpamAssassin::Plugin::Pyzor i juat got no hits yet
Re: Warning: Your Pyzor may be broken.
On 2024-06-08 at 15:35:01 UTC-0400 (Sat, 08 Jun 2024 21:35:01 +0200) Benny Pedersen is rumored to have said: > Bill Cole skrev den 2024-06-08 20:45: > >> I've chosen #3 for myself, but it's not great. > > is why cpanel provided a perl pyzor client ? I had forgotten about that. Thank you, Benny. Using pyzor_perl=1 and pyzor_server_file is absolutely the best option, assuming that it works. > ifplugin Mail::SpamAssassin::Plugin::Pyzor > > use_pyzor 1 > pyzor_count_min 1 > pyzor_welcomelist_min 1 > pyzor_welcomelist_factor 0.2 > pyzor_fork 0 > pyzor_perl 1 > pyzor_timeout 120 > > # pyzor_options options > # pyzor_path STRING > > # pyzor_server_file FILE > pyzor_server_file /etc/mail/spamassassin/pyzor_server_file.conf > > # Pyzor servers configuration file path, used by Pyzor Perl > implementation. > # By default Pyzor will connect to public.pyzor.org on port 24441. > > endif # Mail::SpamAssassin::Plugin::Pyzor > > i juat got no hits yet -- Bill Cole
Re: Warning: Your Pyzor may be broken.
On 2024-06-08 14:45:34, Bill Cole wrote: > I went looking for a better fix and found a reported issue at > https://github.com/SpamExperts/pyzor/issues/155 matching my original > symptoms in which a workaround was provided: install directly from > the GitHub project's master.zip link, i.e. a snapshot assembled from > the current state of the repo, which claims to be v1.1.1. I do not > like that solution at all, and added a comment to that issue > suggesting that they fix the problem by cutting a release for > PyPI. No response yet, but it has only been a matter of minutes. The same issue was reported in 2016 and ignored for eight years before being closed out of frustration (rather than because they did something about it): https://github.com/SpamExperts/pyzor/issues/54
Re: Warning: Your Pyzor may be broken.
On Sun, 9 Jun 2024, Michael Orlitzky wrote: On 2024-06-08 14:45:34, Bill Cole wrote: I went looking for a better fix and found a reported issue at https://github.com/SpamExperts/pyzor/issues/155 matching my original symptoms in which a workaround was provided: install directly from the GitHub project's master.zip link, i.e. a snapshot assembled from the current state of the repo, which claims to be v1.1.1. I do not like that solution at all, and added a comment to that issue suggesting that they fix the problem by cutting a release for PyPI. No response yet, but it has only been a matter of minutes. The same issue was reported in 2016 and ignored for eight years before being closed out of frustration (rather than because they did something about it): https://github.com/SpamExperts/pyzor/issues/54 Perhaps the project should consider retiring Pyzor as "no longer effectively maintained"? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.org pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Once more, please; I missed it the last time: what's the difference between "Quantitative Easing" and "Counterfeiting"? --- Tomorrow: the 57th anniversary of Israel's victory in the Six-Day War
Re: Warning: Your Pyzor may be broken.
On 6/9/24 7:31 PM, John Hardin wrote: On Sun, 9 Jun 2024, Michael Orlitzky wrote: On 2024-06-08 14:45:34, Bill Cole wrote: I went looking for a better fix and found a reported issue at https://github.com/SpamExperts/pyzor/issues/155 matching my original symptoms in which a workaround was provided: install directly from the GitHub project's master.zip link, i.e. a snapshot assembled from the current state of the repo, which claims to be v1.1.1. I do not like that solution at all, and added a comment to that issue suggesting that they fix the problem by cutting a release for PyPI. No response yet, but it has only been a matter of minutes. The same issue was reported in 2016 and ignored for eight years before being closed out of frustration (rather than because they did something about it): https://github.com/SpamExperts/pyzor/issues/54 Perhaps the project should consider retiring Pyzor as "no longer effectively maintained"? I think this is a valid option, Perl implementation is a reverse engineering effort and absolutely not perfect. Giovanni OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Warning: Your Pyzor may be broken.
On 10-06-2024 15:05, giova...@paclan.it wrote: On 6/9/24 7:31 PM, John Hardin wrote: On Sun, 9 Jun 2024, Michael Orlitzky wrote: On 2024-06-08 14:45:34, Bill Cole wrote: I went looking for a better fix and found a reported issue at https://github.com/SpamExperts/pyzor/issues/155 matching my original symptoms in which a workaround was provided: install directly from the GitHub project's master.zip link, i.e. a snapshot assembled from the current state of the repo, which claims to be v1.1.1. I do not like that solution at all, and added a comment to that issue suggesting that they fix the problem by cutting a release for PyPI. No response yet, but it has only been a matter of minutes. The same issue was reported in 2016 and ignored for eight years before being closed out of frustration (rather than because they did something about it): https://github.com/SpamExperts/pyzor/issues/54 Perhaps the project should consider retiring Pyzor as "no longer effectively maintained"? I think this is a valid option, Perl implementation is a reverse engineering effort and absolutely not perfect. Giovanni Note that Pyzor also uses a server-side component to function. The default is maintained by the Pyzor team as well, I assume. The hostname 'public.pyzor.org' currently points to a host with an RDNS 'server36.seinternal.com.', which could be some internal host owned by SpamExperts (who also maintains the pyzor codebase). You don't know the status of that infrastructure either. So I'd be careful when using the public servers too. That's always true for public gratis services, but maybe take some extra caution as the project seems less alive. Tom
Re: Warning: Your Pyzor may be broken.
It's just yet another project SolarWinds.. I mean N-Able managed to screw up. Nothing new there 🥹 same old same old Sent from Outlook for iOS<https://aka.ms/o0ukef> From: Tom Hendrikx Sent: Monday, June 10, 2024 6:26:29 PM To: users@spamassassin.apache.org Subject: Re: Warning: Your Pyzor may be broken. On 10-06-2024 15:05, giova...@paclan.it wrote: > On 6/9/24 7:31 PM, John Hardin wrote: >> On Sun, 9 Jun 2024, Michael Orlitzky wrote: >> >>> On 2024-06-08 14:45:34, Bill Cole wrote: >>> >>>> I went looking for a better fix and found a reported issue at >>>> https://github.com/SpamExperts/pyzor/issues/155 matching my original >>>> symptoms in which a workaround was provided: install directly from >>>> the GitHub project's master.zip link, i.e. a snapshot assembled from >>>> the current state of the repo, which claims to be v1.1.1. I do not >>>> like that solution at all, and added a comment to that issue >>>> suggesting that they fix the problem by cutting a release for >>>> PyPI. No response yet, but it has only been a matter of minutes. >>> >>> The same issue was reported in 2016 and ignored for eight years before >>> being closed out of frustration (rather than because they did >>> something about it): >>> >>> https://github.com/SpamExperts/pyzor/issues/54 >> >> Perhaps the project should consider retiring Pyzor as "no longer >> effectively maintained"? >> > I think this is a valid option, Perl implementation is a reverse > engineering effort and absolutely not perfect. > Giovanni > Note that Pyzor also uses a server-side component to function. The default is maintained by the Pyzor team as well, I assume. The hostname 'public.pyzor.org' currently points to a host with an RDNS 'server36.seinternal.com.', which could be some internal host owned by SpamExperts (who also maintains the pyzor codebase). You don't know the status of that infrastructure either. So I'd be careful when using the public servers too. That's always true for public gratis services, but maybe take some extra caution as the project seems less alive. Tom
Re: Warning: Your Pyzor may be broken.
On 2024-06-08 14:45:34, Bill Cole wrote: I went looking for a better fix and found a reported issue at https://github.com/SpamExperts/pyzor/issues/155 matching my original symptoms in which a workaround was provided: install directly from the GitHub project's master.zip link, i.e. a snapshot assembled from the current state of the repo, which claims to be v1.1.1. I do not like that solution at all, and added a comment to that issue suggesting that they fix the problem by cutting a release for PyPI. No response yet, but it has only been a matter of minutes. On Sun, 9 Jun 2024, Michael Orlitzky wrote: The same issue was reported in 2016 and ignored for eight years before being closed out of frustration (rather than because they did something about it): https://github.com/SpamExperts/pyzor/issues/54 On 09.06.24 10:31, John Hardin wrote: Perhaps the project should consider retiring Pyzor as "no longer effectively maintained"? consider, probably. However pyzor still generates hits and helps catch spam, at least on my server. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges.
Re: Warning: Your Pyzor may be broken.
I've been in touch with a former developer of pyzor. Bottom line is that the company that had it was acquired, and pyzor is not being maintained by the new owners. I'm still trying to get a contact who might be able to pass on the maintenance ownership of the GitHub repository, but have yet to make much progress. In the meantime, option 3 is best. The current head of the repo is stable, will not be changed, and works with python 3, installable using pip directly from GitHub. Sidney Bill Cole wrote on 9/06/24 6:45 am: I was working on a mail system today and inadvertently noticed that its Pyzor was broken. When I tried to reinstall Pyzor according to the web documentation with "pip3 install pyzor" I got what claimed to be v1.0.0 and no complaints from the installer but when running the pyzor client tool, it kicked out errors indicating to me that the program had not been even trivially updated to work with Python 3. I did the absolute hackiest thing I could to make it work (blanket s/iteritems/items/ and s/xrange/range/ to address specific error messages) and it did so, but that's not acceptable. Neither is reinstalling a Python2 world. I went looking for a better fix and found a reported issue at https://github.com/SpamExperts/pyzor/issues/155 matching my original symptoms in which a workaround was provided: install directly from the GitHub project's master.zip link, i.e. a snapshot assembled from the current state of the repo, which claims to be v1.1.1. I do not like that solution at all, and added a comment to that issue suggesting that they fix the problem by cutting a release for PyPI. No response yet, but it has only been a matter of minutes. FOR NOW: If you are running a system where Python 2.x no longer exists (that should be everywhere...) and you've never confirmed that Pyzor is working for you, do so now. If you pipe a message to 'pyzor check' and it gives you a response like this you're fine: public.pyzor.org:24441 (200, 'OK') 0 0 If instead you get a Python stack trace, obviously it's broken. I don't feel great recommending any of the obvious mitigations. They are: 1. Install Python 2.7 and pyzor 1.0.0 from PyPI. 2. Hand-patch pyzor 1.0.0 minimally to get it to work with Python 3. 3. Install the head of the development tree from GitHub, whatever that happens to be at the moment. I've chosen #3 for myself, but it's not great.
