On 2023-10-21 16:34:11 +0200 (+0200), Andreas Metzler wrote: > You seem to be looking at old packages, perhaps oldstable? > exim4-daemon-heavy in Debian 12 (bookworm) is linked against libspf2 > and the default configuration has hooks to enable SPF lookups via > libsp2, not spf-tools-perl.
Thanks, I missed that exim4-daemon-heavy has a dep on libspf2-2 as of bookworm (though exim4-base still suggests spf-tools-perl even in sid). It looks like the current Ubuntu LTS (2022.04) pre-dates this change in Debian, so Ubuntu LTS users are mostly shielded from the presumed risk for now, but you're right the concern is greater in Debian due to the recent transition. -- Jeremy Stanley
