You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ruleqa@spamassassin.apache.org by David Jones <dj...@ena.com> on 2017/10/18 14:44:06 UTC
Ruleset updates via nightly masscheck status
A new file has been created, 72_scores_temporary_fix.cf (107 lines),
that is the delta of the last known good 72_scores.cf from March and the
latest incomplete 72_scores.cf (56 lines):
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/scores/72_scores_temporary_fix.cf
The latest ruleset 1812374.tar.gz with the 72_scores_temporary_fix.cf
was installed on my production mail filters and my spamtrap for
masschecking and the scoring is normal the past couple of hours. Last
time there was a sharp drop in scoring that should have been quickly
obvious.
I need some volunteers to manually install the latest ruleset from any
SA update mirror and check their scoring so we can enable automated
updates via DNS soon:
cd /tmp
wget http://sa-update.ena.com/1812374.tar.gz
wget http://sa-update.ena.com/1812374.tar.gz.sha1
wget http://sa-update.ena.com/1812374.tar.gz.asc
sa-update -v --install 1812374.tar.gz
(restart your spamd, amavisd, mimedefang, MailScanner, etc.)
Please run the commands above and provide some feedback so we can enable
automatic sa-updates again soon.
--
David Jones
Re: Ruleset updates via nightly masscheck status
Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 10/18/2017 10:44 AM, David Jones wrote:
> Please run the commands above and provide some feedback so we can
> enable automatic sa-updates again soon.
Looks good in dev test. Now running on our production system. Will
report tomorrow.
Regards,
KAM
Re: Ruleset updates via nightly masscheck status
Posted by John Hardin <jh...@impsec.org>.
On Thu, 19 Oct 2017, David Jones wrote:
>> John Hardin said in an earlier mail: "The problem is 72_scores has
>> explicit bad scores in it.". Is this true? If so you override some rules
>> which do get generated in the ~56 set?
>
> I am not sure what John meant as an action item from that statement.
I may have been misremembering the actual failure mode - generating a bad
score vs. generating no score at all. Apologies in that case, the
72_scores_temporary_fix.cf approach seems correct to me if I was indeed
wrong.
> Bottom line is we need to get the nightly masscheck scripts and DNS updates
> going again for sa-update to start working again.
Agreed.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
For those who are being swayed by Microsoft's whining about the
GPL, consider how aggressively viral their Shared Source license is:
If you've *ever* seen *any* MS code covered by the Shared Source
license, you're infected for life. MS can sue you for Intellectual
Property misappropriation whenever they like, so you'd better not
come up with any Innovative Ideas that they want to Embrace...
-----------------------------------------------------------------------
203 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: Ruleset updates via nightly masscheck status
Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 10/25/2017 7:15 AM, David Jones wrote:
> Last night's run worked. The last known good 72_scores.cf was put
> into the ruleset properly. Please test the latest ruleset by running
> these commands and reporting back to the list after a day or two. I
> would like to enable DNS updates again to get sa-update going again by
> Friday or Saturday.
>
> cd /tmp
> wget http://sa-update.ena.com/1813149.tar.gz
> wget http://sa-update.ena.com/1813149.tar.gz.sha1
> wget http://sa-update.ena.com/1813149.tar.gz.asc
> sa-update -v --install 1813149.tar.gz
> (restart your spamd, amavisd, mimedefang, MailScanner, etc.)
Looks good on this end and running in production.
Re: Ruleset updates via nightly masscheck status
Posted by John Brooks <jo...@fastquake.com>.
On 2017-10-26 02:09 PM, David Jones wrote:
> On 10/25/2017 06:15 AM, David Jones wrote:
>> cd /tmp
>> wget http://sa-update.ena.com/1813149.tar.gz
>> wget http://sa-update.ena.com/1813149.tar.gz.sha1
>> wget http://sa-update.ena.com/1813149.tar.gz.asc
>> sa-update -v --install 1813149.tar.gz
>
> Last night's run also successfully put the last known good
> 72_scores.cf from March into the ruleset.
>
> cd /tmp
> wget http://sa-update.ena.com/1813258.tar.gz
> wget http://sa-update.ena.com/1813258.tar.gz.sha1
> wget http://sa-update.ena.com/1813258.tar.gz.asc
> sa-update -v --install 1813258.tar.gz
>
> Please provide feedback in the next 48 hours -- positive or negative
> so I know we are good to enable DNS updates again on Sunday.
>
> I would like to enable DNS updates on Saturday evening (US time) so
> the sa-updates would start again on Sunday.
>
> P.S. Merijn van den Kroonenberg is helping me look at the root of the
> problem so we might be able to fix this properly in the next couple of
> weeks.
>
> Update was available, and was downloaded and installed successfully
Looks good to me.
Re: Ruleset updates via nightly masscheck status
Posted by David Jones <dj...@ena.com>.
On 11/13/2017 02:33 PM, Tom Hendrikx wrote:
>
>
> On 28-10-17 15:20, David Jones wrote:
>> On 10/27/2017 03:02 AM, Merijn van den Kroonenberg wrote:
>>>
>>>>>
>>>>> Please provide feedback in the next 48 hours -- positive or negative so
>>>>> I know we are good to enable DNS updates again on Sunday.
>>>>>
>>>>
>>>> After installing these rules, I'm seeing one warning in my log during
>>>> spamassassin reload:
>>>>
>>>> Oct 27 09:48:24 myhostname spamd[16256]: rules: failed to run
>>>> DKIM_VALID_EF test, skipping:
>>>> Oct 27 09:48:24 myhostname spamd[16256]: (Can't locate object method
>>>> "check_dkim_valid_envelopefrom" via package "Mail:
>>>> [...]:SpamAssassin::PerMsgStatus" at (eval 1369) line 305.
