On 2024-06-06 at 12:08:54 UTC-0400 (Thu, 6 Jun 2024 18:08:54 +0200) <hostmas...@audiogen.ch> is rumored to have said:
> Thanks for your answer Harald. > > Regarding "there is no such configuration option in SpamAssassin": The conf > snipplet I posted below comes from the repository, however it's an older > version, which still is supported by Ubuntu 20.04.06 LTS and can be installed > from their related archive (at least my rules where last updated in March 23). > https://github.com/apache/spamassassin/blob/spamassassin_release_3_4_4/trunk-only/rules/20_dnsbl_tests.cf > (the same is used up to 3.4.6) Note that the Github repository is a courtesy replica for people who don't want to learn Subversion, and it is NOT authoritative. We do not support using Github to install SpamAssassin in any way. You can try it but you're on your own. As for grabbing rules from ancient history in Github, that is just a recipe for disaster. The rules are updated daily and packaged for distribution directly from the ASF and our SA-only mirrors using sa-update. Rules change for many different reasons, including changes in how 3rd-party data providers like Validity (formerly ReturnPath) operate. > I should have written I'm on an older Ubuntu, might have helped to avoid > confusion. If Ubuntu told you to update rules from Github, you should consider a better distro... (I strongly doubt that they did...) > Regarding the SpamAssassin 4.x rules - are they backward compatible to 3.4.4? Yes. As well-documented in the SpamAssassin documentation, the correct way to keep your rules and their scores up-to-date is to run the sa-update tool daily. It is part of the distribution. Rules in the standard "updates.spamassassin.org" channel are maintained to be backwards compatible, with rules that use newer features being tested for availability before load. HOWEVER: Running 3.4.4 is a bad idea. Unless it has extensive backports of patches from more modern versions, it is going to miss a lot of spam and run very inefficiently. This is especially true if you use rulesets from that era, which have known (and fixed in trunk) runaway problems and obsolete DNSBL configs. There may also be a problem running sa-update from 3.4.4 because we have abandoned SHA1 signatures. I'm not sure if 3.4.4 included the changes that switch to more secure hashes. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
