You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Ian Zimmerman <it...@buug.org> on 2016/04/07 04:38:27 UTC
Disabling spamcop plugin
Is there any way to disable the spamcop plugin for an individual user
(i.e. from ~/.spamassassin/user_prefs) if the plugin is loaded by
/etc/spamassassin/*.pre ?
By comparison, I seem to be able to disable pyzor even if it is loaded,
by writing
use_pyzor 0
in my user_prefs.
--
Please *no* private copies of mailing list or newsgroup messages.
Rule 420: All persons more than eight miles high to leave the court.
Re: Disabling spamcop plugin
Posted by Jari Fredriksson <ja...@iki.fi>.
Ian Zimmerman kirjoitti 7.4.2016 5:38:
> Is there any way to disable the spamcop plugin for an individual user
> (i.e. from ~/.spamassassin/user_prefs) if the plugin is loaded by
> /etc/spamassassin/*.pre ?
>
> By comparison, I seem to be able to disable pyzor even if it is loaded,
> by writing
>
> use_pyzor 0
>
> in my user_prefs.
There seems to be code in SpamCop.pm doing some test about
"dont_report_to_spamcop". I don't know if that can be set in user_prefs
or something..
sub plugin_report {
my ($self, $options) = @_;
return unless $self->{spamcop_available};
if (!$options->{report}->{options}->{dont_report_to_spamcop}) {
if ($self->spamcop_report($options)) {
$options->{report}->{report_available} = 1;
info("reporter: spam reported to SpamCop");
$options->{report}->{report_return} = 1;
}
else {
info("reporter: could not report spam to SpamCop");
}
}
}
--
jarif.bit
Re: Disabling spamcop plugin
Posted by Alarig Le Lay <al...@swordarmor.fr>.
On Wed Apr 13 15:50:27 2016, Reindl Harald wrote:
> enough problems by wasting time if you have to maintain 10, 20, 30 or more
> servers and in case of problems need fast downgrades - especially if you run
> virtual machines where all the compile jobs share hardware
>
> besides that on a production server no compilers should be installed at all
> - the generation of malware which compiles itself is only a question of time
>
> what gentoo would need to solve for professional environemnts is that you
> have one machine which pulls the updates, compiles them and apckage them in
> a way all other machines in the network can pull and apply them in
> precompiled from over ftp, http or whatever network protocol
>
> we are doing the same even for Fedora servers where one machine which has
> all package sinstalled moves them from yum/dnf-cache to a repo folder, run
> createrepo and all other machines have only this repo enabled and so can do
> a "yum -y upgrade" which can be triggered over SSH directly from the admin
> machine with a "distribute-updates.sh" script and a own SSH key for that
> task
Hi,
When you run several dozens of servers, you should use and orchestrator.
By this way, you don’t spend time for each server.
Also, you can have a compiler for your gentoo architecture that serves
binary packages to other servers.
--
alarig
Re: Disabling spamcop plugin
Posted by Michael Orlitzky <mi...@orlitzky.com>.
On 04/13/2016 09:50 AM, Reindl Harald wrote:
>
> enough problems by wasting time if you have to maintain 10, 20, 30 or
> more servers and in case of problems need fast downgrades - especially
> if you run virtual machines where all the compile jobs share hardware
emerge --buildpkg will create a binary package that you can instantly
downgrade to with emerge --usepkg
> besides that on a production server no compilers should be installed at
> all - the generation of malware which compiles itself is only a question
> of time
I'm not convinced that an attacker who can execute commands on your
server is more dangerous when one of those commands is `gcc`.
>
> what gentoo would need to solve for professional environemnts is that
> you have one machine which pulls the updates, compiles them and apckage
> them in a way all other machines in the network can pull and apply them
> in precompiled from over ftp, http or whatever network protocol
>
As you wish:
https://wiki.gentoo.org/wiki/Binary_package_guide
Re: Disabling spamcop plugin
Posted by Reindl Harald <h....@thelounge.net>.
Am 13.04.2016 um 15:12 schrieb Michael Orlitzky:
> On 04/13/2016 01:26 AM, Ian Zimmerman wrote:
>> On 2016-04-12 10:57 -0400, David Niklas wrote:
>>
>>> You could use Gentoo, you get to configure it all yourself!
>>
>> Funny you'd say that, I _am_ actually switching to it - on my
>> "workstation" role computers. I'm already over 50% over the hump, I
>> think.
>>
>> But on "server type" computers, I just cannot spare a dedicated security
>> branch. I really don't have the time, and more importantly the nerves,
>> to scramble and recompile the world when each new vulnerability is
>> announced.
>
> This shouldn't be worse on Gentoo than it is anywhere else. We have a
> mailing list, gentoo-announce [0], where security advisories get sent.
> But, they only get sent out once the vulnerability has been fixed and
> marked stable /everywhere/, so they often come a little late.
> Nevertheless, security issues are fixed ASAP:
>
> 1. Some vulnerability is found.
>
> 2. The security team opens a bug, and contacts the maintainer of the
> affected package.
>
> 3. A fix is committed to the tree.
>
> 4. The arch teams scramble to stabilize the version with the fix.
>
> 5. The announcement is sent out.
>
> As long as you follow a semi-regular update cycle, you shouldn't have to
> do anything special, even if you run a stable system. The affected
> package will be recompiled automatically as part of the updates. Any
> packages *depending on* that package (like, if they're statically linked
> to it) will also be recompiled. No need to recompile @world
enough problems by wasting time if you have to maintain 10, 20, 30 or
more servers and in case of problems need fast downgrades - especially
if you run virtual machines where all the compile jobs share hardware
besides that on a production server no compilers should be installed at
all - the generation of malware which compiles itself is only a question
of time
what gentoo would need to solve for professional environemnts is that
you have one machine which pulls the updates, compiles them and apckage
them in a way all other machines in the network can pull and apply them
in precompiled from over ftp, http or whatever network protocol
we are doing the same even for Fedora servers where one machine which
has all package sinstalled moves them from yum/dnf-cache to a repo
folder, run createrepo and all other machines have only this repo
enabled and so can do a "yum -y upgrade" which can be triggered over SSH
directly from the admin machine with a "distribute-updates.sh" script
and a own SSH key for that task
Re: [OT] still configuring [Was: Disabling spamcop plugin]
Posted by Ian Zimmerman <it...@buug.org>.
On 2016-04-13 09:12 -0400, Michael Orlitzky wrote:
> package will be recompiled automatically as part of the updates. Any
> packages *depending on* that package (like, if they're statically linked
> to it) will also be recompiled.
But also _direct_ dependencies of the affected package, if the latest
version has new requirements. And this is the heart of the problem.
With a dedicated security channel like debian has, the fixes are
recompiled targeted to the base release, so (for example) I'd never have
to update perl because of a fix in spamassassin.
In fact you can leave debian servers to update themselves unattended,
most of the time. This is too huge a benefit for me to drop, even
weighed against the recent debian annoyances.
--
Please *no* private copies of mailing list or newsgroup messages.
Rule 420: All persons more than eight miles high to leave the court.
Re: [OT] still configuring [Was: Disabling spamcop plugin]
Posted by Michael Orlitzky <mi...@orlitzky.com>.
On 04/13/2016 01:26 AM, Ian Zimmerman wrote:
> On 2016-04-12 10:57 -0400, David Niklas wrote:
>
>> You could use Gentoo, you get to configure it all yourself!
>
> Funny you'd say that, I _am_ actually switching to it - on my
> "workstation" role computers. I'm already over 50% over the hump, I
> think.
>
> But on "server type" computers, I just cannot spare a dedicated security
> branch. I really don't have the time, and more importantly the nerves,
> to scramble and recompile the world when each new vulnerability is
> announced.
>
This shouldn't be worse on Gentoo than it is anywhere else. We have a
mailing list, gentoo-announce [0], where security advisories get sent.
But, they only get sent out once the vulnerability has been fixed and
marked stable /everywhere/, so they often come a little late.
Nevertheless, security issues are fixed ASAP:
1. Some vulnerability is found.
2. The security team opens a bug, and contacts the maintainer of the
affected package.
3. A fix is committed to the tree.
4. The arch teams scramble to stabilize the version with the fix.
5. The announcement is sent out.
As long as you follow a semi-regular update cycle, you shouldn't have to
do anything special, even if you run a stable system. The affected
package will be recompiled automatically as part of the updates. Any
packages *depending on* that package (like, if they're statically linked
to it) will also be recompiled. No need to recompile @world.
[0] https://www.gentoo.org/get-involved/mailing-lists/
[OT] still configuring [Was: Disabling spamcop plugin]
Posted by Ian Zimmerman <it...@buug.org>.
On 2016-04-12 10:57 -0400, David Niklas wrote:
> You could use Gentoo, you get to configure it all yourself!
Funny you'd say that, I _am_ actually switching to it - on my
"workstation" role computers. I'm already over 50% over the hump, I
think.
