You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by fe...@apache.org on 2006/06/29 21:56:05 UTC
svn commit: r418127 - /spamassassin/dns/spamassassin.org
Author: felicity
Date: Thu Jun 29 12:56:04 2006
New Revision: 418127
URL: http://svn.apache.org/viewvc?rev=418127&view=rev
Log:
issues.a.o moved and the redirects changed, so just make bugzilla a freaking cname already
Modified:
spamassassin/dns/spamassassin.org
Modified: spamassassin/dns/spamassassin.org
URL: http://svn.apache.org/viewvc/spamassassin/dns/spamassassin.org?rev=418127&r1=418126&r2=418127&view=diff
==============================================================================
--- spamassassin/dns/spamassassin.org (original)
+++ spamassassin/dns/spamassassin.org Thu Jun 29 12:56:04 2006
@@ -28,9 +28,7 @@
; bugzilla!
; this really ought to be a CNAME for issues.apache.org
-bugzilla A 192.87.106.227
- ; nothing should send from here, but allow spf testing
-bugzilla TXT "v=spf1 ip4:64.142.3.173 -ip4:65.214.43.155 ~ip4:65.214.43.156 ?ip4:65.214.43.157 -all"
+bugzilla CNAME issues.apache.org.
; stuff that runs on the zones machine
rsync CNAME spamassassin.zones.apache.org.
Re: svn commit: r418127 - /spamassassin/dns/spamassassin.org
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Theo Van Dinter wrote:
> On Thu, Jun 29, 2006 at 10:04:00PM -0400, Daryl C. W. O'Shea wrote:
>> Forgot all about that. I guess it's me who has to lay of the crack.
>
> :)
Here I thought that all the smoking laws were going to save me
embarrassment.
>>> To avoid having a bajillion zone updates, I'm going to leave it for now and
>>> will revert the zone file (again) tomorrow unless someone objects or points
>>> out that I'm on crack again.
>> 3.1.0 is still affected though, since it was released after the above
>> fix but before the tests were moved to the dnsbltest zone.
>
> Sure, but are people downloading and installing 3.1.0 these days?
> Any distribution using 3.1.0 will already have it built and so no
> "make test". Anyone getting source will grab the latest 3.1.x which
> already has the fix in place.
>
> So in the end, I really don't think it matters anymore.
Good point. I'll go back into hiding now. Might as well change it back
to the CNAME.
Daryl
Re: svn commit: r418127 - /spamassassin/dns/spamassassin.org
Posted by Theo Van Dinter <fe...@apache.org>.
On Thu, Jun 29, 2006 at 10:04:00PM -0400, Daryl C. W. O'Shea wrote:
> Forgot all about that. I guess it's me who has to lay of the crack.
:)
> >To avoid having a bajillion zone updates, I'm going to leave it for now and
> >will revert the zone file (again) tomorrow unless someone objects or points
> >out that I'm on crack again.
>
> 3.1.0 is still affected though, since it was released after the above
> fix but before the tests were moved to the dnsbltest zone.
Sure, but are people downloading and installing 3.1.0 these days?
Any distribution using 3.1.0 will already have it built and so no
"make test". Anyone getting source will grab the latest 3.1.x which
already has the fix in place.
So in the end, I really don't think it matters anymore.
--
Randomly Generated Tagline:
I'm schizophrenic and so am I.
Re: svn commit: r418127 - /spamassassin/dns/spamassassin.org
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Theo Van Dinter wrote:
> On Thu, Jun 29, 2006 at 09:32:46PM -0400, Theo Van Dinter wrote:
>>> You're aware that this breaks "make test" (spf tests) when net tests are
>>> enabled for all versions released prior to Feb 2, 2006 and 3.0.6, right?
>
> Did a little more digging. It turns out that apparently our 3.0 SPF HELO
> test hasn't worked for ages. The SPF plugin strips off the hostname and
> therefore checks "spamassassin.org" and not "bugzilla.spamassassin.org"
> like newer versions will do:
Forgot all about that. I guess it's me who has to lay of the crack.
> debug: SPF: checking HELO (helo=bugzilla.spamassassin.org, ip=64.142.3.173)
> debug: SPF: trimmed HELO down to 'spamassassin.org'
> debug: SPF: query for /64.142.3.173/spamassassin.org: result: fail, comment:
> Please see
> http://spf.pobox.com/why.html?sender=spamassassin.org&ip=64.142.3.173&receiver=eclectic.kluge.net
>
> and spamassassin.org's SPF specifically denies all (and has since before
> 12/2005 when the zone file went into SVN). The plugin's behavior was
> changed for 3.1 in:
>
> r179477 | jm | 2005-06-01 21:04:03 -0400 (Wed, 01 Jun 2005) | 1 line
> bug 3859: change SPF HELO check to match standard definition; check the
> exact hostname provided in the HELO command, instead of the domain part
> of that hostname only.
>
> So in the end, it really doesn't matter because the test doesn't work.
> Therefore, I move to restore my previous version (CNAME bz -> issues)
> and if if we want to fix the plugin and test for 3.0 ...
>
> To avoid having a bajillion zone updates, I'm going to leave it for now and
> will revert the zone file (again) tomorrow unless someone objects or points
> out that I'm on crack again.
3.1.0 is still affected though, since it was released after the above
fix but before the tests were moved to the dnsbltest zone.
Daryl
Re: svn commit: r418127 - /spamassassin/dns/spamassassin.org
Posted by Theo Van Dinter <fe...@apache.org>.
On Thu, Jun 29, 2006 at 09:32:46PM -0400, Theo Van Dinter wrote:
> > You're aware that this breaks "make test" (spf tests) when net tests are
> > enabled for all versions released prior to Feb 2, 2006 and 3.0.6, right?
Did a little more digging. It turns out that apparently our 3.0 SPF HELO
test hasn't worked for ages. The SPF plugin strips off the hostname and
therefore checks "spamassassin.org" and not "bugzilla.spamassassin.org"
like newer versions will do:
debug: SPF: checking HELO (helo=bugzilla.spamassassin.org, ip=64.142.3.173)
debug: SPF: trimmed HELO down to 'spamassassin.org'
debug: SPF: query for /64.142.3.173/spamassassin.org: result: fail, comment:
Please see
http://spf.pobox.com/why.html?sender=spamassassin.org&ip=64.142.3.173&receiver=eclectic.kluge.net
and spamassassin.org's SPF specifically denies all (and has since before
12/2005 when the zone file went into SVN). The plugin's behavior was
changed for 3.1 in:
r179477 | jm | 2005-06-01 21:04:03 -0400 (Wed, 01 Jun 2005) | 1 line
bug 3859: change SPF HELO check to match standard definition; check the
exact hostname provided in the HELO command, instead of the domain part
of that hostname only.
So in the end, it really doesn't matter because the test doesn't work.
Therefore, I move to restore my previous version (CNAME bz -> issues)
and if if we want to fix the plugin and test for 3.0 ...
To avoid having a bajillion zone updates, I'm going to leave it for now and
will revert the zone file (again) tomorrow unless someone objects or points
out that I'm on crack again.
--
Randomly Generated Tagline:
50% of all Americans are below the median.
Re: svn commit: r418127 - /spamassassin/dns/spamassassin.org
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Theo Van Dinter wrote:
> On Thu, Jun 29, 2006 at 07:38:31PM -0400, Daryl C. W. O'Shea wrote:
>>> -bugzilla A 192.87.106.227
>>> -bugzilla TXT "v=spf1 ip4:64.142.3.173 -ip4:65.214.43.155
>>> ~ip4:65.214.43.156 ?ip4:65.214.43.157 -all"
>>> +bugzilla CNAME issues.apache.org.
>> You're aware that this breaks "make test" (spf tests) when net tests are
>> enabled for all versions released prior to Feb 2, 2006 and 3.0.6, right?
>
> Hrm. Yeah, I was worried about that. I thought we had generally fixed
> it in our released code, which we did, sorta. So there are two questions
> at least:
>
> a) how long are we going to support 3.0.x? we do 0 bug fix backports now
> except for security fixes because we expect people either to upgrade to 3.1
> or distributors who only give out 3.0.x to do any bug fixes as necessary.
