Re: spamassassin Debian package unsafe to use in stable?
Vincent Lefevre wrote:
> Is the spamassassin Debian package unsafe to use in stable?
>
> The issue is that things related to spam evolves rapidly, but
> Debian stable is... stable.
Debian stable already has the current version of SpamAssassin:
| News and Announcements
|
| 2024-03-29: Apache SpamAssassin 4.0.1 has been released!
[...]
<https://spamassassin.apache.org/news.html>
| thh@angmar:~$ apt show spamassassin
| Package: spamassassin
| Version: 4.0.1-1~deb12u1
> So its rules become obsolete, such as
> those that generate
>
> RCVD_IN_VALIDITY_CERTIFIED_BLOCKED
> RCVD_IN_VALIDITY_RPBL_BLOCKED
> RCVD_IN_VALIDITY_SAFE_BLOCKED
>
> while upstream gave them zero scores in May.
Rules are updated by the sa-update service, started e.g. by
| systemctl enable --now spamassassin-maintenance.timer
| systemctl start spamassassin-maintenance.service
Doing that, the scores are up to date:
| thh@angmar:~$ grep RCVD_IN_VALIDITY /var/lib/spamassassin/4.000001/updates_spamassassin_org/50_scores.cf
| score RCVD_IN_VALIDITY_CERTIFIED 0
| score RCVD_IN_VALIDITY_SAFE 0
| score RCVD_IN_VALIDITY_RPBL 0
| #score RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001
| #score RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001
| #score RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001
Kind regards,
-thh
Reply to: