Bug#1106669: spamassassin: please update the Validity rules to have zero scores

Wed, 18 Jun 2025 15:21:44 -0700 

On 2025-06-19 02:11:54 +0530, Pirate Praveen wrote:
> On Tue, 27 May 2025 17:24:20 +0200 Vincent Lefevre <vinc...@vinc17.net>
> wrote:
> > Package: spamassassin
> > Version: 4.0.1-1~deb12u1
> > Severity: important
> > 
> > There is now a low limit on the Validity requests. This yields
> > 
> >   RCVD_IN_VALIDITY_CERTIFIED_BLOCKED
> >   RCVD_IN_VALIDITY_RPBL_BLOCKED
> >   RCVD_IN_VALIDITY_SAFE_BLOCKED
> > 
> > even on personal servers. To solve this issue, upstream has changed
> > the Validity rules to have zero scores:
> > 
> >   https://lists.apache.org/thread/75rhgh5cmx5bcv0thsqwq1pkw80f90cn

One issue is actually that
/var/lib/spamassassin/4.000001/updates_spamassassin_org/72_scores.cf
still has

score RCVD_IN_VALIDITY_CERTIFIED_BLOCKED    0.001 0.001 0.001 0.001
score RCVD_IN_VALIDITY_RPBL_BLOCKED         0.001 0.001 0.001 0.001
score RCVD_IN_VALIDITY_SAFE_BLOCKED         0.001 0.001 0.001 0.001

instead of 0. But according to

  https://lists.apache.org/thread/x7ogqx8jxymlrwzwrzb74fs1bz8f80c7

this just hides the problem and does not stop the queries.

> This actually allows many spam mails to pass through the filter, so
> I think the severity should be bumped.
> 
> X-Spam-Flag: NO
> X-Spam-Score: 4.082
> X-Spam-Level: ****
> X-Spam-Status: No, score=4.082 tagged_above=2 required=5
>  tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1,
>  DMARC_REJECT=1.797, HEADER_FROM_DIFFERENT_DOMAINS=1, HTML_MESSAGE=0.001,
>  MIME_HTML_ONLY=0.1, PDS_BRAND_SUBJ_NAKED_TO=1, RCVD_IN_MSPIKE_H2=-1,
>  RCVD_IN_VALIDITY_CERTIFIED=-3, RCVD_IN_VALIDITY_RPBL=1.284,
>  RCVD_IN_VALIDITY_SAFE=-2, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
>  URIBL_DBL_PHISH=2.5, URIBL_DBL_SPAM=2.5] autolearn=no autolearn_force=no

This might be a different issue as
/var/lib/spamassassin/4.000001/updates_spamassassin_org/50_scores.cf
currently has

score RCVD_IN_VALIDITY_CERTIFIED 0
score RCVD_IN_VALIDITY_SAFE 0
score RCVD_IN_VALIDITY_RPBL 0

-- 
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)

Reply via email to