>
> b) should we do a 3.0.7 release to fix this bug, let that be out there
> for a while, and then either reach the point where we decide (a) has
> passed or a couple of months from now where everyone has a chance to
> get the new version -- we really only care about new installations
> and not already installed sites.
>
> I changed the record back to the A/TXT version, with an updated A record
> appropriately. I'd really like to avoid future "issues.a.o changes IP"
> problems (which have bitten us each time, at least twice, in the past
> year,) by fixing the record to be a CNAME.
I figured we'd keep the A/TXT version until we released 3.2 since 3.1.0
is also affected by this. Although that was my thinking in February...
I don't know what SA version distros are currently shipping (which would
affect new installs).
I don't think there's a need to fix 3.0 just for that test. People
should really upgrade to 3.1.
I've changed the link on the main web page to use the new link so
hopefully another IP change won't hurt so much.
I suppose I could provide an HTTP redirector, that is sure to be static,
for it if we expect further changes of the current setup would be
problematic.
Daryl
Re: svn commit: r418127 - /spamassassin/dns/spamassassin.org
Posted by Theo Van Dinter <fe...@apache.org>.
On Thu, Jun 29, 2006 at 07:38:31PM -0400, Daryl C. W. O'Shea wrote:
> >-bugzilla A 192.87.106.227
> >-bugzilla TXT "v=spf1 ip4:64.142.3.173 -ip4:65.214.43.155
> >~ip4:65.214.43.156 ?ip4:65.214.43.157 -all"
> >+bugzilla CNAME issues.apache.org.
>
> You're aware that this breaks "make test" (spf tests) when net tests are
> enabled for all versions released prior to Feb 2, 2006 and 3.0.6, right?
Hrm. Yeah, I was worried about that. I thought we had generally fixed
it in our released code, which we did, sorta. So there are two questions
at least:
a) how long are we going to support 3.0.x? we do 0 bug fix backports now
except for security fixes because we expect people either to upgrade to 3.1
or distributors who only give out 3.0.x to do any bug fixes as necessary.
b) should we do a 3.0.7 release to fix this bug, let that be out there
for a while, and then either reach the point where we decide (a) has
passed or a couple of months from now where everyone has a chance to
get the new version -- we really only care about new installations
and not already installed sites.
I changed the record back to the A/TXT version, with an updated A record
appropriately. I'd really like to avoid future "issues.a.o changes IP"
problems (which have bitten us each time, at least twice, in the past
year,) by fixing the record to be a CNAME.
--
Randomly Generated Tagline:
"I instigated Linus's first shooting expedition in a long while a few months
back (I can report that he is a steady, competent shot with a 9mm semi)."
- Eric Raymond
Re: svn commit: r418127 - /spamassassin/dns/spamassassin.org
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
felicity@apache.org wrote:
> Author: felicity
> Date: Thu Jun 29 12:56:04 2006
> New Revision: 418127
>
> URL: http://svn.apache.org/viewvc?rev=418127&view=rev
> Log:
> issues.a.o moved and the redirects changed, so just make bugzilla a freaking cname already
>
> Modified:
> spamassassin/dns/spamassassin.org
>
> Modified: spamassassin/dns/spamassassin.org
> URL: http://svn.apache.org/viewvc/spamassassin/dns/spamassassin.org?rev=418127&r1=418126&r2=418127&view=diff
> ==============================================================================
> --- spamassassin/dns/spamassassin.org (original)
> +++ spamassassin/dns/spamassassin.org Thu Jun 29 12:56:04 2006
> @@ -28,9 +28,7 @@
>
> ; bugzilla!
> ; this really ought to be a CNAME for issues.apache.org
> -bugzilla A 192.87.106.227
> - ; nothing should send from here, but allow spf testing
> -bugzilla TXT "v=spf1 ip4:64.142.3.173 -ip4:65.214.43.155 ~ip4:65.214.43.156 ?ip4:65.214.43.157 -all"
> +bugzilla CNAME issues.apache.org.
>
> ; stuff that runs on the zones machine
> rsync CNAME spamassassin.zones.apache.org.
You're aware that this breaks "make test" (spf tests) when net tests are
enabled for all versions released prior to Feb 2, 2006 and 3.0.6, right?
Daryl