Created attachment 1281 [details]
patch

also bumps up some other rules to make up

0.5:

"Well, at least NJABL don't"

should be "doesn't".

other than that, it looks ok.

I strongly recommend that a 2.56 release be made for (admittedly dull) SA 
admins. Just a thought

Subject: Re: [SAdev]  need to drop Osirusoft rules ASAP


A note somewhere that Osirusoft rules are removed because of their having to
(hopefully temporarily!) shut down due to a continuing spammer DDoS attack
might be a good idea - explanation to previous users of said rules.

      -Allen

+1 get rid of em (hope the GA won't moan too much) 

ok, applied (with Theo's doco fix).  Allen -- I'd prefer to avoid adding more
text to the doco as there's already too much for users to wade through, and the
reason why they disappeared is already big news pretty much everywhere.

Subject: Re: [SAdev]  need to drop Osirusoft rules ASAP

> A note somewhere that Osirusoft rules are removed because of their having to
> (hopefully temporarily!) shut down due to a continuing spammer DDoS attack
> might be a good idea - explanation to previous users of said rules.

Why do the rules need to be dropped?  If the servers are down due to a DDoS,
wouldn't the rule just time-out and not get weighted?

I can see how this would affect the GA weightings (i.e. when one rule
becomes ineffective, all the others need to be adjusted), but wouldn't
it be better to adjust the GA slightly and keep the rules in so they
become active again when the rules return?

My worry is that dropping the rule because of a successful DDoS is
akin to giving in to the demands of terrorists.  It will just show them
that the attack works and is a viable weapon that may be pointed towards
other services.

Is there harm in leaving the rules in place so they become active again
when the attack ends?

                                          Brian
                                 ( bcwhite@precidia.com )

-------------------------------------------------------------------------------
     Differences are good.  If two people agree, one of them is redundant.

Reason to remove the rules: 
| NSXDavid writes "Earlier today our site mysteriously ended up on Joe Jared's 
| Osirusoft SPAM blacklist which is used by lots of antispam software (like 
| SpamAssassin and sendmail). Since he is currently under a serious DDoS 
| attack, there was no way to appeal this decision. We contacted Mr. Jared by 
| phone who informed us that 'everyone needs to stop using Osirusoft and that 
| he's going to be shutting the service down.' Then he says he's going to 
| blacklist 'the world' (aka, ban *.*.*.*) to get his point across. Later on 
| this evening, he apparently went ahead and did just that. Succumbing to 
| lawsuits and DDoS, a once great blacklist is dead. SpamAssassin is removing 
| it from their config in the next release (rc3) and email admins around the 
| globe are reconfiguring their mail servers."  
Source: http://slashdot.org/article.pl?sid=03/08/27/0214238 

Subject: Re: [SAdev]  need to drop Osirusoft rules ASAP 


>Why do the rules need to be dropped?  If the servers are down due to a DDoS,
>wouldn't the rule just time-out and not get weighted?

They're not.  The servers are returning a match for every IP queried.

Most people aren't seeing this because of the DDOS, but if that lets
up, it'll be a lot more visible.

--j.

*** Bug 2373 has been marked as a duplicate of this bug. ***

*** Bug 2378 has been marked as a duplicate of this bug. ***