diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 19ae6f34d9d..e39755dbdfc 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -2,13 +2,13 @@ name: Codespell
 
 on:
   push:
-    paths:
-      - 'src/**'
-      - 'test/**'
+    paths-ignore:
+      - 'm4/**'
+      - COPYING
   pull_request:
-    paths:
-      - 'src/**'
-      - 'test/**'
+    paths-ignore:
+      - 'm4/**'
+      - COPYING
 
 permissions:  # added using https://github.com/step-security/secure-workflows
   contents: read
diff --git a/Makefile b/Makefile
index 7bbdcbfd309..c04d721cf5f 100644
--- a/Makefile
+++ b/Makefile
@@ -366,12 +366,16 @@ cppcheck: clean
 scan-build: clean
 	scan-build $(MAKE)
 
+# TODO: Old codespell versions (such as v2.1.0 in CI) have issues with
+# contrib/syscalls.sh
 .PHONY: codespell
 codespell:
 	@printf 'Running %s...\n' $@
-	@codespell --ignore-regex "UE|creat|doas|ether|isplay|shotcut" \
+	@codespell --ignore-regex 'UE|als|chage|creat|doas|ether|isplay|readby|[Ss]hotcut' \
 	  -S *.gz,*.o,*.so \
-	  src test
+	  -S COPYING,m4 \
+	  -S ./contrib/syscalls.sh \
+	  .
 
 .PHONY: print-env
 print-env: