You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Jay G. Scott" <gl...@arlut.utexas.edu> on 2013/10/29 19:27:51 UTC
dependency hell
I have a machine on which I'd like to run spamassassin.
But it's behind an air gap. It's not on the internet.
I've been downloading missing perl packages a handful
at a time, but I despair of the list ever coming to an
end.
1. I _might_ (and might not) be able to put a similar
machine outside the air gap. If I install spamassassin
on it, is there any way to log what extra packages
spamassassin brings in to satisfy dependencies?
If I knew what was brought in, I could get all the
dependencies at once.
2. Or does somebody have this list of dependencies
already?
3. Or, should I do item (1) above and then tar up the
perl tree? Is it going to go to a different perl tree?
FWIW the box is (or will be) running linux.
(I'm ready to give up on this, frankly.)
j.
--
Jay Scott 512-835-3553 gl@arlut.utexas.edu
Head of Sun Support, Sr. System Administrator
Applied Research Labs, Computer Science Div. S224
University of Texas at Austin
Re: dependency hell
Posted by Antony Stone <An...@spamassassin.open.source.it>.
On Tuesday 29 October 2013 at 19:27:51, Jay G. Scott wrote:
> I have a machine on which I'd like to run spamassassin.
> But it's behind an air gap. It's not on the internet.
> I've been downloading missing perl packages a handful
> at a time, but I despair of the list ever coming to an
> end.
> FWIW the box is (or will be) running linux.
How are you installing Linux on it?
Which distribution are you using (this should take care of the dependencies
for you, just as it does with any other package)?
How are you going to update the machine once installed and running?
Antony.
--
"640 kilobytes (of RAM) should be enough for anybody."
- Bill Gates
Please reply to the list;
please don't CC me.
Re: dependency hell
Posted by John Hardin <jh...@impsec.org>.
On Tue, 29 Oct 2013, Axb wrote:
> On 10/29/2013 07:27 PM, Jay G. Scott wrote:
>>
>> I have a machine on which I'd like to run spamassassin.
>> But it's behind an air gap. It's not on the internet.
>
> not trying to be helpful, just curious.
> Who came up with such an idea?
>
> (Reminds me of 90's and Microsoft's concept of a secure server without a NIC
> :)
>
> What is this SA box supposed to do?
> no RBL lookups?
> no sa-update
> no Digest lookups?
No email, unless you have a Sneakernet MTA...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
2 days until Halloween
Re: dependency hell
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>On 10/29/2013 09:40 PM, Jay G. Scott wrote:
>>almost. there's an external server doing that.
>>this one is inside. it's not a true air gap,
>>but i can't get anything to it w/o manually
>>going through an intermediate.
On 29.10.13 21:51, Axb wrote:
>We assume you must have a good reason to do this.
>Trying to figure out the advantage and what I've been missing...
>
>What can a second castrated SA instance do that a first full blown SA can't?
only BAYES check I guess....
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes.
Re: dependency hell
Posted by Axb <ax...@gmail.com>.
Please keep list mail on the list...
On 10/29/2013 09:40 PM, Jay G. Scott wrote:
> On Tue, Oct 29, 2013 at 07:36:53PM +0100, Axb wrote:
>> On 10/29/2013 07:27 PM, Jay G. Scott wrote:
>>>
>>> I have a machine on which I'd like to run spamassassin.
>>> But it's behind an air gap. It's not on the internet.
>>> I've been downloading missing perl packages a handful
>>> at a time, but I despair of the list ever coming to an
>>> end.
>>>
>>> 1. I _might_ (and might not) be able to put a similar
>>> machine outside the air gap. If I install spamassassin
>>> on it, is there any way to log what extra packages
>>> spamassassin brings in to satisfy dependencies?
>>> If I knew what was brought in, I could get all the
>>> dependencies at once.
>>> 2. Or does somebody have this list of dependencies
>>> already?
>>> 3. Or, should I do item (1) above and then tar up the
>>> perl tree? Is it going to go to a different perl tree?
>>>
>>> FWIW the box is (or will be) running linux.
>>>
>>> (I'm ready to give up on this, frankly.)
>>
>> not trying to be helpful, just curious.
>> Who came up with such an idea?
>>
>> (Reminds me of 90's and Microsoft's concept of a secure server without a
>> NIC :)
>>
>> What is this SA box supposed to do?
>> no RBL lookups?
>> no sa-update
>> no Digest lookups?
>
> almost. there's an external server doing that.
> this one is inside. it's not a true air gap,
> but i can't get anything to it w/o manually
> going through an intermediate.
We assume you must have a good reason to do this.
Trying to figure out the advantage and what I've been missing...
What can a second castrated SA instance do that a first full blown SA can't?
Maybe implement rules due to not being allowed to deploy on the
"outside" box?
Hope you can sneak the box out of the campus jail for the install.
Re: dependency hell
Posted by Axb <ax...@gmail.com>.
On 10/29/2013 07:27 PM, Jay G. Scott wrote:
>
> I have a machine on which I'd like to run spamassassin.
> But it's behind an air gap. It's not on the internet.
> I've been downloading missing perl packages a handful
> at a time, but I despair of the list ever coming to an
> end.
>
> 1. I _might_ (and might not) be able to put a similar
> machine outside the air gap. If I install spamassassin
> on it, is there any way to log what extra packages
> spamassassin brings in to satisfy dependencies?
> If I knew what was brought in, I could get all the
> dependencies at once.
> 2. Or does somebody have this list of dependencies
> already?
> 3. Or, should I do item (1) above and then tar up the
> perl tree? Is it going to go to a different perl tree?
>
> FWIW the box is (or will be) running linux.
>
> (I'm ready to give up on this, frankly.)
not trying to be helpful, just curious.
Who came up with such an idea?
(Reminds me of 90's and Microsoft's concept of a secure server without a
NIC :)
What is this SA box supposed to do?
no RBL lookups?
no sa-update
no Digest lookups?
Re: dependency hell
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Tue, 2013-10-29 at 13:27 -0500, Jay G. Scott wrote:
> I have a machine on which I'd like to run spamassassin.
> But it's behind an air gap. It's not on the internet.
> I've been downloading missing perl packages a handful
> at a time, but I despair of the list ever coming to an
> end.
> 2. Or does somebody have this list of dependencies
> already?
See the INSTALL file. It lists required and optional Perl Modules SA
depends on.
Dependencies of these SA dependencies are outside our scope. CPAN and
(distro) package management systems handle these.
I notice you didn't (yet) answer the questions about your distribution
and how you installed Linux in the first place. However, even without
telling us -- you should be able to extract the complete dependency tree
out of your distro's package management.
In case you are permitted to tell -- I'm also curios about the reason
for these strict requirements, and what you're going to use SA for in
such an environment.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: dependency hell
Posted by Lyle Evans <ev...@blacksburg.net>.
On 10/29/2013 2:27 PM, Jay G. Scott wrote:
>
> I have a machine on which I'd like to run spamassassin.
> But it's behind an air gap. It's not on the internet.
> I've been downloading missing perl packages a handful
> at a time, but I despair of the list ever coming to an
> end.
From FreeBSD port
Build/run dependencies of
p5-NetAddr-IP>=4.00.7:${PORTSDIR}/net-mgmt/p5-NetAddr-IP \
p5-Net-DNS>=0.63:${PORTSDIR}/dns/p5-Net-DNS \
p5-HTML-Parser>=3.46:${PORTSDIR}/www/p5-HTML-Parser \
p5-libwww>=0:${PORTSDIR}/www/p5-libwww \
p5-Encode-Detect>=0:${PORTSDIR}/converters/p5-Encode-Detect \
p5-Mail-Tools>=0:${PORTSDIR}/mail/p5-Mail-Tools
FreeBSD shows the following as optional depending on features selected:
.if ${PORT_OPTIONS:MSPF_QUERY}
RUN_DEPENDS+= p5-Mail-SPF>=0:${PORTSDIR}/mail/p5-Mail-SPF
.endif
.if ${PORT_OPTIONS:MIPV6}
RUN_DEPENDS+= p5-IO-Socket-INET6>=0:${PORTSDIR}/net/p5-IO-Socket-INET6
.endif
.if ${PORT_OPTIONS:MSSL}
.include "${PORTSDIR}/Mk/bsd.openssl.mk"
RUN_DEPENDS+= p5-IO-Socket-SSL>=0:${PORTSDIR}/security/p5-IO-Socket-SSL
CFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -L${OPENSSLLIB}
CONFIGURE_ARGS+= ENABLE_SSL=yes
PLIST_SUB+= SSL=""
.else
CONFIGURE_ARGS+= ENABLE_SSL=no
PLIST_SUB+= SSL="@comment "
.endif
.if ${PORT_OPTIONS:MGNUPG}
RUN_DEPENDS+= gnupg>=1.4.7:${PORTSDIR}/security/gnupg1
.endif
.if ${PORT_OPTIONS:MMYSQL}
RUN_DEPENDS+= p5-DBD-mysql>=0:${PORTSDIR}/databases/p5-DBD-mysql
.endif
.if ${PORT_OPTIONS:MPGSQL}
RUN_DEPENDS+= p5-DBD-Pg>=0:${PORTSDIR}/databases/p5-DBD-Pg
.endif
.include <bsd.port.pre.mk>
.if ${PORT_OPTIONS:MRAZOR}
RUN_DEPENDS+= razor-agents>=2.84:${PORTSDIR}/mail/razor-agents
.else
.if ${PERL_LEVEL} < 501000
.if ! ${PORT_OPTIONS:MDKIM}
RUN_DEPENDS+= p5-Digest-SHA1>=2.11:${PORTSDIR}/security/p5-Digest-SHA1
.endif
.endif
.endif
.if ${PORT_OPTIONS:MDKIM}
RUN_DEPENDS+= p5-IO-Socket-SSL>=0:${PORTSDIR}/security/p5-IO-Socket-SSL
. if ${PERL_LEVEL} < 501000
RUN_DEPENDS+= p5-Digest-SHA>=0:${PORTSDIR}/security/p5-Digest-SHA
. endif
RUN_DEPENDS+= p5-Mail-DKIM>=0.37:${PORTSDIR}/mail/p5-Mail-DKIM
. if ${PERL_LEVEL} < 501400
RUN_DEPENDS+=
p5-Crypt-OpenSSL-RSA>=0.24:${PORTSDIR}/security/p5-Crypt-OpenSSL-RSA
. else
RUN_DEPENDS+=
p5-Crypt-OpenSSL-RSA>=0.26_1:${PORTSDIR}/security/p5-Crypt-OpenSSL-RSA
. endif
.endif
.if ${PORT_OPTIONS:MSACOMPILE}
RUN_DEPENDS+= re2c>=.12.0:${PORTSDIR}/devel/re2c
.endif
.if ${PORT_OPTIONS:MRELAY_COUNTRY}
RUN_DEPENDS+= p5-IP-Country>=0:${PORTSDIR}/net/p5-IP-Country
.endif
.if ${PORT_OPTIONS:MDCC}
RUN_DEPENDS+= dcc-dccd>=1.3.111:${PORTSDIR}/mail/dcc-dccd
.endif