But on "server type" computers, I just cannot spare a dedicated security
branch. I really don't have the time, and more importantly the nerves,
to scramble and recompile the world when each new vulnerability is
announced.
> You might also try Arch or Devuan. What distro are you using now?
Debian. Have been using it over 15 years now, and watched some of the
fun vanish over the last few.
--
Please *no* private copies of mailing list or newsgroup messages.
Rule 420: All persons more than eight miles high to leave the court.
Re: Disabling spamcop plugin
Posted by David Niklas <do...@mail.com>.
Am 07.04.2016 um 22:55 schrieb Ian Zimmerman:
> My high-level goal here is to get rid of as many configuration changes
> as I can in the system-managed area (/etc in my case) and achieve the
> same effects by other means. This is because I'm learning that I
> cannot trust my distro not to screw me over anymore
You could use Gentoo, you get to configure it all yourself!
Really, I do configure it all myself. It's actually quite
educational (and time consuming).
You might also try Arch or Devuan.
What distro are you using now?
FWIW I also found that what others though I would like and what I
actually did like were two different things.
Sincerely, David
------------
In windowz, they choose everything for you. In Linux, if you want to
choose, you have to be willing to both do so and accept the
consequences of your choices.
-- Me
Re: Disabling spamcop plugin
Posted by Reindl Harald <h....@thelounge.net>.
Am 07.04.2016 um 22:55 schrieb Ian Zimmerman:
> My high-level goal here is to get rid of as many configuration changes
> as I can in the system-managed area (/etc in my case) and achieve the
> same effects by other means. This is because I'm learning that I cannot
> trust my distro not to screw me over anymore
where does your distro screw you?
what did you touch you dhould not have touched?
sorry, but if you do you config changes at the right place your distro
don't screw anything, that said from a fedora user with 2 dist-upgrades
every year over 8 years on 20-30 production servers
Reporting [Was: Disabling spamcop plugin]
Posted by Ian Zimmerman <it...@buug.org>.
On 2016-04-07 13:55 -0700, Ian Zimmerman wrote:
> sa-learn doesn't do any reporting, right?
[snip snip]
> By the way, manpage for spamc says:
>
> -C report type, --reporttype=type
> Report or revoke a message to one of the configured
> collaborative filtering databases.
> The "report type" can be either report or revoke.
>
> "To one of the databases"? Which one? Isn't this a bug in the manpage?
Unfortunately the thread went sideways into opinion territory after
this, but I'd still like to clarify these factual points. Anyone?
--
Please *no* private copies of mailing list or newsgroup messages.
Rule 420: All persons more than eight miles high to leave the court.
Re: Disabling spamcop plugin
Posted by Ian Zimmerman <it...@buug.org>.
On 2016-04-07 14:37 +0100, RW wrote:
> What exactly are you trying to do here?
>
> The pyzor plugin does testing and reporting, use_pyzor is mostly there
> to control the test. The spamcop plugin does reporting only.
So, if I don't do any explicit reporting (neither spamc -C nor
spamassassin -r), the spamcop plugin is not actually used at all?
sa-learn doesn't do any reporting, right?
My high-level goal here is to get rid of as many configuration changes
as I can in the system-managed area (/etc in my case) and achieve the
same effects by other means. This is because I'm learning that I cannot
trust my distro not to screw me over anymore.
I noticed that I had disabled the spamcop plugin before by commenting it
out in /etc/*/init.pre, and I wanted to continue not using it even after
I reverted that file to its pristine distro state.
By the way, manpage for spamc says:
-C report type, --reporttype=type
Report or revoke a message to one of the configured
collaborative filtering databases.
The "report type" can be either report or revoke.
"To one of the databases"? Which one? Isn't this a bug in the manpage?
--
Please *no* private copies of mailing list or newsgroup messages.
Rule 420: All persons more than eight miles high to leave the court.
Re: Disabling spamcop plugin
Posted by RW <rw...@googlemail.com>.
On Wed, 6 Apr 2016 19:38:27 -0700
Ian Zimmerman wrote:
> Is there any way to disable the spamcop plugin for an individual user
> (i.e. from ~/.spamassassin/user_prefs) if the plugin is loaded by
> /etc/spamassassin/*.pre ?
>
> By comparison, I seem to be able to disable pyzor even if it is
> loaded, by writing
>
> use_pyzor 0
>
> in my user_prefs.
What exactly are you trying to do here?
The pyzor plugin does testing and reporting, use_pyzor is mostly there
to control the test. The spamcop plugin does reporting only.