[gentoo-dev] Pending death of mail-filter/spamassassin-ruledujour

[gentoo-dev] Pending death of mail-filter/spamassassin-ruledujour

[Robin H. Johnson]

[-- Attachment #1: Type: text/plain, Size: 757 bytes --]

Heya,

The upstream rules_du_jour folk have had issues over the last few months
with DDoS and other attacks. Additionally, the nature of their original
update mechanism causes a lot of traffic. 

Everybody that is using rules_du_jour is strongly encouraged to move to
using the sa-update mechanism that is included with recent versions of
SpamAssassin.

Here is a guide to using SARE rulesets with sa-update:
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt

mail-filter/spamassassin-ruledujour will be p.masked on August 4th, and
removed one month thereafter.

-- 
Robin Hugh Johnson
Gentoo Linux Developer & Council Member
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

[-- Attachment #2: Type: application/pgp-signature, Size: 321 bytes --]

Re: [gentoo-dev] Pending death of mail-filter/spamassassin-ruledujour

[Josh Saddler]

[-- Attachment #1: Type: text/plain, Size: 810 bytes --]

Robin H. Johnson wrote:
> Heya,
> 
> The upstream rules_du_jour folk have had issues over the last few months
> with DDoS and other attacks. Additionally, the nature of their original
> update mechanism causes a lot of traffic. 
> 
> Everybody that is using rules_du_jour is strongly encouraged to move to
> using the sa-update mechanism that is included with recent versions of
> SpamAssassin.
> 
> Here is a guide to using SARE rulesets with sa-update:
> http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
> 
> mail-filter/spamassassin-ruledujour will be p.masked on August 4th, and
> removed one month thereafter.
> 

I updated the one reference to this package in our docs, in
mailfilter-guide.xml. Yanked out dujour in favor of the link you gave.
Should be good to go.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] Pending death of mail-filter/spamassassin-ruledujour

[Pierre-Yves Rofes]

On Fri, August 3, 2007 2:07 am, Robin H. Johnson wrote:
> Heya,
>
> The upstream rules_du_jour folk have had issues over the last few months
> with DDoS and other attacks. Additionally, the nature of their original
> update mechanism causes a lot of traffic.
>
> Everybody that is using rules_du_jour is strongly encouraged to move to
> using the sa-update mechanism that is included with recent versions of
> SpamAssassin.
>
> Here is a guide to using SARE rulesets with sa-update:
> http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
>
> mail-filter/spamassassin-ruledujour will be p.masked on August 4th, and
> removed one month thereafter.
>

Do you have references for this security issues? Maybe a bug should be
opened to decide if we release a maskglsa for this one.

-- 
Pierre-Yves Rofes
Gentoo Linux Security Team

-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Pending death of mail-filter/spamassassin-ruledujour

[Drake Wyrm]

[-- Attachment #1: Type: text/plain, Size: 1236 bytes --]

Pierre-Yves Rofes <py@gentoo.org> wrote:
> On Fri, August 3, 2007 2:07 am, Robin H. Johnson wrote:
> > The upstream rules_du_jour folk have had issues over the last few
> > months with DDoS and other attacks. Additionally, the nature of
> > their original update mechanism causes a lot of traffic.
> >
> > Everybody that is using rules_du_jour is strongly encouraged to move
> > to using the sa-update mechanism that is included with recent
> > versions of SpamAssassin.
> >
> > Here is a guide to using SARE rulesets with sa-update:
> > http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
> >
> > mail-filter/spamassassin-ruledujour will be p.masked on August 4th,
> > and removed one month thereafter.
> 
> Do you have references for this security issues? Maybe a bug should be
> opened to decide if we release a maskglsa for this one.

It's not a vulnerability in Rules du Jour. It's a bunch of spammers
attacking the Rules du Jour servers and ISP. SARE has also been down a
whole bunch over the last couple of months due to the same attack.

-- 
"Such things have often happened and still happen,
 and how can these be signs of the end of the world?"
  -- Julian, Emperor of Rome 361-363 A.D.

[-- Attachment #2: Type: application/pgp-signature, Size: 206 bytes --]

Re: [gentoo-dev] Pending death of mail-filter/spamassassin-ruledujour

[Philipp Riegger]

On Fri, 2007-08-03 at 12:48 -0700, Drake Wyrm wrote:
> It's not a vulnerability in Rules du Jour. It's a bunch of spammers
> attacking the Rules du Jour servers and ISP. SARE has also been down a
> whole bunch over the last couple of months due to the same attack. 

Which will probably never happen to gentoo, because of the rather bg
mirroring system. So, would it be possible to host daily (or hourly)
snapshots of these rule files (or something like that) and tell the
world that we do so and that they can download these in the nightly
cronjob? That migth solve a problem and i don't see it becoming a
problem for the gentoo mirror infrastructure.

Philipp

-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Pending death of mail-filter/spamassassin-ruledujour

[Robin H. Johnson]

[-- Attachment #1: Type: text/plain, Size: 1198 bytes --]

On Sat, Aug 04, 2007 at 01:01:11AM +0300, Philipp Riegger wrote:
> On Fri, 2007-08-03 at 12:48 -0700, Drake Wyrm wrote:
> > It's not a vulnerability in Rules du Jour. It's a bunch of spammers
> > attacking the Rules du Jour servers and ISP. SARE has also been down a
> > whole bunch over the last couple of months due to the same attack. 
> Which will probably never happen to gentoo, because of the rather bg
> mirroring system. So, would it be possible to host daily (or hourly)
> snapshots of these rule files (or something like that) and tell the
> world that we do so and that they can download these in the nightly
> cronjob? That migth solve a problem and i don't see it becoming a
> problem for the gentoo mirror infrastructure.
This doesn't solve the problem at all.

We still need to get the rules from upstream, and the DDoS is against
upstream. Really, just move to using sa-update instead. It has the
IDENTICAL rulesets, but the update-needed checks are preformed via DNS
instead of an HTTP operation.

-- 
Robin Hugh Johnson
Gentoo Linux Developer & Council Member
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

[-- Attachment #2: Type: application/pgp-signature, Size: 321 bytes --]

Re: [gentoo-dev] Pending death of mail-filter/spamassassin-ruledujour

[Robin H. Johnson]

[-- Attachment #1: Type: text/plain, Size: 356 bytes --]

On Thu, Aug 02, 2007 at 05:07:23PM -0700, Robin H. Johnson wrote:
> mail-filter/spamassassin-ruledujour will be p.masked on August 4th, and
> removed one month thereafter.
It is now removed.

-- 
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

[-- Attachment #2: Type: application/pgp-signature, Size: 321 bytes --]