Apache SpamAssassin 3.2.5 is now available! This is a maintenance
release of the 3.2.x branch.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi
The release file will also be available via CPAN in the near future.
md5sum of archive files:
695f9107b240383e48df8938f2de334e Mail-SpamAssassin-3.2.5.tar.bz2
7fdc1651d0371c4a7f95ac9ae6f828a6 Mail-SpamAssassin-3.2.5.tar.gz
663fe705e608e16fee280f7539ab9382 Mail-SpamAssassin-3.2.5.zip
sha1sum of archive files:
32b701ffc68f7975eded107c456b902bc710d8b2 Mail-SpamAssassin-3.2.5.tar.bz2
14b1f6eae0221a152176f7f597f55581445e800a Mail-SpamAssassin-3.2.5.tar.gz
b333acfdaf2289e37f72f1f1a18449645ee532d0 Mail-SpamAssassin-3.2.5.zip
The release files also have a .asc file accompanying them. The file serves as
an external GPG signature for the given release file. The signing key is
available via the wwwkeys.pgp.net key server, as well as at:
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.2.5 is a minor bug-fix release. Summary of changes:
- bug 5775: newer gpg versions require keys to be cross-certified (backsig). Did a cross-verify
on our sa-update public key and re-exported. (If you are already seeing "GPG validation failed"
errors from sa-update, see http://wiki.apache.org/spamassassin/SaUpdateKeyNotCrossCertified
.)
- bug 5899: add perl version string to the storage area for compiled rulesets, to avoid crashes
when perl is upgraded between major versions (e.g perl 5.8.x to 5.10.0) and the ABI breaks
- bug 5496, bug 5910: clear some FORGED_MUA_OUTLOOK false positives, particularly on the new-format
Message-ID generated by the Outlook Express version used in Windows XP service pack 3
- bug 5730: when using Postgres >= 8.1.0 with Bayes, this error occurs: 'WARNING: nonstandard
use of \ in a string literal at character'. fix, thanks to Tomasz Ostrowski
- bug 5769: fix 'sa-compile: eval failed: Can't find label NO' error, caused in rare circumstances
when sa-compile attempted to deal with rules written using 'replace_rules' features
- bug 5858: fix circular reference memory leak caused by some messages
- bug 5815: update 2TLD list to include .rs CCTLD
- bug 4706: remove HG_HORMOME rules due to poor performance
- bug 5835: typo in POD docs for SPF plugin; thanks to Benny Pedersen for fix
- bug 5839: a missing or failed eval rule function could mistakenly count as a rule hit, fixed
- trivial bugfix for the VBounce ruleset: __BOUNCE_FROM_DAEMON incorrectly used + instead
of *, so some From addresses were not being recognised as bounce senders
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org
For additional commands, e-mail: announce-help@spamassassin.apache.org
Apache SpamAssassin 3.2.4 is now available! This is a maintenance
release of the 3.2.x branch.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi
The release file will also be available via CPAN in the near future.
md5sum of archive files:
2081c24c8b9064f9dd220e4f41e1d299 Mail-SpamAssassin-3.2.4.tar.bz2
81ec227d4d63aba08563ee868af9fbeb Mail-SpamAssassin-3.2.4.tar.gz
a30aefb67a2db87b0fd2dac31116026c Mail-SpamAssassin-3.2.4.zip
sha1sum of archive files:
876fc328a2b6192fa0bb8d7f6926214716178417 Mail-SpamAssassin-3.2.4.tar.bz2
5c0e01831256518b27139507a4ded38e582d8649 Mail-SpamAssassin-3.2.4.tar.gz
387e5a8cd2c0602bc6b5ff9cf582d4ce367a8fc1 Mail-SpamAssassin-3.2.4.zip
The release files also have a .asc file accompanying them. The file serves as
an external GPG signature for the given release file. The signing key is
available via the wwwkeys.pgp.net key server, as well as at:
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.2.4 is a major bug-fix release, with a few minor new features. Summary of
changes:
- bug 5599: allow load distribution of SA nameserver queries across all nameservers listed
in resolv.conf, using 'dns_options rotate'. thanks to Pawel Sasin <hannibal /at/ wp-sa.pl>
- bug 5673: 'ALL' header was including spurious extra spaces between header names and values.
fix
- bug 5594: several major sa-compile fixes. major increase in overall speed; cache results
between runs to further increase speed; and fix a danger of massive memory usage
- bug 5556: fix a variety of sa-compile portability issues, and support for 5.6.x perls
- bug 5514: make 'score set for a non-existent rule' a debug message, instead of a lint warning,
since it's a very frequent FAQ
- bug 5493: sa-compile fails to correctly deal with escaped backslashes. fix
- bug 5672: remove DNS_FROM_SECURITYSAGE (DNSBL lookups against securitysage.com) due to unreliability
- bug 5476: update Bonded Sender (now Sender Score Certified) rules, and add a rule for their
strictly-confirmed-opt-in-required zone
- bug 5538: remove FORGED_MUA_AOL_FROM and FORGED_AOL_TAGS entirely; they're obsolete, given
the current capabilities of AOL mail user agents
- bug 5632: remove all completewhois.com DNSBL lookups, site seems to have disappeared without
warning
- bug 5715: allow for more than one sa-update MIRRORED.BY file host in DNS, for redundancy
- bug 5662: DKIM changes: recognize author signature and multiple signatures for whitelisting
(with Mail::DKIM 0.29); disable useless "check_dkim_signsome"; new eval rules "check_dkim_valid_author_sig"
and "check_dkim_valid" (an alias for a "check_dkim_verified" misnomer); new tags _DKIMIDENTITY_
and _DKIMDOMAIN_; updated terminology; verification speedup with Mail::DKIM 0.30 (or its pre-releases)
- bug 5696: sa-compile: cut regexp base strings at Unicode high codepoints, to avoid corruption
of patterns containing UTF-8
- bug 5637: bayes_file_mode is handled incorrectly when creating bayes.mutex, resulting in
incorrect permissions on that file; fix by Mihaly Barasz
- bug 5612: DB_File version 4.2.x has a bug that loops infinitely if files named '__db.{filename}'
are present; work around. thanks to J. Nick Koston for the report and fix
- bug 5606: too-early init_learner() call causes root's user prefs file to be read when spamd
is started; this is inappropriate. fix
- bug 4179: if allow_user_rules is 1, user rules are not unique to each user; one user's user
rules can appear in later scans for other users that are run using the same spamd process.
fix
- bug 5680: ALL_TRUSTED can fire if a trusted MSA or webmail system receives the message from
an untrusted X-Originating-IP: header. fix
- bug 5626: in the 'spamassassin' script, install a signal handler for SIGHUP, SIGINT, SIGTERM
and SIGPIPE to ensure that temporary files are removed
- bug 5557: some temporary files are left not cleaned up on Windows; fix
- bug 5661: speed up Bayes SQL queries by allowing the use of indexes when expiring
- bug 5611: support 'spamd --nouser-config -u username', which setuids to 'username' but does
not read user_prefs files from anywhere
- bug 5665: spamd may fail to notice that a child has completed exiting, and keeps in the
child list in state 'K', eventually filling up the child list with 'ghost' children. fix
- bug 5735: spamc should allow retry_sleep 0
- bug 5728: spamd: require -u with --sql-config or --ldap-config
- bug 5682: remove FH_HOST_ALMOST_IP, FH_HOST_EQ_D_D_D_D, due to false positives and redundancy
with RDNS_DYNAMIC; remove FH_HOST_EQ_D_D_D_DB due to no hits
- bug 5681: look up IP addresses found in 'X-Yahoo-Post-IP' and 'X-SenderIP' headers, too,
thanks to Martin Blapp
- Bug 5589: Refined async events handling and DNS lookup completions
- bug 5586: RDNS_NONE has false positives if the MTA doesn't put the hostname in the Received
header, like Communigate Pro. add an exception for this
- bug 5748: fix locale problem with use of external sort in sa-compile
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org
For additional commands, e-mail: announce-help@spamassassin.apache.org
Apache SpamAssassin 3.2.3 is now available! This is a maintenance
release of the 3.2.x branch.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi
The release file will also be available via CPAN in the near future.
md5sum of archive files:
e9a5fd94dead0fca3f26fb3feb0c8e57 Mail-SpamAssassin-3.2.3.tar.bz2
2e356b70b9458b44a828c19f6e816521 Mail-SpamAssassin-3.2.3.tar.gz
6ea8ef7f37e4b305217fa8074dd2219e Mail-SpamAssassin-3.2.3.zip
sha1sum of archive files:
53199e0218d2f93043fcdca4db3f164f1f9f7cbc Mail-SpamAssassin-3.2.3.tar.bz2
93337a5cf6cc6f4980307c08ad65575fa08d1f54 Mail-SpamAssassin-3.2.3.tar.gz
0eca91718518547323f43b5473d1362032edb592 Mail-SpamAssassin-3.2.3.zip
The release files also have a .asc file accompanying them. The file serves as
an external GPG signature for the given release file. The signing key is
available via the wwwkeys.pgp.net key server, as well as at:
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.2.3 is a major bug-fix release. Summary of changes:
- bug 5574: fix new setuid code to work with perl 5.6.1, and to support DCC and
Pyzor in all releases of perl
- bug 5107: change default 'user_scores_ldap_username' to be the null string,
allowing anonymous binding; fix 'schema' syntax error in LDAP config support
- zeroing an 'eval' rule's score did not stop it running. fix, thanks to
Richard Birkett <richard+spamassassin at musicbox.net>
- bug 5571: allow for new message ID format we have seen from Vista or Windows
2003 Server MAPI to avoid false positives
- bug 5397: RDNS_DYNAMIC should never fire on a PTR with 'static' in it; thanks
to Martin Blapp <mbr at freebsd.org>. bug 5563: RDNS_DYNAMIC rules use
order-dependent fields where it is unsafe to depend on this, fix. bug 5564:
__RDNS_DYNAMIC_IPADDR does not hit all of its test patterns, fix.
- bug 5475: fix FORGED_MUA_AOL_FROM to allow <*@{aol,cs}.*> addresses instead
of just <*@{aol,cs}.com>
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org
For additional commands, e-mail: announce-help@spamassassin.apache.org
Apache SpamAssassin 3.2.2 is now available! This is a maintenance
release of the 3.2.x branch.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi
The release file will also be available via CPAN in the near future.
md5sum of archive files:
7423a1bca96b932d321882fc6092080b Mail-SpamAssassin-3.2.2.tar.bz2
87b2a8852f125060f781922c3663525f Mail-SpamAssassin-3.2.2.tar.gz
8dd32339bf82591b50c9eb307745c8fa Mail-SpamAssassin-3.2.2.zip
sha1sum of archive files:
6dfaa36eb8e500f9315cf2461fbd3229ae92a2c7 Mail-SpamAssassin-3.2.2.tar.bz2
e8ea034fa4f695607af0e596c86c5daf82f234e0 Mail-SpamAssassin-3.2.2.tar.gz
e9a9723bb1cbadaded2340ef0aa86a0329f03783 Mail-SpamAssassin-3.2.2.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.2.2 is a minor bug-fix release. Summary of changes:
- bug 5548: Certain mail input can take a long time to scan with 100% CPU
utilisation, due to backtracking in a rule's regexp. fix
- bugs 5510, 5518, 5529: fix 'make test' when running as root, needed for CPAN
- bug 5419: kill -HUP of pidof spamd causes the ps name to change from spamd
to perl. fixed
- bug 5535: 'make test' errors in Windows caused by nonportable use of
getpwuid
- bug 5462: multiple DNS records for a host name should allow use of spamd -H
for load balancing installs to work
- bugs 5509, 5511: fix network lookup timeouts, where lookups were being lost
once a timeout was hit; also fix code to match documentation on
rbl_timeout's scaling and minimum duration of 1 second; and attempt to
collect already-received DNS responses when the timeout is reached; improve
related debugging output. Thanks to Mark Martinec
- bugs 5412, 5478, 5522: Fix problems using the spamc -x option with certain
other options; 'spamc -x -R' always returned 0, instead of the exit code, on
error. Bug 5478: in addition, 'spamc -x -e /command' would still run the
command, even if errors meant that the filtered text would be unavailable,
which contradicted -x.
- bug 5445: body eval tests defined in user_rules cause ugly 'Subroutine
_eval_tests_type11_prineg400_set3 redefined' warnings
- bug 5355: add in new entries for RegistrarBoundaries
- bug 5515: libsslspamc.so & libsslspamc.so can not build without -fPIC, but
we were picking up the wrong CFLAGS to do this.
- bug 5501: zero score for FH_HAS_XID
- bug 5449: allow_user_rules causes sa-compile / Rule2XSBody plugin to emit
spurious warnings; fix. also, add a new 'user_conf_parsing_end' plugin
hook, which is called after the per-user configuration is parsed
- bug 5182: update the sa-learn doc to mention that -u is only usable w/ sql
- bug 5534: fix harmless-but-ugly C compiler warning in sa-compile
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org
For additional commands, e-mail: announce-help@spamassassin.apache.org
Apache SpamAssassin 3.2.1 is now available! This is a maintenance and
security release of the 3.2.x branch. It is highly recommended that
people upgrade to this version from 3.2.0.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200706081100
The release file will also be available via CPAN in the near future.
md5sum of archive files:
7b2fdbcdca5e9a181d4bb1b17663c138 Mail-SpamAssassin-3.2.1.tar.bz2
a7d51294c565999da01f212e5ad2a031 Mail-SpamAssassin-3.2.1.tar.gz
e058ed0dfe82ee62f617c12cc02e538b Mail-SpamAssassin-3.2.1.zip
sha1sum of archive files:
3095b38d90d0362c4e47e117fb612778a2ac362b Mail-SpamAssassin-3.2.1.tar.bz2
fbb5f538238e188f985c8e6672dad531fa035eea Mail-SpamAssassin-3.2.1.tar.gz
d6566975544cd706052d310481d7a100ffce14d1 Mail-SpamAssassin-3.2.1.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.2.1 is a major bug-fix release, including a potential local DoS. The
major highlights are:
- bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS
vulnerability. It only affects systems where spamd is run as root, is used
with vpopmail or virtual users via the "-v"/"--vpopmail" OR
"--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND
WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch.
This is not default on any distro package, and is not a common configuration.
More details of the vulnerability can be read at
<http://spamassassin.apache.org/advisories/cve-2007-2873.txt>.
- bug 5488: zero some rules causing false positives: FH_HOST_EQ_D_D_D_DB and
FH_HOST_EQ_D_D_D_D.
- bug 5257: re-raise autolearn ham threshold to 1.0; the lower value
used in 3.2.0 was creating problems.
- bug 5422: in spamd, deleting hash entries from the SIGCHLD signal handler is
unsafe, causes corruption of the data structure, and results in 'prefork:
ordered child N to accept, but they reported state '1', killing rogue'
errors. fix.
- bug 5102: tighten up regexp for FORGED_HOTMAIL_RCVD to avoid some FPs.
- bug 5457: spamc build and test should handle not having zlib available.
- bug 5379: spamd could crash at startup if its preloading temporary directory
already exists. fix.
- bug 4616: spamc config can cause command line options to be ignored. fix.
- bug 5485: zero score DK/DKIM_POLICY_SIGNSOME rules since they'll always fire
due to defaults (unless there's an explicit SIGNALL policy).
- bug 5492: VBounce rule was looking in header instead of body for whitelisted
relays. fix.
- bug 5487: prevent multiple "urirhssub"s using the same zone from overwriting
each other.
- bug 5432 - Change default in Win32 build to not build spamc.
- bug 5446: add --updatedir option to sa-compile and remove inaccurate re2c
required version info from pod.
- bug 5436: add omitted "ifplugin" statements to the configuration, which would
otherwise cause lint errors if the default plugins were disabled.
- bug 5477: prevent Rule2XSBody info message from appearing on stderr during
spamd startup.
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org
For additional commands, e-mail: announce-help@spamassassin.apache.org
Apache SpamAssassin 3.1.9 is now available! This is a maintenance and
security release of the 3.1.x branch. It is highly recommended that
people upgrade to this version from 3.0.x or 3.1.x.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200706081100
The release file will also be available via CPAN in the near future.
md5sum of archive files:
ad5d812b1a04228f3dc3147ebd649bb3 Mail-SpamAssassin-3.1.9.tar.bz2
c0a6dc8564e60bf50d1792e4edc18e97 Mail-SpamAssassin-3.1.9.tar.gz
a1ed25d0878d102c17a91233ee741f87 Mail-SpamAssassin-3.1.9.zip
sha1sum of archive files:
bed85f0b7e269253e925831015f11809009080eb Mail-SpamAssassin-3.1.9.tar.bz2
181e0ca4e0568bb51e955b8b8e4595313fb7de8b Mail-SpamAssassin-3.1.9.tar.gz
c5f87a454ce4562558fd1af9ea71b7b858899f3e Mail-SpamAssassin-3.1.9.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.1.9 is a major bug-fix release, including a potential local DoS. The major
highlights are:
- bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS
vulnerability. It only affects systems where spamd is run as root, is used
with vpopmail or virtual users via the "-v"/"--vpopmail" OR
"--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND
WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch.
This is not default on any distro package, and is not a common configuration.
More details of the vulnerability can be read at
<http://spamassassin.apache.org/advisories/cve-2007-2873.txt>.
- bug 5353 - meta rule parsing should handle not equal ("!=") syntax.
- set the score for URI_TRUNCATED to 0.001.
- bug 5337: change the start order for Fedora such that spamd starts before the
MTA.
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org
For additional commands, e-mail: announce-help@spamassassin.apache.org
Apache SpamAssassin 3.2.0 is now available! This is the official release,
and contains a significant number of changes and major enhancements --
please use it!
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200705021400
md5sum of archive files:
6840e3be132e2c3cbf66298b0227e880 Mail-SpamAssassin-3.2.0.tar.bz2
aed988bb6cf463afc868a64d4cd771a3 Mail-SpamAssassin-3.2.0.tar.gz
484045c69499b2fa59f024179f1f49c2 Mail-SpamAssassin-3.2.0.zip
sha1sum of archive files:
2fb864f01fc1c287e6f6e62fab8338f32cd20fb1 Mail-SpamAssassin-3.2.0.tar.bz2
af3941ab4f9548107d06966780ba71f751ab0216 Mail-SpamAssassin-3.2.0.tar.gz
bf785d7088371ad3beafe6084bf296ee3434038c Mail-SpamAssassin-3.2.0.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
See the INSTALL and UPGRADE files in the distribution for important
installation notes.
Summary of major changes since 3.1.8
------------------------------------
Changes to the core code:
* new behavior for trusted_networks/internal_networks: the 127.* network is now always considered
trusted and internal, regardless of configuration.
* bug 3109: short-circuiting of 'definite ham' or 'definite spam' messages based on individual
short-circuit rules using the 'shortcircuit' setting, by Dallas Engelken <dallase /at/
uribl.com>.
* bug 5305: implement 'msa_networks', for ISPs to specify their Mail Submission Agents, and
extend network trust accordingly.
* bug 4636: Add support for charset normalization, so rules can be written in UTF-8 to match
text in other charsets.
* sa-compile: compilation of SpamAssassin rules into a fast parallel-matching DFA, implemented
in native code.
* "tflags multiple": allow writing of rules that count multiple hits in a single message.
* bug 4363: if a message uses CRLF for line endings, we should use it as well, otherwise
stay with LF as usual; important for Windows users.
* bug 4515: content preview was omitting first paragraph when no Subject: header was present.
* The third-party modules used by sa-update are now required by the SpamAssassin package,
instead of being optional.
* Bug 5165: 'sa-update --checkonly' added to check for updates without applying them; thanks
to <anomie /at/ users.sourceforge.net>
* Bugs 4606, 4609: Adjust MIME parsing limits for nested multipart/* and message/rfc822 MIME
parts.
* bug 5295: add 'whitelist_auth', to whitelist addresses that send mail using sender-authorization
systems like SPF, Domain Keys, and DKIM
* Removed dependency on Text::Wrap CPAN module.
* Received header parsing updates/fixes/additions.
Spamc / spamd:
* bug 4603: Mail::SpamAssassin::Spamd::Apache2 -- mod_perl2 module, implementing spamd as
a mod_perl module, contributed as a Google Summer of Code project by Radoslaw Zielinski.
* bug 3991: spamd can now listen on UNIX domain, TCP, and SSL sockets simultaneously. Command-line
semantics extended slightly, although fully backwards compatibly; add the --ssl-port switch
to allow TCP and SSL listening at the same time.
* bug 3466: do Bayes expiration, if required, after results have been passed back to the
client from spamd; this helps avoid client timeouts.
* more complete IPv6 support.
* spamc: Add '-K' switch, to ping spamd.
* spamc: add '-z' switch, which compresses mails to be scanned using zlib compression; very
useful for long-distance use of spamc over the internet.
* bug 5296: spamc '--headers' switch, which scans messages and transmits back just rewritten
headers. This is more bandwidth-efficient than the normal mode of scanning, but only works
for 'report_safe 0'.
* Bump spamd's protocol version to 1.4, to reflect new HEADERS verb used for '--headers'.
Mail::SpamAssassin modules and API:
* bug 4589: allow M::SA::Message to use IO::File objects to read in message (same as GLOB).
* bug 4517: rule instrumentation plugin hooks, to measure performance, from John Gardiner
Myers <jgmyers /at/ proofpoint.com>.
* add two features to core rule-parsing code; 1. optional behaviour to recurse through subdirs
looking for .cf/.pre's, to support rules compilers working on rulesrc dir. 2. call back into
invoking code on lint failure, so rule compiler can detect which rules exactly fail the lint
check.
* bug 5206: detect duplicate rules, and silently merge them internally for greater efficiency.
* bug 5243: add Plugin::register_method_priority() API, allowing plugins to control the relative
ordering of plugin callbacks relative to other plugins' implementations.
* Reduced memory footprint.
Plugins:
* bug 5236: Support Mail::SPF replacement for Mail::SPF::Query.
* bug 5127: allow mimeheader :raw rules to match newlines and folded-header whitespace in
MIME header strings.
* bug 4770: add ASN.pm plugin, contributed by Matthias Leisi <matthias at leisi.net>
* bug 5271: move ImageInfo ruleset into 3.2.0 core rules, thanks to Dallas Engelken <dallase
/at/ uribl.com>.
* VBounce ruleset and plugin: detect spurious bounce messages sent by broken mail systems
in response to spam or viruses. (Based on Tim Jackson's "bogus-virus-warnings.cf" ruleset.)
* DomainKeys/DKIM: Mail::DKIM is now preferred over Mail::DomainKeys, since the latter module
is no longer actively maintained, and Mail::DKIM can handle both DomainKeys and DKIM signatures.
* DKIM: separate signature verification from fetching a policy: can save a DNS lookup for
each unverified message by setting score to 0 for all policy-related rules (DKIM_POLICY_SIGNALL,
DKIM_POLICY_SIGNSOME, and DKIM_POLICY_TESTING). (thanks to Mark Martinec)
* DKIM: support testing flags in the public key, as well as in the policy record. (thanks
to Mark Martinec)
* DKIM: skip fetching a policy (SSP) if a signature does verify, according to draft-allman-dkim-ssp-02
(thanks to Mark Martinec)
* Move rule functionality and checking into separate Check plugin, allowing third parties
to implement alternative scanner core algorithms.
* core EvalTests code moved into various plugins.
* Plus lots of miscellaneous bug fixes.
A more detailed change log can be read here:
http://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_release_3_2_0/Changes
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org
For additional commands, e-mail: announce-help@spamassassin.apache.org
Apache SpamAssassin 3.1.8 is now available! This is a maintenance and
security release of the 3.1.x branch. It is highly recommended that
people upgrade to this version.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200702131100
The release file will also be available via CPAN in the near future.
md5sum of archive files:
e8184a9a4ff11da5bd20b294cfeac7ac Mail-SpamAssassin-3.1.8.tar.bz2
20a3a6b651a89dcc70634715ca833996 Mail-SpamAssassin-3.1.8.tar.gz
c81ef93066e60353032c21991e3c9ae2 Mail-SpamAssassin-3.1.8.zip
sha1sum of archive files:
0d092c4de6e6df66f1d0fb0ca8589147ee4096cb Mail-SpamAssassin-3.1.8.tar.bz2
08f81f72d8a783887cf815dfc55ea38e3582b966 Mail-SpamAssassin-3.1.8.tar.gz
f172c47a896c3c78aacf21f2af99088bd53363d0 Mail-SpamAssassin-3.1.8.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.1.8 is a major bug-fix release, including a potential DoS. The major
highlights are:
- bug 5318: fix for CVE-2007-0451: possible DoS due to incredibly
long URIs found in the message content.
- bug 5240: disable perl module usage in update channels unless
--allowplugins is specified
- bug 5288: files with names starting/ending in whitespace weren't usable
- bug 5056: remove Text::Wrap related code due to upstream issues
- bug 5145: update spamassassin and sa-learn to better deal with STDIN
- bug 5140 and 5179: improvements and bug fixes related to DomainKeys
and DKIM support
- several updates for Received header parsing
- several documentation updates and random taint-variable related issues
A more detailed change log can be read here:
http://svn.apache.org/repos/asf/spamassassin/branches/3.1/Changes
--
Randomly Selected Tagline:
"I have a simple test to determine if any windows executable that I
received via E-mail is a virus or not: If I received it, it's a virus."
- Charlie Watts on the SpamAssassin mailing list
Apache SpamAssassin 3.1.6 is now available! This is a maintenance
release of the 3.1.x branch.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200610050918
The release file will also be available via CPAN in the near future.
md5sum of archive files:
1cf43cea76e30aec6983cdbfe2e08316 Mail-SpamAssassin-3.1.6.tar.bz2
a0acc5e63a5e3401d039cd05cd189b96 Mail-SpamAssassin-3.1.6.tar.gz
aac75c43ef9a74df4c100e8a7e37a5fd Mail-SpamAssassin-3.1.6.zip
sha1sum of archive files:
16575633e60177733069c1681d6bf9528c076274 Mail-SpamAssassin-3.1.6.tar.bz2
fbf7e7aac113313da3f7357260d1a295ff275eef Mail-SpamAssassin-3.1.6.tar.gz
779ea2f5174de766405bdaa6d378ed6e7a749526 Mail-SpamAssassin-3.1.6.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key
<release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.1.6 includes a large number of bug fixes and documentation updates.
Here is an abbreviated changelog (since 3.1.5) for major updates (see
the Changes file for a complete list):
- bug 4940: fixes to bug in date handling affecting DATE_IN_FUTURE_*
and DATE_IN_PAST_* rules when more than one Resent-Date header is
present
- bug 5044: include local site config in sa-update lint checks
- bug 5081: fix race condition in spamd preforking code that sometimes
left one child process running after SIGHUPing spamd
- bug 5076: unescape hash characters in the config
- bug 5077: fix false SPF_SOFTFAIL's when SPF queries timeout
- bug 5080: update RCVD_ILLEGAL_IP evaltest to properly deal with 127/8
- bug 5089: enable adding headers with single digit zero value
- bug 5098: add support for ecelerity Received headers
- bug 5101: fix a bug, introduced in 3.1.5, in mbx code
- bug 5105: M::SA::Client doesn't always catch failed connection to
spamd, fixed
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org
For additional commands, e-mail: announce-help@spamassassin.apache.org
Apache SpamAssassin 3.1.5 is now available! This is a maintainance
release of the 3.1.x branch.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200608300000
The release file will also be available via CPAN in the near future.
md5sum of archive files:
ae8734220ef82bbb1872f64dbf9c0995 Mail-SpamAssassin-3.1.5.tar.bz2
19d2e76d7759083343d63e61e6e29739 Mail-SpamAssassin-3.1.5.tar.gz
87bd540428116d6339322fef51b0c4eb Mail-SpamAssassin-3.1.5.zip
sha1sum of archive files:
9c9bcf4098c2b3418d5ea9ba69d1dcdfa255a819 Mail-SpamAssassin-3.1.5.tar.bz2
672399ab2e600ba2ae19d71f77974dc27512e837 Mail-SpamAssassin-3.1.5.tar.gz
9350e298c04d04b755640fa3ec2b5633755f93ad Mail-SpamAssassin-3.1.5.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.1.5 includes a large number of bug fixes and documentation updates.
