Nabble - SpamAssassin - Announce

ANNOUNCE: Apache SpamAssassin 3.2.5 available

2008-06-12T06:23:46Z

Apache SpamAssassin 3.2.5 is now available! This is a maintenance
release of the 3.2.x branch.

Downloads are available from:
http://spamassassin.apache.org/downloads.cgi

The release file will also be available via CPAN in the near future.

md5sum of archive files:
695f9107b240383e48df8938f2de334e Mail-SpamAssassin-3.2.5.tar.bz2
7fdc1651d0371c4a7f95ac9ae6f828a6 Mail-SpamAssassin-3.2.5.tar.gz
663fe705e608e16fee280f7539ab9382 Mail-SpamAssassin-3.2.5.zip

sha1sum of archive files:
32b701ffc68f7975eded107c456b902bc710d8b2 Mail-SpamAssassin-3.2.5.tar.bz2
14b1f6eae0221a152176f7f597f55581445e800a Mail-SpamAssassin-3.2.5.tar.gz
b333acfdaf2289e37f72f1f1a18449645ee532d0 Mail-SpamAssassin-3.2.5.zip

The release files also have a .asc file accompanying them. The file serves as
an external GPG signature for the given release file. The signing key is
available via the wwwkeys.pgp.net key server, as well as at:
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@...>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

3.2.5 is a minor bug-fix release. Summary of changes:

- bug 5775: newer gpg versions require keys to be cross-certified (backsig). Did a cross-verify on our sa-update public key and re-exported. (If you are already seeing "GPG validation failed" errors from sa-update, see http://wiki.apache.org/spamassassin/SaUpdateKeyNotCrossCertified .)

- bug 5899: add perl version string to the storage area for compiled rulesets, to avoid crashes when perl is upgraded between major versions (e.g perl 5.8.x to 5.10.0) and the ABI breaks

- bug 5496, bug 5910: clear some FORGED_MUA_OUTLOOK false positives, particularly on the new-format Message-ID generated by the Outlook Express version used in Windows XP service pack 3

- bug 5730: when using Postgres >= 8.1.0 with Bayes, this error occurs: 'WARNING: nonstandard use of \ in a string literal at character'. fix, thanks to Tomasz Ostrowski

- bug 5769: fix 'sa-compile: eval failed: Can't find label NO' error, caused in rare circumstances when sa-compile attempted to deal with rules written using 'replace_rules' features

- bug 5858: fix circular reference memory leak caused by some messages

- bug 5815: update 2TLD list to include .rs CCTLD

- bug 4706: remove HG_HORMOME rules due to poor performance

- bug 5835: typo in POD docs for SPF plugin; thanks to Benny Pedersen for fix

- bug 5839: a missing or failed eval rule function could mistakenly count as a rule hit, fixed

- trivial bugfix for the VBounce ruleset: __BOUNCE_FROM_DAEMON incorrectly used + instead of *, so some From addresses were not being recognised as bounce senders

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@...
For additional commands, e-mail: announce-help@...

ANNOUNCE: Apache SpamAssassin 3.2.4 available

2008-01-07T09:20:12Z

Apache SpamAssassin 3.2.4 is now available! This is a maintenance
release of the 3.2.x branch.

Downloads are available from:
http://spamassassin.apache.org/downloads.cgi

The release file will also be available via CPAN in the near future.

md5sum of archive files:
2081c24c8b9064f9dd220e4f41e1d299 Mail-SpamAssassin-3.2.4.tar.bz2
81ec227d4d63aba08563ee868af9fbeb Mail-SpamAssassin-3.2.4.tar.gz
a30aefb67a2db87b0fd2dac31116026c Mail-SpamAssassin-3.2.4.zip

sha1sum of archive files:
876fc328a2b6192fa0bb8d7f6926214716178417 Mail-SpamAssassin-3.2.4.tar.bz2
5c0e01831256518b27139507a4ded38e582d8649 Mail-SpamAssassin-3.2.4.tar.gz
387e5a8cd2c0602bc6b5ff9cf582d4ce367a8fc1 Mail-SpamAssassin-3.2.4.zip

The release files also have a .asc file accompanying them. The file serves as
an external GPG signature for the given release file. The signing key is
available via the wwwkeys.pgp.net key server, as well as at:
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@...>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

3.2.4 is a major bug-fix release, with a few minor new features. Summary of
changes:

- bug 5599: allow load distribution of SA nameserver queries across all nameservers listed in resolv.conf, using 'dns_options rotate'. thanks to Pawel Sasin <hannibal /at/ wp-sa.pl>

- bug 5673: 'ALL' header was including spurious extra spaces between header names and values. fix

- bug 5594: several major sa-compile fixes. major increase in overall speed; cache results between runs to further increase speed; and fix a danger of massive memory usage

- bug 5556: fix a variety of sa-compile portability issues, and support for 5.6.x perls

- bug 5514: make 'score set for a non-existent rule' a debug message, instead of a lint warning, since it's a very frequent FAQ

- bug 5493: sa-compile fails to correctly deal with escaped backslashes. fix

- bug 5672: remove DNS_FROM_SECURITYSAGE (DNSBL lookups against securitysage.com) due to unreliability

- bug 5476: update Bonded Sender (now Sender Score Certified) rules, and add a rule for their strictly-confirmed-opt-in-required zone

- bug 5538: remove FORGED_MUA_AOL_FROM and FORGED_AOL_TAGS entirely; they're obsolete, given the current capabilities of AOL mail user agents

- bug 5632: remove all completewhois.com DNSBL lookups, site seems to have disappeared without warning

- bug 5715: allow for more than one sa-update MIRRORED.BY file host in DNS, for redundancy

- bug 5662: DKIM changes: recognize author signature and multiple signatures for whitelisting (with Mail::DKIM 0.29); disable useless "check_dkim_signsome"; new eval rules "check_dkim_valid_author_sig" and "check_dkim_valid" (an alias for a "check_dkim_verified" misnomer); new tags _DKIMIDENTITY_ and _DKIMDOMAIN_; updated terminology; verification speedup with Mail::DKIM 0.30 (or its pre-releases)

- bug 5696: sa-compile: cut regexp base strings at Unicode high codepoints, to avoid corruption of patterns containing UTF-8

- bug 5637: bayes_file_mode is handled incorrectly when creating bayes.mutex, resulting in incorrect permissions on that file; fix by Mihaly Barasz

- bug 5612: DB_File version 4.2.x has a bug that loops infinitely if files named '__db.{filename}' are present; work around. thanks to J. Nick Koston for the report and fix

- bug 5606: too-early init_learner() call causes root's user prefs file to be read when spamd is started; this is inappropriate. fix

- bug 4179: if allow_user_rules is 1, user rules are not unique to each user; one user's user rules can appear in later scans for other users that are run using the same spamd process. fix

- bug 5680: ALL_TRUSTED can fire if a trusted MSA or webmail system receives the message from an untrusted X-Originating-IP: header. fix

- bug 5626: in the 'spamassassin' script, install a signal handler for SIGHUP, SIGINT, SIGTERM and SIGPIPE to ensure that temporary files are removed

- bug 5557: some temporary files are left not cleaned up on Windows; fix

- bug 5661: speed up Bayes SQL queries by allowing the use of indexes when expiring

- bug 5611: support 'spamd --nouser-config -u username', which setuids to 'username' but does not read user_prefs files from anywhere

- bug 5665: spamd may fail to notice that a child has completed exiting, and keeps in the child list in state 'K', eventually filling up the child list with 'ghost' children. fix

- bug 5735: spamc should allow retry_sleep 0

- bug 5728: spamd: require -u with --sql-config or --ldap-config

- bug 5682: remove FH_HOST_ALMOST_IP, FH_HOST_EQ_D_D_D_D, due to false positives and redundancy with RDNS_DYNAMIC; remove FH_HOST_EQ_D_D_D_DB due to no hits

- bug 5681: look up IP addresses found in 'X-Yahoo-Post-IP' and 'X-SenderIP' headers, too, thanks to Martin Blapp

- Bug 5589: Refined async events handling and DNS lookup completions

- bug 5586: RDNS_NONE has false positives if the MTA doesn't put the hostname in the Received header, like Communigate Pro. add an exception for this

- bug 5748: fix locale problem with use of external sort in sa-compile

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@...
For additional commands, e-mail: announce-help@...

ANNOUNCE: Apache SpamAssassin 3.2.3 available

2007-08-09T13:38:51Z

Apache SpamAssassin 3.2.3 is now available! This is a maintenance
release of the 3.2.x branch.

Downloads are available from:
http://spamassassin.apache.org/downloads.cgi

The release file will also be available via CPAN in the near future.

md5sum of archive files:
e9a5fd94dead0fca3f26fb3feb0c8e57 Mail-SpamAssassin-3.2.3.tar.bz2
2e356b70b9458b44a828c19f6e816521 Mail-SpamAssassin-3.2.3.tar.gz
6ea8ef7f37e4b305217fa8074dd2219e Mail-SpamAssassin-3.2.3.zip

sha1sum of archive files:
53199e0218d2f93043fcdca4db3f164f1f9f7cbc Mail-SpamAssassin-3.2.3.tar.bz2
93337a5cf6cc6f4980307c08ad65575fa08d1f54 Mail-SpamAssassin-3.2.3.tar.gz
0eca91718518547323f43b5473d1362032edb592 Mail-SpamAssassin-3.2.3.zip

The release files also have a .asc file accompanying them. The file serves as
an external GPG signature for the given release file. The signing key is
available via the wwwkeys.pgp.net key server, as well as at:
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@...>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

3.2.3 is a major bug-fix release. Summary of changes:

- bug 5574: fix new setuid code to work with perl 5.6.1, and to support DCC and
Pyzor in all releases of perl

- bug 5107: change default 'user_scores_ldap_username' to be the null string,
allowing anonymous binding; fix 'schema' syntax error in LDAP config support

- zeroing an 'eval' rule's score did not stop it running. fix, thanks to
Richard Birkett <richard+spamassassin at musicbox.net>

- bug 5571: allow for new message ID format we have seen from Vista or Windows
2003 Server MAPI to avoid false positives

- bug 5397: RDNS_DYNAMIC should never fire on a PTR with 'static' in it; thanks
to Martin Blapp <mbr at freebsd.org>. bug 5563: RDNS_DYNAMIC rules use
order-dependent fields where it is unsafe to depend on this, fix. bug 5564:
__RDNS_DYNAMIC_IPADDR does not hit all of its test patterns, fix.

- bug 5475: fix FORGED_MUA_AOL_FROM to allow <*@{aol,cs}.*> addresses instead
of just <*@{aol,cs}.com>

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@...
For additional commands, e-mail: announce-help@...

ANNOUNCE: Apache SpamAssassin 3.2.2 available

2007-07-25T07:10:25Z

Apache SpamAssassin 3.2.2 is now available! This is a maintenance
release of the 3.2.x branch.

Downloads are available from:
http://spamassassin.apache.org/downloads.cgi

The release file will also be available via CPAN in the near future.

md5sum of archive files:
7423a1bca96b932d321882fc6092080b Mail-SpamAssassin-3.2.2.tar.bz2
87b2a8852f125060f781922c3663525f Mail-SpamAssassin-3.2.2.tar.gz
8dd32339bf82591b50c9eb307745c8fa Mail-SpamAssassin-3.2.2.zip

sha1sum of archive files:
6dfaa36eb8e500f9315cf2461fbd3229ae92a2c7 Mail-SpamAssassin-3.2.2.tar.bz2
e8ea034fa4f695607af0e596c86c5daf82f234e0 Mail-SpamAssassin-3.2.2.tar.gz
e9a9723bb1cbadaded2340ef0aa86a0329f03783 Mail-SpamAssassin-3.2.2.zip

The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@...>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

3.2.2 is a minor bug-fix release. Summary of changes:

- bug 5548: Certain mail input can take a long time to scan with 100% CPU
utilisation, due to backtracking in a rule's regexp. fix

- bugs 5510, 5518, 5529: fix 'make test' when running as root, needed for CPAN

- bug 5419: kill -HUP of pidof spamd causes the ps name to change from spamd
to perl. fixed

- bug 5535: 'make test' errors in Windows caused by nonportable use of
getpwuid

- bug 5462: multiple DNS records for a host name should allow use of spamd -H
for load balancing installs to work

- bugs 5509, 5511: fix network lookup timeouts, where lookups were being lost
once a timeout was hit; also fix code to match documentation on
rbl_timeout's scaling and minimum duration of 1 second; and attempt to
collect already-received DNS responses when the timeout is reached; improve
related debugging output. Thanks to Mark Martinec

- bugs 5412, 5478, 5522: Fix problems using the spamc -x option with certain
other options; 'spamc -x -R' always returned 0, instead of the exit code, on
error. Bug 5478: in addition, 'spamc -x -e /command' would still run the
command, even if errors meant that the filtered text would be unavailable,
which contradicted -x.

- bug 5445: body eval tests defined in user_rules cause ugly 'Subroutine
_eval_tests_type11_prineg400_set3 redefined' warnings

- bug 5355: add in new entries for RegistrarBoundaries

- bug 5515: libsslspamc.so & libsslspamc.so can not build without -fPIC, but
we were picking up the wrong CFLAGS to do this.

- bug 5501: zero score for FH_HAS_XID

- bug 5449: allow_user_rules causes sa-compile / Rule2XSBody plugin to emit
spurious warnings; fix. also, add a new 'user_conf_parsing_end' plugin
hook, which is called after the per-user configuration is parsed

- bug 5182: update the sa-learn doc to mention that -u is only usable w/ sql

- bug 5534: fix harmless-but-ugly C compiler warning in sa-compile

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@...
For additional commands, e-mail: announce-help@...

ANNOUNCE: Apache SpamAssassin 3.2.1 available

2007-06-13T08:42:26Z

Apache SpamAssassin 3.2.1 is now available! This is a maintenance and
security release of the 3.2.x branch. It is highly recommended that
people upgrade to this version from 3.2.0.

Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200706081100

The release file will also be available via CPAN in the near future.

md5sum of archive files:
7b2fdbcdca5e9a181d4bb1b17663c138 Mail-SpamAssassin-3.2.1.tar.bz2
a7d51294c565999da01f212e5ad2a031 Mail-SpamAssassin-3.2.1.tar.gz
e058ed0dfe82ee62f617c12cc02e538b Mail-SpamAssassin-3.2.1.zip

sha1sum of archive files:
3095b38d90d0362c4e47e117fb612778a2ac362b Mail-SpamAssassin-3.2.1.tar.bz2
fbb5f538238e188f985c8e6672dad531fa035eea Mail-SpamAssassin-3.2.1.tar.gz
d6566975544cd706052d310481d7a100ffce14d1 Mail-SpamAssassin-3.2.1.zip

The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@...>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

3.2.1 is a major bug-fix release, including a potential local DoS. The
major highlights are:

- bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS
vulnerability. It only affects systems where spamd is run as root, is used
with vpopmail or virtual users via the "-v"/"--vpopmail" OR
"--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND
WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch.
This is not default on any distro package, and is not a common configuration.
More details of the vulnerability can be read at
<http://spamassassin.apache.org/advisories/cve-2007-2873.txt>.

- bug 5488: zero some rules causing false positives: FH_HOST_EQ_D_D_D_DB and
FH_HOST_EQ_D_D_D_D.

- bug 5257: re-raise autolearn ham threshold to 1.0; the lower value
used in 3.2.0 was creating problems.

- bug 5422: in spamd, deleting hash entries from the SIGCHLD signal handler is
unsafe, causes corruption of the data structure, and results in 'prefork:
ordered child N to accept, but they reported state '1', killing rogue'
errors. fix.

- bug 5102: tighten up regexp for FORGED_HOTMAIL_RCVD to avoid some FPs.

- bug 5457: spamc build and test should handle not having zlib available.

- bug 5379: spamd could crash at startup if its preloading temporary directory
already exists. fix.

- bug 4616: spamc config can cause command line options to be ignored. fix.

- bug 5485: zero score DK/DKIM_POLICY_SIGNSOME rules since they'll always fire
due to defaults (unless there's an explicit SIGNALL policy).

- bug 5492: VBounce rule was looking in header instead of body for whitelisted
relays. fix.

- bug 5487: prevent multiple "urirhssub"s using the same zone from overwriting
each other.

- bug 5432 - Change default in Win32 build to not build spamc.

- bug 5446: add --updatedir option to sa-compile and remove inaccurate re2c
required version info from pod.

- bug 5436: add omitted "ifplugin" statements to the configuration, which would
otherwise cause lint errors if the default plugins were disabled.

- bug 5477: prevent Rule2XSBody info message from appearing on stderr during
spamd startup.

