Request: Disable update.bad.phishing.sites job when phishing checks are disabled

Julian Field MailScanner at ecs.soton.ac.uk
Thu Apr 10 14:39:34 IST 2008



Alex Broens wrote:
> On 4/10/2008 2:12 PM, Gary Pentland wrote:
>> mailscanner-bounces at lists.mailscanner.info wrote:
>>> so its not possible to check *if* feature enabled and *if* not 
>>> enabled, skip update?
>>>
>>> the moment you enable the feature, the check will see *if* enabled
>>> and run the update.
>>>
>>> Alex
>>
>> If you really want to do this, change the cron script to check the
>> MailScanner.conf for the feature and exit is it finds it disabled...
>>
>> Something along the lines of...
>>
>> if grep 'Find Phishing Fraud = yes'
>> /opt/local/mailscanner/etc/MailScanner.conf RUN UPDATE SCRIPT else 
>> DON'T RUN UPDATE SCRIPT fi
>>
>> This is the beauty of open source code!  If *you* have an unusual
>> requirement, *you* can change it to suit your needs.  Obviously if
>> you do change something that may be useful to others then send the
>> diffs to Jules so he can include it in a future release.  Personally
>> if this was to be a feature then I'd suggest adding "Update Phishing
>> Config Files" as a Yes/No in MailScanner.conf and grep on that, but
>> then again, I don't need this feature...
>>
>> However, cron is still running a job and if your concern is wasted
>> resources for something you are sure you'll never use, delete or
>> disable the cron script altogether.
>
> In my case, I delete the file and am happy. But if I consider a 
> feature might come in handy, does open source mean I have to cook 
> something for myself only and never request an enhancement which could 
> come in handly for to others ?
No, it doesn't mean that at all. Feel free to make requests and suggest 
features. In this case, I don't think it's worth it, in my view very few 
people would ever change the option from the default (which would have 
to be to keep the file updated).
>
> No everybody has coding skills, but may have decent ideas... get the 
> point?
>
> I'm think about the zillions of possibly unnecessary file transfers 
> which are being made done.
I think you'll find that most people use this feature (it's 'on' by 
default), so the file transfer are necessary.
>
> I'd bet quite a few haven't noticed that they're downloading stuff 
> they don't need, which also places a load on the server offering these 
> files.
Update to version 4.68 and you will find that update_bad_phishing_sites 
has changed completely. For starters, it now only downloads the changes 
to the file and not the entire file every time. So the individual 
download is very small.

Furthermore, to protect against denial-of-service attacks, what appears 
to be a single hostname (with a single IP address) is actually a 
complete globally-distributed cluster of servers which serve up the file 
(and the tables of diffs which are updated every 10 minutes or so). Your 
MailScanner server will automatically download it from the closest 
server to you that is available, so it doesn't even generate much 
international traffic as there are quite a lot of servers available. If 
one member of the cluster is unavailable, it will back off to the next 
nearest and so on. So this minimises the amount of network traffic involved.

If you want to find out more detail about how it all works, read up 
about "anycast" at
http://en.wikipedia.org/wiki/Anycast

Thanks go to Matt Hampton and coders.co.uk for providing me with access 
to do all this stuff, and for providing all the code necessary to make 
it work in the background for you folks.
> same can apply to SA updates, AV, rules_du_jour etc.
Except for the AV updates, these are only done daily, so in the big 
picture this is a negligible amount of traffic.

If you switched to a new virus scanner and its updates were very out of 
date, you would run the severe risk of letting viruses into your network 
just because you're too stingy to keep a few files up to date. That is 
not a risk worth taking!

If they were changed to only update if, for example, "Spam Assassin = 
yes" was set, it would have to be checked a lot more frequently as 
otherwise your SpamAssassin would be horribly out of date for the first 
day you tried to use it, which
a) would create a really bad impression of its abilities just when you 
need it to work properly as you are setting it up,
    and
b) would cause a lot more overhead on your server as these cronjobs 
would need to run at least every hour, instead of once every day.

So in the long run, I just don't think it's useful. How big a percentage 
of MailScanner installations do *not* use SpamAssassin? I would expect 
it to be a very small number. And of that percentage, how many systems 
are so tight on resources that running 1 or 2 cron jobs in the middle of 
the night makes a noticeable difference to the total bandwidth or CPU 
power used? A small percentage multiplied by another small percentage is 
vanishingly small.

I just don't think it's worth the bother, given the nuisance it would 
cause when you are trying to set things up and tune your system.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list