Interesting. Well the in update data from that site is cryptographically signed and verified. Http is really fine in this case.
On Sat, Feb 15, 2025, 15:41 Giovanni Bechis <giova...@paclan.it> wrote: > On Sat, Feb 15, 2025 at 01:45:46PM -0500, Bill Cole wrote: > > On 2025-02-15 at 10:11:16 UTC-0500 (Sat, 15 Feb 2025 15:11:16 +0000) > > Ralph Corderoy <sysadmins@spamassassin.apache.org> > > is rumored to have said: > > > > > Hi Giovanni, > > > > > >>> error: unable to refresh mirrors file for channel > > >>> updates.spamassassin.org, using old file > > > ... > > >> Which version is this server running ? > > > > > > 3.4.0. > > > > An update is in order. 3.4.0 has more serious bugs than I care to > > enumerate here. If that's a "vendor branch" that has backports of key > > updates (e.g. Debian or RedHat) then it will have many of those bugs > > fixed, but if your OS is no longer getting updates, you may not have all > > of the backported fixes. > > > > 4.0.1 is quite solid. The current 'trunk' version (will-be 4.0.2) has a > > few additional fixes. > > > > > > >> Could you try to run "sa-update -D" and post the results ? > > > > > > Thanks, that was the pointer I needed. I've started poking around the > > > source too. The key thing when running ‘sa-update -D’ as root now > > > is: > > > > > > dbg: dns: 0.4.3.updates.spamassassin.org => 1923802, parsed as > > > 1923802 > > > dbg: channel: current version is 1923802, new version is 1923802, > > > skipping channel > > > > I believe that's the latest version, as of this morning. > > > > You can force a re-fetch by editing the channel's .cf file to have a > > lower serial number. > > > > > so /var/lib/spamassassin/3.004000/updates_spamassassin_org/MIRRORED.BY > > > isn't examined. Its mtime is 2025-01-29 05:23:18 +0000. > > > > That's slightly earlier than the last change in that file in the repo, > > which is 2025-01-29 13:36:52 +0000. The only change was to the record > > for sa-update.spamassassin.org. Aside from that, the file has not > > changed since 2023. > > > one of the mirrors listed in mirrors.updates.spamassassin.org has > switched to https. > A connection failure due to OpenSSL incompatible algorithms could be the > issue. > Giovanni > > > > > > > I've added -D to the sa-update run by cron so will gather more debug > > > from the overnight run which generates the error above. > > > > Note that the message above is not an indication of any error. > > > > > > > > > > -- > > Bill Cole > > b...@scconsult.com or billc...@apache.org > > (AKA @grumpybozo@toad.social and many *@billmail.scconsult.com > > addresses) > > Not Currently Available For Hire >