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@...
For additional commands, e-mail: announce-help@...

ANNOUNCE: Apache SpamAssassin 3.1.9 available!

2007-06-13T08:42:03Z

Apache SpamAssassin 3.1.9 is now available! This is a maintenance and
security release of the 3.1.x branch. It is highly recommended that
people upgrade to this version from 3.0.x or 3.1.x.

Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200706081100

The release file will also be available via CPAN in the near future.

md5sum of archive files:
ad5d812b1a04228f3dc3147ebd649bb3 Mail-SpamAssassin-3.1.9.tar.bz2
c0a6dc8564e60bf50d1792e4edc18e97 Mail-SpamAssassin-3.1.9.tar.gz
a1ed25d0878d102c17a91233ee741f87 Mail-SpamAssassin-3.1.9.zip

sha1sum of archive files:
bed85f0b7e269253e925831015f11809009080eb Mail-SpamAssassin-3.1.9.tar.bz2
181e0ca4e0568bb51e955b8b8e4595313fb7de8b Mail-SpamAssassin-3.1.9.tar.gz
c5f87a454ce4562558fd1af9ea71b7b858899f3e Mail-SpamAssassin-3.1.9.zip

The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@...>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

3.1.9 is a major bug-fix release, including a potential local DoS. The major
highlights are:

- bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS
vulnerability. It only affects systems where spamd is run as root, is used
with vpopmail or virtual users via the "-v"/"--vpopmail" OR
"--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND
WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch.
This is not default on any distro package, and is not a common configuration.
More details of the vulnerability can be read at
<http://spamassassin.apache.org/advisories/cve-2007-2873.txt>.

- bug 5353 - meta rule parsing should handle not equal ("!=") syntax.

- set the score for URI_TRUNCATED to 0.001.

- bug 5337: change the start order for Fedora such that spamd starts before the
MTA.

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@...
For additional commands, e-mail: announce-help@...

ANNOUNCE: Apache SpamAssassin 3.2.0 available

2007-05-02T15:02:10Z

Apache SpamAssassin 3.2.0 is now available! This is the official release,
and contains a significant number of changes and major enhancements --
please use it!

Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200705021400

md5sum of archive files:
6840e3be132e2c3cbf66298b0227e880 Mail-SpamAssassin-3.2.0.tar.bz2
aed988bb6cf463afc868a64d4cd771a3 Mail-SpamAssassin-3.2.0.tar.gz
484045c69499b2fa59f024179f1f49c2 Mail-SpamAssassin-3.2.0.zip

sha1sum of archive files:
2fb864f01fc1c287e6f6e62fab8338f32cd20fb1 Mail-SpamAssassin-3.2.0.tar.bz2
af3941ab4f9548107d06966780ba71f751ab0216 Mail-SpamAssassin-3.2.0.tar.gz
bf785d7088371ad3beafe6084bf296ee3434038c Mail-SpamAssassin-3.2.0.zip

The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@...>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

See the INSTALL and UPGRADE files in the distribution for important
installation notes.

Summary of major changes since 3.1.8
------------------------------------

Changes to the core code:

* new behavior for trusted_networks/internal_networks: the 127.* network is now always considered trusted and internal, regardless of configuration.

* bug 3109: short-circuiting of 'definite ham' or 'definite spam' messages based on individual short-circuit rules using the 'shortcircuit' setting, by Dallas Engelken <dallase /at/ uribl.com>.

* bug 5305: implement 'msa_networks', for ISPs to specify their Mail Submission Agents, and extend network trust accordingly.

* bug 4636: Add support for charset normalization, so rules can be written in UTF-8 to match text in other charsets.

* sa-compile: compilation of SpamAssassin rules into a fast parallel-matching DFA, implemented in native code.

* "tflags multiple": allow writing of rules that count multiple hits in a single message.

* bug 4363: if a message uses CRLF for line endings, we should use it as well, otherwise stay with LF as usual; important for Windows users.

* bug 4515: content preview was omitting first paragraph when no Subject: header was present.

* The third-party modules used by sa-update are now required by the SpamAssassin package, instead of being optional.

* Bug 5165: 'sa-update --checkonly' added to check for updates without applying them; thanks to <anomie /at/ users.sourceforge.net>

* Bugs 4606, 4609: Adjust MIME parsing limits for nested multipart/* and message/rfc822 MIME parts.

* bug 5295: add 'whitelist_auth', to whitelist addresses that send mail using sender-authorization systems like SPF, Domain Keys, and DKIM

* Removed dependency on Text::Wrap CPAN module.

* Received header parsing updates/fixes/additions.

Spamc / spamd:

* bug 4603: Mail::SpamAssassin::Spamd::Apache2 -- mod_perl2 module, implementing spamd as a mod_perl module, contributed as a Google Summer of Code project by Radoslaw Zielinski.

* bug 3991: spamd can now listen on UNIX domain, TCP, and SSL sockets simultaneously. Command-line semantics extended slightly, although fully backwards compatibly; add the --ssl-port switch to allow TCP and SSL listening at the same time.

* bug 3466: do Bayes expiration, if required, after results have been passed back to the client from spamd; this helps avoid client timeouts.

* more complete IPv6 support.

* spamc: Add '-K' switch, to ping spamd.

* spamc: add '-z' switch, which compresses mails to be scanned using zlib compression; very useful for long-distance use of spamc over the internet.

* bug 5296: spamc '--headers' switch, which scans messages and transmits back just rewritten headers. This is more bandwidth-efficient than the normal mode of scanning, but only works for 'report_safe 0'.

* Bump spamd's protocol version to 1.4, to reflect new HEADERS verb used for '--headers'.

