You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2023/02/19 17:18:55 UTC
[Bug 8119] New: update.spamassassin.org
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8119
Bug ID: 8119
Summary: update.spamassassin.org
Product: Spamassassin
Version: 3.4.4
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P2
Component: sa-update
Assignee: dev@spamassassin.apache.org
Reporter: zounp@protonmail.ch
Target Milestone: Undefined
sa-update looks for updates on update.spamassassin.org which seems to be non
existend.
$ nslookup updates.spamassassin.org
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
*** Can't find updates.spamassassin.org: No answer
What to do?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 8119] update.spamassassin.org
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8119
Benny Pedersen <me...@junc.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |me@junc.eu
--- Comment #1 from Benny Pedersen <me...@junc.eu> ---
typo nameserver ip at 127.0.0.53
ups
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 8119] update.spamassassin.org has no DNS entry
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8119
--- Comment #9 from Zounp <zo...@protonmail.ch> ---
(In reply to Bill Cole from comment #6)
> Fixed the documentation gap:
>
> Index: sa-update.raw
> ===================================================================
> --- sa-update.raw (revision 1907762)
> +++ sa-update.raw (working copy)
> @@ -2056,6 +2056,19 @@
> I<updates.spamassassin.org>, which has updated rules since the previous
> release.
>
> +NOTE: channel names are domain names, but DO NOT typically have any DNS
> +records other than (maybe) NS records. There is a tree of records below that
> +name which denote the SpamAssassin version and resolve that name to the
> +version number of the latest rules, e.g. to find the latest update
> +version number for SpamAssassin v4.0.0:
> +
> + $ host -t txt 0.0.4.updates.spamassassin.org
> + 0.0.4.updates.spamassassin.org is an alias for
> 3.3.3.updates.spamassassin.org.
> + 3.3.3.updates.spamassassin.org descriptive text "1907730"
> +
> +That also illuminates the fact that the current ruleset is supposed to be
> +backward-compatible to v3.3.3.
> +
> Update archives are verified using GPG signatures by default. If GPG is
> disabled (not recommended), file integrity is checked with SHA512 or SHA256
> checksums.
>
> Committed in r1907763
Thanks.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 8119] update.spamassassin.org has no DNS entry
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8119
Zounp <zo...@protonmail.ch> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|update.spamassassin.org |update.spamassassin.org has
| |no DNS entry
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 8119] update.spamassassin.org has no DNS entry
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8119
--- Comment #8 from Zounp <zo...@protonmail.ch> ---
(In reply to AXB from comment #7)
> (In reply to Zounp from comment #5)
> > (In reply to AXB from comment #4)
> > > RTFM:
> > >
> > > SA-Update Channels
> > >
> > > A sa-update channel is a remote source where sa-update will get the new
> >
> >
> > [omitted the remainder]
> >
> > Indeed, RTFM. Only the problem is, where to find the M? The manual. Only
> > after searching on some keywords ("SA-Update Channels" "TXT DNS") in the
> > text I found the source of your posting:
> > https://geekthis.net/post/spamassassin-sa-update .
> >
> > So I do not understand your RTFM reproach.
>
> Bugzilla is the wrong place to ask for support.
>
> RTFM can also imply using a search machine or user mailing lists /archives
>
> also: man sa-update explains the process...
After I could not find a hint / solution in the man page nor on the Internet
after extensive searching I asked for support since something did not seem to
work properly. So that seems right to me.
When I encountered the issue I read the man page by doing $ man sa-update. I
did not and do not now find a word something that could give a hint to
resolving the issue even not after I know it has to do with DNS. Where in the
text of the man page does the man page explain the process? Also on
https://spamassassin.apache.org/full/3.1.x/doc/sa-update.html is no mention to
be found.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 8119] update.spamassassin.org has no DNS entry
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8119
--- Comment #7 from AXB <ax...@gmail.com> ---
(In reply to Zounp from comment #5)
> (In reply to AXB from comment #4)
> > RTFM:
> >
> > SA-Update Channels
> >
> > A sa-update channel is a remote source where sa-update will get the new
>
>
> [omitted the remainder]
>
> Indeed, RTFM. Only the problem is, where to find the M? The manual. Only
> after searching on some keywords ("SA-Update Channels" "TXT DNS") in the
> text I found the source of your posting:
> https://geekthis.net/post/spamassassin-sa-update .
>
> So I do not understand your RTFM reproach.
Bugzilla is the wrong place to ask for support.
RTFM can also imply using a search machine or user mailing lists /archives
also: man sa-update explains the process...
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 8119] update.spamassassin.org has no DNS entry
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8119
--- Comment #3 from Zounp <zo...@protonmail.ch> ---
nslookup updates.spamassassin.org 9.9.9.9
Server: 9.9.9.9
Address: 9.9.9.9#53
Non-authoritative answer:
*** Can't find updates.spamassassin.org: No answer
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 8119] update.spamassassin.org
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8119
Zounp <zo...@protonmail.ch> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |zounp@protonmail.ch
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 8119] update.spamassassin.org has no DNS entry
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8119
Bill Cole <bi...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |billcole@apache.org
--- Comment #6 from Bill Cole <bi...@apache.org> ---
Fixed the documentation gap:
Index: sa-update.raw
===================================================================
--- sa-update.raw (revision 1907762)
+++ sa-update.raw (working copy)
@@ -2056,6 +2056,19 @@
I<updates.spamassassin.org>, which has updated rules since the previous
release.
+NOTE: channel names are domain names, but DO NOT typically have any DNS
+records other than (maybe) NS records. There is a tree of records below that
+name which denote the SpamAssassin version and resolve that name to the
+version number of the latest rules, e.g. to find the latest update
+version number for SpamAssassin v4.0.0:
+
+ $ host -t txt 0.0.4.updates.spamassassin.org
+ 0.0.4.updates.spamassassin.org is an alias for
3.3.3.updates.spamassassin.org.
+ 3.3.3.updates.spamassassin.org descriptive text "1907730"
+
+That also illuminates the fact that the current ruleset is supposed to be
+backward-compatible to v3.3.3.
+
Update archives are verified using GPG signatures by default. If GPG is
disabled (not recommended), file integrity is checked with SHA512 or SHA256
checksums.
Committed in r1907763
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 8119] update.spamassassin.org has no DNS entry
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8119
AXB <ax...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #4 from AXB <ax...@gmail.com> ---
RTFM:
SA-Update Channels
A sa-update channel is a remote source where sa-update will get the new
configuration files. If your company’s server security policy doesn’t allow
this, you should disable the SpamAssassin cron job and either run a private
channel or manually review the channel data and apply it to your server.
The option --channel can specify which channel to download new rules from. The
default channel for many installations is updates.spamassassin.org. If you run
lots of SpamAssassin servers and want an easy way to update rules for all of
them, you can run a channel and easily distribute the changes among your
servers.
The way sa-update and channels interact is a bit strange and relies partially
on DNS queries. A channel can either serve the configuration files themselves
or point to a list of mirrors that would have the configuration files.
First, a TXT DNS request is made to the channel with the major, minor, and
patch version numbers in reverse order as subdomains. The response is the
latest version number of the configuration files.
$ dig +short txt 2.4.3.updates.spamassassin.org
"1884121"
You can verify your version by looking for the line # UPDATE version <version>
in the file representing the channel URL e.g. updates_spamassassin_org.cf
inside of /var/lib/spamassassin/<MAJOR>.<MINOR><PATCH>. This is done
automatically by sa-update though, so don’t worry about it.
Now the list of mirrors has to be resolved with another TXT DNS query. The DNS
response will be a URL to a MIRRORED.BY file. The file lists one mirror per
line in the format of http(s)://<mirror> weight=<weight>. These mirrors are
used to download the new configuration files.
$ dig +short txt mirrors.updates.spamassassin.org
"http://spamassassin.apache.org/updates/MIRRORED.BY"
The program now tries a mirror to download the new configuration files. If a
mirror fails sa-update will move onto the next one. The files that are
downloaded are <version>.tar.gz, <version>.tar.gz.sha512,
<version>.tar.gz.sha256, and <version>.tar.gz.asc.
Once the archive and checksum are verified, the archive is extracted into a
directory representing the channel e.g. updates_spamassassin_org in the
directory /var/lib/spamassassin/<MAJOR>.<MINOR><PATCH>.
These new files aren’t yet used until you restart SpamAssassin. The cron job on
the other hand will automatically restart the service.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 8119] update.spamassassin.org has no DNS entry
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8119
--- Comment #2 from Zounp <zo...@protonmail.ch> ---
nslookup update.spamassassin.org 9.9.9.9
Server: 9.9.9.9
Address: 9.9.9.9#53
** server can't find update.spamassassin.org: NXDOMAIN
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 8119] update.spamassassin.org has no DNS entry
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8119
--- Comment #5 from Zounp <zo...@protonmail.ch> ---
(In reply to AXB from comment #4)
> RTFM:
>
> SA-Update Channels
>
> A sa-update channel is a remote source where sa-update will get the new
[omitted the remainder]
Indeed, RTFM. Only the problem is, where to find the M? The manual. Only after
searching on some keywords ("SA-Update Channels" "TXT DNS") in the text I found
the source of your posting: https://geekthis.net/post/spamassassin-sa-update .
So I do not understand your RTFM reproach.
--
You are receiving this mail because:
You are the assignee for the bug.