In addition to server-side blocking, would it make sense for sa-update to
rate-limit itself?
— Matthias
Von meinem iPhone gesendet
> Am 21.11.2017 um 03:53 schrieb Kevin A. McGrail :
>
>> On 11/20/2017 7:17 PM, Dave Jones wrote:
>> Could we use something like mod_evasive to limit any IP connec
On 11/20/2017 7:17 PM, Dave Jones wrote:
Could we use something like mod_evasive to limit any IP connecting
more than 3 times (one batch of ruleset files) an hour? SA instances
behind NAT'd IPs could cause a legitimate reason for more than 2x hits
per day.
I'd like to keep it simpler for now.
All,
If you are checking the SpamAssassin updates more than 2x a day, expect
to be blocked in the very near future. We have people checking
literally every minute and we only release rules currently 1x per day.
There is no need to check this often!
Regards,
KAM
--
Kevin A. McGrail
Asst.
On 11/20/2017 04:25 PM, Kevin A. McGrail wrote:
Dave, can you share the script you used for that? Assuming some grep
of access log and then an awk and a sort on the IP address?
I am using awstats to get some basic information from my Apache HTTPd
logs. That list was the top 10 IPs that aws
Dave, can you share the script you used for that? Assuming some grep of
access log and then an awk and a sort on the IP address?
I think we'll need to develop a policy that we can then block people
checking more than a certain number of times. I would say since we
publish only 1x per day, th
I'll take a look at this too on my server.
On 11/20/2017 2:14 PM, Dave Jones wrote:
On 11/19/2017 02:33 AM, Matthias Leisi wrote:
Heads up. DNS updates for sa-update have been enabled again. The
next rules promotion will happen in about 11 hours around 2:30 AM UTC.
Traffic on my mirror pic
On 11/19/2017 02:33 AM, Matthias Leisi wrote:
Heads up. DNS updates for sa-update have been enabled again. The next
rules promotion will happen in about 11 hours around 2:30 AM UTC.
Traffic on my mirror picked up at around 03:00 UTC (time in chart below
is in UTC+01:00), traffic is at simil
So nice to wakeup to normal cron jobs again :-)
Forwarded Message
Subject: Cron ~/svn/trunk/build/mkupdates/run_nightly |
/usr/bin/tee /var/www/automc.spamassassin.org/mkupdates/mkupdates.txt
Date: Mon, 20 Nov 2017 08:34:07 + (UTC)
From: Cron Daemon
Reply-To:
+ promote_active_rules
+ pwd
+ /usr/bin/perl build/mkupdates/listpromotable
/usr/local/spamassassin/automc/svn/trunk
HTTP get: http://ruleqa.spamassassin.org/1-days-ago?xml=1
HTTP get: http://ruleqa.spamassassin.org/2-days-ago?xml=1
day 2 contains a --net mass-check! offsetting by an extra day
Use