You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ruleqa@spamassassin.apache.org by David Jones <dj...@ena.com.INVALID> on 2017/06/02 02:40:58 UTC
Forced a ruleqa run and scores update for sa-update
I would like some help QA'ing the latest rules scoring since there are
others on this list more knowledgeable about this than I am. I haven't
done the DNS update yet to make this go out to the world via sa-update.
I don't want to accidentally cause any issues with SpamAssassin installs
all over the Internet by pushing out a bad/incomplete update.
wget http://bbmass.spamassassin.org/updates/1797164.tar.gz
wget http://bbmass.spamassassin.org/updates/1797164.tar.gz.sha1
wget http://bbmass.spamassassin.org/updates/1797164.tar.gz.asc
sa-update -D -v --install=1797164.tar.gz
Everything looks good to me in the brand new 1797164.tar.gz. I did a
diff against the current production tgz (1786853.tar.gz) contents and
all files are there. I also did a diff against the old
/var/lib/spamassassin/3.004001/updates_spamassassinlorg and after the
manual sa-update and see just the expected differences in rules and scores.
If I can get a few "thumbs up" responses, I will resume the DNS updates
to be ready for a couple more masscheckers contributing tomorrow.
--
Dave
Re: Forced a ruleqa run and scores update for sa-update
Posted by Kevin Golding <kp...@caomhin.org>.
On Mon, 05 Jun 2017 13:45:56 +0100, Dave Jones <da...@apache.org> wrote:
> On 06/05/2017 02:13 AM, Kevin Golding wrote:
>> I've only just noticed the new revision. I've had 1797164 running over
>> the weekend without any obvious issues. Alas weekend traffic is
>> massively down compared to weekday for me so it's not exactly
>> comprehensive testing, but they seem good so far and a quick scan of a
>> diff to the previous rules didn't show a vast difference. I'll try to
>> put this latest on a backup for Monday checking if it helps.
>
> I think the diff of a tar.gz from months ago showing all .cf files are
> there and the fact that "sa-update -D -v" is allowing a local install is
> pretty solid evidence that these rules are good.
Yeah installing helps... When I diffed I was mainly looking for any sudden
random rules like 17 points if the from contains Kevin and such. Just
looking for obvious cries for help.
> 1797657.tar.gz just built and put on the mirrors ready for testing. I
> feel like we are good to start doing DNS updates again but I would like
> at least one other person to confirm we are good to go.
I've got that running as we speak. Usual checks - eyeball, lint, test
messages, secondary, primary.
Seems to be running as expected. Admittedly it's not been running very
long since it's just been done, but nothing scary jumped out so I'm going
to stop watching intently and get on with the day because it seems okay to
me.
Re: Forced a ruleqa run and scores update for sa-update
Posted by John Brooks <jo...@fastquake.com>.
On 06/05/2017 09:47 AM, Dave Jones wrote:
> On 06/05/2017 07:55 AM, Kevin A. McGrail wrote:
>> On 6/5/2017 8:45 AM, Dave Jones wrote:
>>>
>>> Thanks Kevin Golding for stepping up. Kevin McGrail was planning on
>>> testing too but has been pretty busy.
>>
>> Yep, I greenlight is as well. Been an Eagle Scout Project and
>> subsequent recovery weekend for me :-) And thanks to Kevin!
>
> Kevin M, are you saying you agree with enabling DNS updates? Just
> wanting to be sure.
>
> If there are no other objections from anyone on this list, I am going
> to remove the hold on DNS updates so the next build in about 12 hours
> will start going out to all SpamAssassin instances that run sa-update.
>
> Dave
I'm running it now. I received this message and it's been scanned by SA
so it must be working fine. Spam is still going to my junk folder.
Thumbs up from me.
John
Re: Forced a ruleqa run and scores update for sa-update
Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 6/5/2017 2:55 PM, Dave Jones wrote:
> Here are the current values:
>
> 0.3.3.updates.spamassassin.org. TXT "1786853"
> 1.3.3.updates.spamassassin.org. TXT "1786853"
> 2.3.3.updates.spamassassin.org. TXT "1786853"
> 3.3.3.updates.spamassassin.org. TXT "1786853"
>
> Do we want to put the DNS zone into SVN for historical purposes? I can
> write a quick script to put it in:
>
> https://svn.apache.org/repos/asf/spamassassin/dns/
>
> if you want me to. It would run hourly/daily and only commit when
> there are changes.
>
> The directions for manually managing DNS are on our InfraNotes2017:
>
> https://wiki.apache.org/spamassassin/InfraNotes2017#DNS_Hosting
Perfect and yes, I would put it into svn for historical purposes. If
it's easy to then put in ongoing, that would be great!
Did I mention I really liked that curl trip with the apikey?
Re: Forced a ruleqa run and scores update for sa-update
Posted by Dave Jones <da...@apache.org>.
On 06/05/2017 09:57 AM, Kevin A. McGrail wrote:
> On 6/5/2017 9:47 AM, Dave Jones wrote:
>> Kevin M, are you saying you agree with enabling DNS updates? Just
>> wanting to be sure.
>>
>> If there are no other objections from anyone on this list, I am going
>> to remove the hold on DNS updates so the next build in about 12 hours
>> will start going out to all SpamAssassin instances that run sa-update.
>
> Yes, I think we are a-go to greenlight the DNS changes.
>
> However, you got me thinking about one more safety valve to document.
>
> Can you document the current DNS values prior to them changing? Then if
> we need we can post directions for manual reversion.
>
Here are the current values:
0.3.3.updates.spamassassin.org. TXT "1786853"
1.3.3.updates.spamassassin.org. TXT "1786853"
2.3.3.updates.spamassassin.org. TXT "1786853"
3.3.3.updates.spamassassin.org. TXT "1786853"
Do we want to put the DNS zone into SVN for historical purposes? I can
write a quick script to put it in:
https://svn.apache.org/repos/asf/spamassassin/dns/
if you want me to. It would run hourly/daily and only commit when there
are changes.
The directions for manually managing DNS are on our InfraNotes2017:
https://wiki.apache.org/spamassassin/InfraNotes2017#DNS_Hosting
> Regards,
>
> KAM
>
Re: Forced a ruleqa run and scores update for sa-update
Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 6/5/2017 9:47 AM, Dave Jones wrote:
> Kevin M, are you saying you agree with enabling DNS updates? Just
> wanting to be sure.
>
> If there are no other objections from anyone on this list, I am going
> to remove the hold on DNS updates so the next build in about 12 hours
> will start going out to all SpamAssassin instances that run sa-update.
Yes, I think we are a-go to greenlight the DNS changes.
However, you got me thinking about one more safety valve to document.
Can you document the current DNS values prior to them changing? Then if
we need we can post directions for manual reversion.
Regards,
KAM
Re: Forced a ruleqa run and scores update for sa-update
Posted by Dave Jones <da...@apache.org>.
On 06/05/2017 07:55 AM, Kevin A. McGrail wrote:
> On 6/5/2017 8:45 AM, Dave Jones wrote:
>>
>> Thanks Kevin Golding for stepping up. Kevin McGrail was planning on
>> testing too but has been pretty busy.
>
> Yep, I greenlight is as well. Been an Eagle Scout Project and
> subsequent recovery weekend for me :-) And thanks to Kevin!
Kevin M, are you saying you agree with enabling DNS updates? Just
wanting to be sure.
If there are no other objections from anyone on this list, I am going to
remove the hold on DNS updates so the next build in about 12 hours will
start going out to all SpamAssassin instances that run sa-update.
Dave
Re: Forced a ruleqa run and scores update for sa-update
Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 6/5/2017 9:00 AM, John Brooks wrote:
> Sorry, I haven't woken up yet. That's the last command there.
No worries. I've chalked it up to Monday :-)
Re: Forced a ruleqa run and scores update for sa-update
Posted by John Brooks <jo...@fastquake.com>.
Sorry, I haven't woken up yet. That's the last command there.
On June 5, 2017 8:59:16 AM EDT, John Brooks <jo...@fastquake.com> wrote:
>Oh, I thought we needed to feed it to SA to see if the rules actually
>work or not.
>
>On June 5, 2017 8:58:24 AM EDT, "Kevin A. McGrail"
><ke...@mcgrail.com> wrote:
>>On 6/5/2017 8:56 AM, John Brooks wrote:
>>> I can test it too if you would like one more thumbs up. Where do I
>>> need to put the file?
