Package: spamassassin Version: 3.2.0-2 Severity: important sa-update being started from cron.daily is probably a DoS attack against Spamassassin update servers.
Although it is not the default configuration, many users will activate automatic rule updates via sa-update with the mechanism provided in /etc/cron.daily/spamassassin in the latest Debian package, downloading new rules from Spamassassin update servers (starting from updates.spamassassin.org). cron.daily is executed at 06:25 local time on a standard Debian system, so all installations within the same timezone will hit the update servers at about the 25th minute of an hour, deviating only by the execution time of other scripts in cron.daily. This might not be noticeable during Testing, but it will wreak havoc on those servers once this version of Spamassassin enters a Stable version of Debian. The current behaviour should be changed so that the time of download of updates is spread evenly over at least one full hour for all systems in the same timezone. The time chosen for download could be either random for each execution, or it could be random but fixed per machine (in which case the time would be determined once during package configuration and then saved and reused). -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (745, 'testing'), (500, 'stable'), (367, 'unstable'), (234, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.20 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages spamassassin depends on: ii libarchive-tar-perl 1.31-1 Archive::Tar - manipulate tar file ii libdigest-sha1-perl 2.11-2 NIST SHA-1 message digest algorith ii libhtml-parser-perl 3.56-1 A collection of modules that parse ii libio-zlib-perl 1.04-1 IO:: style interface to Compress:: ii libnet-dns-perl 0.59-1 Perform DNS queries from a Perl sc ii libsocket6-perl 0.19-1 Perl extensions for IPv6 ii libsys-hostname-long-perl 1.4-1 Figure out the long (fully-qualifi ii libwww-perl 5.805-1 WWW client/server library for Perl ii perl 5.8.8-7 Larry Wall's Practical Extraction Versions of packages spamassassin recommends: ii gnupg 1.4.6-2 GNU privacy guard - a free PGP rep pn libmail-spf-query-perl <none> (no description available) pn libsys-syslog-perl <none> (no description available) pn re2c <none> (no description available) ii spamc 3.2.0-2 Client for SpamAssassin spam filte -- debconf information: * spamassassin/upgrade/2.40: spamassassin/upgrade/2.40w: * spamassassin/upgrade/cancel: Continue spamassassin/upgrade/2.42m: No * spamassassin/upgrade/2.42u: No -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
