You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Jay G. Scott" <gl...@arlut.utexas.edu> on 2013/11/15 16:39:50 UTC
Re: dependency hell]
Sorry. Haven't been able to work on this for several weeks.
(I'm the OP.)
The machine runs RH linux (5.4, IIRC) installed via kickstart, using
a "stock" configuration -- no special efforts to include
any perl packages. So it's just a basic configurtion,
perl-wise.
However, it turns out that there is a CPAN mirror inside
our firewall (nice of them to tell me about it -- which,
in fact, they didn't; I found it by snooping around).
Someone did send me a list of the dependencies they
knew about (which aren't in the INSTALL file), but,
that's __supposed__ to be moot, if this CPAN mirror is
all that it should be. We shall see -- though, right now,
I don't know when we shall see, since I'm still called
away to do this other thing. After all the time
I spent chasing dependencies it seems like I ought
to be able to find time to test out this mirror, but....
About the only thing we can get past the "air gap"
(not a true air gap, but it's the shortest way to
describe it) is email. Management has all these
grandfathered requirements about stuff they must
have _and_ stuff I can't do (e.g.,no RBLs) _and_
(so it seems to me) a real problem with certain
kinds of spam (read blue pills), so, bottom line
is, I'm reinventing a lot of wheels. Don't get
me started.
Thanks to all who replied. I should have said
so earlier, but....
j.
----- Forwarded message from Karsten Br?ckelmann <gu...@rudersport.de> -----
Date: Tue, 29 Oct 2013 22:45:40 +0100
From: Karsten Br?ckelmann <gu...@rudersport.de>
To: users@spamassassin.apache.org
Subject: Re: dependency hell
X-Mailer: Evolution 2.22.1.1
On Tue, 2013-10-29 at 13:27 -0500, Jay G. Scott wrote:
> I have a machine on which I'd like to run spamassassin.
> But it's behind an air gap. It's not on the internet.
> I've been downloading missing perl packages a handful
> at a time, but I despair of the list ever coming to an
> end.
> 2. Or does somebody have this list of dependencies
> already?
See the INSTALL file. It lists required and optional Perl Modules SA
depends on.
Dependencies of these SA dependencies are outside our scope. CPAN and
(distro) package management systems handle these.
I notice you didn't (yet) answer the questions about your distribution
and how you installed Linux in the first place. However, even without
telling us -- you should be able to extract the complete dependency tree
out of your distro's package management.
In case you are permitted to tell -- I'm also curios about the reason
for these strict requirements, and what you're going to use SA for in
such an environment.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
----- End forwarded message -----
--
Jay Scott 512-835-3553 gl@arlut.utexas.edu
Head of Sun Support, Sr. System Administrator
Applied Research Labs, Computer Science Div. S224
University of Texas at Austin
Re: dependency hell]
Posted by John Hardin <jh...@impsec.org>.
On Fri, 15 Nov 2013, John Wilcock wrote:
> Le 15/11/2013 16:39, Jay G. Scott a écrit :
>> About the only thing we can get past the "air gap"
>> (not a true air gap, but it's the shortest way to
>> describe it) is email.
>
> If you can get e-mail across this not-quite-air-gap, wouldn't it be far more
> effective to put your anti-spam gateway on the *internet side* of the gap?
+1
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Yet another example of a Mexican doing a job Americans are
unwilling to do. -- Reno Sepulveda, on UniVision reporters asking
President Obama some pointed questions about
the BATFE Fast and Furious scandal.
-----------------------------------------------------------------------
533 days since the first successful private support mission to ISS (SpaceX)
Re: dependency hell]
Posted by John Wilcock <jo...@tradoc.fr>.
Le 15/11/2013 16:39, Jay G. Scott a écrit :
> About the only thing we can get past the "air gap"
> (not a true air gap, but it's the shortest way to
> describe it) is email. Management has all these
> grandfathered requirements about stuff they must
> have_and_ stuff I can't do (e.g.,no RBLs)_and_
> (so it seems to me) a real problem with certain
> kinds of spam (read blue pills), so, bottom line
> is, I'm reinventing a lot of wheels. Don't get
> me started.
If you can get e-mail across this not-quite-air-gap, wouldn't it be far
more effective to put your anti-spam gateway on the *internet side* of
the gap?
John.
--
-- Over 5000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
Re: dependency hell]
Posted by Kris Deugau <kd...@vianet.ca>.
Jay G. Scott wrote:
> Sorry. Haven't been able to work on this for several weeks.