>>
>>Anywhere. you are just downloading it and the crypto signature so you
>
>>can verify it's real to install. In Dave's example, he through it in
>>/tmp
>>
>>cd /tmp
>>wget http://sa-update.ena.com/1797657.tar.gz
>>wget http://sa-update.ena.com/1797657.tar.gz.asc
>>wget http://sa-update.ena.com/1797657.tar.gz.sha1
>>sa-update -D -v --install=1797657.tar.gz
>
>--
>Sent from my BlackBerry PRIV with K-9 Mail.
--
Sent from my BlackBerry PRIV with K-9 Mail.
Re: Forced a ruleqa run and scores update for sa-update
Posted by John Brooks <jo...@fastquake.com>.
Oh, I thought we needed to feed it to SA to see if the rules actually work or not.
On June 5, 2017 8:58:24 AM EDT, "Kevin A. McGrail" <ke...@mcgrail.com> wrote:
>On 6/5/2017 8:56 AM, John Brooks wrote:
>> I can test it too if you would like one more thumbs up. Where do I
>> need to put the file?
>
>Anywhere. you are just downloading it and the crypto signature so you
>can verify it's real to install. In Dave's example, he through it in
>/tmp
>
>cd /tmp
>wget http://sa-update.ena.com/1797657.tar.gz
>wget http://sa-update.ena.com/1797657.tar.gz.asc
>wget http://sa-update.ena.com/1797657.tar.gz.sha1
>sa-update -D -v --install=1797657.tar.gz
--
Sent from my BlackBerry PRIV with K-9 Mail.
Re: Forced a ruleqa run and scores update for sa-update
Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 6/5/2017 8:56 AM, John Brooks wrote:
> I can test it too if you would like one more thumbs up. Where do I
> need to put the file?
Anywhere. you are just downloading it and the crypto signature so you
can verify it's real to install. In Dave's example, he through it in /tmp
cd /tmp
wget http://sa-update.ena.com/1797657.tar.gz
wget http://sa-update.ena.com/1797657.tar.gz.asc
wget http://sa-update.ena.com/1797657.tar.gz.sha1
sa-update -D -v --install=1797657.tar.gz
Re: Forced a ruleqa run and scores update for sa-update
Posted by John Brooks <jo...@fastquake.com>.
I can test it too if you would like one more thumbs up. Where do I need to put the file?
On June 5, 2017 8:55:04 AM EDT, "Kevin A. McGrail" <ke...@mcgrail.com> wrote:
>On 6/5/2017 8:45 AM, Dave Jones wrote:
>>
>> Thanks Kevin Golding for stepping up. Kevin McGrail was planning on
>> testing too but has been pretty busy.
>
>Yep, I greenlight is as well. Been an Eagle Scout Project and
>subsequent recovery weekend for me :-) And thanks to Kevin!
>
>Regards,
>KAM
--
Sent from my BlackBerry PRIV with K-9 Mail.
Re: Forced a ruleqa run and scores update for sa-update
Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 6/5/2017 8:45 AM, Dave Jones wrote:
>
> Thanks Kevin Golding for stepping up. Kevin McGrail was planning on
> testing too but has been pretty busy.
Yep, I greenlight is as well. Been an Eagle Scout Project and
subsequent recovery weekend for me :-) And thanks to Kevin!
Regards,
KAM
Re: Forced a ruleqa run and scores update for sa-update
Posted by Dave Jones <da...@apache.org>.
On 06/05/2017 02:13 AM, Kevin Golding wrote:
>
> I've only just noticed the new revision. I've had 1797164 running over
> the weekend without any obvious issues. Alas weekend traffic is
> massively down compared to weekday for me so it's not exactly
> comprehensive testing, but they seem good so far and a quick scan of a
> diff to the previous rules didn't show a vast difference. I'll try to
> put this latest on a backup for Monday checking if it helps.
I think the diff of a tar.gz from months ago showing all .cf files are
there and the fact that "sa-update -D -v" is allowing a local install is
pretty solid evidence that these rules are good.