>>>> Oct 27 09:48:24 myhostname spamd[16256]: )
>>>
>>> The DKIM_VALID_EF rule should not be published yet as it depends on a
>>> change in a Plugin.
>>>
>>
>> Tom, thank you for testing and providing feedback. I didn't notice this
>> error because I had patched my DKIM.pm plugin for testing the new
>> DKIM_VALID_EF rule (intended to be used in meta rules). I confirmed
>> what you found on my default Fedora 26 installation.
>>
>> I have fixed the rulesets, specifically 25_dkim.cf and 50_scores.cf, to
>> check for the SA version to remove this error and tested it. Monday's
>> ruleset should have this fix after tomorrow's masscheck validates it.
>>
>> I will confirm Monday's ruleset has fixed this DKIM_VALID_EF error and
>> let sa-update start updating again via DNS on Tuesday.
>>
>> If anyone else is testing the latest rulesets from the past couple of
>> days, please provide feedback in the next 48 hours. And thank you for
>> testing.
>
> Hi,
>
> I noticed that rule updates are still not live in DNS. Can I get an
> updated ruleset for additional testing somewhere, or are we going live?
>
> Regards,
> Tom
>
So... Merijn has been helping me track down bugs. I apologize for the
delay but every little tweak we make takes 1 to 3 days to test. We make
some changes over the weekend that are showing good results. This
morning we got rules promoted for the first time in about 4 weeks
(new/different issue) so the masscheck tonight should generate a new
ruleset.
I will check things in the morning and send out an update. If we have a
good 72_scores.cf then I will install the latest ruleset manually on my
platforms. If everything looks fine, I will ask for volunteers again to
do the same and check their scoring.
--
David Jones
Re: Ruleset updates via nightly masscheck status
Posted by Tom Hendrikx <to...@whyscream.net>.
On 28-10-17 15:20, David Jones wrote:
> On 10/27/2017 03:02 AM, Merijn van den Kroonenberg wrote:
>>
>>>>
>>>> Please provide feedback in the next 48 hours -- positive or negative so
>>>> I know we are good to enable DNS updates again on Sunday.
>>>>
>>>
>>> After installing these rules, I'm seeing one warning in my log during
>>> spamassassin reload:
>>>
>>> Oct 27 09:48:24 myhostname spamd[16256]: rules: failed to run
>>> DKIM_VALID_EF test, skipping:
>>> Oct 27 09:48:24 myhostname spamd[16256]: (Can't locate object method
>>> "check_dkim_valid_envelopefrom" via package "Mail:
>>> [...]:SpamAssassin::PerMsgStatus" at (eval 1369) line 305.
>>> Oct 27 09:48:24 myhostname spamd[16256]: )
>>
>> The DKIM_VALID_EF rule should not be published yet as it depends on a
>> change in a Plugin.
>>
>
> Tom, thank you for testing and providing feedback. I didn't notice this
> error because I had patched my DKIM.pm plugin for testing the new
> DKIM_VALID_EF rule (intended to be used in meta rules). I confirmed
> what you found on my default Fedora 26 installation.
>
> I have fixed the rulesets, specifically 25_dkim.cf and 50_scores.cf, to
> check for the SA version to remove this error and tested it. Monday's
> ruleset should have this fix after tomorrow's masscheck validates it.
>
> I will confirm Monday's ruleset has fixed this DKIM_VALID_EF error and
> let sa-update start updating again via DNS on Tuesday.
>
> If anyone else is testing the latest rulesets from the past couple of
> days, please provide feedback in the next 48 hours. And thank you for
> testing.
Hi,
I noticed that rule updates are still not live in DNS. Can I get an
updated ruleset for additional testing somewhere, or are we going live?
Regards,
Tom
Re: Ruleset updates via nightly masscheck status
Posted by David Jones <dj...@ena.com>.
On 10/27/2017 03:02 AM, Merijn van den Kroonenberg wrote:
>
>>>
>>> Please provide feedback in the next 48 hours -- positive or negative so
>>> I know we are good to enable DNS updates again on Sunday.
>>>
>>
>> After installing these rules, I'm seeing one warning in my log during
>> spamassassin reload:
>>
>> Oct 27 09:48:24 myhostname spamd[16256]: rules: failed to run
>> DKIM_VALID_EF test, skipping:
>> Oct 27 09:48:24 myhostname spamd[16256]: (Can't locate object method
>> "check_dkim_valid_envelopefrom" via package "Mail:
>> [...]:SpamAssassin::PerMsgStatus" at (eval 1369) line 305.
>> Oct 27 09:48:24 myhostname spamd[16256]: )
>
> The DKIM_VALID_EF rule should not be published yet as it depends on a
> change in a Plugin.
>
Tom, thank you for testing and providing feedback. I didn't notice this
error because I had patched my DKIM.pm plugin for testing the new
DKIM_VALID_EF rule (intended to be used in meta rules). I confirmed
what you found on my default Fedora 26 installation.
I have fixed the rulesets, specifically 25_dkim.cf and 50_scores.cf, to
check for the SA version to remove this error and tested it. Monday's
ruleset should have this fix after tomorrow's masscheck validates it.
I will confirm Monday's ruleset has fixed this DKIM_VALID_EF error and
let sa-update start updating again via DNS on Tuesday.
If anyone else is testing the latest rulesets from the past couple of
days, please provide feedback in the next 48 hours. And thank you for
testing.
>>
>> Any idea? This is ubuntu 16.04, latest ubuntu package (3.4.1-3) for
>> spammassassin.
>>
>>
>> Kind regards,
>> Tom
>>
--
David Jones
Re: Ruleset updates via nightly masscheck status
Posted by Merijn van den Kroonenberg <me...@web2all.nl>.
>>
>> Please provide feedback in the next 48 hours -- positive or negative so
>> I know we are good to enable DNS updates again on Sunday.
>>
>
> After installing these rules, I'm seeing one warning in my log during
> spamassassin reload:
>
> Oct 27 09:48:24 myhostname spamd[16256]: rules: failed to run
> DKIM_VALID_EF test, skipping:
> Oct 27 09:48:24 myhostname spamd[16256]: (Can't locate object method
> "check_dkim_valid_envelopefrom" via package "Mail:
> [...]:SpamAssassin::PerMsgStatus" at (eval 1369) line 305.
> Oct 27 09:48:24 myhostname spamd[16256]: )
The DKIM_VALID_EF rule should not be published yet as it depends on a
change in a Plugin.
>
> Any idea? This is ubuntu 16.04, latest ubuntu package (3.4.1-3) for
> spammassassin.
>
>
> Kind regards,
> Tom
>
Re: Ruleset updates via nightly masscheck status
Posted by Tom Hendrikx <to...@whyscream.net>.
On 26-10-17 20:33, David Jones wrote:
> On 10/26/2017 01:09 PM, David Jones wrote:
>> On 10/25/2017 06:15 AM, David Jones wrote:
>>> cd /tmp
>>> wget http://sa-update.ena.com/1813149.tar.gz
>>> wget http://sa-update.ena.com/1813149.tar.gz.sha1
>>> wget http://sa-update.ena.com/1813149.tar.gz.asc
>>> sa-update -v --install 1813149.tar.gz
>
> Last night's run also successfully put the last known good 72_scores.cf
> from March into the ruleset.
>
> Steps to manually installing last night's ruleset:
>
> cd /tmp
> wget http://sa-update.ena.com/1813258.tar.gz
> wget http://sa-update.ena.com/1813258.tar.gz.sha1
> wget http://sa-update.ena.com/1813258.tar.gz.asc
> sa-update -v --install 1813258.tar.gz
>
> restart spamd, MailScanner, amavisd, mimedefang, etc.
>
> Please provide feedback in the next 48 hours -- positive or negative so
> I know we are good to enable DNS updates again on Sunday.
>
After installing these rules, I'm seeing one warning in my log during
spamassassin reload:
Oct 27 09:48:24 myhostname spamd[16256]: rules: failed to run
DKIM_VALID_EF test, skipping:
Oct 27 09:48:24 myhostname spamd[16256]: (Can't locate object method
"check_dkim_valid_envelopefrom" via package "Mail:
[...]:SpamAssassin::PerMsgStatus" at (eval 1369) line 305.
Oct 27 09:48:24 myhostname spamd[16256]: )
Any idea? This is ubuntu 16.04, latest ubuntu package (3.4.1-3) for
spammassassin.
Kind regards,
Tom
Re: Ruleset updates via nightly masscheck status
Posted by David Jones <dj...@ena.com>.
On 10/26/2017 01:09 PM, David Jones wrote:
> On 10/25/2017 06:15 AM, David Jones wrote:
>> cd /tmp
>> wget http://sa-update.ena.com/1813149.tar.gz
>> wget http://sa-update.ena.com/1813149.tar.gz.sha1
>> wget http://sa-update.ena.com/1813149.tar.gz.asc
>> sa-update -v --install 1813149.tar.gz
Last night's run also successfully put the last known good 72_scores.cf
from March into the ruleset.
Steps to manually installing last night's ruleset:
cd /tmp
wget http://sa-update.ena.com/1813258.tar.gz
wget http://sa-update.ena.com/1813258.tar.gz.sha1
wget http://sa-update.ena.com/1813258.tar.gz.asc
sa-update -v --install 1813258.tar.gz
restart spamd, MailScanner, amavisd, mimedefang, etc.
Please provide feedback in the next 48 hours -- positive or negative so
I know we are good to enable DNS updates again on Sunday.
I would like to enable DNS updates on Saturday evening (US time) so the
sa-updates would start again on Sunday.
P.S. Merijn van den Kroonenberg is helping me look at the root of the
problem so we might be able to fix this properly in the next couple of
weeks.
--
David Jones
Re: Ruleset updates via nightly masscheck status
Posted by John Brooks <jo...@fastquake.com>.
On 2017-10-26 02:09 PM, David Jones wrote:
> On 10/25/2017 06:15 AM, David Jones wrote:
>> cd /tmp
>> wget http://sa-update.ena.com/1813149.tar.gz
>> wget http://sa-update.ena.com/1813149.tar.gz.sha1
>> wget http://sa-update.ena.com/1813149.tar.gz.asc
>> sa-update -v --install 1813149.tar.gz
>
> Last night's run also successfully put the last known good
> 72_scores.cf from March into the ruleset.
>
> cd /tmp
> wget http://sa-update.ena.com/1813258.tar.gz
> wget http://sa-update.ena.com/1813258.tar.gz.sha1
> wget http://sa-update.ena.com/1813258.tar.gz.asc
> sa-update -v --install 1813258.tar.gz
>
> Please provide feedback in the next 48 hours -- positive or negative
> so I know we are good to enable DNS updates again on Sunday.
>
> I would like to enable DNS updates on Saturday evening (US time) so
> the sa-updates would start again on Sunday.
>
> P.S. Merijn van den Kroonenberg is helping me look at the root of the
> problem so we might be able to fix this properly in the next couple of
> weeks.
>
I'm getting some weirdness, apparently sa-update hasn't worked for a
while on my system:
root@kitsune:/tmp# su -c "sa-update -v" - debian-spamd
gpg: WARNING: unsafe ownership on homedir `/etc/spamassassin/sa-update-keys'
gpg: failed to create temporary file `/etc/spamassassin/sa-update-keys/.#lk0x1c383e0.kitsune.6334': Permission denied
gpg: keyblock resource `/etc/spamassassin/sa-update-keys/secring.gpg': general error
gpg: failed to create temporary file `/etc/spamassassin/sa-update-keys/.#lk0x1c383e0.kitsune.6334': Permission denied
gpg: keyblock resource `/etc/spamassassin/sa-update-keys/pubring.gpg': general error
gpg: no writable keyring found: eof
gpg: error reading `/usr/share/spamassassin/sa-update-pubkey.txt': general error
gpg: import from `/usr/share/spamassassin/sa-update-pubkey.txt' failed: general error
gpg: process '/usr/bin/gpg --homedir='/etc/spamassassin/sa-update-keys' --batch --no-tty --status-fd=1 -q --logger-fd=1 --import' finished: exit 2
Update finished, no fresh updates were available
I'll try and figure out what the problem is.
Re: Ruleset updates via nightly masscheck status
Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
+1 from me to relight the DNS.
On 10/26/2017 2:09 PM, David Jones wrote:
> On 10/25/2017 06:15 AM, David Jones wrote:
>> cd /tmp
>> wget http://sa-update.ena.com/1813149.tar.gz
>> wget http://sa-update.ena.com/1813149.tar.gz.sha1
>> wget http://sa-update.ena.com/1813149.tar.gz.asc
>> sa-update -v --install 1813149.tar.gz
>
> Last night's run also successfully put the last known good
> 72_scores.cf from March into the ruleset.
>
> cd /tmp
> wget http://sa-update.ena.com/1813258.tar.gz
> wget http://sa-update.ena.com/1813258.tar.gz.sha1
> wget http://sa-update.ena.com/1813258.tar.gz.asc
> sa-update -v --install 1813258.tar.gz
>
> Please provide feedback in the next 48 hours -- positive or negative
> so I know we are good to enable DNS updates again on Sunday.
>
> I would like to enable DNS updates on Saturday evening (US time) so
> the sa-updates would start again on Sunday.
>
> P.S. Merijn van den Kroonenberg is helping me look at the root of the
> problem so we might be able to fix this properly in the next couple of
> weeks.
>
Re: Ruleset updates via nightly masscheck status
Posted by David Jones <dj...@ena.com>.
On 10/25/2017 06:15 AM, David Jones wrote:
> cd /tmp
> wget http://sa-update.ena.com/1813149.tar.gz
> wget http://sa-update.ena.com/1813149.tar.gz.sha1
> wget http://sa-update.ena.com/1813149.tar.gz.asc
> sa-update -v --install 1813149.tar.gz
Last night's run also successfully put the last known good 72_scores.cf
from March into the ruleset.
cd /tmp
wget http://sa-update.ena.com/1813258.tar.gz
wget http://sa-update.ena.com/1813258.tar.gz.sha1
wget http://sa-update.ena.com/1813258.tar.gz.asc
sa-update -v --install 1813258.tar.gz
Please provide feedback in the next 48 hours -- positive or negative so
I know we are good to enable DNS updates again on Sunday.
I would like to enable DNS updates on Saturday evening (US time) so the
sa-updates would start again on Sunday.
P.S. Merijn van den Kroonenberg is helping me look at the root of the
problem so we might be able to fix this properly in the next couple of
weeks.
--
David Jones
Re: Ruleset updates via nightly masscheck status
Posted by David Jones <dj...@ena.com>.
On 10/23/2017 07:44 AM, David Jones wrote:
> On 10/19/2017 11:20 AM, John Hardin wrote:
>> On Thu, 19 Oct 2017, Merijn van den Kroonenberg wrote:
>>
>>> So a static 72_scores.cf which is basically the 'march' version would be
>>> an option. It has been doing its job for a lot of months now. There
>>> is one
>>> catch tho, we need to add new rules manually (and remove deleted
>>> rules). I
>>> guess this could be done in the static 72_scores.cf or in a
>>> 72_scores_manual.cf if you want to keep track of manual score changes.
>>
>> As long as 72_scores isn't being automatically updated, that would be
>> the place to make manual score changes for new rules and suppress
>> poor-performing rules. That minimizes the changes needed when rule
>> scoring is fixed.
>>
>
> I have changed the mkupdate-with-scores script to force checkout rev
> 1786976 of 72_scores.cf -- the last known good version from mid March.
> The 72_scores_temporary_fix.cf has been removed.
>
> Tomorrow's ruleset should have this static 72_scores.cf 9,810 bytes. I
> will check it and apply it to my SA platform manually for live testing.
> If all looks good, I will ask for more testers in a couple of days and
> hopefully we can have the ruleset updates rolling out again by the end
> of the week.
>
Last night's run worked. The last known good 72_scores.cf was put into
the ruleset properly. Please test the latest ruleset by running these
commands and reporting back to the list after a day or two. I would
like to enable DNS updates again to get sa-update going again by Friday
or Saturday.
cd /tmp
wget http://sa-update.ena.com/1813149.tar.gz
wget http://sa-update.ena.com/1813149.tar.gz.sha1
wget http://sa-update.ena.com/1813149.tar.gz.asc
sa-update -v --install 1813149.tar.gz
(restart your spamd, amavisd, mimedefang, MailScanner, etc.)
--
David Jones
Re: Ruleset updates via nightly masscheck status
Posted by David Jones <dj...@ena.com>.
On 10/19/2017 11:20 AM, John Hardin wrote:
> On Thu, 19 Oct 2017, Merijn van den Kroonenberg wrote:
>
>> So a static 72_scores.cf which is basically the 'march' version would be
>> an option. It has been doing its job for a lot of months now. There is
>> one
>> catch tho, we need to add new rules manually (and remove deleted
>> rules). I
>> guess this could be done in the static 72_scores.cf or in a
>> 72_scores_manual.cf if you want to keep track of manual score changes.
>
> As long as 72_scores isn't being automatically updated, that would be
> the place to make manual score changes for new rules and suppress
> poor-performing rules. That minimizes the changes needed when rule
> scoring is fixed.
>
I have changed the mkupdate-with-scores script to force checkout rev
1786976 of 72_scores.cf -- the last known good version from mid March.
The 72_scores_temporary_fix.cf has been removed.
Tomorrow's ruleset should have this static 72_scores.cf 9,810 bytes. I
will check it and apply it to my SA platform manually for live testing.
If all looks good, I will ask for more testers in a couple of days and
hopefully we can have the ruleset updates rolling out again by the end
of the week.
--
David Jones
Re: Ruleset updates via nightly masscheck status
Posted by John Hardin <jh...@impsec.org>.
On Thu, 19 Oct 2017, Merijn van den Kroonenberg wrote:
> So a static 72_scores.cf which is basically the 'march' version would be
> an option. It has been doing its job for a lot of months now. There is one
> catch tho, we need to add new rules manually (and remove deleted rules). I
> guess this could be done in the static 72_scores.cf or in a
> 72_scores_manual.cf if you want to keep track of manual score changes.
As long as 72_scores isn't being automatically updated, that would be the
place to make manual score changes for new rules and suppress
poor-performing rules. That minimizes the changes needed when rule scoring
is fixed.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
For those who are being swayed by Microsoft's whining about the
GPL, consider how aggressively viral their Shared Source license is:
If you've *ever* seen *any* MS code covered by the Shared Source
license, you're infected for life. MS can sue you for Intellectual
Property misappropriation whenever they like, so you'd better not
come up with any Innovative Ideas that they want to Embrace...
-----------------------------------------------------------------------
203 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: Ruleset updates via nightly masscheck status
Posted by Merijn van den Kroonenberg <me...@web2all.nl>.
> On 10/19/2017 03:49 AM, Merijn van den Kroonenberg wrote:
>>> On 10/18/2017 10:10 AM, Merijn van den Kroonenberg wrote:
>>>>> A new file has been created, 72_scores_temporary_fix.cf (107 lines),
>>>>> that is the delta of the last known good 72_scores.cf from March and
>>>>> the
>>>>> latest incomplete 72_scores.cf (56 lines):
>>>>
>>>> So the combination of 72_scores_temporary_fix.cf and the latest
>>>> 72_scores.cf result in the same rules + scores as the 72_scores.cf
>>>> from
>>>> march?
>>>>
>>>
>>> Correct.
>>>
>>>> Or are some scores different?
>>>
>>> The ~56 scores in 72_scores.cf will change slightly each night based on
>>> masscheck processing. The "last known good" scores from March for the
>>> ~107 that are missing from 72_scores.cf have been put in the
>>> 72_scores_temporary_fix.cf to prevent low overall scoring like what
>>> happened in mid June.
>>>
>
> Good point. Thanks for catching that. Another option is to scrap the
> 72_scores_temporary_fix.cf and make 72_scores.cf a static file in the
> nightly masscheck script and ignore the generated version. I am open to
> suggestions.
Personally I think this would be a better road to take. If we cannot trust
the score generation then it would be better to completely bypass it. And
i think we cannot trust the score generation, it behaves in unexplained
ways, so it would be very hard for us to predict, and compensate, for all
things it could do wrong.
So a static 72_scores.cf which is basically the 'march' version would be
an option. It has been doing its job for a lot of months now. There is one
catch tho, we need to add new rules manually (and remove deleted rules). I
guess this could be done in the static 72_scores.cf or in a
72_scores_manual.cf if you want to keep track of manual score changes.
Possibly we need to adjust some obvious wrong scoring manually. We could
use the new score generation to see if theres anything jumping out.
>
>>>>
>>>> What is the intention of this temporary fix of the rule updates? Will
>>>> it
>>>> allow score changes by the score generation system? If so, what will
>>>> prevent unexpected/unintended scores to be generated because the score
>>>> generation is broken? And if not, what is gained by activating the
>>>> rule
>>>> updates again, will manual rule updates be pushed?
>>>>
>>>
>>> Yes. The scores that are making it to the 72_scores.cf appear to be
>>> correct. The issue is causing 2/3rds of the scores to be completely
>>> missing taking the default score of 1.0 to throw off scoring
>>> significantly.
