On 8/13/2006 4:49 PM, DAve wrote:
Daryl C. W. O'Shea wrote:
Hello all,
For those of you interested in SpamAssassin's sa-update, I've created
sa-update channels for all of the rules found at the SpamAssassin Rules
Emporium website (http://www.rulesemporium.com/rules.htm).
Ya stole my thunder. I just came in from running a chainsaw all day and
was beginning to work on that again. If you are interested, I'd be happy
to mirror for you.
Sorry about that. I've actually had this running for about a month and
I got all my chainsaw work done last week while waiting five days for
power to be restored. I wanted to fully test it and talk to some of the
folks from SARE before I made it public.
Judging on the traffic stats I was provided with, I think I should be
able to handle the traffic for a while anyway. I do plan on writing
some code to efficiently update channel mirrors in a timely manner
though, so once that's done I'll be sure to let you know.
Two things I saw, maybe you covered them, maybe you don't care.
One, I had two URL vars in my script. A URL hitting my site so I could
download rules as often as I wanted, and another URL that hit
rulesemporium. Use the wrong URL too often and you get the following
instead of a rules file,
AUTOBAN: Over 500 *.cf requests in 48 hours period - Check your CRON
CONTACT: [EMAIL PROTECTED]
So checking for updates too often can cause you to create a big pile of
channel files that will not lint. Sorry Chris, I was trying to do
laundry and code at the same time. I knew better too, which was why I
had two URLs in the script.
Covered, thanks for pointing it out though.
Two, the GPG key really only says the rules are valid from your server,
it doesn't guarantee the rules are valid SARE rules. Not sure how to
handle that, or if users/authors will even care. Possibly authors would
be willing to tar, gzip, and sign their rules if they were provided an
upload facility.
I suppose they could. It'd be a little more work for the channel users
though, having to import each key and include them in a trusted gpgkey
file. Additionally it would require documentation to be updated for
every new ruleset, saying what key it uses.
I think that I'm familiar enough with a lot of SA users that it won't be
an issue (heck, I could post crappy rules to the users' list that a lot
of people would probably blindly use). Of course, I'd listen to
anyone's concerns otherwise.
Also, FWIW, I won't be modifying the rulesets. Even the
70_sare_whitelist_spf.cf file that currently can't be updated (the
channel update will fail) since the file doesn't pass a --lint test if
the SPF plugin isn't enabled. I've sent mail to Bob about this. I'm
hoping that he adds the missing ifplugin lines soon. See SA bug 5044.
Just some thoughts. Thanks for taking the time to do this, I think it
will be welcomed once the word gets out.
No problem. Thanks for the comments.
Daryl