Mail::SpamAssassin modules and API:

* bug 4589: allow M::SA::Message to use IO::File objects to read in message (same as GLOB).

* bug 4517: rule instrumentation plugin hooks, to measure performance, from John Gardiner Myers <jgmyers /at/ proofpoint.com>.

* add two features to core rule-parsing code; 1. optional behaviour to recurse through subdirs looking for .cf/.pre's, to support rules compilers working on rulesrc dir. 2. call back into invoking code on lint failure, so rule compiler can detect which rules exactly fail the lint check.

* bug 5206: detect duplicate rules, and silently merge them internally for greater efficiency.

* bug 5243: add Plugin::register_method_priority() API, allowing plugins to control the relative ordering of plugin callbacks relative to other plugins' implementations.

* Reduced memory footprint.

Plugins:

* bug 5236: Support Mail::SPF replacement for Mail::SPF::Query.

* bug 5127: allow mimeheader :raw rules to match newlines and folded-header whitespace in MIME header strings.

* bug 4770: add ASN.pm plugin, contributed by Matthias Leisi <matthias at leisi.net>

* bug 5271: move ImageInfo ruleset into 3.2.0 core rules, thanks to Dallas Engelken <dallase /at/ uribl.com>.

* VBounce ruleset and plugin: detect spurious bounce messages sent by broken mail systems in response to spam or viruses. (Based on Tim Jackson's "bogus-virus-warnings.cf" ruleset.)

* DomainKeys/DKIM: Mail::DKIM is now preferred over Mail::DomainKeys, since the latter module is no longer actively maintained, and Mail::DKIM can handle both DomainKeys and DKIM signatures.

* DKIM: separate signature verification from fetching a policy: can save a DNS lookup for each unverified message by setting score to 0 for all policy-related rules (DKIM_POLICY_SIGNALL, DKIM_POLICY_SIGNSOME, and DKIM_POLICY_TESTING). (thanks to Mark Martinec)

* DKIM: support testing flags in the public key, as well as in the policy record. (thanks to Mark Martinec)

* DKIM: skip fetching a policy (SSP) if a signature does verify, according to draft-allman-dkim-ssp-02 (thanks to Mark Martinec)

* Move rule functionality and checking into separate Check plugin, allowing third parties to implement alternative scanner core algorithms.

* core EvalTests code moved into various plugins.

* Plus lots of miscellaneous bug fixes.

A more detailed change log can be read here:

http://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_release_3_2_0/Changes

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@...
For additional commands, e-mail: announce-help@...

ANNOUNCE: Apache SpamAssassin 3.1.8 available!

2007-02-14T14:33:58Z

Apache SpamAssassin 3.1.8 is now available! This is a maintenance and
security release of the 3.1.x branch. It is highly recommended that
people upgrade to this version.

Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200702131100

The release file will also be available via CPAN in the near future.

md5sum of archive files:
e8184a9a4ff11da5bd20b294cfeac7ac Mail-SpamAssassin-3.1.8.tar.bz2
20a3a6b651a89dcc70634715ca833996 Mail-SpamAssassin-3.1.8.tar.gz
c81ef93066e60353032c21991e3c9ae2 Mail-SpamAssassin-3.1.8.zip

sha1sum of archive files:
0d092c4de6e6df66f1d0fb0ca8589147ee4096cb Mail-SpamAssassin-3.1.8.tar.bz2
08f81f72d8a783887cf815dfc55ea38e3582b966 Mail-SpamAssassin-3.1.8.tar.gz
f172c47a896c3c78aacf21f2af99088bd53363d0 Mail-SpamAssassin-3.1.8.zip

The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@...>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

3.1.8 is a major bug-fix release, including a potential DoS. The major
highlights are:

- bug 5318: fix for CVE-2007-0451: possible DoS due to incredibly
long URIs found in the message content.
- bug 5240: disable perl module usage in update channels unless
--allowplugins is specified
- bug 5288: files with names starting/ending in whitespace weren't usable
- bug 5056: remove Text::Wrap related code due to upstream issues
- bug 5145: update spamassassin and sa-learn to better deal with STDIN
- bug 5140 and 5179: improvements and bug fixes related to DomainKeys
and DKIM support
- several updates for Received header parsing
- several documentation updates and random taint-variable related issues

A more detailed change log can be read here:

http://svn.apache.org/repos/asf/spamassassin/branches/3.1/Changes

--
Randomly Selected Tagline:
"I have a simple test to determine if any windows executable that I
received via E-mail is a virus or not: If I received it, it's a virus."
- Charlie Watts on the SpamAssassin mailing list

attachment0 (196 bytes) Download Attachment

ANNOUNCE: Apache SpamAssassin 3.1.6 available!

2006-10-05T13:08:20Z

Apache SpamAssassin 3.1.6 is now available! This is a maintenance
release of the 3.1.x branch.

Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200610050918

The release file will also be available via CPAN in the near future.

md5sum of archive files:

1cf43cea76e30aec6983cdbfe2e08316 Mail-SpamAssassin-3.1.6.tar.bz2
a0acc5e63a5e3401d039cd05cd189b96 Mail-SpamAssassin-3.1.6.tar.gz
aac75c43ef9a74df4c100e8a7e37a5fd Mail-SpamAssassin-3.1.6.zip

sha1sum of archive files:
16575633e60177733069c1681d6bf9528c076274 Mail-SpamAssassin-3.1.6.tar.bz2
fbf7e7aac113313da3f7357260d1a295ff275eef Mail-SpamAssassin-3.1.6.tar.gz
779ea2f5174de766405bdaa6d378ed6e7a749526 Mail-SpamAssassin-3.1.6.zip

The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key
<release@...>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

3.1.6 includes a large number of bug fixes and documentation updates.
Here is an abbreviated changelog (since 3.1.5) for major updates (see
the Changes file for a complete list):

- bug 4940: fixes to bug in date handling affecting DATE_IN_FUTURE_*
and DATE_IN_PAST_* rules when more than one Resent-Date header is
present
- bug 5044: include local site config in sa-update lint checks
- bug 5081: fix race condition in spamd preforking code that sometimes
left one child process running after SIGHUPing spamd
- bug 5076: unescape hash characters in the config
- bug 5077: fix false SPF_SOFTFAIL's when SPF queries timeout
- bug 5080: update RCVD_ILLEGAL_IP evaltest to properly deal with 127/8
- bug 5089: enable adding headers with single digit zero value
- bug 5098: add support for ecelerity Received headers
- bug 5101: fix a bug, introduced in 3.1.5, in mbx code
- bug 5105: M::SA::Client doesn't always catch failed connection to
spamd, fixed

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@...
For additional commands, e-mail: announce-help@...

ANNOUNCE: Apache SpamAssassin 3.1.5 available!

2006-08-30T09:21:00Z

Apache SpamAssassin 3.1.5 is now available! This is a maintainance
release of the 3.1.x branch.

Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200608300000

The release file will also be available via CPAN in the near future.

md5sum of archive files:
ae8734220ef82bbb1872f64dbf9c0995 Mail-SpamAssassin-3.1.5.tar.bz2
19d2e76d7759083343d63e61e6e29739 Mail-SpamAssassin-3.1.5.tar.gz
87bd540428116d6339322fef51b0c4eb Mail-SpamAssassin-3.1.5.zip

sha1sum of archive files:
9c9bcf4098c2b3418d5ea9ba69d1dcdfa255a819 Mail-SpamAssassin-3.1.5.tar.bz2
672399ab2e600ba2ae19d71f77974dc27512e837 Mail-SpamAssassin-3.1.5.tar.gz
9350e298c04d04b755640fa3ec2b5633755f93ad Mail-SpamAssassin-3.1.5.zip

The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@...>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

3.1.5 includes a large number of bug fixes and documentation updates.
Here is an abbreviated changelog (since 3.1.4) for major updates (see
the Changes file for a complete list):

- bug 4952: set a default value for DEF_RULES_DIR, LOCAL_RULES_DIR,
and LOCAL_STATE_DIR. This allows third-party code which hasn't been
updated to deal with LOCAL_STATE_DIR to still use updates.
- bug 5065: implement DomainKeys whitelisting (whitelist_from_dk)
- bug 5034: fix endless loop in Mail::SpamAssassin::Client, possible
from bad input or network error
- bug 4843: skip text/calendar parts when generating body text for processing
- bug 5022: recognize Received header from a local command line call to sendmail
- bug 5018: update RegistrarBoundaries with new list of 2TLDs
- bug 4981: remove urirhssub support for regexp subrule from URIDNSBL plugin
- bug 5049: handle comments and extra whitespace in sa-update config files.
also, fix an error during channel name validation.
- bug 5030: sa-update couldn't run GPG if the path to the binary had a space in it
- bug 4737: when rewriting headers, strip out leading spaces to better allow
filtering by some MUAs
- bug 4848: fix Pyzor, DCC, and SpamCop plugins to properly have a
configuration pointer for things like their 'dont_report_to_...' option
- bug 4492: the parameters to bayes_ignore_header were treated case sensitively
- license text changed in source files, in accordance with new ASF policy:
http://www.apache.org/legal/src-headers.html
- a bunch of documentation updates and fixes

--
Randomly Generated Tagline:
"Always bear in mind that your own resolution to succeed is more important
than any other." - Abraham Lincoln

attachment0 (196 bytes) Download Attachment

ANNOUNCE: Apache SpamAssassin 3.0.6 available!

2006-06-05T10:15:14Z

Apache SpamAssassin 3.0.6 is now available! This is a maintainance
release of the 3.0.x branch.

Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200606050750

The release file will also be available via CPAN in the near future.

md5sum of archive files:
423eb193db9f7757c6d957f5c04550cb Mail-SpamAssassin-3.0.6.tar.bz2
bf0a1e1a7f6e5dd719deda6293b83e35 Mail-SpamAssassin-3.0.6.tar.gz
72c012d51f8507c2839a34f900c80412 Mail-SpamAssassin-3.0.6.zip

sha1sum of archive files:
10d42d954c421f40fbbd9411a5ff096e29240c6f Mail-SpamAssassin-3.0.6.tar.bz2
78358df8ea26513a8fbe466f484d19e487e5438f Mail-SpamAssassin-3.0.6.tar.gz
17031fd2c9b54846d4e41d7ea3945639659fd91e Mail-SpamAssassin-3.0.6.zip

The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@...>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

3.0.6 fixes a remote code execution vulnerability if spamd is run with the
"--vpopmail" and "-P" options. If either/both of those options are not
used, there is no vulnerability.

Changelog:

- bug 4926: given a certain set of parameters to spamd and a specially
formatted input message, users could cause spamd to execute arbitrary
commands as the spamd user

attachment0 (198 bytes) Download Attachment

ANNOUNCE: Apache SpamAssassin 3.1.3 available!

2006-06-05T10:13:09Z

Apache SpamAssassin 3.1.3 is now available! This is a maintainance
release of the 3.1.x branch.

Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200606050750

The release file will also be available via CPAN in the near future.

md5sum of archive files:
5f049f0b9fc63585a85593a3c68409bb Mail-SpamAssassin-3.1.3.tar.bz2
32ad78f3cdaddb02cdf0f55572604d07 Mail-SpamAssassin-3.1.3.tar.gz
6cb6fc27c4466091b2bc4e04af8c39bf Mail-SpamAssassin-3.1.3.zip

sha1sum of archive files:
e1f4489ec8805985e0ca79765bde586bf0286725 Mail-SpamAssassin-3.1.3.tar.bz2
ed9e18fae6db86d0b77ce48d8262194e06df9ef8 Mail-SpamAssassin-3.1.3.tar.gz
090dfd3eaa0481789fbf94f67bcf9c2dd6387959 Mail-SpamAssassin-3.1.3.zip

The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@...>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

3.1.3 fixes a remote code execution vulnerability if spamd is run with the
"--vpopmail" and "-P" options. If either/both of those options are not
used, there is no vulnerability. There was also a fix for the userstate
directory and prefs file not being created.

Changelog:

- bug 4926: given a certain set of parameters to spamd and a specially
formatted input message, users could cause spamd to execute arbitrary
commands as the spamd user
- bug 4932: the userstate dir and userprefs file would not be created
under certain conditions.

attachment0 (198 bytes) Download Attachment

ANNOUNCE: Apache SpamAssassin 3.1.2 available!

2006-05-25T18:42:47Z

Apache SpamAssassin 3.1.2 is now available! This is a maintainance
release of the 3.1.x branch.

Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200605251700

The release file will also be available via CPAN in the near future.

md5sum of archive files:
e1fb14def1265d6d7351ba27b5940da2 Mail-SpamAssassin-3.1.2.tar.bz2
f255d8e887ea7961939d40b184e82054 Mail-SpamAssassin-3.1.2.tar.gz
9af9f2db1526baaa01b6b14a9b0e057a Mail-SpamAssassin-3.1.2.zip

sha1sum of archive files:
aad32b73f2870182fe8f2dd5277e94d0da91b196 Mail-SpamAssassin-3.1.2.tar.bz2
ea5e1e9755e294ee9edb238144ac831602d10027 Mail-SpamAssassin-3.1.2.tar.gz
c00da67f7dd9d9df7f9e148c7530586711991f46 Mail-SpamAssassin-3.1.2.zip

The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@...>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

3.1.2 includes a large number of bug fixes and documentation updates.
Here is an abbreviated changelog (since 3.1.1) for major updates (see
the Changes file for a complete list):

- bug 4802: implement DKIM plugin, including whitelist_from_dkim support
- bug 3838: work around Perl bug causing captured RE variables to become
tainted -- thanks to Mark Martinec for pointing out the bug with
Perl itself
- bug 4850: re-enable the Razor2 plugin by default due to a service
policy change
- bug 4826: Razor2 plugin needs to load Mail::SpamAssassin::Timeout module
- bug 4827: M::SA::first_existing_path() would return the last array
entry passed in if none of the paths were found. Now return undef
instead and handle the error when it happens.
- bug 4813: generally open RE causes sendmail received header get read
in as qmail in error
- bug 4839: Logger.pm converts control chars including tab into
underscores which confuses a bunch of users when checking debug output.
Convert tab into space instead, etc.
- bug 4884: if a null message is passed in, there are several variables
which end up undefined causing warnings. fake an empty message if no
input is given.
- bug 4793: when replacing tags in a message (_TAG_), leave the tags
that don't exist alone instead of just removing them
- bug 4861, 4760: handle dccifd and dccproc failover properly, backport
relays_internal and relays_external code, backport bug 4760 fix so
that it's not possible to be in internal_networks without being in
trusted_networks as well
- bug 4901: deal more properly with failures in bgsend(). also, use
the proper variable to show when errors occur.
- bug 4867: fetchmail changed header formats at some point making Received
parsing fail in certain conditions
- bug 4699: use M::SA::Timeout for spamd copy_config call and allow for empty $@ values
- bug 3754: if there's a problem opening a file via sa-learn or
spamassassin, return an error exit value.

attachment0 (198 bytes) Download Attachment

ANNOUNCE: Apache SpamAssassin 3.1.1 available!

2006-03-11T17:16:49Z

Apache SpamAssassin 3.1.1 is now available! This is a maintainance
release of the 3.1.x branch.

Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200603111700

The release file will also be available via CPAN in the near future.

md5sum of archive files:
33bc2bef2619135125ccf3b5a663be1d Mail-SpamAssassin-3.1.1.tar.bz2
f7844cbc149de3d7b09a4310f4ab6739 Mail-SpamAssassin-3.1.1.tar.gz
e5ae2dc25b6fc93c048adaf4beaa86e0 Mail-SpamAssassin-3.1.1.zip

sha1sum of archive files:
7723663486b013f738eb8e805a7503f52f50e347 Mail-SpamAssassin-3.1.1.tar.bz2
cda06e3d38d831521c59e50ec024e468b76035cb Mail-SpamAssassin-3.1.1.tar.gz
582114d083dcdc0975d710d54ebdb39cb020a10e Mail-SpamAssassin-3.1.1.zip

The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@...>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

3.1.1 includes a large number of bug fixes and documentation updates.
Here is an abbreviated changelog (since 3.1.0) for major updates (see
the Changes file for a complete list):

- better validate a number of different configuration options
- support new Mail::DomainKeys API, which changed incompatibly between
0.18 and 0.80 without warning
- more properly handle new Received header formats
- bug 4788: backport sa-update from 3.2 along with the local_state_dir
code, etc.
- bug 4760: strictly validate trusted/internal network configurations
- bug 4696: consolidated fixes for timeout bugs
- bug 3710: add timeout to connect so spamc -t works
- bug 4363: if a message uses CRLF for line endings, use it for header
rewrites as well
- bug 4748: add ExpressionEngine and Google redirector patterns
- bug 3815: add _RELAYCOUNTRY_ tag so that the RelayCountry plugin can
put in the list of countries relayed through
- bug 4090: x86_64 platforms (linux specifically) have an issue compiling
libspamc.so causing RPM build failures
- bug 4791: fix issue where perl would throw a UTF-8 warning for certain
messages
- bugs 4606, 4609: Adjust MIME parsing limits
- bug 4780: fix IP_ADDRESS & LOCALHOST regexes to correctly parse IPv6
addresses
- bug 4728: DUL rules should only use the last external IP, not all but
the first of the external IPs
- bug 4700: certain privileged configuration settings can inject code,
due to a bad fix for bug 3846. Back that out
- bug 4655: have redhat-rc-script create .pid file for spamassassin
service to avoid killing the wrong processes and leaving spamd running

attachment0 (198 bytes) Download Attachment

ANNOUNCE: SpamAssassin 3.1.0 available!

2005-09-14T17:52:32Z

SpamAssassin 3.1.0 is released! SpamAssassin 3.1.0 is a major update.
SpamAssassin is a mail filter which uses advanced statistical and
heuristic tests to identify spam (also known as unsolicited bulk email).

Highlights of the release
-------------------------

- Apache preforking algorithm adopted; number of spamd child processes is now
scaled, according to demand. This provides better VM behaviour when not
under peak load.

- added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. SQL
storage is now recommended for Bayes, instead of DB_File. NDBM_File support
has been dropped due to a major bug in that module.

- detect legitimate SMTP AUTH submission, to avoid false positives on
Dynablock-style rules.

- new plugins: DomainKeys (off by default), MIMEHeader: a new plugin to perform
tests against header in internal MIME structure, ReplaceTags: plugin by Felix
Bauer to support fuzzy text matching, WhiteListSubject: plugin added to
support user whitelists by Subject header.

- Razor: disable Razor2 support by default per our policy, since the service is
not free for non-personal use. It's trivial to reenable (by editing
'/etc/mail/spamassassin/v310.pre').

- DCC: disable DCC for similar reasons, due to new license terms.

- Net::DNS bug: high load caused answer packets to be mixed up and delivered as
answers to the wrong request, causing false positives. worked around.

- DNSBL lookups and other DNS operations are now more efficient, by using a
custom single-socket event-based model instead of Net::DNS.

Downloading
-----------

Pick it up from:

http://SpamAssassin.apache.org/

Note, it may take up to two hours from now for that mirror to update.

md5sum:

d28bd7e83d01b234144e336bbfde0caa Mail-SpamAssassin-3.1.0.tar.bz2
f70c1fcab3d9563731bbc307eda7d69e Mail-SpamAssassin-3.1.0.tar.gz
65e9629ce255244fe3cb3d9772cdf239 Mail-SpamAssassin-3.1.0.zip

sha1sum:

0185f076f619dd9e64e94b453017f9b08d4b0f04 Mail-SpamAssassin-3.1.0.tar.bz2
d887cbae5962cb03e45aaf71cd93881a27cccc99 Mail-SpamAssassin-3.1.0.tar.gz
8b9494448782f910e573377bf226a8072f24bb3f Mail-SpamAssassin-3.1.0.zip

The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@...>
Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B

Important installation notes
----------------------------

- see the INSTALL and UPGRADE files in the distribution.

Summary of major changes since 3.0.x
------------------------------------

- Apache preforking algorithm adopted; number of spamd child processes is now
scaled, according to demand. This provides better VM behaviour when not
under peak load.

- Inclusion of sa-update script which will allow for updates of rules and
scores in between code releases.

- added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. SQL
storage is now recommended for Bayes, instead of DB_File. NDBM_File support
has been dropped due to a major bug in that module.

- detect legitimate SMTP AUTH submission, to avoid false positives on
Dynablock-style rules.

- new Advance Fee Fraud (419 scam) rules.

- removed use of the Storable module, due to several reported hangs on SMP
Linux machines.

- Converted several rule/engine components into Plugins such as:
AccessDB, AWL, Pyzor, Razor2, DCC, Bayes AutoLearn Determination, etc.

- new plugins: DomainKeys (off by default), MIMEHeader: a new plugin to perform
tests against header in internal MIME structure, ReplaceTags: plugin by Felix
Bauer to support fuzzy text matching, WhiteListSubject: plugin added to
support user whitelists by Subject header.

- TextCat language guesser moved to a plugin. (This means "ok_languages"
is no longer part of the core engine by default.)

- Razor: disable Razor2 support by default per our policy, since the
service is not free for non-personal use. It's trivial to reenable.

- DCC: disable DCC for similar reasons, due to new license terms.

- Net::DNS bug: high load caused answer packets to be mixed up and delivered as
answers to the wrong request, causing false positives. worked around.

- DNSBL lookups and other DNS operations are now more efficient, by using a
custom single-socket event-based model instead of Net::DNS.

- add support for accreditation services, including Habeas v2.

- better URI parsing -- many evasion tricks now caught.

- URIBL lookups are prioritized based on the location in the message
the URI was found.

- mass-check now supports reusing realtime DNSBL hit results, and sample-based
Bayes autolearning emulation, to reduce complexity.

- sa-learn, spamassassin and mass-check now have optional progress bars.

- modify header ordering for DomainKeys compatibility, by placing markup
headers at the top of the message instead at the bottom of the list.

- spamd/spamc now support remote Bayes training, and reporting spam.

- spamc now supports reading its flags from a configuration file using the -F
switch, contributed by John Madden.

- added SPF-based whitelisting.

- Polish rules contributed by Radoslaw Stachowiak.

- many rule changes and additions.