You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Theo Van Dinter <fe...@kluge.net> on 2004/09/04 07:17:59 UTC
SpamAssassin 3.0.0-rc3 RELEASE CANDIDATE available!
*** THIS IS A RELEASE CANDIDATE ONLY, NOT THE FINAL 3.0.0 RELEASE ***
SpamAssassin 3.0.0-rc3 is released! SpamAssassin 3.0.0 is a major update
and includes a number of new email and anti-spam technologies.
SpamAssassin is a mail filter which uses advanced statistical and
heuristic tests to identify spam (also known as unsolicited bulk email).
Highlights of the release
-------------------------
- SpamAssassin is now part of the Apache Software Foundation and has an
improved software license, the 2.0 version of the Apache License.
- SpamAssassin now includes support for SPF (the Sender Policy Framework,
http://spf.pobox.com/).
- Web site links contained in the message are checked against SURBL and
SBL. SURBL and SBL track sites that advertise with spam, known spam
sources, and spam services.
- The new 3.0 architecture allows third-parties to easily add plugin modules.
- There is now SQL database support for both the Bayes and auto-whitelist
modules, allowing more large sites to easily deploy SpamAssassin.
- A more accurate simulation of email client handling of MIME and HTML
improves our accuracy. In addition, there is better detection and
handling of spammer techniques that try to trick anti-spam software.
Downloading
-----------
Pick it up from:
http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc3.tar.gz
http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc3.tar.bz2
http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc3.zip
md5sum of archive files:
b12e809b682b562a0ae2202eabf7e3f2 Mail-SpamAssassin-3.0.0-rc3.tar.bz2.md5
d0c34cfaeead3b16c4ce75e73b414403 Mail-SpamAssassin-3.0.0-rc3.tar.gz.md5
25f28c55045da75067d146c4946a9d73 Mail-SpamAssassin-3.0.0-rc3.zip.md5
sha1sum of archive files:
48a952f50b9183e6d288b719bf354af7cbc9f3e1 Mail-SpamAssassin-3.0.0-rc3.tar.bz2.sha1
6f3917209545344156a3a42c433f5135cc6c0aa6 Mail-SpamAssassin-3.0.0-rc3.tar.gz.sha1
c5cc8523e486b7a9f5fc5824ee4e18c3884b4d20 Mail-SpamAssassin-3.0.0-rc3.zip.sha1
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <re...@spamassassin.org>
Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
Important installation notes
----------------------------
- The SpamAssassin 2.6x release series was the last set of releases to
officially support perl versions earlier than perl 5.6.1. If you are
using an earlier version of perl, you will need to upgrade before you
can use the 3.0.0 version of SpamAssassin.
- SpamAssassin 3.0.0 has a significantly different API (Application
Program Interface) from the 2.x series of code. This means that if you
use SpamAssassin through a third-party utility (milter, etc,) you need
to make sure you have an updated version which supports 3.0.0.
- The --auto-whitelist and -a options for "spamd" and "spamassassin" to
turn on the auto-whitelist have been removed and replaced by the
"use_auto_whitelist" configuration option which is also now turned on by
default.
- The "rewrite_subject" and "subject_tag" configuration options were
deprecated and are now removed. Instead, using "rewrite_header Subject
[your desired setting]". e.g.
rewrite_subject 1
subject_tag ****SPAM(_SCORE_)****
becomes
rewrite_header Subject ****SPAM(_SCORE_)****
- The Bayesian storage modules have been completely re-written and now
include Berkeley DB (DBM) storage as well as SQL based storage (see
sql/README.bayes for more information). In addition, a new format has
been introduced for the bayes database that stores tokens in fixed
length hashes. All DBM databases should be automatically converted to
this new format the first time they are opened for write. You can
manually perform the upgrade by running "sa-learn --sync" from the
command line.
The "sa-learn --rebuild" command has been deprecated; please use
"sa-learn --sync" instead. The --rebuild option will remain temporarily
for backwards compatibility.