1797657.tar.gz just built and put on the mirrors ready for testing. I
feel like we are good to start doing DNS updates again but I would like
at least one other person to confirm we are good to go.
Thanks Kevin Golding for stepping up. Kevin McGrail was planning on
testing too but has been pretty busy.
I have just put this version on my production filters with these commands:
cd /tmp
wget http://sa-update.ena.com/1797657.tar.gz
wget http://sa-update.ena.com/1797657.tar.gz.asc
wget http://sa-update.ena.com/1797657.tar.gz.sha1
sa-update -D -v --install=1797657.tar.gz
Dave
Re: Forced a ruleqa run and scores update for sa-update
Posted by Kevin Golding <kp...@caomhin.org>.
On Sat, 03 Jun 2017 04:01:40 +0100, Dave Jones <da...@apache.org> wrote:
> On 06/02/2017 04:31 PM, Kevin A. McGrail wrote:
>> On 6/2/2017 4:14 PM, David Jones wrote:
>>>>
>>>> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz
>>>> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz.sha1
>>>> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz.asc
>>>>
>>>> sa-update -D -v --install=1797164.tar.gz
>>>>
>>>> Everything looks good to me in the brand new 1797164.tar.gz. I did a
>>>> diff against the current production tgz (1786853.tar.gz) contents and
>>>> all files are there. I also did a diff against the old
>>>> /var/lib/spamassassin/3.004001/updates_spamassassinlorg and after the
>>>> manual sa-update and see just the expected differences in rules and
>>>> scores.
>>>>
>>>> If I can get a few "thumbs up" responses, I will resume the DNS
>>>> updates to be ready for a couple more masscheckers contributing
>>>> tomorrow.
>>>>
>>>
>>> No one?
>>>
>>> I put that tar.gz on my main mail filters (8) and my honeypot
>>> masscheck server and everything seems to be working fine with proper
>>> scoring. Are we ready to start the DNS updates?
>> To be clear, I tested this as well though we've been discussing on the
>> sysadmins@s.a.o mailing list! Please give it a try.
>>
>
> We have the minimum masscheck contributors so we didn't have to force
> this one minutes ago. We can still use more contributors if you are
> working to get yours going again.
>
> 1797329.tar.gz just put out on the mirrors but no DNS change yet until
> we get some confirmation from others that the new rulesets are good to
> go.
>
I've only just noticed the new revision. I've had 1797164 running over the
weekend without any obvious issues. Alas weekend traffic is massively down
compared to weekday for me so it's not exactly comprehensive testing, but
they seem good so far and a quick scan of a diff to the previous rules
didn't show a vast difference. I'll try to put this latest on a backup for
Monday checking if it helps.
Re: Forced a ruleqa run and scores update for sa-update
Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
Ok, after eagle project today I have a fairly large buffer of time and this is a key goal of mine.
Regards,
KAM
On June 2, 2017 11:01:40 PM EDT, Dave Jones <da...@apache.org> wrote:
>On 06/02/2017 04:31 PM, Kevin A. McGrail wrote:
>> On 6/2/2017 4:14 PM, David Jones wrote:
>>>>
>>>> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz
>>>> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz.sha1
>>>> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz.asc
>>>>
>>>> sa-update -D -v --install=1797164.tar.gz
>>>>
>>>> Everything looks good to me in the brand new 1797164.tar.gz. I did
>a
>>>> diff against the current production tgz (1786853.tar.gz) contents
>and
>>>> all files are there. I also did a diff against the old
>>>> /var/lib/spamassassin/3.004001/updates_spamassassinlorg and after
>the
>>>> manual sa-update and see just the expected differences in rules and
>
>>>> scores.
>>>>
>>>> If I can get a few "thumbs up" responses, I will resume the DNS
>>>> updates to be ready for a couple more masscheckers contributing
>>>> tomorrow.
>>>>
>>>
>>> No one?
>>>
>>> I put that tar.gz on my main mail filters (8) and my honeypot
>>> masscheck server and everything seems to be working fine with proper
>
>>> scoring. Are we ready to start the DNS updates?
>>
>> To be clear, I tested this as well though we've been discussing on
>the
>> sysadmins@s.a.o mailing list! Please give it a try.
>>
>>
>
>We have the minimum masscheck contributors so we didn't have to force
>this one minutes ago. We can still use more contributors if you are
>working to get yours going again.
>
>1797329.tar.gz just put out on the mirrors but no DNS change yet until
>we get some confirmation from others that the new rulesets are good to
>go.
>
>--
>David Jones
Re: Forced a ruleqa run and scores update for sa-update
Posted by Dave Jones <da...@apache.org>.
On 06/02/2017 04:31 PM, Kevin A. McGrail wrote:
> On 6/2/2017 4:14 PM, David Jones wrote:
>>>
>>> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz
>>> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz.sha1
>>> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz.asc
>>>
>>> sa-update -D -v --install=1797164.tar.gz
>>>
>>> Everything looks good to me in the brand new 1797164.tar.gz. I did a
>>> diff against the current production tgz (1786853.tar.gz) contents and
>>> all files are there. I also did a diff against the old
>>> /var/lib/spamassassin/3.004001/updates_spamassassinlorg and after the
>>> manual sa-update and see just the expected differences in rules and
>>> scores.
>>>
>>> If I can get a few "thumbs up" responses, I will resume the DNS
>>> updates to be ready for a couple more masscheckers contributing
>>> tomorrow.
>>>
>>
>> No one?
>>
>> I put that tar.gz on my main mail filters (8) and my honeypot
>> masscheck server and everything seems to be working fine with proper
>> scoring. Are we ready to start the DNS updates?
>
> To be clear, I tested this as well though we've been discussing on the
> sysadmins@s.a.o mailing list! Please give it a try.
>
>
We have the minimum masscheck contributors so we didn't have to force
this one minutes ago. We can still use more contributors if you are
working to get yours going again.
1797329.tar.gz just put out on the mirrors but no DNS change yet until
we get some confirmation from others that the new rulesets are good to go.
--
David Jones
Re: Forced a ruleqa run and scores update for sa-update
Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 6/2/2017 4:14 PM, David Jones wrote:
>>
>> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz
>> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz.sha1
>> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz.asc
>>
>> sa-update -D -v --install=1797164.tar.gz
>>
>> Everything looks good to me in the brand new 1797164.tar.gz. I did a
>> diff against the current production tgz (1786853.tar.gz) contents and
>> all files are there. I also did a diff against the old
>> /var/lib/spamassassin/3.004001/updates_spamassassinlorg and after the
>> manual sa-update and see just the expected differences in rules and
>> scores.
>>
>> If I can get a few "thumbs up" responses, I will resume the DNS
>> updates to be ready for a couple more masscheckers contributing
>> tomorrow.
>>
>
> No one?
>
> I put that tar.gz on my main mail filters (8) and my honeypot
> masscheck server and everything seems to be working fine with proper
> scoring. Are we ready to start the DNS updates?
To be clear, I tested this as well though we've been discussing on the
sysadmins@s.a.o mailing list! Please give it a try.
Re: Forced a ruleqa run and scores update for sa-update
Posted by David Jones <dj...@ena.com.INVALID>.
On 06/01/2017 09:40 PM, David Jones wrote:
> I would like some help QA'ing the latest rules scoring since there are
> others on this list more knowledgeable about this than I am. I haven't
> done the DNS update yet to make this go out to the world via sa-update.
> I don't want to accidentally cause any issues with SpamAssassin installs
> all over the Internet by pushing out a bad/incomplete update.
>
> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz
> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz.sha1
> wget http://bbmass.spamassassin.org/updates/1797164.tar.gz.asc
>
> sa-update -D -v --install=1797164.tar.gz
>
> Everything looks good to me in the brand new 1797164.tar.gz. I did a
> diff against the current production tgz (1786853.tar.gz) contents and
> all files are there. I also did a diff against the old
> /var/lib/spamassassin/3.004001/updates_spamassassinlorg and after the
> manual sa-update and see just the expected differences in rules and scores.
>
> If I can get a few "thumbs up" responses, I will resume the DNS updates
> to be ready for a couple more masscheckers contributing tomorrow.
>
No one?
I put that tar.gz on my main mail filters (8) and my honeypot masscheck
server and everything seems to be working fine with proper scoring. Are
we ready to start the DNS updates?
--
Dave