Thanks Bill. No worries, i did not use GitHub. The only reason I posted that link was to proof that Harald guy wrong who claimed there was no RCVD_IN_RP_CERTIFIED rule.
The reason to stick with 3.4.4 is simple: Ubuntu 20.04.06 LTS has not upgraded to 4.0.0. Since I'd like to stick with the distribution, the migration path will rather be to a newer Ubuntu LTS than to manually update SA to 4.0.0. It's one of this trade-off situations. And since I only run a small installation and all the anti-spam measures are working great (even with the old version and rules - the postfix checks and the RBLs do such a great job that SA doesn't get too much todo), there is no instant need to upgrade. However, I was not aware the 4.x rules are backward compatible (with some exceptions as I learned from this list). I run sa-update and it worked. It's a bit confusing that SA 3.4.4 is creating a 3.004004 directory (obv. it's taking its application version by default) to store the 4.x rules. I run a short diff against github to validate the rules are the same. -----Ursprüngliche Nachricht----- Von: Bill Cole [mailto:sausers-20150...@billmail.scconsult.com] Gesendet: Freitag, 7. Juni 2024 23:28 An: users@spamassassin.apache.org Betreff: Re: RCVD_IN_RP_CERTIFIED always -3 On 2024-06-06 at 12:08:54 UTC-0400 (Thu, 6 Jun 2024 18:08:54 +0200) <hostmas...@audiogen.ch> is rumored to have said: > Thanks for your answer Harald. > > Regarding "there is no such configuration option in SpamAssassin": The conf snipplet I posted below comes from the repository, however it's an older version, which still is supported by Ubuntu 20.04.06 LTS and can be installed from their related archive (at least my rules where last updated in March 23). > https://github.com/apache/spamassassin/blob/spamassassin_release_3_4_4/trunk -only/rules/20_dnsbl_tests.cf (the same is used up to 3.4.6) Note that the Github repository is a courtesy replica for people who don't want to learn Subversion, and it is NOT authoritative. We do not support using Github to install SpamAssassin in any way. You can try it but you're on your own. As for grabbing rules from ancient history in Github, that is just a recipe for disaster. The rules are updated daily and packaged for distribution directly from the ASF and our SA-only mirrors using sa-update. Rules change for many different reasons, including changes in how 3rd-party data providers like Validity (formerly ReturnPath) operate. > I should have written I'm on an older Ubuntu, might have helped to avoid confusion. If Ubuntu told you to update rules from Github, you should consider a better distro... (I strongly doubt that they did...) > Regarding the SpamAssassin 4.x rules - are they backward compatible to 3.4.4? Yes. As well-documented in the SpamAssassin documentation, the correct way to keep your rules and their scores up-to-date is to run the sa-update tool daily. It is part of the distribution. Rules in the standard "updates.spamassassin.org" channel are maintained to be backwards compatible, with rules that use newer features being tested for availability before load. HOWEVER: Running 3.4.4 is a bad idea. Unless it has extensive backports of patches from more modern versions, it is going to miss a lot of spam and run very inefficiently. This is especially true if you use rulesets from that era, which have known (and fixed in trunk) runaway problems and obsolete DNSBL configs. There may also be a problem running sa-update from 3.4.4 because we have abandoned SHA1 signatures. I'm not sure if 3.4.4 included the changes that switch to more secure hashes. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
