spamassassin-sysadmins mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Jones <da...@apache.org>
Subject Re: notes about new mirrors as Re: NOTE: Warning to Abusers of Update Servers
Date Sun, 26 Nov 2017 15:58:52 GMT
On 11/25/2017 04:59 PM, Kevin A. McGrail wrote:
> On 11/25/2017 8:38 AM, David Jones wrote:
>>
>> I too would like to clean up old unused rulesets but Kevin says this 
>> causes some problems.  I would think that if there are no DNS entries 
>> pointing to the ruleset, it should no longer be needed and could be 
>> cleaned up from the mirrors.  Still it's only ~330 MB so not a big deal.
>>
>> The scripts that generate the rulesets set the perms.  I can look at 
>> updating the scripts to change the perms but this doesn't hurt 
>> anything or cause a security risk, 
>
> First, thanks for stepping up.  I've been a little overwhelmed with 
> Thanksgiving festivities but really appreciate all the new sponsors.
>
> Second, there are people using old rulesets so we are leaving them for 
> now.  We moved some older ones to an archive dir and I had some 
> backchannel notes about issues.  So for now, it's a few hundred megs 
> so I appreciate if you could just ignore them.  They are considered 
> release items so keeping old releases is important.
>
> Third, the permissions are unclean but because rules are crypto 
> signed, I've never cared too much.  Even if they are modified, they 
> will fail.  But it should get fixed.  Jens, could you open a bugzilla 
> to do that please?
>
> Fourth, we have several new mirrors.  If you haven't please subscribe 
> to sysadmins@s.a.o mailing list and make sure your cron job is set to 
> no more than 10 minutes.  Tobi, yours has shown stale a few times but 
> the hiccup will work it's way out.  Once that is done with 4 mirrors, 
> we should raise you to a weight of 10.
>
> Dave, in talks with cPanel a few weeks they also offered help using 
> their 40+ mirrors worldwide.  We should open a ticket and think about 
> how we can use shorted-path or geolocated algorithms coupled with 
> weighting to maximize the mirrors.  Thoughts?
>

I am sure there are ways to determine location/country and hit the 
nearest one in the sa-update logic.  I am not sure that the three 
relatively small ruleset files need to be optimized too much.  As long 
as sa-update knows which version it downloaded last and it compares 
agains the DNS TXT version to only download when there is a difference, 
then it should be optimized enough.  If it downloads from a mirror on 
the opposite side of the earth, I don't think that 200 KB is going to 
make much difference if it takes 2 seconds or 30 seconds from a time 
perspective.  If we were talking about 10x the size, then it might be 
more of a problem that needed solving.

> Regards,
> KAM
>
Dave


Mime
View raw message