Here is an abbreviated changelog (since 3.1.4) for major updates (see
the Changes file for a complete list):
- bug 4952: set a default value for DEF_RULES_DIR, LOCAL_RULES_DIR,
and LOCAL_STATE_DIR. This allows third-party code which hasn't been
updated to deal with LOCAL_STATE_DIR to still use updates.
- bug 5065: implement DomainKeys whitelisting (whitelist_from_dk)
- bug 5034: fix endless loop in Mail::SpamAssassin::Client, possible
from bad input or network error
- bug 4843: skip text/calendar parts when generating body text for processing
- bug 5022: recognize Received header from a local command line call to sendmail
- bug 5018: update RegistrarBoundaries with new list of 2TLDs
- bug 4981: remove urirhssub support for regexp subrule from URIDNSBL plugin
- bug 5049: handle comments and extra whitespace in sa-update config files.
also, fix an error during channel name validation.
- bug 5030: sa-update couldn't run GPG if the path to the binary had a space in it
- bug 4737: when rewriting headers, strip out leading spaces to better allow
filtering by some MUAs
- bug 4848: fix Pyzor, DCC, and SpamCop plugins to properly have a
configuration pointer for things like their 'dont_report_to_...' option
- bug 4492: the parameters to bayes_ignore_header were treated case sensitively
- license text changed in source files, in accordance with new ASF policy:
http://www.apache.org/legal/src-headers.html
- a bunch of documentation updates and fixes
--
Randomly Generated Tagline:
"Always bear in mind that your own resolution to succeed is more important
than any other." - Abraham Lincoln
Apache SpamAssassin 3.0.6 is now available! This is a maintainance
release of the 3.0.x branch.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200606050750
The release file will also be available via CPAN in the near future.
md5sum of archive files:
423eb193db9f7757c6d957f5c04550cb Mail-SpamAssassin-3.0.6.tar.bz2
bf0a1e1a7f6e5dd719deda6293b83e35 Mail-SpamAssassin-3.0.6.tar.gz
72c012d51f8507c2839a34f900c80412 Mail-SpamAssassin-3.0.6.zip
sha1sum of archive files:
10d42d954c421f40fbbd9411a5ff096e29240c6f Mail-SpamAssassin-3.0.6.tar.bz2
78358df8ea26513a8fbe466f484d19e487e5438f Mail-SpamAssassin-3.0.6.tar.gz
17031fd2c9b54846d4e41d7ea3945639659fd91e Mail-SpamAssassin-3.0.6.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.0.6 fixes a remote code execution vulnerability if spamd is run with the
"--vpopmail" and "-P" options. If either/both of those options are not
used, there is no vulnerability.
Changelog:
- bug 4926: given a certain set of parameters to spamd and a specially
formatted input message, users could cause spamd to execute arbitrary
commands as the spamd user
Apache SpamAssassin 3.1.3 is now available! This is a maintainance
release of the 3.1.x branch.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200606050750
The release file will also be available via CPAN in the near future.
md5sum of archive files:
5f049f0b9fc63585a85593a3c68409bb Mail-SpamAssassin-3.1.3.tar.bz2
32ad78f3cdaddb02cdf0f55572604d07 Mail-SpamAssassin-3.1.3.tar.gz
6cb6fc27c4466091b2bc4e04af8c39bf Mail-SpamAssassin-3.1.3.zip
sha1sum of archive files:
e1f4489ec8805985e0ca79765bde586bf0286725 Mail-SpamAssassin-3.1.3.tar.bz2
ed9e18fae6db86d0b77ce48d8262194e06df9ef8 Mail-SpamAssassin-3.1.3.tar.gz
090dfd3eaa0481789fbf94f67bcf9c2dd6387959 Mail-SpamAssassin-3.1.3.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.1.3 fixes a remote code execution vulnerability if spamd is run with the
"--vpopmail" and "-P" options. If either/both of those options are not
used, there is no vulnerability. There was also a fix for the userstate
directory and prefs file not being created.
Changelog:
- bug 4926: given a certain set of parameters to spamd and a specially
formatted input message, users could cause spamd to execute arbitrary
commands as the spamd user
- bug 4932: the userstate dir and userprefs file would not be created
under certain conditions.
Apache SpamAssassin 3.1.2 is now available! This is a maintainance
release of the 3.1.x branch.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200605251700
The release file will also be available via CPAN in the near future.
md5sum of archive files:
e1fb14def1265d6d7351ba27b5940da2 Mail-SpamAssassin-3.1.2.tar.bz2
f255d8e887ea7961939d40b184e82054 Mail-SpamAssassin-3.1.2.tar.gz
9af9f2db1526baaa01b6b14a9b0e057a Mail-SpamAssassin-3.1.2.zip
sha1sum of archive files:
aad32b73f2870182fe8f2dd5277e94d0da91b196 Mail-SpamAssassin-3.1.2.tar.bz2
ea5e1e9755e294ee9edb238144ac831602d10027 Mail-SpamAssassin-3.1.2.tar.gz
c00da67f7dd9d9df7f9e148c7530586711991f46 Mail-SpamAssassin-3.1.2.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.1.2 includes a large number of bug fixes and documentation updates.
Here is an abbreviated changelog (since 3.1.1) for major updates (see
the Changes file for a complete list):
- bug 4802: implement DKIM plugin, including whitelist_from_dkim support
- bug 3838: work around Perl bug causing captured RE variables to become
tainted -- thanks to Mark Martinec for pointing out the bug with
Perl itself
- bug 4850: re-enable the Razor2 plugin by default due to a service
policy change
- bug 4826: Razor2 plugin needs to load Mail::SpamAssassin::Timeout module
- bug 4827: M::SA::first_existing_path() would return the last array
entry passed in if none of the paths were found. Now return undef
instead and handle the error when it happens.
- bug 4813: generally open RE causes sendmail received header get read
in as qmail in error
- bug 4839: Logger.pm converts control chars including tab into
underscores which confuses a bunch of users when checking debug output.
Convert tab into space instead, etc.
- bug 4884: if a null message is passed in, there are several variables
which end up undefined causing warnings. fake an empty message if no
input is given.
- bug 4793: when replacing tags in a message (_TAG_), leave the tags
that don't exist alone instead of just removing them
- bug 4861, 4760: handle dccifd and dccproc failover properly, backport
relays_internal and relays_external code, backport bug 4760 fix so
that it's not possible to be in internal_networks without being in
trusted_networks as well
- bug 4901: deal more properly with failures in bgsend(). also, use
the proper variable to show when errors occur.
- bug 4867: fetchmail changed header formats at some point making Received
parsing fail in certain conditions
- bug 4699: use M::SA::Timeout for spamd copy_config call and allow for empty $@ values
- bug 3754: if there's a problem opening a file via sa-learn or
spamassassin, return an error exit value.
Apache SpamAssassin 3.1.1 is now available! This is a maintainance
release of the 3.1.x branch.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200603111700
The release file will also be available via CPAN in the near future.
md5sum of archive files:
33bc2bef2619135125ccf3b5a663be1d Mail-SpamAssassin-3.1.1.tar.bz2
f7844cbc149de3d7b09a4310f4ab6739 Mail-SpamAssassin-3.1.1.tar.gz
e5ae2dc25b6fc93c048adaf4beaa86e0 Mail-SpamAssassin-3.1.1.zip
sha1sum of archive files:
7723663486b013f738eb8e805a7503f52f50e347 Mail-SpamAssassin-3.1.1.tar.bz2
cda06e3d38d831521c59e50ec024e468b76035cb Mail-SpamAssassin-3.1.1.tar.gz
582114d083dcdc0975d710d54ebdb39cb020a10e Mail-SpamAssassin-3.1.1.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.1.1 includes a large number of bug fixes and documentation updates.
Here is an abbreviated changelog (since 3.1.0) for major updates (see
the Changes file for a complete list):
- better validate a number of different configuration options
- support new Mail::DomainKeys API, which changed incompatibly between
0.18 and 0.80 without warning
- more properly handle new Received header formats
- bug 4788: backport sa-update from 3.2 along with the local_state_dir
code, etc.
- bug 4760: strictly validate trusted/internal network configurations
- bug 4696: consolidated fixes for timeout bugs
- bug 3710: add timeout to connect so spamc -t works
- bug 4363: if a message uses CRLF for line endings, use it for header
rewrites as well
- bug 4748: add ExpressionEngine and Google redirector patterns
- bug 3815: add _RELAYCOUNTRY_ tag so that the RelayCountry plugin can
put in the list of countries relayed through
- bug 4090: x86_64 platforms (linux specifically) have an issue compiling
libspamc.so causing RPM build failures
- bug 4791: fix issue where perl would throw a UTF-8 warning for certain
messages
- bugs 4606, 4609: Adjust MIME parsing limits
- bug 4780: fix IP_ADDRESS & LOCALHOST regexes to correctly parse IPv6
addresses
- bug 4728: DUL rules should only use the last external IP, not all but
the first of the external IPs
- bug 4700: certain privileged configuration settings can inject code,
due to a bad fix for bug 3846. Back that out
- bug 4655: have redhat-rc-script create .pid file for spamassassin
service to avoid killing the wrong processes and leaving spamd running
SpamAssassin 3.1.0 is released! SpamAssassin 3.1.0 is a major update.