- "spamd" now has a default max-children setting of 5; no more than 5
child scanner processes will be run in parallel. Previously, there was
no default limit unless you specified the "-m" switch when starting
spamd.
- If you are using a UNIX machine with all database files on local disks,
and no sharing of those databases across NFS filesystems, you can use a
more efficient, but non-NFS-safe, locking mechanism. Do this by adding
the line "lock_method flock" to the /etc/mail/spamassassin/local.cf
file. This is strongly recommended if you're not using NFS, as it is
much faster than the NFS-safe locker.
- Please note that the use of the following command line parameters for
spamassassin and spamd have been deprecated and are now removed. If you
currently use these flags, please remove them:
in the 2.6x series: --add-from, --pipe, -F, -P, --stop-at-threshold, -S
in the 3.0.x series: --auto-whitelist, -a
- The following flags are deprecated and will be removed in a future major
release: --whitelist-factory, -M, --warning-from, -w, --log-to-mbox, -l.
- SpamAssassin runs in "taint mode" by default for improved security.
Certain third-party modules, such as Razor v2, may be incompatible with
taint mode. For Razor v2, you will need to be using v2.40 of
razor-agents or higher which allows taint mode by default. Earlier
versions which are patched to allow taint mode may be used as well.
- Finally, 2.6x deprecated the use of the "check_bayes_db" script, and it
is now no longer available. Please see the sa-learn man/pod
documentation for more info.
Summary of major changes since 2.6x
-----------------------------------
Licensing:
- Relicensed using Apache License v2.0, instead of dual GPL/PAL licensing,
since we are now an Apache Incubator project.
New rules:
- SPF testing, if the Mail::SPF::Query module is installed.
- added new rules and code to combat Bayes poisoning text and random
hash-busters; Habeas rules now verify against the Habeas user
list, to combat forged marks used in spam.
- URIDNSBL rules. These do DNSBL lookups on URLs, allowing URLs found
in the message body to be used in spam determination. Added the SURBL
blocklist (http://www.surbl.org/).
- Spamhaus XBL and a variety of new DNSBL rules
- Hashcash support.
- added Bob Menschel's 'longwords' rules
- added 'backhair' rule, technique based on Jennifer Wheeler's ruleset
- added Matt Kettler's 'antidrug' ruleset
- added anti-fraud rules from Matt Yackley
- added some hostname-based blocklist tests based on the envelope
sender address.
- a *lot* of other new rules, too many to detail here
Spamd:
- spamd now uses a 'preforking' model instead of 'fork per message'.
- new log format, detailing message-id, resent-message-id, the tests hit,
autolearn status, and several other things in a mass-check compatible
format, to provide more information for spamd log-summarizer scripts.
Infrastructure:
- Plugins. Third-party modules can now be written and loaded dynamically
from inside SpamAssassin, to provide support for entirely new rule types
or eval tests.
- SQL support for Bayes and AWL storage, thanks to Michael Parker.
See sql/README.bayes and sql/README.awl for additional information.
- ground-up rewrite of the MIME parser. Now deals correctly with complex
MIME structures, including entire message/rfc822 message attachments.
- rules can now test the "MAIL FROM:" address used in the SMTP transaction,
if it was logged to the message headers, using the "EnvelopeFrom"
pseudoheader. This allows rules such as SPF to be applied.
- Added optional faster but NFS-unsafe Bayes locking mechanism, using
"lock_method flock"
- support for parsing mbx mailboxes, as used by UW IMAP. Thanks to John
Newman for this patch.
- refactored configuration parser to split parser code from configuration
settings.
- Bayes databases can now be backed up and restored using --backup and
--restore.
- Config files can now include other files using the "include" command.
- replaced GA-based evolver with fast Perceptron score generation tool by
Henry Stern; scores can now be generated much more quickly.
