From announce-return-33-archive-asf-public=cust-asf.ponee.io@spamassassin.apache.org Thu Dec 12 11:12:23 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 6A0B118061A for ; Thu, 12 Dec 2019 12:12:23 +0100 (CET) Received: (qmail 52202 invoked by uid 500); 12 Dec 2019 11:12:20 -0000 Mailing-List: contact announce-help@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list announce@spamassassin.apache.org Delivered-To: moderator for announce@spamassassin.apache.org Received: (qmail 31368 invoked by uid 99); 12 Dec 2019 11:04:24 -0000 From: "Kevin A. McGrail" Subject: ANNOUNCE: Apache SpamAssassin 3.4.3 available Reply-To: SpamAssassin Devel List To: "kmcgrail@apache.org" Openpgp: preference=signencrypt Autocrypt: addr=kmcgrail@apache.org; keydata= mQINBE+34qcBEACsnW9Az3vjJmDCe4tcfzTqsLPoxCauAi2dj2yZJna1OE/Vyga4e2xqrxdH fCTdIkrAor8U0dHBOtauSIFAzZEyHnyZezQS7FjSpK/u11s6w9+UL9Ut+8b/QtbxtF43MgCQ a2O3q3A8kX9IqKJsUB9Re981Z8rlHfyS8MybXggYgtDZ3vvag5Y9BZ1ydqTU8CaIbvxttuev Y4pmH/u3d0ZG/DvOUwhze7n28tB7YtQp2xDq68uZuRz27fZm4hFQHYqGyaEW5jkhDOdMc4zZ A52ZJRs/RBoluaqoK1fdXqQhjBuBwj4R4619DL8A4rMcqsbLulbZGki1nW8XmTV5YrwuGk0v oHt/e4kfFrDSM/h8xQGacvYQmTD0cxF7OCh4PBqfyGys4k2ffOrmYlXRGXJKVUneruMqPQDc umV4TXx+h+mLHZ7i2mGsDhemI+V1ionB73t2jr1ApClP7CIa9/2H46IqMGpCcYe56b/+7YGk p3wtzUK4Kd4xaKb7GWB6gaZqrnTCJTXy/iTLVSN+0Q8hubNteggig3u8EG1dC6F6g2gIZXsN 6BdpxSewedoIs3n2xz/RseAbbc9RunspbwGODzwqxzGJy/lxhCyWtSWtrf8JaTpSySSxENws 8ThRW/gCDu3UuTye5EBXV4+3IWlnkppsCOKE4RmPbr+F4+85cwARAQABtDlLZXZpbiBBLiBN Y0dyYWlsIChDT0RFIFNJR05JTkcgS0VZKSA8a21jZ3JhaWxAYXBhY2hlLm9yZz6JAjEEEwEC ABsCGwMCHgECF4AFAk+35XwFCwkIBwMFFQoJCAsACgkQIU39jEx16gWeGw/8Dz75yivbiSMQ lNxuCDJ+FTu615bBThcSuiCQpPD7o2zyrwxRYHWBW2aGJO9+JG7kOmjcK4mWTKzfVbjmGRLK BHZtgkLh5sRRzhIALVUM+7wo+5+GDAo9Xabwm696hoHK2jyFkjvhsXgwoPA/HwqpxeMaZn3C vNkbHYZRJw2IbeD08cA8VxQ0GTDvaV7WltTfh+dYSvEXJBaCW+Z6Q9Wbb6KXKsZhU6Su8An5 pFx+RHZ64xpNQFdIP1WHcG/B9Sf8C6IB46H3nT7N+AiCYb1taO5SmMGZ2hpH5JmaMo7UkPGF Rdb8/BKf57q6DXlUhxLw4ESrNgqigSnXg8FtNrGRAWhKp16p8rKZ5t/K3l3/n5s9/OQe1FO9 EpBdVcss8+CXbNLi83wpiG6XSjJlCf8+40bS3TWJvwW+h4OIEZ/Qs+pm27/v+K2Hl+TX7m1A CRZIN0dKb4qlH/4C2B1I8vWXHSb/ltoTEDFL7QNa02p7gRyK1JmM7jUFmi62URZbg0d542QX Rkxy1NfYQS8+KZ/gZDOGZ6kampFCDq1EN8fBDDXCVhsWb1giYKLISMRb9xTgUsdW2jH8exJo HS4nalFUCQwApsDTR7vrq0vjZhaTRJfbMOabSm65Q7LLbLpM7XU0da8nFAB2YsZAuNFNkZjr IyK9Ygrfd/jWj/hzAqTG68q5Ag0ET7fipwEQANk8YVZWdMVW2EFvLLoYeW8Mf3MG1mvm9BcM D36H8RjkG3hsbgpQ8wacQBlRKZdvgIpcxyUlOEJ1VFpMHdr/geq5J8n1pM45iGCCedik4QHn QzA/qNm1laSMW7QdFMBH4Y4Wc9qP+xPz5BdNWx1Z0VkYS6MtBqvzMe2VkMKMs0iG06omnaOg uUxNu78kR4rQFjo1+3hgJsYSJrMk1J5iO/UN9Zt17UlVw+MZmkvkLhOyN85WPIHaHh0TBwP5 5hS2SATP1Cgw7oeSD9Hxv79yWY17lQspBnNaj6uNub5TbqzsjR7nWDaQH/RaRqj3qMhNT3le OD03ygabiEcEMOZ4sTj161T3a8KpaQTZzCalIONa5+tCr6mYrDUlChRiQltj8qPpkezLydoP I9vCyQpPQJtgf31vq+EADum2Hohfasc3QYDnRXAJ31b0CmB577jH8tjUQGMgxRz3aS2VWVc0 0lV8SlV8Ki78pzUOOob6JPPMmcH3y3JasGnI8IDudlugRIdDGrB5AA1J2ustfZ7BInlJNBfk ASR2L7i0HUnmz/hWX1Wpg1tUX24ApYL9rD+4pobAR47e5UGTn9jQBVyjGQbLIE/OKMFx0TzT WBR5OQnETrS/nO9qem6rtyPJMVx0qaT1j1qwEOz8PUP667QYQyLHkrclh4Nb9s91/DdRXtTf ABEBAAGJAh8EGAECAAkFAk+34qcCGwwACgkQIU39jEx16gV2Ag/9HxRm81h1DZoBc8OFqV0W KiPJOlPtl+LLgIR3BZxio2zlt+FaDqp6slgOdBp1AY4mdQfP7aBUeEbb6ebvbNJeq00XKUS6 bJxlr92AQoHHV8htNj2CUev0gl99Sj5GcLSpI8fFa8D9H9XSOEJNFLS7E0hW2V00hY3i0E1+ 43/h/+cVxDRXY57EEO0HSR8BFWBboEZRsA5PjNv2varyZmiF6etsgSoovaDx+2oY8F9Q0aeZ X3XzJ+iahCykCWyXmoppjEDtU1gIyylWkWXk30VDFVCJopnUeNZhFH8/By3iE3gxFmpamhXU QRNNQXo+/hNu3LvQWcakvVgSwOgjC8BFCoCjB2bfDXPkFMwHbyVxdKInKHSsK9gvPGFU/bOp KKx9JgY4b5fkLEvsrGV0OkpqqLVnmq2By4r8bRglv75lCcX++JEZfewBRSKsMovOFF+bmt8w 9+MGL4mompGZx+ZOuYjhZ+kj4iav4FsyCyu172ZDY9Mt8dHLiUP9uaubISMo9h7jpkIyOOFQ nFrM+WsPNdJ8Fz7uIHkHCuF/P9ws+kerxxbw6CRhbIPyVnwUOCycpBVPmEHSuUiGyytTWH94 9ehyVD5oE5mZ4tyECv+WjD8gxdiiHHxDjojxv2JpXWRupWQ/VxqBLdHrz3ZJvEuy1km0bWUV P40bwka7KRU7ncc= Message-ID: <056145b2-b908-c811-9af1-ecea2571c5c3@apache.org> Date: Thu, 12 Dec 2019 06:04:26 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------C196C8B3281AB9CC37BD341B" Content-Language: en-US --------------C196C8B3281AB9CC37BD341B Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On behalf of the Apache SpamAssassin Project, I am proud to share the release notes for Apache SpamAssassin v3.4.3. -KAM Release Notes -- Apache SpamAssassin -- Version 3.4.3 Introduction ------------ Apache SpamAssassin 3.4.3 contains numerous tweaks and bug fixes as we prepare to move to version 4.0.0 with better, native UTF-8 handling. There are a number of functional patches, improvements as well as security reasons to upgrade to 3.4.3. In this release, there are bug fixes for two CVEs. *** On March 1, 2020, we will stop publishing rulesets with SHA-1 signatures. If you do not update to 3.4.2 or later, you will be stuck at the last ruleset with SHA-1 signatures. *** Many thanks to the committers, contributors, rule testers, mass checkers, and code testers who have made this release possible. Happy Birthday -------------- Apache SpamAssassin turned 18 on September 5th, 2019. Now in its 18th year, 15 of which as an Apache project, SpamAssassin is the world's most popular email anti-spam platform. Apache SpamAssassin can be used on a wide variety of email systems including Postfix, procmail, qmail, sendmail, and more. It serves as the spam-filtering and detection solution for numerous ISPs and hosting providers, and is integrated in commercial software including Plesk, cPanel, Vesta Control Panel, and many others. SpamAssassin was originally created by Justin Mason, who had maintained a number of patches against an earlier program named filter.plx by Mark Jeftovic, which began in August 1997. Mason rewrote all of Jeftovic's code from scratch and uploaded the resulting codebase to SourceForge on April 20, 2001. SpamAssassin entered the Apache Incubator in December 2003 and graduated as an Apache Top-Level Project in June 2004. Notable features: ================= New plugins ----------- There is 1 new plugin added with this release: # OLEVBMacro - Detects both OLE macros and VB code inside Office documents # # It tries to discern between safe and malicious code but due to the threat # macros present to security, many places block these type of documents # outright. # # For this plugin to work, Archive::Zip and IO::String modules are required. # loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro This plugin is disabled by default. To enable, uncomment the loadplugin configuration options in file v343.pre, or add it to some local .pre file such as local.pre. Notable changes --------------- Safer and faster scanning of large emails using body_part_scan_size and rawbody_part_scan_size settings. New tflag "nosubject" for 'body' rules, to stop matching the Subject header which is part of the body text. Two CVE security bug fixes are included in this release: CVE-2019-12420 for Multipart Denial of Service Vulnerability CVE-2018-11805 for nefarious CF files can be configured to run system commands without any output or errors. Security updates include deprecation of the unsafe sa-update '--allowplugins' option, which now prints a warning that '--reallyallowplugins' is required to use it. New configuration options ------------------------- A new subjprefix keyword used to add a prefix to the subject of the email if a rule is matched. A new template tag _SUBJPREFIX_ that maps to the subject prefix that has been added by the subjprefix keyword. A new template tag _SUBTESTSCOLLAPSED(,)_ that maps to subtests that hits with duplicated rules collapsed. A config option rbl_headers has been added to DNSEval plugin, this option is used to specify in which headers check_rbl_headers should check for content used to query the specified rbl. A new check_rbl_ns_from function has been added to check the dns server of the from addrs domain name against a specific rbl. A new check_rbl_rcvd function has been added to check all received headers domains or ip addresses against a specific rbl. New options has been added to check_hashbl_emails function has been added; it is now possible to specify in which headers the function should check for content used to query the specified rbl and an acl to filter the email addresses the rule should apply. A new check_hashbl_bodyre function has been added, it is now possible to search body for matching regexp and query the string captured against the specified rbl. A new check_hashbl_uris function has been added, it is now possible to match uris in email's body and query the uris against the specified rbl. Notable Internal changes ------------------------ None noted. Other updates ------------- None noted. Optimizations ------------- None noted. Downloading and availability ---------------------------- Downloads are available from: https://spamassassin.apache.org/downloads.cgi sha256sum of archive files: a5b8fde50e468be8b36b90f5c39b19dfea947d6184a06cbf6dd16bf97265008d Mail-SpamAssassin-3.4.3.tar.bz2 bb3adac71b2a5b69d584ee9843460f61c62da0bb7441c4007cc741b404ad27b8 Mail-SpamAssassin-3.4.3.tar.gz 3f4e55e8b4f2420c6d0b30850acd6cfb8808c7e559e0a9168b93950ca5289e86 Mail-SpamAssassin-3.4.3.zip d4804c19c5ee2065443fa09e3940462daa48481dfa9d4a1d95e2683d75c7c7d9 Mail-SpamAssassin-rules-3.4.3.r1871124.tgz sha512sum of archive files: 4d50b30a42d318c3a4c868b4940d1f56c329cc501270df12e1a369dd7de670c30f328a5fbc37dbd3b0d06538b9500085e920939c62de80ad6d8740bc47162cb0 Mail-SpamAssassin-3.4.3.tar.bz2 d2fd657d3c20273b0c06cb1da083d757d3f2a7f60c7ed6e6ad8f98e6df33c9c5f3824f0531abf5dbc32b0dde22979d7d671231fa2ef0d8b073ea6804c5de0c3a Mail-SpamAssassin-3.4.3.tar.gz 608d8db07e08475e8eba42584fbff95210539e34fdfdc62cc8112d8aa42e88a7537be5bc1c624d5dd9aadce717c459407e64f1b56592ac743051d2c31e817d14 Mail-SpamAssassin-3.4.3.zip 2089bd97798c64fec8dea127cc12fbd9d9647bfe42c056a7674c7e9f85bb9e29ad73f741317ec74824016192736d57f16f70ff9bfd1eac0a8de747e417e3175f Mail-SpamAssassin-rules-3.4.3.r1871124.tgz Note that the *-rules-*.tgz files are only necessary if you