As many of you know, for over a year now we've been dealing with a massive 
flood of queries on the RuleQA server at https://ruleqa.spamassassin.org, with 
broadly variable success. The original theory was that this was LLM trainers 
sucking in all the data they can find mindlessly, but the fight has exposed a 
pattern making it clear that this is a directed attack on the daily updates of 
rules and scores. As a result, those updates have been sporadically broken, 
predominantly due to our QA contributors being unable to upload their scoring 
results. I believe that as of today, we have found a workable tactic to protect 
that process.

As with most tactics used to resist such attacks, there's a cost. Some queries 
to the RuleQA server will break, somewhat randomly based on timing and the load 
on the system. Retrying on any explicit error is likely to succeed. Some 
networks that may have legitimate users are very much blocked due to abuse 
(e.g. Huawei Cloud and some other VPS providers as well as some mobile 
networks) so if you cannot reach the server at all but instead just time out, 
speak up here and I'll try to fix it.

ALSO: don't go to any rule performance detail page cold, without a Referer 
header. That just won't work.


-- 
 Bill Cole
 [email protected] or [email protected]
 (AKA @[email protected] and many *@billmail.scconsult.com addresses)
 Please keep discussion mailing list replies *on-list*
 Not Currently Available For Hire

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to