Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Gentoo>
  3. Dev
Pending death of mail-filter/spamassassin-ruledujour
robbat2 at gentoo
Aug 2, 2007, 5:07 PM
Post #1 of 7 (329 views)
Permalink
Heya,

The upstream rules_du_jour folk have had issues over the last few months
with DDoS and other attacks. Additionally, the nature of their original
update mechanism causes a lot of traffic.

Everybody that is using rules_du_jour is strongly encouraged to move to
using the sa-update mechanism that is included with recent versions of
SpamAssassin.

Here is a guide to using SARE rulesets with sa-update:
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt

mail-filter/spamassassin-ruledujour will be p.masked on August 4th, and
removed one month thereafter.

--
Robin Hugh Johnson
Gentoo Linux Developer & Council Member
E-Mail : robbat2@gentoo.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
Re: Pending death of mail-filter/spamassassin-ruledujour [ In reply to ]
nightmorph at gentoo
Aug 2, 2007, 6:44 PM
Post #2 of 7 (335 views)
Permalink
Robin H. Johnson wrote:
> Heya,
>
> The upstream rules_du_jour folk have had issues over the last few months
> with DDoS and other attacks. Additionally, the nature of their original
> update mechanism causes a lot of traffic.
>
> Everybody that is using rules_du_jour is strongly encouraged to move to
> using the sa-update mechanism that is included with recent versions of
> SpamAssassin.
>
> Here is a guide to using SARE rulesets with sa-update:
> http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
>
> mail-filter/spamassassin-ruledujour will be p.masked on August 4th, and
> removed one month thereafter.
>

I updated the one reference to this package in our docs, in
mailfilter-guide.xml. Yanked out dujour in favor of the link you gave.
Should be good to go.

Attached Files:

Re: Pending death of mail-filter/spamassassin-ruledujour [ In reply to ]
py at gentoo
Aug 3, 2007, 2:04 AM
Post #3 of 7 (325 views)
Permalink
On Fri, August 3, 2007 2:07 am, Robin H. Johnson wrote:
> Heya,
>
> The upstream rules_du_jour folk have had issues over the last few months
> with DDoS and other attacks. Additionally, the nature of their original
> update mechanism causes a lot of traffic.
>
> Everybody that is using rules_du_jour is strongly encouraged to move to
> using the sa-update mechanism that is included with recent versions of
> SpamAssassin.
>
> Here is a guide to using SARE rulesets with sa-update:
> http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
>
> mail-filter/spamassassin-ruledujour will be p.masked on August 4th, and
> removed one month thereafter.
>

Do you have references for this security issues? Maybe a bug should be
opened to decide if we release a maskglsa for this one.

--
Pierre-Yves Rofes
Gentoo Linux Security Team

--
gentoo-dev@gentoo.org mailing list
Re: Pending death of mail-filter/spamassassin-ruledujour [ In reply to ]
wyrm at haell
Aug 3, 2007, 12:48 PM
Post #4 of 7 (331 views)
Permalink
Pierre-Yves Rofes <py@gentoo.org> wrote:
> On Fri, August 3, 2007 2:07 am, Robin H. Johnson wrote:
> > The upstream rules_du_jour folk have had issues over the last few
> > months with DDoS and other attacks. Additionally, the nature of
> > their original update mechanism causes a lot of traffic.
> >
> > Everybody that is using rules_du_jour is strongly encouraged to move
> > to using the sa-update mechanism that is included with recent
> > versions of SpamAssassin.
> >
> > Here is a guide to using SARE rulesets with sa-update:
> > http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
> >
> > mail-filter/spamassassin-ruledujour will be p.masked on August 4th,
> > and removed one month thereafter.
>
> Do you have references for this security issues? Maybe a bug should be
> opened to decide if we release a maskglsa for this one.

It's not a vulnerability in Rules du Jour. It's a bunch of spammers
attacking the Rules du Jour servers and ISP. SARE has also been down a
whole bunch over the last couple of months due to the same attack.

--
"Such things have often happened and still happen,
and how can these be signs of the end of the world?"
-- Julian, Emperor of Rome 361-363 A.D.
Re: Pending death of mail-filter/spamassassin-ruledujour [ In reply to ]
lists at anderedomain
Aug 3, 2007, 3:01 PM
Post #5 of 7 (328 views)
Permalink
On Fri, 2007-08-03 at 12:48 -0700, Drake Wyrm wrote:
> It's not a vulnerability in Rules du Jour. It's a bunch of spammers
> attacking the Rules du Jour servers and ISP. SARE has also been down a
> whole bunch over the last couple of months due to the same attack.

Which will probably never happen to gentoo, because of the rather bg
mirroring system. So, would it be possible to host daily (or hourly)
snapshots of these rule files (or something like that) and tell the
world that we do so and that they can download these in the nightly
cronjob? That migth solve a problem and i don't see it becoming a
problem for the gentoo mirror infrastructure.

Philipp

--
gentoo-dev@gentoo.org mailing list
Re: Pending death of mail-filter/spamassassin-ruledujour [ In reply to ]
robbat2 at gentoo
Aug 3, 2007, 3:53 PM
Post #6 of 7 (332 views)
Permalink
On Sat, Aug 04, 2007 at 01:01:11AM +0300, Philipp Riegger wrote:
> On Fri, 2007-08-03 at 12:48 -0700, Drake Wyrm wrote:
> > It's not a vulnerability in Rules du Jour. It's a bunch of spammers
> > attacking the Rules du Jour servers and ISP. SARE has also been down a
> > whole bunch over the last couple of months due to the same attack.
> Which will probably never happen to gentoo, because of the rather bg
> mirroring system. So, would it be possible to host daily (or hourly)
> snapshots of these rule files (or something like that) and tell the
> world that we do so and that they can download these in the nightly
> cronjob? That migth solve a problem and i don't see it becoming a
> problem for the gentoo mirror infrastructure.
This doesn't solve the problem at all.

We still need to get the rules from upstream, and the DDoS is against
upstream. Really, just move to using sa-update instead. It has the
IDENTICAL rulesets, but the update-needed checks are preformed via DNS
instead of an HTTP operation.

--
Robin Hugh Johnson
Gentoo Linux Developer & Council Member
E-Mail : robbat2@gentoo.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
Re: Pending death of mail-filter/spamassassin-ruledujour [ In reply to ]
robbat2 at gentoo
Sep 10, 2007, 8:46 PM
Post #7 of 7 (332 views)
Permalink
On Thu, Aug 02, 2007 at 05:07:23PM -0700, Robin H. Johnson wrote:
> mail-filter/spamassassin-ruledujour will be p.masked on August 4th, and
> removed one month thereafter.
It is now removed.

--
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail : robbat2@gentoo.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal