SARE seems to be getting DDoSd a lot recently and it is creating a ruckus on any system with the spamassassin-ruledujor package. In the best case, the Gentoo ruledujour cron script is simply running too frequently. Worst case I can find ruledujour is simply deprecated and should be replaced. See: http://www.nabble.com/Rulesemporium-down--t3883598.html http://marc.info/?l=spamassassin-users&s=rulesemporium Comments and thoughts on what action we should take?
Created attachment 121907 [details] 404 errors on update
Created attachment 121908 [details] Invalid rules and autoban
So, you are blaming Gentoo for DDoS, or what's this exactly about? We cannot do anything about upstream infrastructure breakdown (which has been fixed AFAICS from the thread you've referred to here). Why are you filing bugs with Gentoo about upstream servers borkage? Bugzilla is not a RFC facility. Please clarify.
I am not blaming Gentoo, and I don't know where you got this notion from. In fact it seems as if you are attacking me personally and completely skipped over the links I provided relating to this matter. I am merely pointing out a problem which affects Gentoo users. If Bugzilla is not designed for that, I'm not sure what it is for. Despite the donated DDoS protection, this is still occurring for myself and others. What has been said is that RDJ should not be run via cron. In that case the ebuild is indeed broken. This is coming for SARE! This could mean that we are also causing unwanted/unnecessary amounts of traffic on a free service that is obviously having capacity problems. OpenProtect implements the SARE rules, and seems to be the recommended path for updates using cron, since it implements sa-update. The good news is that is also simplified in comparison to RDJ. http://saupdates.openprotect.com/ My RFC is: should we implement this, and what would be the correct way of doing it? More specifically, should a use flag be simply be added to SA, or should an openprotect ebuild be created that imports the GPG key and adds a simple cron script? -- 'sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com' is all that is needed. Sorry if I wasn't clear at first. I am willing to contribute an openprotect ebuild after the correct course of action has been decided. One more thought, what about using Gentoo mirrors if this keeps up?
Additional update information, although prior to the rulesemporium.com DDoS: http://marc.info/?l=spamassassin-users&m=117998391103451&w=2 sa-update is a more efficient way of doing updates.
(In reply to comment #4)I am merely pointing out a > I am merely pointing out a problem which affects Gentoo users. If Bugzilla is > not designed for that, I'm not sure what it is for. Despite the donated DDoS > protection, this is still occurring for myself and others. Obviously Gentoo bugzilla is not a place to complain about broken upstream infrastructure as we can't fix that. If it still happens to you, then you'll have to take this with upstream folks, as said couple of times already. A.K.A. you are moaning on a completely wrong grave. > What has been said is that RDJ should not be run via cron. In that case the > ebuild is indeed broken. This is coming for SARE! This could mean that we are > also causing unwanted/unnecessary amounts of traffic on a free service that is > obviously having capacity problems. We don't even make the cronscript exacutable, the user has to do it manually. Until then, it has no effect whatsoever. > One more thought, what about using Gentoo mirrors if this keeps up? Gentoo distfiles mirrors are not for providing third-party services, they are for distributing source tarballs and Gentoo releases. Likewise, they are equally not designed to provide ClamAV signature updates or whatever similar.
In the upstream email, see this: "If you must, for whatever reason, have your own archival copy of the SARE rules please use rules-du-jour to retrieve them from the Rules Emporium site [2]." Up until recent versions of SpamAssassin, rulesdujour was the ONLY automatic update method available, and it was recommended that you use it in cron. I still have boxes with SA before v3 running. When 3.2 starts to move into stable and we discourage people from using 3.1.8, I'd like to deprecate rules-du-jour at the same time. To implement this, I'll ship a version that just dumps an error when you run the cronjob.
Now that you've followed the sa-update advice, is it possible to add a use flag to make this an option during install? Adding the keys and creating a channel file is a lot more involved then simply installing an ebuild as it used to be done.
