You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matt Kettler <mk...@evi-inc.com> on 2005/11/29 17:47:43 UTC
Antidrug.cf deprecated and no longer maintained.
Since a lot of people are still using antidrug.cf, I'm making a public
announcement here to clarify.
Antidrug.cf is deprecated and obsolete for all users of SpamAssassin 3.0.0 or
higher. These rules are now a part of the standard SA distribution, and any
improvements will likely happen directly in the SA project and not on the .cf file.
I may at some point in the future, if I ever have spare time again, make a new
ruleset, but it will be a separate file (ie: antidrug_post31.cf).
Unless you're using SA 2.64, remove the ruleset, as it will cover-up any future
improvements that may be contributed to the SA distribution.
If you're using a version older than 2.64, you almost certainly have a remotely
exploitable DoS vulnerability, and need to upgrade.
Re: Antidrug.cf deprecated and no longer maintained.
Posted by Matt Kettler <mk...@evi-inc.com>.
mouss wrote:
> Matt Kettler a écrit :
>
>>
>>
>> Ron, I understood you. What I don't understand is if that's what mouss is
>> suggesting.
>>
>> As previously said, I read mouss as suggesting I empty antidrug.cf. I
>> did not
>> read you as suggesting this.
>
>
> I didn't say so but had in mind:
> - antidrug.cf: just a notice (which also provides a link to the pre30
> version)
> - a pre30 version.
No way.
That creates a problem for users of SA 2.64 who are RDJ'ing antidrug. They'd
have to actively notice that the rules are gone and re-configure their systems.
I definitely don't want to break functionality of users who are doing the right
thing. On the other hand, I'd be perfectly happy to cause errors/warnings for
users of SA 3.0.0 or higher, as they're the ones using an outdated ruleset.
Re: Antidrug.cf deprecated and no longer maintained.
Posted by mouss <us...@free.fr>.
Matt Kettler a écrit :
>
>
> Ron, I understood you. What I don't understand is if that's what mouss is
> suggesting.
>
> As previously said, I read mouss as suggesting I empty antidrug.cf. I did not
> read you as suggesting this.
I didn't say so but had in mind:
- antidrug.cf: just a notice (which also provides a link to the pre30
version)
- a pre30 version.
The issue I see is in the case of automated download/test/commit cases.
but that's a general problem. a possible fix is to add a "marker" in cf
files (such as "#Status=deprecated" or so) that scripts can read and
issue a warning. or better yet: "oldest_version=2.2" and
"lattest_version=3.0".
Re: Antidrug.cf deprecated and no longer maintained.
Posted by Matt Kettler <mk...@evi-inc.com>.
Ron Johnson wrote:
> Matt Kettler writes:
>
>>At 10:33 AM 11/30/2005, Ron Johnson wrote:
>>
>>
>>>Matt Kettler writes:
>>>
>>>>At 09:36 PM 11/29/2005, mouss wrote:
>>>>
>>>>>it would be good to make the file empty, only containing this info. this
>>>>>way, even those who miss this message (and the previous one) still have a
>>>>>chance to get the info.
>>>>
>>>>Yes, but there are still users out there that aren't using SA 3.0.x due to
>>>>perl version problems. For them, I still wish to make the file available.
>>>>
>>>>
>>>
>>>How about a pre-3.0 version (last meaningful version) and post-3.0
>>>(mouss's suggestion)
>>
>>Is that mouss's suggestion? I read his message as suggesting that I
>>wipe-out the contents of antidrug.cf and replace it with a notice.
>>
>
> Sorry, Ron needs an editor.
>
> What I was suggesting was.
>
> a) pre-3.0 (last meaningful version)
> b) post-3.0 (no contents beyond a notification message -- as mouss
> suggested)
>
Ron, I understood you. What I don't understand is if that's what mouss is
suggesting.
As previously said, I read mouss as suggesting I empty antidrug.cf. I did not
read you as suggesting this.
Re: Antidrug.cf deprecated and no longer maintained.
Posted by Ron Johnson <jo...@CCRS.NRCan.gc.ca>.
Matt Kettler writes:
>
> At 10:33 AM 11/30/2005, Ron Johnson wrote:
>
> >Matt Kettler writes:
> > >
> > > At 09:36 PM 11/29/2005, mouss wrote:
> > > >it would be good to make the file empty, only containing this info. this
> > > >way, even those who miss this message (and the previous one) still have a
> > > >chance to get the info.
> > >
> > > Yes, but there are still users out there that aren't using SA 3.0.x due to
> > > perl version problems. For them, I still wish to make the file available.
> > >
> > >
> >How about a pre-3.0 version (last meaningful version) and post-3.0
> >(mouss's suggestion)
>
> Is that mouss's suggestion? I read his message as suggesting that I
> wipe-out the contents of antidrug.cf and replace it with a notice.
>
Sorry, Ron needs an editor.
What I was suggesting was.
a) pre-3.0 (last meaningful version)
b) post-3.0 (no contents beyond a notification message -- as mouss
suggested)
Re: Antidrug.cf deprecated and no longer maintained.
Posted by Matt Kettler <mk...@comcast.net>.
At 10:33 AM 11/30/2005, Ron Johnson wrote:
>Matt Kettler writes:
> >
> > At 09:36 PM 11/29/2005, mouss wrote:
> > >it would be good to make the file empty, only containing this info. this
> > >way, even those who miss this message (and the previous one) still have a
> > >chance to get the info.
> >
> > Yes, but there are still users out there that aren't using SA 3.0.x due to
> > perl version problems. For them, I still wish to make the file available.
> >
> >
>How about a pre-3.0 version (last meaningful version) and post-3.0
>(mouss's suggestion)
Is that mouss's suggestion? I read his message as suggesting that I
wipe-out the contents of antidrug.cf and replace it with a notice.
Re: Antidrug.cf deprecated and no longer maintained.
Posted by Kris Deugau <kd...@vianet.ca>.
Matt Kettler wrote:
> Yes, but there are still users out there that aren't using SA 3.0.x
> due to perl version problems. For them, I still wish to make the file
> available.
Or because we've seen no pressing reason to upgrade; 2.64 is working
Just Fine Thanks. (Not to mention a good reason NOT to upgrade -
increased hardware requirements. For those of us who have long been
running on somewhat limited hardware 3.x is too "heavy".)
-kgd
--
Get your mouse off of there! You don't know where that email has been!
Re: Antidrug.cf deprecated and no longer maintained.
Posted by Ron Johnson <jo...@CCRS.NRCan.gc.ca>.
Matt Kettler writes:
>
> At 09:36 PM 11/29/2005, mouss wrote:
> >it would be good to make the file empty, only containing this info. this
> >way, even those who miss this message (and the previous one) still have a
> >chance to get the info.
>
> Yes, but there are still users out there that aren't using SA 3.0.x due to
> perl version problems. For them, I still wish to make the file available.
>
>
How about a pre-3.0 version (last meaningful version) and post-3.0
(mouss's suggestion)
Re: Antidrug.cf deprecated and no longer maintained.
Posted by Matt Kettler <mk...@comcast.net>.
At 09:36 PM 11/29/2005, mouss wrote:
>it would be good to make the file empty, only containing this info. this
>way, even those who miss this message (and the previous one) still have a
>chance to get the info.
Yes, but there are still users out there that aren't using SA 3.0.x due to
perl version problems. For them, I still wish to make the file available.
Re: Antidrug.cf deprecated and no longer maintained.
Posted by mouss <us...@free.fr>.
Matt Kettler a écrit :
> Since a lot of people are still using antidrug.cf, I'm making a public
> announcement here to clarify.
>
> Antidrug.cf is deprecated and obsolete for all users of SpamAssassin 3.0.0 or
> higher. These rules are now a part of the standard SA distribution, and any
> improvements will likely happen directly in the SA project and not on the .cf file.
>
> I may at some point in the future, if I ever have spare time again, make a new
> ruleset, but it will be a separate file (ie: antidrug_post31.cf).
>
> Unless you're using SA 2.64, remove the ruleset, as it will cover-up any future
> improvements that may be contributed to the SA distribution.
>
> If you're using a version older than 2.64, you almost certainly have a remotely
> exploitable DoS vulnerability, and need to upgrade.
>
>
>
it would be good to make the file empty, only containing this info. this
way, even those who miss this message (and the previous one) still have
a chance to get the info.