|
Bugzilla – Full Text Bug Listing |
| Summary: | Spamassassin still uses openwhois tests, a squatted domain. | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 11.3 | Reporter: | Carlos Robinson <carlos.e.r> |
| Component: | Network | Assignee: | Peter Varkoly <varkoly> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Critical | ||
| Priority: | P2 - High | CC: | bugz57, pth, radmanic, security-team, suse-beta |
| Version: | Final | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | openSUSE 11.2 | ||
| Whiteboard: | maint:released:11.1:36199 maint:released:11.2:36199 maint:released:sle11-sp1:37702 maint:released:sle10-sp3:37703 | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Deadline: | 2010-10-26 | ||
|
Description
Carlos Robinson
2010-05-16 00:31:01 UTC
reassigned to maintainer I will put it on the list of planned updates. We need update for: SLES10-SP3 SLE11 SLE11-SP1 11.1 11.2 how large is the impact? how much of a rating can this test give? That are the scores of whois rules: 3.51 WHOIS_AITPRIV 2.84 WHOIS_UNLISTED 2.70 WHOIS_SECUREWHOIS 2.70 WHOIS_CONTACTPRIV 2.60 WHOIS_MONIKER_PRIV 2.02 WHOIS_WHOISGUARD 1.65 WHOIS_REGISTERFLY 1.50 WHOIS_PRIVPROT 1.50 WHOIS_MYPRIVREG 1.41 WHOIS_NAMEKING 1.00 WHOIS_WHOISPROT 1.00 WHOIS_SAFENAMES 1.00 WHOIS_REGTEK 1.00 WHOIS_REGISTER4LESS 1.00 WHOIS_PRIVDOMAIN 1.00 WHOIS_NOMINET 1.00 WHOIS_NETID 1.00 WHOIS_FINEXE 1.00 WHOIS_DYNADOT 1.00 WHOIS_DREAMPRIV 1.00 WHOIS_DOMPRIVCORP 1.00 WHOIS_DOMESCROW If the user runs periodically sa-update (which is recommended) there is no problem. http://www.dnsbl.com/2009/08/status-of-blopen-whoisorg-dead.html (In reply to comment #5) > If the user runs periodically sa-update (which is recommended) there is no > problem. > http://www.dnsbl.com/2009/08/status-of-blopen-whoisorg-dead.html Recommended by whom? Not by SUSE/Novell. "users" do not run sa-update. We rely on "YOU" (YaST) for doing our updates. Or, we could rely on a system service, like /etc/init.d/fresclam to do the updates to the virus dababase - but such a system service does not exist for SA. Mail administrators and some users *may* run sa-update. (In reply to comment 2) > We need update for: > SLES10-SP3 SLE11 SLE11-SP1 11.1 11.2 11.0 is affected and still officially supported, AFAIK. *** Bug 615250 has been marked as a duplicate of this bug. *** Ping! Still undone. not really a security vulnerability and no other security update can be used as driver. Needs to be handles as regular maintenance update. I've submitted all packages. Please start mainenance The SWAMPID for this issue is 36123. This issue was rated as low. Please submit fixed packages until 2010-10-26. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/36123 As it is annoying for the customers (which doesn't use sa-update), update started now. correct. Can you please submit packages that contain the complete "sa-update" diff, not just this one fix please? Thanks, I think the best solution is to make a daily cronjob which runs sa-update. Is it OK? that would be also okay. note that those who use sa-compile (I do), also need to run sa-compile after sa-update. the cron job shouldn't be enabled by default though IMO. Just as spamd isn't enabled by default. updates ready for QA, resolving Bug. Update released for: perl-spamassassin, spamassassin, spamassassin-debuginfo, spamassassin-debugsource Products: openSUSE 11.1 (debug, i586, ppc, x86_64) openSUSE 11.2 (debug, i586, x86_64) Update released for: perl-spamassassin, spamassassin, spamassassin-debuginfo, spamassassin-debugsource Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP1 (i386, x86_64) I just installed the patch on a 11.1 server, with the result that Amavis died instantly after startup :-(
The log says:
Dec 18 00:29:41 srv amavis[26790]: SpamControl: initializing Mail::SpamAssassin
Dec 18 00:29:42 srv amavis[26790]: (!!)TROUBLE in pre_loop_hook: check: no
loaded plugin implements 'check_main': cannot scan! at
/usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/PerMsgStatus.pm
line 164.
Dec 18 00:29:42 srv amavis[26790]: (!)_DIE: check: no loaded plugin implements
'check_main': cannot scan! at
/usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/PerMsgStatus.pm line 164.
(Amavis works again after downgrading to perl-spamassassin-3.2.5-26.9.1)
bug 660431 contains more details about the reason of the failure. Update released for: perl-spamassassin, spamassassin, spamassassin-debuginfo Products: SLE-DESKTOP 10-SP3 (i386, x86_64) SLE-SAP-APL 10-SP3 (x86_64) SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64) sa-update support is missing for 11.3. please submit a fixed package. submitted the factory package now myself. This is an autogenerated message for OBS integration: This bug (606231) was mentioned in https://build.opensuse.org/request/show/50120 11.2:Test / spamassassin https://build.opensuse.org/request/show/50121 11.1 / spamassassin |