Re: apachesf account at Sonic

2018-01-01 Thread Dave Jones 

On 12/30/2017 01:27 PM, Kevin A. McGrail wrote:
New box from Sonic.  I've create a tasklist to get started, etc. Dave, 
can you spearhead this?


   You'll be please do know that the new server is up. You can access it
as follows:

host: 64.142.56.146

   The network block is 64.142.56.144/28 (14 usable) and power can be
remotely controlled via our Colo Tools
page at https://members.sonic.net/colo-tools/.

   I'm forwarding the sponsorship application onto management, as there
are a few details involving
preferred contacts and fiscal responsibility that I am not individually
qualified to answer.

   I hope this holiday season has gone well for you, and I look forward
continuing our partnership into
the coming year.

-- Joe Muller
System Administrator
Sonic


DONE - 0 - Document Specs:

IBM 7944-AC1 1U Server
2x Xeon E5620 2.4GHz Processor(s)
8GB ECC DDR3
2x300GB SAS 2.5'' Hard Disks
2x Intel Gigabit Ethernet (a single link will be used)
Centos 7.4
Box Name apachesf

0a - Put an A record for the box into DNS for apachesf.Spamassassin.org

0a2 - Add to SysAdmins Docs / wiki

DONE - 0b - Add account for davej

DONE - 0c - Add account for kmcgrail

DONE - 0d - Add ssh key for kmcgrail

0e - Add ssh key for davej - Dave, I texted you a password so you can 
get in and add your key.


DONE - 0f - Add key for root

DONE - 0g - Change root password



DJ - Locked down /etc/ssh/sshd_config - PermitRoot no


DONE - 0h - Add KAM and DaveJ to sudoers - added to wheel group

1 - Setup as an sa-update Mirror with a weight of 5 to start


DJ - DONE  Setup fail2ban httpd-get-dos to prevent abuse of the mirror.



2 - Check with Joe at Sonic about bandwidth usage to dial mirror up 
and down in weight


3 - Setup as a masscheck client with submitted data from rsync

4 - Look at the Current Sonic Colo Box and what it does now.  This is 
incoming.spamassassin.org
- add account for Davej - Same password texted above so you can reset 
and add your key.  Also, you are in sudoers
- I believe it has spam trap data from Sonic that needs to be 
redirected to the new box.




DJ - Able to login and get my key setup with ssh-copy-id.  Tried to sudo 
but not in sudoers file.  I was reported... :(



4a - Decomm the old incoming.spamassassin.org

5 - Setup Crashplan on the new machine

6 - Get them listed officially as a targeted sponsor - PENDING THEIR 
PAPERWORK

Cron <automc@sa-vm1> ~/svn/trunk/build/mkupdates/run_nightly | /usr/bin/tee /var/www/automc.spamassassin.org/mkupdates/mkupdates.txt

2018-01-01 Thread Cron Daemon 
+ promote_active_rules
+ pwd
+ /usr/bin/perl build/mkupdates/listpromotable
/usr/local/spamassassin/automc/svn/trunk
HTTP get: http://ruleqa.spamassassin.org/1-days-ago?xml=1
HTTP get: http://ruleqa.spamassassin.org/2-days-ago?xml=1
day 2 contains a --net mass-check! offsetting by an extra day
Use of "goto" to jump into a construct is deprecated at 
build/mkupdates/listpromotable line 85.
HTTP get: http://ruleqa.spamassassin.org/3-days-ago?xml=1
HTTP get: http://ruleqa.spamassassin.org/4-days-ago?xml=1
+ mv rules/active.list.new rules/active.list
+ svn diff rules
+ cat /var/www/ruleqa.spamassassin.org/reports/LATEST
Index: rules/active.list
===
--- rules/active.list   (revision 1819719)
+++ rules/active.list   (working copy)
@@ -302,9 +302,6 @@
 FROM_WSP_TRAIL
 