SpamAssassin is a mail filter which uses advanced statistical and
heuristic tests to identify spam (also known as unsolicited bulk email).
Highlights of the release
-------------------------
- Apache preforking algorithm adopted; number of spamd child processes is now
scaled, according to demand. This provides better VM behaviour when not
under peak load.
- added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. SQL
storage is now recommended for Bayes, instead of DB_File. NDBM_File support
has been dropped due to a major bug in that module.
- detect legitimate SMTP AUTH submission, to avoid false positives on
Dynablock-style rules.
- new plugins: DomainKeys (off by default), MIMEHeader: a new plugin to perform
tests against header in internal MIME structure, ReplaceTags: plugin by Felix
Bauer to support fuzzy text matching, WhiteListSubject: plugin added to
support user whitelists by Subject header.
- Razor: disable Razor2 support by default per our policy, since the service is
not free for non-personal use. It's trivial to reenable (by editing
'/etc/mail/spamassassin/v310.pre').
- DCC: disable DCC for similar reasons, due to new license terms.
- Net::DNS bug: high load caused answer packets to be mixed up and delivered as
answers to the wrong request, causing false positives. worked around.
- DNSBL lookups and other DNS operations are now more efficient, by using a
custom single-socket event-based model instead of Net::DNS.
Downloading
-----------
Pick it up from:
http://SpamAssassin.apache.org/
Note, it may take up to two hours from now for that mirror to update.
md5sum:
d28bd7e83d01b234144e336bbfde0caa Mail-SpamAssassin-3.1.0.tar.bz2
f70c1fcab3d9563731bbc307eda7d69e Mail-SpamAssassin-3.1.0.tar.gz
65e9629ce255244fe3cb3d9772cdf239 Mail-SpamAssassin-3.1.0.zip
sha1sum:
0185f076f619dd9e64e94b453017f9b08d4b0f04 Mail-SpamAssassin-3.1.0.tar.bz2
d887cbae5962cb03e45aaf71cd93881a27cccc99 Mail-SpamAssassin-3.1.0.tar.gz
8b9494448782f910e573377bf226a8072f24bb3f Mail-SpamAssassin-3.1.0.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
Important installation notes
----------------------------
- see the INSTALL and UPGRADE files in the distribution.
Summary of major changes since 3.0.x
------------------------------------
- Apache preforking algorithm adopted; number of spamd child processes is now
scaled, according to demand. This provides better VM behaviour when not
under peak load.
- Inclusion of sa-update script which will allow for updates of rules and
scores in between code releases.
- added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. SQL
storage is now recommended for Bayes, instead of DB_File. NDBM_File support
has been dropped due to a major bug in that module.
- detect legitimate SMTP AUTH submission, to avoid false positives on
Dynablock-style rules.
- new Advance Fee Fraud (419 scam) rules.
- removed use of the Storable module, due to several reported hangs on SMP
Linux machines.
- Converted several rule/engine components into Plugins such as:
AccessDB, AWL, Pyzor, Razor2, DCC, Bayes AutoLearn Determination, etc.
- new plugins: DomainKeys (off by default), MIMEHeader: a new plugin to perform
tests against header in internal MIME structure, ReplaceTags: plugin by Felix
Bauer to support fuzzy text matching, WhiteListSubject: plugin added to
support user whitelists by Subject header.
- TextCat language guesser moved to a plugin. (This means "ok_languages"
is no longer part of the core engine by default.)
- Razor: disable Razor2 support by default per our policy, since the
service is not free for non-personal use. It's trivial to reenable.
- DCC: disable DCC for similar reasons, due to new license terms.
- Net::DNS bug: high load caused answer packets to be mixed up and delivered as
answers to the wrong request, causing false positives. worked around.
- DNSBL lookups and other DNS operations are now more efficient, by using a
custom single-socket event-based model instead of Net::DNS.
- add support for accreditation services, including Habeas v2.
- better URI parsing -- many evasion tricks now caught.
- URIBL lookups are prioritized based on the location in the message
the URI was found.
- mass-check now supports reusing realtime DNSBL hit results, and sample-based
Bayes autolearning emulation, to reduce complexity.
- sa-learn, spamassassin and mass-check now have optional progress bars.
- modify header ordering for DomainKeys compatibility, by placing markup
headers at the top of the message instead at the bottom of the list.
- spamd/spamc now support remote Bayes training, and reporting spam.
- spamc now supports reading its flags from a configuration file using the -F
switch, contributed by John Madden.
- added SPF-based whitelisting.
- Polish rules contributed by Radoslaw Stachowiak.
- many rule changes and additions.
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org
For additional commands, e-mail: announce-help@spamassassin.apache.org
Apache SpamAssassin 3.0.4 was recently released [0], and fixes a denial of service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3. The vulnerability allows certain misformatted long message headers to cause spam checking to take a very long time. While the exploit has yet to be seen in the wild, we are concerned that there may be attempts to abuse the vulnerability in the future. Therefore, we strongly recommend all users of these versions upgrade to Apache SpamAssassin 3.0.4 as soon as possible. This issue has been assigned CVE id CAN-2005-1266 [1]. To contact the Apache SpamAssassin security team, please e-mail security at spamassassin.apache.org. For more information about Apache SpamAssassin, visit the http://spamassassin.apache.org/ web site. Apache SpamAssassin Security Team [0]: http://mail-archives.apache.org/mod_mbox/spamassassin-dev/200506.mbox/%3c20050606223631.GG11538@kluge.net%3e [1]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266 --------------------------------------------------------------------- To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org For additional commands, e-mail: announce-help@spamassassin.apache.org
SpamAssassin 3.0.3 is released! SpamAssassin 3.0.3 contains some
important bug fixes and is recommended for use over previous
versions.
SpamAssassin is a mail filter which uses advanced statistical and
heuristic tests to identify spam (also known as unsolicited bulk email).
Highlights of the release
-------------------------
- Fixed possible memory bloat from large AutoWhitelist db files
- Fixed where user defined rules scores became ignored
- Updated parsing code for several Received: header formats
- Increased some BAYES_* scores for the network+bayes score set
- Document set_tag for Plugin API and added get_tag
- Additional bug fixes.
Downloading
-----------
You can pick up the release here: http://spamassassin.apache.org/
You can also find it on your favorite CPAN mirror (you may need to
wait a day or so for the release to propagate).
md5sum of archive files:
c9028e72958909285e43feb806d948dc Mail-SpamAssassin-3.0.3.tar.bz2
ca96f23cd1eb7d663ab55db98ef8090c Mail-SpamAssassin-3.0.3.tar.gz
d7292ec75eb61e0fa2ceb6aa5b20fed9 Mail-SpamAssassin-3.0.3.zip
sha1sum of archive files:
324763dd7b344b68ad9ab73fd68b8f779c801aab Mail-SpamAssassin-3.0.3.tar.bz2
e31407b68bf362dfe53814c0af867e8134c9808b Mail-SpamAssassin-3.0.3.tar.gz
c1aa1583eebc0771ee053b8a484a42fc22b8630c Mail-SpamAssassin-3.0.3.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
Note: GnuPG 1.4.0, and possibly 1.3.x versions, seem to have problems
verifying certain signature files, including the type as used for
SpamAssassin releases. If you are running an affected version, please
verify the code using both MD5 and SHA1 sum values instead.
The SpamAssassin Developers
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SpamAssassin 3.0.1 is released! 3.0.1 contains some important
bugfixes, and is recommended.
Highlights:
- excessive memory-usage fixes
- bug fixed which stopped DCC, Pyzor working with amavisd
- deprecate RCVD_IN_RFC_IPWHOIS
- user_prefs were staying active between different spamd users, fixed
- user_prefs blacklist entries were not working in spamd, fixed
- excessive time and memory consumption when ok_languages is used, fixed
- sa-learn -u switch to specify the username for virtual environments
- avoid bug in Sys::Hostname::Long that renames the hostname when "make
test" is run
- whitelist the top 125 queried SURBL domains common in nonspam
Pick it up at http://spamassassin.apache.org/ !
md5sum of archive files:
83f60f97c823d9b8df19309247fe33eb Mail-SpamAssassin-3.0.1.tar.bz2
759e0486b07c4a03aa340d4a04e1d849 Mail-SpamAssassin-3.0.1.tar.gz
e42d4f6b7228f899efdfdce03b8851a0 Mail-SpamAssassin-3.0.1.zip
sha1sum of archive files:
7ad929efc388ebdf26da052c6fca958c7541bb4f Mail-SpamAssassin-3.0.1.tar.bz2
a3aebae1bf3c97830e540c42dc64791787d966c9 Mail-SpamAssassin-3.0.1.tar.gz
e4f23ad8251914bb240a4e42438310a263ca5056 Mail-SpamAssassin-3.0.1.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFBectWMJF5cimLx9ARAh2DAKCBru7brC0dtjD4G2/QGvAmWntURgCgoKBp
J1C/3vGNxtuJcxuosscN+E4=
=RAAd
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org
For additional commands, e-mail: announce-help@spamassassin.apache.org
--------------------------------------------------------------------- To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org For additional commands, e-mail: announce-help@spamassassin.apache.org
Apache Software Foundation Announces SpamAssassin 3.0 Release Forest Hill, MD - September 22, 2004 -- The Apache Software Foundation is pleased to announce the release of SpamAssassin 3.0. SpamAssassin 3.0 contains a number of new technologies designed to protect against the changing techniques used by spammers. This is the first SpamAssassin release as an Apache Software Foundation project and under the Apache License. The release is available from the Apache SpamAssassin web site (http://spamassassin.apache.org/) via the Apache mirror network. SpamAssassin 3.0 delivers many new features including support for sender authentication using the Sender Policy Framework (SPF), checking for web links of known spam advertisers, a modular plugin architecture, improved SQL database support for storing user data in server installations, and improved email classification. SpamAssassin's practical multi-technique approach, modularity, and extensibility continue to give it an advantage over other anti-spam systems. Due to these advantages, SpamAssassin is widely used in all aspects of email management. You can readily find SpamAssassin in use in both email clients and servers, on many different operating systems, filtering incoming as well as outgoing email, and implementing a very broad range of policy actions. These installations include service providers, businesses, not-for-profit and educational organizations, and end-user systems. SpamAssassin also forms the basis for numerous commercial anti-spam products available on the market today. About SpamAssassin SpamAssassin is an intelligent email filter which uses a diverse range of tests to identify unsolicited bulk email, more commonly known as "spam". These tests are applied to email headers and content to classify email using advanced statistical methods. In addition, SpamAssassin has a modular architecture that allows other technologies to be quickly wielded against spam and is designed for easy integration into virtually any email system. About the Apache Software Foundation The Apache Software Foundation provides organizational, legal, and financial support for a broad range of open source software projects. As a US 501(c)(3) public charity, the Foundation provides an established framework for contributions of both intellectual property and funding for the support of open source software development. Through a collaborative and meritocratic development process, Apache projects deliver enterprise-grade, freely available software products for the public benefit, attracting large communities of users and enabling future innovation, both commercial and individual, through its pragmatic Apache License. Press Contact: press@apache.org -- Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more) --------------------------------------------------------------------- To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org For additional commands, e-mail: announce-help@spamassassin.apache.org
*** THIS IS A RELEASE CANDIDATE ONLY, NOT THE FINAL 3.0.0 RELEASE ***
SpamAssassin 3.0.0-rc5 is released! SpamAssassin 3.0.0 is a major update
and includes a number of new email and anti-spam technologies.
SpamAssassin is a mail filter which uses advanced statistical and
heuristic tests to identify spam (also known as unsolicited bulk email).
Highlights of the release
-------------------------
- SpamAssassin is now part of the Apache Software Foundation and has an
improved software license, the 2.0 version of the Apache License.
- SpamAssassin now includes support for SPF (the Sender Policy Framework,
http://spf.pobox.com/).
- Web site links contained in the message are checked against SURBL and
SBL. SURBL and SBL track sites that advertise with spam, known spam
sources, and spam services.
- The new 3.0 architecture allows third-parties to easily add plugin modules.
- There is now SQL database support for both the Bayes and auto-whitelist
modules, allowing more large sites to easily deploy SpamAssassin.
- A more accurate simulation of email client handling of MIME and HTML
improves our accuracy. In addition, there is better detection and
handling of spammer techniques that try to trick anti-spam software.
Downloading
-----------
Pick it up from:
http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc5.tar.gz
http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc5.tar.bz2
http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc5.zip
md5sum:
5c7b9637916ccff578b91a7efb657576 Mail-SpamAssassin-3.0.0-rc5.tar.bz2
032a0336cb50c9458c7691264216c8a9 Mail-SpamAssassin-3.0.0-rc5.tar.gz
80de4033e1dc02a61638a8f6eb9894bd Mail-SpamAssassin-3.0.0-rc5.zip
sha1sum:
cf76cd12b680ace39bd05ac4e86e9b1a017888c2 Mail-SpamAssassin-3.0.0-rc5.tar.bz2
99618bdc7936c63b4654b159bd9834d643f126a2 Mail-SpamAssassin-3.0.0-rc5.tar.gz
9765337141ea92d2016139f85d1894aec22fcd44 Mail-SpamAssassin-3.0.0-rc5.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
Important installation notes
----------------------------
- The SpamAssassin 2.6x release series was the last set of releases to
officially support perl versions earlier than perl 5.6.1. If you are
using an earlier version of perl, you will need to upgrade before you
can use the 3.0.0 version of SpamAssassin.
- SpamAssassin 3.0.0 has a significantly different API (Application
Program Interface) from the 2.x series of code. This means that if you
use SpamAssassin through a third-party utility (milter, etc,) you need
to make sure you have an updated version which supports 3.0.0.
- The --auto-whitelist and -a options for "spamd" and "spamassassin" to
turn on the auto-whitelist have been removed and replaced by the
"use_auto_whitelist" configuration option which is also now turned on by
default.
- The "rewrite_subject" and "subject_tag" configuration options were
deprecated and are now removed. Instead, using "rewrite_header Subject
[your desired setting]". e.g.
rewrite_subject 1
subject_tag ****SPAM(_SCORE_)****
becomes
rewrite_header Subject ****SPAM(_SCORE_)****
- The Bayesian storage modules have been completely re-written and now
include Berkeley DB (DBM) storage as well as SQL based storage (see
sql/README.bayes for more information). In addition, a new format has
been introduced for the bayes database that stores tokens in fixed
length hashes. All DBM databases should be automatically converted to
this new format the first time they are opened for write. You can
manually perform the upgrade by running "sa-learn --sync" from the
command line.
The "sa-learn --rebuild" command has been deprecated; please use
"sa-learn --sync" instead. The --rebuild option will remain temporarily
for backwards compatibility.
- "spamd" now has a default max-children setting of 5; no more than 5
child scanner processes will be run in parallel. Previously, there was
no default limit unless you specified the "-m" switch when starting
spamd.
- If you are using a UNIX machine with all database files on local disks,
and no sharing of those databases across NFS filesystems, you can use a
more efficient, but non-NFS-safe, locking mechanism. Do this by adding
the line "lock_method flock" to the /etc/mail/spamassassin/local.cf
file. This is strongly recommended if you're not using NFS, as it is
much faster than the NFS-safe locker.
- Please note that the use of the following command line parameters for
spamassassin and spamd have been deprecated and are now removed. If you
currently use these flags, please remove them:
in the 2.6x series: --add-from, --pipe, -F, -P, --stop-at-threshold, -S
in the 3.0.x series: --auto-whitelist, -a
- The following flags are deprecated and will be removed in a future major
release: --whitelist-factory, -M, --warning-from, -w, --log-to-mbox, -l.
- SpamAssassin runs in "taint mode" by default for improved security.
Certain third-party modules, such as Razor v2, may be incompatible with
taint mode. For Razor v2, you will need to be using v2.40 of
razor-agents or higher which allows taint mode by default. Earlier
versions which are patched to allow taint mode may be used as well.
- Finally, 2.6x deprecated the use of the "check_bayes_db" script, and it
is now no longer available. Please see the sa-learn man/pod
documentation for more info.
Summary of major changes since 2.6x
-----------------------------------
Licensing:
- Relicensed using Apache License v2.0, instead of dual GPL/PAL licensing,
since we are now an Apache Incubator project.
New rules:
- SPF testing, if the Mail::SPF::Query module is installed.
- added new rules and code to combat Bayes poisoning text and random
hash-busters; Habeas rules now verify against the Habeas user
list, to combat forged marks used in spam.
- URIDNSBL rules. These do DNSBL lookups on URLs, allowing URLs found
in the message body to be used in spam determination. Added the SURBL
blocklist (http://www.surbl.org/).
- Spamhaus XBL and a variety of new DNSBL rules
- Hashcash support.
- added Bob Menschel's 'longwords' rules
- added 'backhair' rule, technique based on Jennifer Wheeler's ruleset
- added Matt Kettler's 'antidrug' ruleset
- added anti-fraud rules from Matt Yackley
- added some hostname-based blocklist tests based on the envelope
sender address.
- a *lot* of other new rules, too many to detail here
Spamd:
- spamd now uses a 'preforking' model instead of 'fork per message'.
- new log format, detailing message-id, resent-message-id, the tests hit,
autolearn status, and several other things in a mass-check compatible
format, to provide more information for spamd log-summarizer scripts.
Infrastructure:
- Plugins. Third-party modules can now be written and loaded dynamically
from inside SpamAssassin, to provide support for entirely new rule types
or eval tests.
- SQL support for Bayes and AWL storage, thanks to Michael Parker.
See sql/README.bayes and sql/README.awl for additional information.
- ground-up rewrite of the MIME parser. Now deals correctly with complex
MIME structures, including entire message/rfc822 message attachments.
- rules can now test the "MAIL FROM:" address used in the SMTP transaction,
if it was logged to the message headers, using the "EnvelopeFrom"
pseudoheader. This allows rules such as SPF to be applied.
- Added optional faster but NFS-unsafe Bayes locking mechanism, using
"lock_method flock"
- support for parsing mbx mailboxes, as used by UW IMAP. Thanks to John
Newman for this patch.
- refactored configuration parser to split parser code from configuration
settings.
- Bayes databases can now be backed up and restored using --backup and
--restore.
- Config files can now include other files using the "include" command.
- replaced GA-based evolver with fast Perceptron score generation tool by
Henry Stern; scores can now be generated much more quickly.
- The "spamassassin" script can now check collections of mail en masse. This
lets us do things like 'spamassassin -d --mbox file1' and have the
functionality go over the entire mbox file. same for checks, adding to
white/black-lists, etc.
- Windows support improved.
Translations:
- Dutch translation, thanks to Jesse Houwing
- Polish translations from Jerzy Szczudlowski and radek at alter dot pl
- French translations, Michel Bouissou
- German translations, Klaus Heinz
*** THIS IS A RELEASE CANDIDATE ONLY, NOT THE FINAL 3.0.0 RELEASE ***
SpamAssassin 3.0.0-rc4 is released! SpamAssassin 3.0.0 is a major update and
includes a number of new email and anti-spam technologies.
SpamAssassin is a mail filter which uses advanced statistical and
heuristic tests to identify spam (also known as unsolicited bulk email).
Highlights of the release
-------------------------
- SpamAssassin is now part of the Apache Software Foundation and has an
improved software license, the 2.0 version of the Apache License.
- SpamAssassin now includes support for SPF (the Sender Policy Framework,
http://spf.pobox.com/).
- Web site links contained in the message are checked against SURBL and
SBL. SURBL and SBL track sites that advertise with spam, known spam
sources, and spam services.
- The new 3.0 architecture allows third-parties to easily add plugin modules.
- There is now SQL database support for both the Bayes and auto-whitelist
modules, allowing more large sites to easily deploy SpamAssassin.
- A more accurate simulation of email client handling of MIME and HTML
improves our accuracy. In addition, there is better detection and
handling of spammer techniques that try to trick anti-spam software.
Downloading
-----------
Pick it up from:
http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc4.tar.gz
http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc4.tar.bz2
http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc4.zip
md5sum:
d67e7a7c1ba5206f9aef60d8f6e91988 Mail-SpamAssassin-3.0.0-rc4.tar.bz2
c6631facddfba1ca2d9f03968909aee9 Mail-SpamAssassin-3.0.0-rc4.tar.gz
dfe733f7a183ee4984e6a1b46c9a0891 Mail-SpamAssassin-3.0.0-rc4.zip
sha1sum:
3d611f4f61997878964f61300bc7cfe6871f0b7f Mail-SpamAssassin-3.0.0-rc4.tar.bz2
4d4b02712c8d66fe9b535b96c41c9908ec5628be Mail-SpamAssassin-3.0.0-rc4.tar.gz
75de0bcefb408070e8f94dcdc4dd1e3d26dc4357 Mail-SpamAssassin-3.0.0-rc4.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
Important installation notes
----------------------------
- The SpamAssassin 2.6x release series was the last set of releases to
officially support perl versions earlier than perl 5.6.1. If you are
using an earlier version of perl, you will need to upgrade before you
can use the 3.0.0 version of SpamAssassin.
- SpamAssassin 3.0.0 has a significantly different API (Application
Program Interface) from the 2.x series of code. This means that if you
use SpamAssassin through a third-party utility (milter, etc,) you need
to make sure you have an updated version which supports 3.0.0.
- The --auto-whitelist and -a options for "spamd" and "spamassassin" to
turn on the auto-whitelist have been removed and replaced by the
"use_auto_whitelist" configuration option which is also now turned on by
default.
- The "rewrite_subject" and "subject_tag" configuration options were
deprecated and are now removed. Instead, using "rewrite_header Subject
[your desired setting]". e.g.
rewrite_subject 1
subject_tag ****SPAM(_SCORE_)****
becomes
rewrite_header Subject ****SPAM(_SCORE_)****
- The Bayesian storage modules have been completely re-written and now
include Berkeley DB (DBM) storage as well as SQL based storage (see
sql/README.bayes for more information). In addition, a new format has
been introduced for the bayes database that stores tokens in fixed
length hashes. All DBM databases should be automatically converted to
this new format the first time they are opened for write. You can
manually perform the upgrade by running "sa-learn --sync" from the
command line.
The "sa-learn --rebuild" command has been deprecated; please use
"sa-learn --sync" instead. The --rebuild option will remain temporarily
for backwards compatibility.
- "spamd" now has a default max-children setting of 5; no more than 5
child scanner processes will be run in parallel. Previously, there was
no default limit unless you specified the "-m" switch when starting
spamd.
- If you are using a UNIX machine with all database files on local disks,
and no sharing of those databases across NFS filesystems, you can use a
more efficient, but non-NFS-safe, locking mechanism. Do this by adding
the line "lock_method flock" to the /etc/mail/spamassassin/local.cf
file. This is strongly recommended if you're not using NFS, as it is
much faster than the NFS-safe locker.
- Please note that the use of the following command line parameters for
spamassassin and spamd have been deprecated and are now removed. If you
currently use these flags, please remove them:
in the 2.6x series: --add-from, --pipe, -F, -P, --stop-at-threshold, -S
in the 3.0.x series: --auto-whitelist, -a
- The following flags are deprecated and will be removed in a future major
release: --whitelist-factory, -M, --warning-from, -w, --log-to-mbox, -l.
- SpamAssassin runs in "taint mode" by default for improved security.
Certain third-party modules, such as Razor v2, may be incompatible with
taint mode. For Razor v2, you will need to be using v2.40 of
razor-agents or higher which allows taint mode by default. Earlier
versions which are patched to allow taint mode may be used as well.
- Finally, 2.6x deprecated the use of the "check_bayes_db" script, and it
is now no longer available. Please see the sa-learn man/pod
documentation for more info.
Summary of major changes since 2.6x
-----------------------------------
Licensing:
- Relicensed using Apache License v2.0, instead of dual GPL/PAL licensing,
since we are now an Apache Incubator project.
New rules:
- SPF testing, if the Mail::SPF::Query module is installed.
- added new rules and code to combat Bayes poisoning text and random
hash-busters; Habeas rules now verify against the Habeas user
list, to combat forged marks used in spam.
- URIDNSBL rules. These do DNSBL lookups on URLs, allowing URLs found
in the message body to be used in spam determination. Added the SURBL
blocklist (http://www.surbl.org/).
- Spamhaus XBL and a variety of new DNSBL rules
- Hashcash support.
- added Bob Menschel's 'longwords' rules
- added 'backhair' rule, technique based on Jennifer Wheeler's ruleset
- added Matt Kettler's 'antidrug' ruleset
- added anti-fraud rules from Matt Yackley
- added some hostname-based blocklist tests based on the envelope
sender address.
- a *lot* of other new rules, too many to detail here
Spamd:
- spamd now uses a 'preforking' model instead of 'fork per message'.
- new log format, detailing message-id, resent-message-id, the tests hit,
autolearn status, and several other things in a mass-check compatible
format, to provide more information for spamd log-summarizer scripts.
Infrastructure:
- Plugins. Third-party modules can now be written and loaded dynamically
from inside SpamAssassin, to provide support for entirely new rule types
or eval tests.
- SQL support for Bayes and AWL storage, thanks to Michael Parker.
See sql/README.bayes and sql/README.awl for additional information.
- ground-up rewrite of the MIME parser. Now deals correctly with complex
MIME structures, including entire message/rfc822 message attachments.
- rules can now test the "MAIL FROM:" address used in the SMTP transaction,
if it was logged to the message headers, using the "EnvelopeFrom"
pseudoheader. This allows rules such as SPF to be applied.
- Added optional faster but NFS-unsafe Bayes locking mechanism, using
"lock_method flock"
- support for parsing mbx mailboxes, as used by UW IMAP. Thanks to John
Newman for this patch.
- refactored configuration parser to split parser code from configuration
settings.
- Bayes databases can now be backed up and restored using --backup and
--restore.
- Config files can now include other files using the "include" command.
- replaced GA-based evolver with fast Perceptron score generation tool by
Henry Stern; scores can now be generated much more quickly.
- The "spamassassin" script can now check collections of mail en masse. This
lets us do things like 'spamassassin -d --mbox file1' and have the
functionality go over the entire mbox file. same for checks, adding to
white/black-lists, etc.
- Windows support improved.
Translations:
- Dutch translation, thanks to Jesse Houwing
- Polish translations from Jerzy Szczudlowski and radek at alter dot pl
- French translations, Michel Bouissou
- German translations, Klaus Heinz
ApacheCon US 2004
Alexis Park Resort
Las Vegas, Nevada, USA
13-17 November 2004
The Apache Software Foundation invites you to ApacheCon U.S. 2004.
"The only sure thing in Las Vegas"
REGISTRATION IS NOW OPEN!
Please click on the 'Registry' link at the top of
<http://www.apachecon.com/>. You will need to log in to the site; if you
have never done so before, you will need to create an account. If you
already have an account in the ApacheCon system, please do not create
another one!
Presentations and Tutorials
All normal presentations, keynotes, and special events will be held
Monday, Tuesday, and Wednesday (November 15-17). The three days at
ApacheCon provide you with a choice of more than 65 talks.
The special in-depth tutorials will be held Saturday and Sunday (November
13-14). You can choose between 18 different tutorials.
SpamAssassin Sessions!
There will be three SpamAssassin sessions at ApacheCon 2004. There will
be one 3-hour tutorial and two 1-hour talks on SpamAssassin.
T09: SpamAssassin Tutorial
Day: Sun
Time: 09h00
Session chair: None assigned
Duration: 180 minutes
Style: Tutorial
Level: Novice
Audience: Technical
Categories: Anti-Spam, New Technologies, Performance, Perl
Speaker: Daniel Quinlan
Abstract:
SpamAssassin is perhaps the most widely deployed anti-spam tool in
the world and has long been the gold standard for spam filters. It's
open source, extensible, flexible, and very effective. This tutorial
will give you the tools you need to make SpamAssassin work well for
your site and your users.
