On 05/13/2017 08:02 PM, Kevin A. McGrail wrote:
RESENDING: Scripts were blocked for security reasons
On 5/13/2017 4:56 PM, Dave Jones wrote:
What's the next priority now that the rsync and httpd configs are active?
I will work on the build next using this:
https://svn.apache.org/repos/asf/spamassassin/trunk/build/README
PREFACE: I'm working on the build. If you would like to help, we need
to coordinate first.
Thank goodness! I took a look at that README and my head started to
explode. I am not a perl developer so that was going to be very time
consuming to get up to speed on that. I will let you have it... :)
Here is the promised list of items I've identified.
To me, the priority would be getting ruleqa/masscheck better documented
and back up and running would be ideal.
I will change to working on this as my next priority.
If we can get that system running smoother with a shorter lag to
publishing rules, I'd like to help more with it.
DONE - Touch a file called MIRROR.CHECK in
/var/www/bbmass.spamassassin.org/updates on SA-VM1 and test if it is
synced to the Mirrors. NOTE: I sync every 10 mins
- Document on the wiki that MIRRORED.BY contains the sa update mirror
contact names.
This is referenced in DNS by mirrors.updates.spamassasin.org TXT record
pointing to http://spamassassin.apache.org/updates/MIRRORED.BY. Do you
have the details on how this file gets updated on that apache.org server
so we can add this to the wiki?
- Get the various files for running the sa-update aka bbmass website
into SVN. This would NOT be the update files but likely everything else
including the httpd.conf, MIRRORED.BY, etc.
- Get the email to root from sa-vm1 to go to sysadmins@ without
moderation so we have cron logs, etc. archived.
root email will deliver to this list now. Need someone to setup the
[email protected] to be allowed without moderation. See test email
I recently sent from root to the list.
- KAM to Get the passwords for crashplan for SA into sysadmins repo
encrypted so we have multiple people who have access.
- Get the sa-update-mirror-check script (attached) running on SA-VM1 and
emailing sysadmins@ without moderation
- Get Darxus' rule update check script (attached) running on SA-VM1 and
emailing sysadmins@ without moderation. See SA Dev list example: Rule
updates are too old - 2017-05-08
- Get Darxus' check script updated for 3.4.2 and 3.3.2.
- Perhaps update the sa-update-mirror-check to use the MIRROR.CHECK with
a timestamp to confirm it's within a reasonable period of time.
- Find out who wrote the sa-update-mirror-check (likely on the list
archives), check the licensing on the post and hopefully ask who wrote
it to public domain or Apache license. Then add
attribution/license/copyright and add it to the sysadmins repo.
- Ask Darxus' if we can repo his script as well with
attribution/license/copyright as above
- Ask Darxus' to turn off his script that runs on his infrastructure
- Identify what we used to provide on the old servers. Some things KAM
believes we had that need to be verified and likely expanded on:
o Masscheck RSYNC for people to send us their Masscheck Logs
o An email system for people to email and it would send the results
of checking that email
o Masscheck Corpora RSYNC or perhaps SSH for people to send us their
corpora for us to run our own Masscheck server. NOTE: This is the most
sensitive data we would have I believe since it is other people's real
mail.
o For the above, I think I myself have this setup. I'd like to
identify where and extend it / improve it / make sure it's working, etc.
o Look at the rsync MOTD[1]
o Masscheck stuff:
https://wiki.apache.org/spamassassin/NightlyMassCheck - KAM sent notes a
few days ago about how he got this running on spamassassin-vm. if that
doesn't suffice, please let me know.
Will check this out today and try to get this working on sa-vm1.
- Identify what jm was using talon1.pccc.com to provide so I can mimic
it. His cron jobs were disabled last January but I think they were
running items related to masscheck.
- Get the RuleQA Website running again.
Will check this out today.
- Identify what the incoming.spamassassin.org server did/does/can do for
us. NOTE: It might be the the same as below.
- Talk to Grant Kellar with Sonic about the traps they have in place and
where they are sent to make sure we are utilizing them.
- Clean up and remove unnecessary backup data on sa-vm1 - NO NEED TO BE
HASTY ON THIS, I'M JUST WRITING A COMPLETE LIST.
- Identify how much data we need if Infra can shrink the data storage
allocated for sa-vm1
- Talk to AXB about SOUGHT and SOUGHT2
- Update the documentation for InfraNotes2017 with another pass of
updates about machines, etc.
[1]
corpus
nightly mass-check result upload area. It is password protected.
If you would like a password, please send a request to
[email protected] and request a "nightly" username and password.
submit
Score generation mass-check result upload area. It is password
protected. If you would like a password, please send a request to
[email protected] and request a "score generation" username
and password. Generally these are only granted after a mass-check
announcement has been made on the spamassassin developer mailing list.
anoncorpus
mass-check result download area, available via anonymous access.
--
Kevin A. McGrail
Asst. Treasurer, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project