>>
>> Right, but what I remembered from looking at this earlier, the generated
>> 72_scores.cf (like the ones generated in june) seem to 'leave out'
>> different rules each time. Most of those ~56 are the same rules, but
>> they
>> are not exactly. So each day some other rules are 'missing' and get the
>> default 1.0 score?
>>
>> I compared the new 72_scores.cf against a few from june and what i
>> remembered seems to be correct, different rules disappear each day.
>>
>> How are you countering this behaviour with a fixed
>> 72_scores_temporary_fix.cf file? Or are you re-generating the
>> 72_scores_temporary_fix.cf anew each day by comparing to the march 72
>> score file?
>>
>
> I could do this too with a little more effort in the nightly masscheck
> scripts.
>
>> John Hardin said in an earlier mail: "The problem is 72_scores has
>> explicit bad scores in it.". Is this true? If so you override some rules
>> which do get generated in the ~56 set?
>>
>
> I am not sure what John meant as an action item from that statement.
> Can anyone provide a good/safe 72_scores.cf file to put in the default
> SA ruleset?
>
> Bottom line is we need to get the nightly masscheck scripts and DNS
> updates going again for sa-update to start working again.
>
> Thank you for your help, Merijn. I really need another set of eyes
> looking at the problem. I have been looking at this issue too long.
np, this is a complex issue and I think it needs a few people working
together to get it going again.
>
> BTW, this issue doesn't impact my SA instances. I have so much local
> customization and MTA optimizations that I didn't even notice the
> problem back in June when we had a couple of weeks of low scoring. I am
> trying to help the entire SA community with improvements to the default
> ruleset.
I am very grateful for all the time you put into this.
>
>>>
>>> We need to sa-updates going again. None of the updates of the past few
>>> months here have gone out to the Internet:
>>>
>>> http://svn.apache.org/viewvc/spamassassin/trunk/rules/?sortby=date
>>>
>>> There are some other new rule updates that could be coming soon (i.e.
>>> new LASHBACK RBL testing with very low scores) which add to the
>>> importance to get updates enabled again while I continue to
>>> troubleshoot
>>> the incomplete 72_scores.cf issue.
>>>
>>> --
>>> David Jones
>>>
>>>>>
>>>>> http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/scores/72_scores_temporary_fix.cf
>>>>>
>>>>> The latest ruleset 1812374.tar.gz with the 72_scores_temporary_fix.cf
>>>>> was installed on my production mail filters and my spamtrap for
>>>>> masschecking and the scoring is normal the past couple of hours.
>>>>> Last
>>>>> time there was a sharp drop in scoring that should have been quickly
>>>>> obvious.
>>>>>
>>>>> I need some volunteers to manually install the latest ruleset from
>>>>> any
>>>>> SA update mirror and check their scoring so we can enable automated
>>>>> updates via DNS soon:
>>>>>
>>>>> cd /tmp
>>>>> wget http://sa-update.ena.com/1812374.tar.gz
>>>>> wget http://sa-update.ena.com/1812374.tar.gz.sha1
>>>>> wget http://sa-update.ena.com/1812374.tar.gz.asc
>>>>> sa-update -v --install 1812374.tar.gz
>>>>> (restart your spamd, amavisd, mimedefang, MailScanner, etc.)
>>>>>
>>>>> Please run the commands above and provide some feedback so we can
>>>>> enable
>>>>> automatic sa-updates again soon.
>>>>>
>>>>> --
>>>>> David Jones
>>>>>
>>>
>>> --
>>> David Jones
>>>
>>
>>
>
> --
> David Jones
>
Re: Ruleset updates via nightly masscheck status
Posted by David Jones <dj...@ena.com>.
On 10/19/2017 03:49 AM, Merijn van den Kroonenberg wrote:
>> On 10/18/2017 10:10 AM, Merijn van den Kroonenberg wrote:
>>>> A new file has been created, 72_scores_temporary_fix.cf (107 lines),
>>>> that is the delta of the last known good 72_scores.cf from March and
>>>> the
>>>> latest incomplete 72_scores.cf (56 lines):
>>>
>>> So the combination of 72_scores_temporary_fix.cf and the latest
>>> 72_scores.cf result in the same rules + scores as the 72_scores.cf from
>>> march?
>>>
>>
>> Correct.
>>
>>> Or are some scores different?
>>
>> The ~56 scores in 72_scores.cf will change slightly each night based on
>> masscheck processing. The "last known good" scores from March for the
>> ~107 that are missing from 72_scores.cf have been put in the
>> 72_scores_temporary_fix.cf to prevent low overall scoring like what
>> happened in mid June.
>>
Good point. Thanks for catching that. Another option is to scrap the
72_scores_temporary_fix.cf and make 72_scores.cf a static file in the
nightly masscheck script and ignore the generated version. I am open to
suggestions.
>>>
>>> What is the intention of this temporary fix of the rule updates? Will it
>>> allow score changes by the score generation system? If so, what will
>>> prevent unexpected/unintended scores to be generated because the score
>>> generation is broken? And if not, what is gained by activating the rule
>>> updates again, will manual rule updates be pushed?
>>>
>>
>> Yes. The scores that are making it to the 72_scores.cf appear to be
>> correct. The issue is causing 2/3rds of the scores to be completely
>> missing taking the default score of 1.0 to throw off scoring
>> significantly.
>
> Right, but what I remembered from looking at this earlier, the generated
> 72_scores.cf (like the ones generated in june) seem to 'leave out'
> different rules each time. Most of those ~56 are the same rules, but they
> are not exactly. So each day some other rules are 'missing' and get the
> default 1.0 score?
>
> I compared the new 72_scores.cf against a few from june and what i
> remembered seems to be correct, different rules disappear each day.
>
> How are you countering this behaviour with a fixed
> 72_scores_temporary_fix.cf file? Or are you re-generating the
> 72_scores_temporary_fix.cf anew each day by comparing to the march 72
> score file?
>
I could do this too with a little more effort in the nightly masscheck
scripts.
> John Hardin said in an earlier mail: "The problem is 72_scores has
> explicit bad scores in it.". Is this true? If so you override some rules
> which do get generated in the ~56 set?
>
I am not sure what John meant as an action item from that statement.
Can anyone provide a good/safe 72_scores.cf file to put in the default
SA ruleset?
Bottom line is we need to get the nightly masscheck scripts and DNS
updates going again for sa-update to start working again.
Thank you for your help, Merijn. I really need another set of eyes
looking at the problem. I have been looking at this issue too long.
BTW, this issue doesn't impact my SA instances. I have so much local
customization and MTA optimizations that I didn't even notice the
problem back in June when we had a couple of weeks of low scoring. I am
trying to help the entire SA community with improvements to the default
ruleset.
>>
>> We need to sa-updates going again. None of the updates of the past few
>> months here have gone out to the Internet:
>>
>> http://svn.apache.org/viewvc/spamassassin/trunk/rules/?sortby=date
>>
>> There are some other new rule updates that could be coming soon (i.e.
>> new LASHBACK RBL testing with very low scores) which add to the
>> importance to get updates enabled again while I continue to troubleshoot
>> the incomplete 72_scores.cf issue.
>>
>> --
>> David Jones
>>
>>>>
>>>> http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/scores/72_scores_temporary_fix.cf
>>>>
>>>> The latest ruleset 1812374.tar.gz with the 72_scores_temporary_fix.cf
>>>> was installed on my production mail filters and my spamtrap for
>>>> masschecking and the scoring is normal the past couple of hours. Last
>>>> time there was a sharp drop in scoring that should have been quickly
>>>> obvious.
>>>>
>>>> I need some volunteers to manually install the latest ruleset from any
>>>> SA update mirror and check their scoring so we can enable automated
>>>> updates via DNS soon:
>>>>
>>>> cd /tmp
>>>> wget http://sa-update.ena.com/1812374.tar.gz
>>>> wget http://sa-update.ena.com/1812374.tar.gz.sha1
>>>> wget http://sa-update.ena.com/1812374.tar.gz.asc
>>>> sa-update -v --install 1812374.tar.gz
>>>> (restart your spamd, amavisd, mimedefang, MailScanner, etc.)
>>>>
>>>> Please run the commands above and provide some feedback so we can
>>>> enable
>>>> automatic sa-updates again soon.
>>>>
>>>> --
>>>> David Jones
>>>>
>>
>> --
>> David Jones
>>
>
>
--
David Jones
Re: Ruleset updates via nightly masscheck status
Posted by Merijn van den Kroonenberg <me...@web2all.nl>.
> On 10/18/2017 10:10 AM, Merijn van den Kroonenberg wrote:
>>> A new file has been created, 72_scores_temporary_fix.cf (107 lines),
>>> that is the delta of the last known good 72_scores.cf from March and
>>> the
>>> latest incomplete 72_scores.cf (56 lines):
>>
>> So the combination of 72_scores_temporary_fix.cf and the latest
>> 72_scores.cf result in the same rules + scores as the 72_scores.cf from
>> march?
>>
>
> Correct.
>
>> Or are some scores different?
>
> The ~56 scores in 72_scores.cf will change slightly each night based on
> masscheck processing. The "last known good" scores from March for the
> ~107 that are missing from 72_scores.cf have been put in the
> 72_scores_temporary_fix.cf to prevent low overall scoring like what
> happened in mid June.
>
>>
>> What is the intention of this temporary fix of the rule updates? Will it
>> allow score changes by the score generation system? If so, what will
>> prevent unexpected/unintended scores to be generated because the score
>> generation is broken? And if not, what is gained by activating the rule
>> updates again, will manual rule updates be pushed?
>>
>
> Yes. The scores that are making it to the 72_scores.cf appear to be
> correct. The issue is causing 2/3rds of the scores to be completely
> missing taking the default score of 1.0 to throw off scoring
> significantly.
Right, but what I remembered from looking at this earlier, the generated
72_scores.cf (like the ones generated in june) seem to 'leave out'
different rules each time. Most of those ~56 are the same rules, but they
are not exactly. So each day some other rules are 'missing' and get the
default 1.0 score?
I compared the new 72_scores.cf against a few from june and what i
remembered seems to be correct, different rules disappear each day.
How are you countering this behaviour with a fixed
72_scores_temporary_fix.cf file? Or are you re-generating the
72_scores_temporary_fix.cf anew each day by comparing to the march 72
score file?
John Hardin said in an earlier mail: "The problem is 72_scores has
explicit bad scores in it.". Is this true? If so you override some rules
which do get generated in the ~56 set?
>
> We need to sa-updates going again. None of the updates of the past few
> months here have gone out to the Internet:
>
> http://svn.apache.org/viewvc/spamassassin/trunk/rules/?sortby=date
>
> There are some other new rule updates that could be coming soon (i.e.
> new LASHBACK RBL testing with very low scores) which add to the
> importance to get updates enabled again while I continue to troubleshoot
> the incomplete 72_scores.cf issue.
>
> --
> David Jones
>
>>>
>>> http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/scores/72_scores_temporary_fix.cf
>>>
>>> The latest ruleset 1812374.tar.gz with the 72_scores_temporary_fix.cf
>>> was installed on my production mail filters and my spamtrap for
>>> masschecking and the scoring is normal the past couple of hours. Last
>>> time there was a sharp drop in scoring that should have been quickly
>>> obvious.
>>>
>>> I need some volunteers to manually install the latest ruleset from any
>>> SA update mirror and check their scoring so we can enable automated
>>> updates via DNS soon:
>>>
>>> cd /tmp
>>> wget http://sa-update.ena.com/1812374.tar.gz
>>> wget http://sa-update.ena.com/1812374.tar.gz.sha1
>>> wget http://sa-update.ena.com/1812374.tar.gz.asc
>>> sa-update -v --install 1812374.tar.gz
>>> (restart your spamd, amavisd, mimedefang, MailScanner, etc.)
>>>
>>> Please run the commands above and provide some feedback so we can
>>> enable
>>> automatic sa-updates again soon.
>>>
>>> --
>>> David Jones
>>>
>
> --
> David Jones
>
Re: Ruleset updates via nightly masscheck status
Posted by David Jones <dj...@ena.com>.
On 10/18/2017 10:10 AM, Merijn van den Kroonenberg wrote:
>> A new file has been created, 72_scores_temporary_fix.cf (107 lines),
>> that is the delta of the last known good 72_scores.cf from March and the
>> latest incomplete 72_scores.cf (56 lines):
>
> So the combination of 72_scores_temporary_fix.cf and the latest
> 72_scores.cf result in the same rules + scores as the 72_scores.cf from
> march?
>
Correct.
> Or are some scores different?
The ~56 scores in 72_scores.cf will change slightly each night based on
masscheck processing. The "last known good" scores from March for the
~107 that are missing from 72_scores.cf have been put in the
72_scores_temporary_fix.cf to prevent low overall scoring like what
happened in mid June.
>
> What is the intention of this temporary fix of the rule updates? Will it
> allow score changes by the score generation system? If so, what will
> prevent unexpected/unintended scores to be generated because the score
> generation is broken? And if not, what is gained by activating the rule
> updates again, will manual rule updates be pushed?
>
Yes. The scores that are making it to the 72_scores.cf appear to be
correct. The issue is causing 2/3rds of the scores to be completely
missing taking the default score of 1.0 to throw off scoring significantly.
We need to sa-updates going again. None of the updates of the past few
months here have gone out to the Internet:
http://svn.apache.org/viewvc/spamassassin/trunk/rules/?sortby=date
There are some other new rule updates that could be coming soon (i.e.
new LASHBACK RBL testing with very low scores) which add to the
importance to get updates enabled again while I continue to troubleshoot
the incomplete 72_scores.cf issue.
--
David Jones
>>
>> http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/scores/72_scores_temporary_fix.cf
>>
>> The latest ruleset 1812374.tar.gz with the 72_scores_temporary_fix.cf
>> was installed on my production mail filters and my spamtrap for
>> masschecking and the scoring is normal the past couple of hours. Last
>> time there was a sharp drop in scoring that should have been quickly
>> obvious.
>>
>> I need some volunteers to manually install the latest ruleset from any
>> SA update mirror and check their scoring so we can enable automated
>> updates via DNS soon:
>>
>> cd /tmp
>> wget http://sa-update.ena.com/1812374.tar.gz
>> wget http://sa-update.ena.com/1812374.tar.gz.sha1
>> wget http://sa-update.ena.com/1812374.tar.gz.asc
>> sa-update -v --install 1812374.tar.gz
>> (restart your spamd, amavisd, mimedefang, MailScanner, etc.)
>>
>> Please run the commands above and provide some feedback so we can enable
>> automatic sa-updates again soon.
>>
>> --
>> David Jones
>>
--
David Jones
Re: Ruleset updates via nightly masscheck status
Posted by Merijn van den Kroonenberg <me...@web2all.nl>.
> A new file has been created, 72_scores_temporary_fix.cf (107 lines),
> that is the delta of the last known good 72_scores.cf from March and the
> latest incomplete 72_scores.cf (56 lines):
So the combination of 72_scores_temporary_fix.cf and the latest
72_scores.cf result in the same rules + scores as the 72_scores.cf from
march?
Or are some scores different?
What is the intention of this temporary fix of the rule updates? Will it
allow score changes by the score generation system? If so, what will
prevent unexpected/unintended scores to be generated because the score
generation is broken? And if not, what is gained by activating the rule
updates again, will manual rule updates be pushed?
>
> http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/scores/72_scores_temporary_fix.cf
>
> The latest ruleset 1812374.tar.gz with the 72_scores_temporary_fix.cf
> was installed on my production mail filters and my spamtrap for
> masschecking and the scoring is normal the past couple of hours. Last
> time there was a sharp drop in scoring that should have been quickly
> obvious.
>
> I need some volunteers to manually install the latest ruleset from any
> SA update mirror and check their scoring so we can enable automated
> updates via DNS soon:
>
> cd /tmp
> wget http://sa-update.ena.com/1812374.tar.gz
> wget http://sa-update.ena.com/1812374.tar.gz.sha1
> wget http://sa-update.ena.com/1812374.tar.gz.asc
> sa-update -v --install 1812374.tar.gz
> (restart your spamd, amavisd, mimedefang, MailScanner, etc.)
>
> Please run the commands above and provide some feedback so we can enable
> automatic sa-updates again soon.
>
> --
> David Jones
>