Topics covered will include: how SpamAssassin works and the
SpamAssassin filtering model, SpamAssassin installation and set-up,
writing your own rules, debugging problems, analysis and
diagnostics, optimizing SpamAssassin performance, the development
process, and how to get involved. Also discussed will be current
anti-spam best practices that are important for both senders and
receivers of email.
MO09: New and upcoming features in SpamAssassin v3
Day: Mon
Time: 13h30
Session chair: None assigned
Duration: 60 minutes
Style: Presentation
Level: Novice
Audience: Technical
Categories: Anti-Spam, New Technologies
Speaker: Theo Van Dinter
Abstract:
Almost a year in the making, SpamAssassin v3.0 includes a large
number of modifications and new features. This session covers the
major changes and features found in v3.0, and will also include
discussion about ongoing work for v3.1 and beyond.
MO13: Storing SpamAssassin User Data in SQL Databases
Day: Mon
Time: 14h30
Session chair: None assigned
Duration: 60 minutes
Style: Presentation
Level: Experienced
Audience: Technical
Categories: Anti-Spam, Databases, New Technologies, Performance, Perl
Speaker: Michael Parker
Abstract:
With the release of SpamAssassin 3.0.0 virtually all user specific
data (preferences, AWL and bayes) can be stored in a SQL
database. This session will cover basic setup, usage and maintenance
of storing data in a SQL database as well as some convenient tools
to help. In addition, there will be some discussion about the
development process and design along with future directions of the
SQL based storage for SpamAssassin.
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org
For additional commands, e-mail: announce-help@spamassassin.apache.org
*** THIS IS A PRE-RELEASE ONLY, NOT THE FINAL 3.0.0 RELEASE ***
SpamAssassin 3.0.0-pre1 is released! SpamAssassin 3.0 is a major update
and includes a number of new email and anti-spam technologies.
SpamAssassin is a mail filter which uses advanced statistical and
heuristic tests to identify spam (also known as unsolicited bulk email).
Highlights of the release
-------------------------
- SpamAssassin is now part of the Apache Software Foundation, bringing an
improved and clearer software license, the 2.0 version of the Apache
License.
- We added a new architecture which allows third-parties to easily add
plugin modules.
- There is now SQL database support for both the Bayes and auto-whitelist
subsystems, allowing more large sites to easily deploy SpamAssassin.
- A more accurate simulation of email client handling of MIME and HTML
improves our accuracy. In addition, there is better detection and
handling of spammer techniques used to trick email clients and filters.
- Web sites contained in the message body are checked against network
databases of domains that advertise with spam.
- SpamAssassin now includes support for SPF (the Sender Policy Framework,
http://spf.pobox.com/).
Downloading
-----------
Pick it up from:
http://SpamAssassin.org/released/Mail-SpamAssassin-3.0.0-pre1.tar.gz
http://SpamAssassin.org/released/Mail-SpamAssassin-3.0.0-pre1.tar.bz2
http://SpamAssassin.org/released/Mail-SpamAssassin-3.0.0-pre1.zip
md5sum:
bb42ada117c965bfa5b63046173cc4e0 Mail-SpamAssassin-3.000000-pre1.tar.gz
53ebc4b0527d8f99d9fc3b52781a8100 Mail-SpamAssassin-3.000000-pre1.tar.bz2
5f23d79ceaaa60ba4017cb067414dd01 Mail-SpamAssassin-3.000000-pre1.zip
sha1sum:
9b1e02af2ecc79fc8149f399fad4090bfb981767 Mail-SpamAssassin-3.000000-pre1.tar.gz
fb7fafb039dabba4d644d604c7a9dc056bd8b1b0 Mail-SpamAssassin-3.000000-pre1.tar.bz2
1f152f1834e8611dc47350594e920d65fef1143d Mail-SpamAssassin-3.000000-pre1.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://www.spamassassin.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
Important installation notes
----------------------------
- The SpamAssassin 2.6x release series was the last set of releases to
officially support perl versions earlier than perl 5.6.1. If you are
using an earlier version of perl, you will need to upgrade before you
can use the 3.0.0 version of SpamAssassin.
- SpamAssassin 3.0.0 has a significantly different API (Application
Program Interface) from the 2.x series of code. This means that if you
use SpamAssassin through a third-party utility (milter, etc,) you need
to make sure you have an updated version which supports 3.0.0.
- The --auto-whitelist and -a options for "spamd" and "spamassassin" to
turn on the auto-whitelist have been removed and replaced by the
"use_auto_whitelist" configuration option which is also now turned on by
default.
- The "rewrite_subject" configuration setting was deprecated and is now
removed. Instead, using "rewrite_header Subject [your desired setting]".
e.g.
rewrite_subject ****SPAM(_SCORE_)****
becomes
rewrite_header Subject ****SPAM(_SCORE_)****
- The Bayesian storage modules have been completely re-written and now
include Berkeley DB (DBM) storage as well as SQL based storage (see
sql/README.bayes for more information). In addition, a new format has
been introduced for the bayes database that stores tokens in fixed
length hashes. All DBM databases should be automatically converted to
this new format the first time they are opened for write. You can
manually perform the upgrade by running "sa-learn --sync" from the
command line.
The "sa-learn --rebuild" command has been deprecated; please use
"sa-learn --sync" instead. The --rebuild option will remain temporarily
for backwards compatibility.
- "spamd" now has a default max-children setting of 5; no more than 5
child scanner processes will be run in parallel. Previously, there was
no default limit unless you specified the "-m" switch when starting
spamd.
- If you are using a UNIX machine with all database files on local disks,
and no sharing of those databases across NFS filesystems, you can use a
more efficient, but non-NFS-safe, locking mechanism. Do this by adding
the line "lock_method flock" to the /etc/mail/spamassassin/local.cf
file. This is strongly recommended if you're not using NFS, as it is
much faster than the NFS-safe locker.
- Please note that the use of the following command line parameters for
spamassassin and spamd have been deprecated and are now removed. If you
currently use these flags, please remove them:
in the 2.6x series: --add-from, --pipe, -F, -P, --stop-at-threshold, -S
in the 3.0.x series: --auto-whitelist, -a
- The following flags are deprecated and will be removed in a future major
release: --whitelist-factory, -M, --warning-from, -w, --log-to-mbox, -l.
- SpamAssassin runs in "taint mode" by default for improved security.
Certain third-party modules, such as Razor v2, may be incompatible with
taint mode. For Razor v2, you will need to be using v2.40 of
razor-agents or higher which allows taint mode by default. Earlier
versions which are patched to allow taint mode may be used as well.
- Finally, 2.6x deprecated the use of the "check_bayes_db" script, and it
is now no longer available. Please see the sa-learn man/pod
documentation for more info.
Summary of major changes since 2.6x
-----------------------------------
Licensing:
- Relicensed using Apache License v2.0, instead of dual GPL/PAL licensing,
since we are now an Apache Incubator project.
New rules:
- SPF testing, if the Mail::SPF::Query module is installed.
- added new rules and code to combat Bayes poisoning text and random
hash-busters; Habeas rules now verify against the Habeas user
list, to combat forged marks used in spam.
- URIDNSBL rules. These do DNSBL lookups on URLs, allowing URLs found
in the message body to be used in spam determination. Added the SURBL
blocklist (http://www.surbl.org/).
- Spamhaus XBL and a variety of new DNSBL rules
- Hashcash support.
- added Bob Menschel's 'longwords' rules
- added 'backhair' rule, technique based on Jennifer Wheeler's ruleset
- added Matt Kettler's 'antidrug' ruleset
- added anti-fraud rules from Matt Yackley
- added some hostname-based blocklist tests based on the envelope
sender address.
- a *lot* of other new rules, too many to detail here
Spamd:
- spamd now uses a 'preforking' model instead of 'fork per message'.
- new log format, detailing message-id, resent-message-id, the tests hit,
autolearn status, and several other things in a mass-check compatible
format, to provide more information for spamd log-summarizer scripts.
Infrastructure:
- Plugins. Third-party modules can now be written and loaded dynamically
from inside SpamAssassin, to provide support for entirely new rule types
or eval tests.
- SQL support for Bayes and AWL storage, thanks to Michael Parker.
See sql/README.bayes and sql/README.awl for additional information.
- ground-up rewrite of the MIME parser. Now deals correctly with complex
MIME structures, including entire message/rfc822 message attachments.
- rules can now test the "MAIL FROM:" address used in the SMTP transaction,
if it was logged to the message headers, using the "EnvelopeFrom"
pseudoheader. This allows rules such as SPF to be applied.
- Added optional faster but NFS-unsafe Bayes locking mechanism, using
"lock_method flock"
- support for parsing mbx mailboxes, as used by UW IMAP. Thanks to John
Newman for this patch.
- refactored configuration parser to split parser code from configuration
settings.
- Bayes databases can now be backed up and restored using --backup and
--restore.
- Config files can now include other files using the "include" command.
- replaced GA-based evolver with fast Perceptron score generation tool by
Henry Stern; scores can now be generated much more quickly.
- The "spamassassin" script can now check collections of mail en masse. This
lets us do things like 'spamassassin -d --mbox file1' and have the
functionality go over the entire mbox file. same for checks, adding to
white/black-lists, etc.
Translations:
- Dutch translation, thanks to Jesse Houwing
- Polish translations from Jerzy Szczudlowski and radek at alter dot pl
- French translations, Michel Bouissou
- German translations, Daniel Roethlisberger
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
---------------------------------------------------------------------
To unsubscribe, e-mail: spamassassin-announce-unsubscribe@incubator.apache.org
For additional commands, e-mail: spamassassin-announce-help@incubator.apache.org