- The "spamassassin" script can now check collections of mail en masse. This
lets us do things like 'spamassassin -d --mbox file1' and have the
functionality go over the entire mbox file. same for checks, adding to
white/black-lists, etc.
- Windows support improved.
Translations:
- Dutch translation, thanks to Jesse Houwing
- Polish translations from Jerzy Szczudlowski and radek at alter dot pl
- French translations, Michel Bouissou
- German translations, Klaus Heinz
Re: SpamAssassin 3.0.0-rc3 RELEASE CANDIDATE available!
Posted by Theo Van Dinter <fe...@kluge.net>.
On Fri, Sep 03, 2004 at 11:49:30PM -0800, John Andersen wrote:
> Why bother with this?
> http://www.infoworld.com/article/04/08/31/HNspammerstudy_1.html
Because SPF is a "sender reputation system", not an anti-spam system?
Because it means the spammers that use SPF aren't forging someone else's
email address on their mails?
SPF attacks one piece of the puzzle: forging and joe-jobs, which is a
nice bit to have solved.
--
Randomly Generated Tagline:
Only in America... do drugstores make the sick walk all the way to the
back of the store to get their prescriptions while healthy people can
buy cigarettes at the front.
Re: SpamAssassin 3.0.0-rc3 RELEASE CANDIDATE available!
Posted by Kenneth Porter <sh...@sewingwitch.com>.
--On Friday, September 03, 2004 11:49 PM -0800 John Andersen
<js...@pen.homeip.net> wrote:
> Why bother with this?
>
> http://www.infoworld.com/article/04/08/31/HNspammerstudy_1.html
Did you read the end of the article? SPF prevents forgery, not spam. It's
still valuable even if spammers use it.
Re: SpamAssassin 3.0.0-rc3 RELEASE CANDIDATE available!
Posted by Michael W Cocke <co...@catherders.com>.
On Fri, 3 Sep 2004 23:49:30 -0800, you wrote:
>On Friday 03 September 2004 09:17 pm, Theo Van Dinter wrote:
>
>> - SpamAssassin now includes support for SPF (the Sender Policy Framework,
>> http://spf.pobox.com/).
>
>Why bother with this?
>
>http://www.infoworld.com/article/04/08/31/HNspammerstudy_1.html
The first time I read that article I said the same thing, but after
further consideration it actually does do some good, I think. At
least now when we filter by FROM, we stand a chance of having it work.
Mike-
--
If you're not confused, you're not trying hard enough.
--
Please note - Due to the intense volume of spam, we have installed
site-wide spam filters at catherders.com. If email from you bounces,
try non-HTML, non-encoded, non-attachments,
Re: SpamAssassin 3.0.0-rc3 RELEASE CANDIDATE available!
Posted by Daniel Quinlan <qu...@pathname.com>.
John Andersen <js...@pen.homeip.net> writes:
> Why bother with [SPF]?
>
> http://www.infoworld.com/article/04/08/31/HNspammerstudy_1.html
We knew about this a long time ago. It's still a useful heuristic for
SpamAssassin, although there are indeed better ones. In the future, it
may become more useful if it is more widely deployed.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
Re: SpamAssassin 3.0.0-rc3 RELEASE CANDIDATE available!
Posted by John Andersen <js...@pen.homeip.net>.
On Friday 03 September 2004 09:17 pm, Theo Van Dinter wrote:
> - SpamAssassin now includes support for SPF (the Sender Policy Framework,
> http://spf.pobox.com/).
Why bother with this?
http://www.infoworld.com/article/04/08/31/HNspammerstudy_1.html
--
_____________________________________
John Andersen
Re: SpamAssassin 3.0.0-rc3 RELEASE CANDIDATE available!
Posted by Kai Schaetzl <ma...@conactive.com>.
sorry, missed to comment on this release earlier. Installed over RC2 on
one of our backup mail servers. No problems, just works (together with
MailScanner). Great :-)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org