cannot, or do not wish to, run "sa-update" after install to download the latest fresh rules. See the INSTALL and UPGRADE files in the distribution for important installation notes. GPG Verification Procedure -------------------------- The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as https://www.apache.org/dist/spamassassin/KEYS The following key is used to sign releases after, and including SA 3.3.0: pub 4096R/F7D39814 2009-12-02 Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814 uid SpamAssassin Project Management Committee uid SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) sub 4096R/7B3265A5 2009-12-02 The following key is used to sign rule updates: pub 4096R/5244EC45 2005-12-20 Key fingerprint = 5E54 1DC9 59CB 8BAC 7C78 DFDC 4056 A61A 5244 EC45 uid updates.spamassassin.org Signing Key sub 4096R/24F434CE 2005-12-20 To verify a release file, download the file with the accompanying .asc file and run the following commands: gpg --verbose --keyserver wwwkeys.pgp.net --recv-key F7D39814 gpg --verify Mail-SpamAssassin-3.4.3.tar.bz2.asc gpg --fingerprint F7D39814 Then verify that the key matches the signature. Note that older versions of gnupg may not be able to complete the steps above. Specifically, GnuPG v1.0.6, 1.0.7 & 1.2.6 failed while v1.4.11 worked flawlessly. See https://www.apache.org/info/verification.html for more information on verifying Apache releases. About Apache SpamAssassin ------------------------- Apache SpamAssassin is a mature, widely-deployed open source project that serves as a mail filter to identify spam. SpamAssassin uses a variety of mechanisms including mail header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. In addition, Apache SpamAssassin has a modular architecture that allows other technologies to be quickly incorporated as an addition or as a replacement for existing methods. Apache SpamAssassin typically runs on a server, classifies and labels spam before it reaches your mailbox, while allowing other components of a mail system to act on its results. Most of the Apache SpamAssassin is written in Perl, with heavily traversed code paths carefully optimized. Benefits are portability, robustness and facilitated maintenance. It can run on a wide variety of POSIX platforms. The server and the Perl library feels at home on Unix and Linux platforms and reportedly also works on MS Windows systems under ActivePerl. For more information, visit https://spamassassin.apache.org/ About The Apache Software Foundation ------------------------------------ Established in 1999, The Apache Software Foundation provides organizational, legal, and financial support for more than 100 freely-available, collaboratively-developed Open Source projects. The pragmatic Apache License enables individual and commercial users to easily deploy Apache software; the Foundation's intellectual property framework limits the legal exposure of its 2,500+ contributors. For more information, visit https://www.apache.org/ ## -- Kevin A. McGrail KMcGrail@Apache.org Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 --------------C196C8B3281AB9CC37BD341B Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit 
On behalf of the Apache SpamAssassin Project, I am proud to share the release notes for Apache SpamAssassin v3.4.3. -KAM

