You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Da...@ChaosReigns.com on 2010/10/18 04:18:39 UTC
Re: Verification that Network Mass-Checks use correct
trusted_networks ?
On 10/17, John Hardin wrote:
> The SA results within the submitted corpora themselves (if present in the
> first place) are ignored by the centralized nightly masscheck testing.
> Your concern is only valid for those who are doing local masschecks on
> private corpora and uploading the results.
Yup.
> I don't know that there's any way to centrally verify that those who are
> uploading masscheck results are performing their masschecks on a
> properly-configured system.
To my knowledge there is not. I'm asking that each of the submitters
verify their configurations.
--
"It's a dangerous business, Frodo, going out your front door. You step
into the Road, and if you don't keep your feet, there is no knowing
where you might be swept off to." - Gandalf
http://www.ChaosReigns.com
Re: Verification that Network Mass-Checks use correct trusted_networks
?
Posted by John Hardin <jh...@impsec.org>.
On Sun, 17 Oct 2010, Darxus@ChaosReigns.com wrote:
>> I don't know that there's any way to centrally verify that those who
>> are uploading masscheck results are performing their masschecks on a
>> properly-configured system.
>
> To my knowledge there is not. I'm asking that each of the submitters
> verify their configurations.
+1
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Sheep have only two speeds: graze and stampede. -- LTC Grossman
-----------------------------------------------------------------------
60 days until TRON Legacy
Re: Verification that Network Mass-Checks use correct
trusted_networks ?
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Mon, 2010-10-18 at 12:12 -0400, Darxus@ChaosReigns.com wrote:
> On 10/18, Karsten Bräckelmann wrote:
> > So you're calling this without evidence, and actually even without
> > suspicion.
> I did check the ruleqa details on a few relevant tests first. The results
> are very inconsistent between submitters, but I'm not sure that means
> anything. And I'm not sure if the people with all zeros didn't submit this
> time or have their systems misconfigured.
If you hover over those zeroes, you'll see something like "0 of 0".
> > While you are certainly right that this must be set up correctly, I
> > believe the way you brought up the topic leaves room for improvement.
>
> Always, of course. I would love suggestions. I came here with the social
> skills of a geek with a concern, not a master dignitary. I would hope
> that's okay.
>
> > Anyway, with most mass-check contributors, this is the wrong list
> > anyway...
>
> I first asked in the IRC channel and waited a few hours. Then I posted to
> this list asking if it could be done. What is more appropriate?
Maybe this lost in translation (back and forth?), but the way your OP
came across was kind of rude, implying the systems are actually mis-
configured. To me at least.
There is a difference between asking whether there might be a problem
(expressing a concern, preferably backed-up by some facts), and outright
asking the contributors to check it (reasoning it would be "inconvenient
enough that it might have been skipped").
Becoming a mass-check contributor and maintaining the system is much
more inconvenient, than inheriting these options.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Verification that Network Mass-Checks use correct
trusted_networks ?
Posted by Da...@ChaosReigns.com.
On 10/18, Karsten Bräckelmann wrote:
> So you're calling this without evidence, and actually even without
> suspicion.
>
> What about doing at least some minimal research first? You could check
> ruleqa results.
Why are you arguing with me? I just thought there was enough possibility
of this being misconfigured, and little enough effort to check, that it was
worth asking.
I did check the ruleqa details on a few relevant tests first. The results
are very inconsistent between submitters, but I'm not sure that means
anything. And I'm not sure if the people with all zeros didn't submit this
time or have their systems misconfigured.
http://ruleqa.spamassassin.org/20101016-r1023212-n/__RCVD_IN_DNSWL/detail
http://ruleqa.spamassassin.org/20101016-r1023212-n/RCVD_IN_XBL/detail
http://ruleqa.spamassassin.org/20101016-r1023212-n/RCVD_IN_PBL/detail
> I don't think this cold-calling without suspicion was warranted. I'd
How is it not warranted? Did I somehow impune the honor of the
submitters? How can it be wrong to ask?
> assume those who contribute to the mass-checks are smart enough to set
> up their production system *and* mass-check system.
Given the small amount of work to verify, I'd prefer not to assume.
> While you are certainly right that this must be set up correctly, I
> believe the way you brought up the topic leaves room for improvement.
Always, of course. I would love suggestions. I came here with the social
skills of a geek with a concern, not a master dignitary. I would hope
that's okay.
> Anyway, with most mass-check contributors, this is the wrong list
> anyway...
I first asked in the IRC channel and waited a few hours. Then I posted to
this list asking if it could be done. What is more appropriate?
--
"I don't want people who want to dance, I want people who have to dance."
--George Balanchine
http://www.ChaosReigns.com
Re: Verification that Network Mass-Checks use correct
trusted_networks ?
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Sun, 2010-10-17 at 23:28 -0400, Darxus@ChaosReigns.com wrote:
> On 10/18, Karsten Bräckelmann wrote:
> > Ahem. Let us do this the other way round. *Why* do you believe this is
> > warranted, *why* do you believe our mass-check contributors might have
> > their internal and trusted networks set up incorrectly? This is crucial.
>
> I'm not confident there is a problem. The possibility occurred to me and I
> thought I'd ask that it be checked.
So you're calling this without evidence, and actually even without
suspicion.
What about doing at least some minimal research first? You could check
ruleqa results.
> > Mass-check contributors are handpicked. We do *not* accept any result,
> > unless we believe we can trust the contributor.
>
> Of course.
>
> Do you think it's not worth checking?
I don't think this cold-calling without suspicion was warranted. I'd
assume those who contribute to the mass-checks are smart enough to set
up their production system *and* mass-check system.
While you are certainly right that this must be set up correctly, I
believe the way you brought up the topic leaves room for improvement.
Anyway, with most mass-check contributors, this is the wrong list
anyway...
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Verification that Network Mass-Checks use correct
trusted_networks ?
Posted by Da...@ChaosReigns.com.
On 10/18, Karsten Bräckelmann wrote:
> Ahem. Let us do this the other way round. *Why* do you believe this is
> warranted, *why* do you believe our mass-check contributors might have
> their internal and trusted networks set up incorrectly? This is crucial.
I'm not confident there is a problem. The possibility occurred to me and I
thought I'd ask that it be checked.
> Mass-check contributors are handpicked. We do *not* accept any result,
> unless we believe we can trust the contributor.
Of course.
Do you think it's not worth checking?
--
"I finally figured out the only reason to be alive is to enjoy it."
- Rita Mae Brown
http://www.ChaosReigns.com
Re: Verification that Network Mass-Checks use correct
trusted_networks ?
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Sun, 2010-10-17 at 22:18 -0400, Darxus@ChaosReigns.com wrote:
> > > Could it be verified that the corpora being submitted for the weekly
> > > Network Mass-Checks are coming from systems with correctly configured
> > > trusted_networks and internal_networks? [...]
> [...] I'm asking that each of the submitters
> verify their configurations.
Ahem. Let us do this the other way round. *Why* do you believe this is
warranted, *why* do you believe our mass-check contributors might have
their internal and trusted networks set up incorrectly? This is crucial.
Mass-check contributors are handpicked. We do *not* accept any result,
unless we believe we can trust the contributor.
Posting privileges to this list only requires a confirmed sign-up by the
sender, though, so the barrier is significantly lower. Get why I ask for
more facts to back up your request? What exactly is your point anyway?
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}