> (I'm the OP.)
>
> The machine runs RH linux (5.4, IIRC) installed via kickstart, using
> a "stock" configuration -- no special efforts to include
> any perl packages. So it's just a basic configurtion,
> perl-wise.
>
> However, it turns out that there is a CPAN mirror inside
> our firewall (nice of them to tell me about it -- which,
> in fact, they didn't; I found it by snooping around).
> Someone did send me a list of the dependencies they
> knew about (which aren't in the INSTALL file), but,
> that's __supposed__ to be moot, if this CPAN mirror is
> all that it should be. We shall see -- though, right now,
> I don't know when we shall see, since I'm still called
> away to do this other thing. After all the time
> I spent chasing dependencies it seems like I ought
> to be able to find time to test out this mirror, but....
If it's a reasonably complete CPAN mirror you should be able to do a
CPAN install of SA. SA's direct dependencies have dependency chains
that get a bit bulky if you're trying to trace by hand; I don't recall
doing so outside a packaging system with open Internet access for more
than a decade and SA has gotten quite a bit more complex since then. (I
remember needing a custom patch to do URI lookups in DNSBLs for quite a
few years.)
Keep in mind that once you've started down this path you should NOT try
to install anything else with Perl dependencies from packages; always
install from CPAN - or you'll end up with a real mess of mismatched modules.
> About the only thing we can get past the "air gap"
> (not a true air gap, but it's the shortest way to
> describe it) is email. Management has all these
> grandfathered requirements about stuff they must
> have _and_ stuff I can't do (e.g.,no RBLs) _and_
> (so it seems to me) a real problem with certain
> kinds of spam (read blue pills), so, bottom line
> is, I'm reinventing a lot of wheels. Don't get
> me started.
*eyeroll* "Here. We need you to build a house, but you're not allowed
to use your hands."
Not using DNSBLs will seriously drop the accuracy over time. If you can
get much feedback somewhere consisting of complete unaltered messages,
you can use Bayes to help even out the hit and miss from the pure
pattern-matching.
You might also see if you can sneak in a local BIND/DNS-server-of-choice
install and set up a local DNSBL for both IPs and URIs. You'll need an
ongoing source of missed spams to extract data from. You'll miss a lot
but over time you can accumulate enough information to start blocking
things more effectively. I've written a crude web UI to feed data in to
a database and a minimal tool to export it to DNS; you can download a
tarball or check out from SVN at https://secure.deepnet.cx/trac/dnsbl.
-kgd
Re: dependency hell (completely off-topic...)
Posted by Dave Funk <db...@engineering.uiowa.edu>.
On Fri, 15 Nov 2013, David F. Skoll wrote:
> On Fri, 15 Nov 2013 16:25:30 +0000
> RW <rw...@googlemail.com> wrote:
>
>> Why not just email yourself the package files?
>
> Or write an IP-over-email network driver that tunnels
> to an exterior friendly machine...
>
> (/me ducks...)
>
> Regards,
> David.
That would earn him a visit by the MiB who snoop all incoming & outgoing
emails (would perplex the c**p outta them, they'd assue he was
up to something ;).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: dependency hell (completely off-topic...)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Fri, 15 Nov 2013 16:25:30 +0000
RW <rw...@googlemail.com> wrote:
> Why not just email yourself the package files?
Or write an IP-over-email network driver that tunnels
to an exterior friendly machine...
(/me ducks...)
Regards,
David.
Re: dependency hell]
Posted by RW <rw...@googlemail.com>.
On Fri, 15 Nov 2013 09:39:50 -0600
Jay G. Scott wrote:
> About the only thing we can get past the "air gap"
> (not a true air gap, but it's the shortest way to
> describe it) is email.
Why not just email yourself the package files?
Re: dependency hell]
Posted by Jeremy McSpadden <je...@fluxlabs.net>.
You've still left as all wondering what the purpose of that machine is considering it has no internet access.
--
Jeremy McSpadden
Flux Labs | http://www.fluxlabs.net<http://www.fluxlabs.net/> | Endless Solutions
Office : 850-250-5590x101<tel:850-250-5590;101> | Cell : 850-890-2543<tel:850-890-2543> | Fax : 850-254-2955<tel:850-254-2955>
On Nov 15, 2013, at 9:39 AM, Jay G. Scott <gl...@arlut.utexas.edu>> wrote:
Sorry. Haven't been able to work on this for several weeks.
(I'm the OP.)