spamassassin-sysadmins mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jens Schleusener" <>
Subject Re: Fwd: [Bug 7331] channel: SHA1 verification failed, channel failed
Date Wed, 10 Jan 2018 19:25:34 GMT
On Wed, 10 Jan 2018, Dave Jones wrote:

> On 01/10/2018 08:48 AM, Kevin A. McGrail wrote:
>> Can you turn on debugging and perhaps add it to retry again?  I am trying 
>> to figure out if it is one server with an issue.
> We have added a number of new sa-update mirrors recently.  Check the 
> MIRRORED.BY file and do ping/traceroutes AND wget/curls to each server. There 
> could be a local routing problem getting to one of them from your 
> location/ISP.
> Dave

I am the maintainer of one of the new sa-update mirrors

Just an observation (although I am not very familiar with the complete
update mechanismn):

For e.g. today between

  10/Jan/2018:09:34:29 +0100


  10/Jan/2018:09:40:04 +0100

I saw in the web logs of the mirror 76 GET requests to /1820725.tar.gz
with a 404 ("Not Found") response code (only an that time interval).

The file 1820725.tar.gz has on the mirror server the last modification 
date "Jan 10 09:31" and the rsync logs shows that the file 1820725.tar.gz 
was fetched at

  Jan 10 09:40:11 CET 2018

So some client hosts have probably the information that 1820725.tar.gz is
the freshest update file before the mentioned mirror server has rsynced
that file.

Similar effects I found in the days before with roughly 80 "404 (Not 
Found)" requests against roughly 61000 "200 (Ok)" requests.

Can it be possible that the failed SHA1 verification is caused by that

If yes, is the mirror frequency too low (on 
currently 10 minutes) or is the information about the current update file 
too early available to the clients?

But maybe I have misinterpreted the situation.



>> On 1/10/2018 9:25 AM, Dale Blount wrote:
>>> I get them randomly starting a few months back.  My cronjob is set for 
>>> 4:40am Eastern.  Normally it won't fail two days in a row.
>>> My cron script looks like this:
>>> /usr/bin/vendor_perl/sa-update --gpgkey 6C6191E3 --channel 
>>> RET=$?
>>> if [ "$RET" -eq 0 ]; then
>>>         /usr/bin/vendor_perl/sa-compile && systemctl restart spamassassin
>>> fi
>>> On 01/10/2018 09:09 AM, Kevin A. McGrail wrote:
>>>> Anyone having issues with Sha1 failures on their machines on sa-updates?
>>>> Anyone familiar with sa-update.cron so we can try and get more data on 
>>>> this bug below?
>>>> -------- Forwarded Message --------
>>>> Subject:     [Bug 7331] channel: SHA1 verification failed, channel failed
>>>> Date:     Tue, 09 Jan 2018 15:05:37 +0000
>>>> From:
>>>> To:
>>>> --- Comment #5 from Jonathan Kamens<>  ---
>>>> (In reply to Kevin A. McGrail from comment #4)
>>>> > Please add more logs and if you can, try manually downloading the 
>>>> files.
>>>> I'm getting the error from sa-update.cron, so (a) I'm not around when it
>>>> happens in the middle of the night to retry it immediately, and (b) I 
>>>> have no
>>>> idea where, if anywhere, the logs from sa-update.cron are captured.
>>>> If you can advise me how to configure or modify the cron job so that it
>>>> captures logs, I will be glad to follow your advice to collect additional
>>>> information.
>>>> > My big question is does a subsequent run fix the issue?  Is there a

>>>> specific
>>>> > mirror that might be having the issue?
>>>> When I get the error overnight and then rerun the update during the day 
>>>> when I
>>>> notice it, it usually works the second time.
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message