 # good enough
-FSL_BULK_SIG
-
-# good enough
 FSL_CTYPE_WIN1251
 
 # good enough
@@ -896,9 +893,6 @@
 TVD_SPACE_RATIO_MINFP
 
 # good enough
-TVD_SUBJ_NUM_OBFU_MINFP
-
-# good enough
 TVD_VISIT_PHARMA
 
 # tflags publish
@@ -905,53 +899,41 @@
 TW_GIBBERISH_MANY
 
 # good enough
-ADVANCE_FEE_3_NEW_FRM_MNY
+ADVANCE_FEE_2_NEW_FRM_MNY
 
 # good enough
-ADVANCE_FEE_4_NEW_FRM_MNY
+AXB_XMAILER_MIMEOLE_OL_1ECD5
 
 # good enough
-ADVANCE_FEE_5_NEW
+BODY_SINGLE_URI
 
 # good enough
-AXB_X_FF_SEZ_S
+FILL_THIS_FORM_LOAN
 
 # good enough
-BIGNUM_EMAILS
+HK_RANDOM_FROM
 
 # good enough
-BODY_EMPTY
+HK_SCAM_N15
 
 # good enough
-COMPENSATION
+LIST_PARTIAL_SHORT_MSG
 
 # good enough
-FILL_THIS_FORM_FRAUD_PHISH
+LOTTO_AGENT
 
 # good enough
-FILL_THIS_FORM_LONG
+MONEY_FORM
 
 # good enough
-FSL_HELO_BARE_IP_2
+MONEY_FROM_MISSP
 
 # good enough
-HDRS_LCASE
+OBFU_DOC_ATTACH
 
 # good enough
-HK_SCAM_N3
+URI_DOTDOT_LOW_CNTRST
 
-# good enough
-MIMEOLE_DIRECT_TO_MX
-
-# good enough
-MONEY_BARRISTER
-
-# good enough
-MSGID_NOFQDN1
-
-# good enough
-TO_NO_BRKTS_FROM_MSSP
-
 # tflags publish
 UC_GIBBERISH_OBFU
 
+ echo 'Committing promotions in rules/active.list...'
Committing promotions in rules/active.list...
+ svn commit -m 'promotions validated' rules/active.list
Sendingrules/active.list
Transmitting file data .done
Committing transaction...
Committed revision 1819752.
+ /usr/bin/perl masses/rule-qa/list-bad-rules
++ date +%w
+ [[ 1 = 3 ]]
+ for VER in '$VERSIONS'
+ make_tarball_for_version 3.4.2
+ version=3.4.2
+ tmpdir=/usr/local/spamassassin/automc/tmp/stage/3.4.2
+ rm -rf /usr/local/spamassassin/automc/tmp/stage/3.4.2
+ mkdir -p /usr/local/spamassassin/automc/tmp/stage/3.4.2
+ make clean
rm -f \
  SpamAssassin.bso SpamAssassin.def \
  SpamAssassin.exp SpamAssassin.x \
   blib/arch/auto/Mail/SpamAssassin/extralibs.all \
  blib/arch/auto/Mail/SpamAssassin/extralibs.ld Makefile.aperl \
  *.a *.o \
  *perl.core MYMETA.json \
  MYMETA.yml blibdirs.ts \
  core core.*perl.*.? \
  core.[0-9] core.[0-9][0-9] \
  core.[0-9][0-9][0-9] core.[0-9][0-9][0-9][0-9] \
  core.[0-9][0-9][0-9][0-9][0-9] libSpamAssassin.def \
  mon.out perl \
  perl perl.exe \
  perlmain.c pm_to_blib \
  pm_to_blib.ts so_locations \
  tmon.out 
rm -rf \
  *.cache blib \
  doc pod2htm* \
  qmail rules/*.pm \
  rules/70_inactive.cf sa-awl \
  sa-check_spamd sa-compile \
  sa-learn sa-update \
  spamassassin spamc/*.cache \
  spamc/*.o* spamc/*.so \
  spamc/Makefile spamc/config.h \
  spamc/config.log spamc/config.status \
  spamc/qmail-spamc spamc/replace/*.o* \
  spamc/spamc spamc/spamc.h \
  spamc/version.h spamd/*spamc* \
  spamd/spamd t/bayessql.cf \
  t/do_net t/log \
  t/sql_based_whitelist.cf version.env 
mv Makefile Makefile.old > /dev/null 2>&1
+ /usr/bin/perl Makefile.PL 
PREFIX=/usr/local/spamassassin/automc/tmp/stage/3.4.2
What email address or URL should be used in the suspected-spam report
text for users who want more information on your filter installation?
(In particular, ISPs should change this to a local Postmaster contact)
default text: [the administrator of that system] the administrator of that 
system

NOTE: settings for "make test" are now controlled using "t/config.dist". 
See that file if you wish to customize what tests are run, and how.

checking module dependencies and their versions...

***
NOTE: the optional Digest::SHA1 module is not installed.

  The Digest::SHA1 module is still required by the Razor2 plugin.
  Other modules prefer Digest::SHA, which is a Perl base module.

checking binary dependencies and their versions...

***
NOTE: the optional fetch binary is not installed.

   Sa-update will use curl, wget or fetch to download updates.  
   Because perl module LWP does not support IPv6, sa-update as of
   3.4.0 will use these standard programs to download rule updates
   leaving LWP as a fallback if none of the programs are found.

   *IMPORTANT NOTE*: You only need one of these programs 
   It's only a concern if you are warned about all 3