Release Notes -- Apache SpamAssassin -- Version 3.4.3

Introduction
------------

Apache SpamAssassin 3.4.3 contains numerous tweaks and bug fixes as we
prepare to move to version 4.0.0 with better, native UTF-8 handling.

There are a number of functional patches, improvements as well as security
reasons to upgrade to 3.4.3.  In this release, there are bug fixes for two
CVEs.

*** On March 1, 2020, we will stop publishing rulesets with SHA-1 signatures.
    If you do not update to 3.4.2 or later, you will be stuck at the last
    ruleset with SHA-1 signatures. ***

Many thanks to the committers, contributors, rule testers, mass checkers,
and code testers who have made this release possible.

Happy Birthday
--------------
Apache SpamAssassin turned 18 on September 5th, 2019.

Now in its 18th year, 15 of which as an Apache project, SpamAssassin is the
world's most popular email anti-spam platform. Apache SpamAssassin can be
used on a wide variety of email systems including Postfix, procmail, qmail,
sendmail, and more.

It serves as the spam-filtering and detection solution for numerous ISPs and
hosting providers, and is integrated in commercial software including Plesk,
cPanel, Vesta Control Panel, and many others.

SpamAssassin was originally created by Justin Mason, who had maintained a
number of patches against an earlier program named filter.plx by Mark
Jeftovic, which began in August 1997. Mason rewrote all of Jeftovic's code
from scratch and uploaded the resulting codebase to SourceForge on April 20,
2001. SpamAssassin entered the Apache Incubator in December 2003 and
graduated as an Apache Top-Level Project in June 2004.

Notable features:
=================

New plugins
-----------
There is 1 new plugin added with this release:

# OLEVBMacro - Detects both OLE macros and VB code inside Office documents
#
# It tries to discern between safe and malicious code but due to the threat
# macros present to security, many places block these type of documents
# outright.
#
# For this plugin to work, Archive::Zip and IO::String modules are required.
# loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro


This plugin is disabled by default. To enable, uncomment the loadplugin
configuration options in file v343.pre, or add it to some local .pre file
such as local.pre.

Notable changes
---------------

Safer and faster scanning of large emails using body_part_scan_size and
rawbody_part_scan_size settings.

New tflag "nosubject" for 'body' rules, to stop matching the Subject header
which is part of the body text.

Two CVE security bug fixes are included in this release:

  CVE-2019-12420 for Multipart Denial of Service Vulnerability

  CVE-2018-11805 for nefarious CF files can be configured to
  run system commands without any output or errors.

Security updates include deprecation of the unsafe sa-update '--allowplugins'
option, which now prints a warning that '--reallyallowplugins' is required
to use it.

New configuration options
-------------------------

A new subjprefix keyword used to add a prefix to the subject of the
email if a rule is matched.

A new template tag _SUBJPREFIX_ that maps to the subject prefix that
has been added by the subjprefix keyword.

A new template tag _SUBTESTSCOLLAPSED(,)_ that maps to subtests that
hits with duplicated rules collapsed.

A config option rbl_headers has been added to DNSEval plugin,
this option is used to specify in which headers check_rbl_headers
should check for content used to query the specified rbl.

A new check_rbl_ns_from function has been added to check
the dns server of the from addrs domain name against a specific rbl.

A new check_rbl_rcvd function has been added to check
all received headers domains or ip addresses against a
specific rbl.

New options has been added to check_hashbl_emails function
has been added; it is now possible to specify in which headers
the function should check for content used to query the
specified rbl and an acl to filter the email addresses the rule
should apply.

A new check_hashbl_bodyre function has been added, it is now possible
to search body for matching regexp and query the string captured
against the specified rbl.

A new check_hashbl_uris function has been added, it is now possible
to match uris in email's body and query the uris against the
specified rbl.

Notable Internal changes
------------------------

None noted.

Other updates
-------------

None noted.

Optimizations
-------------

None noted.


Downloading and availability
----------------------------

Downloads are available from:

https://spamassassin.apache.org/downloads.cgi

sha256sum of archive files:

  a5b8fde50e468be8b36b90f5c39b19dfea947d6184a06cbf6dd16bf97265008d  Mail-SpamAssassin-3.4.3.tar.bz2
  bb3adac71b2a5b69d584ee9843460f61c62da0bb7441c4007cc741b404ad27b8  Mail-SpamAssassin-3.4.3.tar.gz
  3f4e55e8b4f2420c6d0b30850acd6cfb8808c7e559e0a9168b93950ca5289e86  Mail-SpamAssassin-3.4.3.zip
  d4804c19c5ee2065443fa09e3940462daa48481dfa9d4a1d95e2683d75c7c7d9  Mail-SpamAssassin-rules-3.4.3.r1871124.tgz

sha512sum of archive files:

  4d50b30a42d318c3a4c868b4940d1f56c329cc501270df12e1a369dd7de670c30f328a5fbc37dbd3b0d06538b9500085e920939c62de80ad6d8740bc47162cb0  Mail-SpamAssassin-3.4.3.tar.bz2
  d2fd657d3c20273b0c06cb1da083d757d3f2a7f60c7ed6e6ad8f98e6df33c9c5f3824f0531abf5dbc32b0dde22979d7d671231fa2ef0d8b073ea6804c5de0c3a  Mail-SpamAssassin-3.4.3.tar.gz
  608d8db07e08475e8eba42584fbff95210539e34fdfdc62cc8112d8aa42e88a7537be5bc1c624d5dd9aadce717c459407e64f1b56592ac743051d2c31e817d14  Mail-SpamAssassin-3.4.3.zip
  2089bd97798c64fec8dea127cc12fbd9d9647bfe42c056a7674c7e9f85bb9e29ad73f741317ec74824016192736d57f16f70ff9bfd1eac0a8de747e417e3175f  Mail-SpamAssassin-rules-3.4.3.r1871124.tgz

Note that the *-rules-*.tgz files are only necessary if you cannot,
or do not wish to, run "sa-update" after install to download the latest
fresh rules.

See the INSTALL and UPGRADE files in the distribution for important
installation notes.


GPG Verification Procedure
--------------------------
The release files also have a .asc accompanying them.  The file serves
as an external GPG signature for the given release file.  The signing
key is available via the wwwkeys.pgp.net key server, as well as
https://www.apache.org/dist/spamassassin/KEYS



The following key is used to sign releases after, and including SA 3.3.0:

pub   4096R/F7D39814 2009-12-02
      Key fingerprint = D809 9BC7 9E17 D7E4 9BC2  1E31 FDE5 2F40 F7D3 9814
uid                  SpamAssassin Project Management Committee <private@spamassassin.apache.org>
uid                  SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) <dev@spamassassin.apache.org>
sub   4096R/7B3265A5 2009-12-02

The following key is used to sign rule updates:

pub   4096R/5244EC45 2005-12-20
      Key fingerprint = 5E54 1DC9 59CB 8BAC 7C78  DFDC 4056 A61A 5244 EC45
uid                  updates.spamassassin.org Signing Key <release@spamassassin.org>
sub   4096R/24F434CE 2005-12-20

To verify a release file, download the file with the accompanying .asc
file and run the following commands:

  gpg --verbose --keyserver wwwkeys.pgp.net --recv-key F7D39814
  gpg --verify Mail-SpamAssassin-3.4.3.tar.bz2.asc
  gpg --fingerprint F7D39814

Then verify that the key matches the signature.

Note that older versions of gnupg may not be able to complete the steps
above. Specifically, GnuPG v1.0.6, 1.0.7 & 1.2.6 failed while v1.4.11
worked flawlessly.

See https://www.apache.org/info/verification.html for more information
on verifying Apache releases.


About Apache SpamAssassin
-------------------------

Apache SpamAssassin is a mature, widely-deployed open source project
that serves as a mail filter to identify spam. SpamAssassin uses a
variety of mechanisms including mail header and text analysis, Bayesian
filtering, DNS blocklists, and collaborative filtering databases. In
addition, Apache SpamAssassin has a modular architecture that allows
other technologies to be quickly incorporated as an addition or as a
replacement for existing methods.

Apache SpamAssassin typically runs on a server, classifies and labels
spam before it reaches your mailbox, while allowing other components of
a mail system to act on its results.

Most of the Apache SpamAssassin is written in Perl, with heavily
traversed code paths carefully optimized. Benefits are portability,
robustness and facilitated maintenance. It can run on a wide variety of
POSIX platforms.

The server and the Perl library feels at home on Unix and Linux platforms
and reportedly also works on MS Windows systems under ActivePerl.

For more information, visit https://spamassassin.apache.org/


About The Apache Software Foundation
------------------------------------

Established in 1999, The Apache Software Foundation provides
organizational, legal, and financial support for more than 100
freely-available, collaboratively-developed Open Source projects. The
pragmatic Apache License enables individual and commercial users to
easily deploy Apache software; the Foundation's intellectual property
framework limits the legal exposure of its 2,500+ contributors.

For more information, visit https://www.apache.org/

##

-- 
Kevin A. McGrail
KMcGrail@Apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
--------------C196C8B3281AB9CC37BD341B--