Discussion:
update bad phishing sites broken?
Kevin Miller
2013-06-18 17:34:25 UTC
Permalink
I've been seeing this for the last 12 hours or so. Is the server down?
------------
running hourly cronjob scripts

SCRIPT: update_bad_phishing_sites exited with RETURNCODE = 9.


?...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
Mark Sapiro
2013-06-20 18:53:12 UTC
Permalink
Post by Kevin Miller
I've been seeing this for the last 12 hours or so. Is the server down?
------------
running hourly cronjob scripts
SCRIPT: update_bad_phishing_sites exited with RETURNCODE = 9.
This is the same issue as that reported at
<http://lists.mailscanner.info/pipermail/mailscanner/2013-June/100821.html>.

The issues affecting ScamNailer also affect update_bad_phishing_sites.
The recent issue reported in the post is causing
update_bad_phishing_sites to die. Previously, since around 25 April, it
just wasn't updating.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
Kevin Miller
2013-06-20 19:13:34 UTC
Permalink
This post might be inappropriate. Click to display it.
Matt Hampton
2013-06-20 22:35:22 UTC
Permalink
renewed
Post by Kevin Miller
================================
whois bastionmail.com
snip
Domain Name: BASTIONMAIL.COM
Registration Date: 17-Jun-2005
Expiration Date: 17-Jun-2013
Status:RENEWAL HOLD
Note: This Domain Name has expired and hence inactive. The Domain Name
must be renewed to activate it. The owner of the Domain Name can
renew it from within the control panel or approach his service
provider for the same.
================================
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
-----Original Message-----
mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mark Sapiro
Sent: Thursday, June 20, 2013 10:53 AM
To: mailscanner at lists.mailscanner.info
Subject: Re: update bad phishing sites broken?
Post by Kevin Miller
I've been seeing this for the last 12 hours or so. Is the server down?
------------
running hourly cronjob scripts
SCRIPT: update_bad_phishing_sites exited with RETURNCODE = 9.
This is the same issue as that reported at <
http://lists.mailscanner.info/pipermail/mailscanner/2013-June/100821.html
Post by Kevin Miller
.
The issues affecting ScamNailer also affect update_bad_phishing_sites.
The recent issue reported in the post is causing update_bad_phishing_sites
to die. Previously, since around 25 April, it just wasn't updating.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130620/247a77fd/attachment.html
Mark Sapiro
2013-06-21 00:57:43 UTC
Permalink
Post by Kevin Miller
renewed
But it still returns "v=spf1 a -all" as the only TXT record for
emails.msupdate.greylist.bastionmail.com. Is this ever going to be fixed?

Meanwhile, I have ported my Scamnailer patch to
update_bad_phishing_sites. The patch is attached.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
-------------- next part --------------
--- /usr/sbin/update_bad_phishing_sites.bak 2013-06-20 17:27:55.000000000 -0700
+++ /usr/sbin/update_bad_phishing_sites 2013-06-20 17:45:30.000000000 -0700
@@ -36,6 +36,7 @@
use LWP::UserAgent;
use FileHandle;
use DirHandle;
+use Time::Local;

# Work out Quarantine Directory from MailScanner.conf
my $base = '/var/spool/MailScanner/quarantine'; # Default value
@@ -132,7 +133,22 @@
}
}

-die "Failed to retrieve valid current details\n" unless (!($currentbase eq "-1"));
+#die "Failed to retrieve valid current details\n" unless (!($currentbase eq "-1"));
+if ($currentbase == -1) {
+ $currentbase = 0;
+ $currentupdate = 0;
+ warn "No appropriate TXT found at $query.\n";
+}
+
+my $day = (gmtime)[6];
+my $year = (gmtime)[5] + 1900;
+my $janone = (gmtime(timegm(0,0,0,1,0,$year-1900)))[6];
+my $week = sprintf ("%02d", int (((gmtime)[7] + $janone) / 7));
+my $mybase = "$year-$week$day";
+if ($currentbase lt $mybase) {
+ $currentbase = $mybase;
+ $currentupdate = 99;
+}

print "I am working with: Current: $currentbase - $currentupdate and Status: $status_base - $status_update\n";

@@ -196,7 +212,10 @@
print "Retrieving $urlbase$currentbase.$i\n";
my $req = HTTP::Request->new(GET => $urlbase.$currentbase.".".$i);
my $res = $ua->request($req);
- warn "Failed to retrieve $urlbase$currentbase.$i" unless ($res->is_success) ;
+ unless ($res->is_success) {
+ warn "Failed to retrieve $urlbase$currentbase.$i";
+ $currentupdate = $i - 1;
+ }
my $line;
foreach $line (split("\n", $res->content)) {
# Is it an addition?
@@ -223,6 +242,12 @@
}
}
}
+ # Because of our guess and retrieve until error strategy, we could be
+ # here without having retrieved any new updates which will result in
+ # our cached $status_update being erased. This does no real harm, but
+ # it causes extra work on the next run. To avoid this we skip the next
+ # section in that case.
+ if (!($status_update eq $currentupdate)) {
# OK do we have a previous version to work from?
if ($status_update>0) {
# Yes - we open the most recent version
@@ -264,6 +289,7 @@
}
}
close (FILEOUT);
+ }
}

}
Mark Sapiro
2013-06-23 18:49:32 UTC
Permalink
Post by Mark Sapiro
But it still returns "v=spf1 a -all" as the only TXT record for
emails.msupdate.greylist.bastionmail.com. Is this ever going to be fixed?
As of now it is back to returning "emails.2013-164.6" in response to the
TXT query, but this is still the status from late last April.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
Peter Farrow
2013-07-02 07:41:08 UTC
Permalink
At the risk of sounding slightly ignorant,

Can someone advise me on how to apply the patches - i.e. the command,

Many thanks

Pete
Post by Mark Sapiro
Post by Kevin Miller
renewed
But it still returns "v=spf1 a -all" as the only TXT record for
emails.msupdate.greylist.bastionmail.com. Is this ever going to be fixed?
Meanwhile, I have ported my Scamnailer patch to
update_bad_phishing_sites. The patch is attached.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130702/c64709a9/attachment.html
Mark Sapiro
2013-07-02 16:00:18 UTC
Permalink
Post by Peter Farrow
At the risk of sounding slightly ignorant,
Can someone advise me on how to apply the patches - i.e. the command,
Assuming your update_bad_phishing_sites is in the standard place, i.e.
/usr/sbin/update_bad_phishing_sites, just save the patch and give the
command

sudo patch -p0 < /path/to/patch/file

See ' man patch' for more info.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
Stephen Cox
2013-07-09 06:36:01 UTC
Permalink
Mark,

Can you please submit a pull request on github?

Regards,
Stephen
Post by Mark Sapiro
Post by Kevin Miller
renewed
But it still returns "v=spf1 a -all" as the only TXT record for
emails.msupdate.greylist.bastionmail.com. Is this ever going to be fixed?
Meanwhile, I have ported my Scamnailer patch to
update_bad_phishing_sites. The patch is attached.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130709/02d2f2b5/attachment.html
Mark Sapiro
2013-07-10 02:52:03 UTC
Permalink
Post by Stephen Cox
Mark,
Can you please submit a pull request on github?
Regards,
Stephen
I can, but I'm not sure that it's appropriate as my patches to
update_bad_fishing_sites and ScamNailer are just workarounds for an
issue that should properly be fixed by fixing the process that updates
the TXT record for emails.msupdate.greylist.bastionmail.com.

If someone could do that, the patches are not needed.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
Loading...