Request: Disable update.bad.phishing.sites job when phishing
checks are disabled
MailScanner at ecs.soton.ac.uk
Thu Apr 10 14:39:34 IST 2008
Alex Broens wrote:
> On 4/10/2008 2:12 PM, Gary Pentland wrote:
>> mailscanner-bounces at lists.mailscanner.info wrote:
>>> so its not possible to check *if* feature enabled and *if* not
>>> enabled, skip update?
>>> the moment you enable the feature, the check will see *if* enabled
>>> and run the update.
>> If you really want to do this, change the cron script to check the
>> MailScanner.conf for the feature and exit is it finds it disabled...
>> Something along the lines of...
>> if grep 'Find Phishing Fraud = yes'
>> /opt/local/mailscanner/etc/MailScanner.conf RUN UPDATE SCRIPT else
>> DON'T RUN UPDATE SCRIPT fi
>> This is the beauty of open source code! If *you* have an unusual
>> requirement, *you* can change it to suit your needs. Obviously if
>> you do change something that may be useful to others then send the
>> diffs to Jules so he can include it in a future release. Personally
>> if this was to be a feature then I'd suggest adding "Update Phishing
>> Config Files" as a Yes/No in MailScanner.conf and grep on that, but
>> then again, I don't need this feature...
>> However, cron is still running a job and if your concern is wasted
>> resources for something you are sure you'll never use, delete or
>> disable the cron script altogether.
> In my case, I delete the file and am happy. But if I consider a
> feature might come in handy, does open source mean I have to cook
> something for myself only and never request an enhancement which could
> come in handly for to others ?
No, it doesn't mean that at all. Feel free to make requests and suggest
features. In this case, I don't think it's worth it, in my view very few
people would ever change the option from the default (which would have
to be to keep the file updated).
> No everybody has coding skills, but may have decent ideas... get the
> I'm think about the zillions of possibly unnecessary file transfers
> which are being made done.
I think you'll find that most people use this feature (it's 'on' by
default), so the file transfer are necessary.
> I'd bet quite a few haven't noticed that they're downloading stuff
> they don't need, which also places a load on the server offering these
Update to version 4.68 and you will find that update_bad_phishing_sites
has changed completely. For starters, it now only downloads the changes
to the file and not the entire file every time. So the individual
download is very small.
Furthermore, to protect against denial-of-service attacks, what appears
to be a single hostname (with a single IP address) is actually a
complete globally-distributed cluster of servers which serve up the file
(and the tables of diffs which are updated every 10 minutes or so). Your
MailScanner server will automatically download it from the closest
server to you that is available, so it doesn't even generate much
international traffic as there are quite a lot of servers available. If
one member of the cluster is unavailable, it will back off to the next
nearest and so on. So this minimises the amount of network traffic involved.
If you want to find out more detail about how it all works, read up
about "anycast" at
Thanks go to Matt Hampton and coders.co.uk for providing me with access
to do all this stuff, and for providing all the code necessary to make
it work in the background for you folks.
> same can apply to SA updates, AV, rules_du_jour etc.
Except for the AV updates, these are only done daily, so in the big
picture this is a negligible amount of traffic.
If you switched to a new virus scanner and its updates were very out of
date, you would run the severe risk of letting viruses into your network
just because you're too stingy to keep a few files up to date. That is
not a risk worth taking!
If they were changed to only update if, for example, "Spam Assassin =
yes" was set, it would have to be checked a lot more frequently as
otherwise your SpamAssassin would be horribly out of date for the first
day you tried to use it, which
a) would create a really bad impression of its abilities just when you
need it to work properly as you are setting it up,
b) would cause a lot more overhead on your server as these cronjobs
would need to run at least every hour, instead of once every day.
So in the long run, I just don't think it's useful. How big a percentage
of MailScanner installations do *not* use SpamAssassin? I would expect
it to be a very small number. And of that percentage, how many systems
are so tight on resources that running 1 or 2 cron jobs in the middle of
the night makes a noticeable difference to the total bandwidth or CPU
power used? A small percentage multiplied by another small percentage is
I just don't think it's worth the bother, given the nuisance it would
cause when you are trying to set things up and tune your system.
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Need help fixing or optimising your systems?
Need help getting you started solving new requirements from your boss?
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner