You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Daniel Quinlan <qu...@pathname.com> on 2004/09/22 13:37:06 UTC
ANNOUNCE: SpamAssassin 3.0.0 information
(technical information about SpamAssassin 3.0.0 release)
SpamAssassin 3.0.0 is released! SpamAssassin 3.0.0 is a major update and
includes a number of new email and anti-spam technologies.
SpamAssassin is a mail filter which uses advanced statistical and
heuristic tests to identify spam (also known as unsolicited bulk email).
Contents:
Downloading
MD5 checksums
SHA1 checksums
GPG key information
Major feature list
Important installation notes
New rules
Spamd changes
Engine changes
Translations:
Downloading:
Please use a mirror off of <http://spamassassin.apache.org/>.
MD5 checksums:
b77c7b29ddc4283d597610bf540670d9 Mail-SpamAssassin-3.0.0.tar.bz2
e38035c260310e18158d95a41cadae93 Mail-SpamAssassin-3.0.0.tar.gz
7b5d10c33d33e16a849fdba7b2c9bc43 Mail-SpamAssassin-3.0.0.zip
SHA1 checksums:
d722c0e27b4b9c8117e5c583c0924a0b81f62a30 Mail-SpamAssassin-3.0.0.tar.bz2
d52c317483483874f2b7e5dd544094249bedbdad Mail-SpamAssassin-3.0.0.tar.gz
3a0c3373b2655c14c14ababa61b7c3791340ee72 Mail-SpamAssassin-3.0.0.zip
GPG key information:
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as a file
named GPG-SIGNING-KEY in the download directory.
pub 1024D/265FA05B 2003-06-09 Apache SpamAssassin <re...@spamassassin.org>
Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
Major feature list:
- SpamAssassin is now part of the Apache Software Foundation and has an
improved software license, the 2.0 version of the Apache License.
- SpamAssassin now includes support for SPF (the Sender Policy
Framework, http://spf.pobox.com/).
- Web site links contained in the message are checked against SURBL and
SBL. SURBL and SBL track sites that advertise with spam, known spam
sources, and spam services.
- The new 3.0 architecture allows third-parties to easily add plugin
modules.
- There is now SQL database support for both the Bayes and
auto-whitelist modules, allowing more large sites to easily deploy
SpamAssassin.
- A more accurate simulation of email client handling of MIME and HTML
improves our accuracy. In addition, there is better detection and
handling of spammer techniques that try to trick anti-spam software.
Important installation notes:
- The SpamAssassin 2.6x release series was the last set of releases to
officially support perl versions earlier than perl 5.6.1. If you are
using an earlier version of perl, you will need to upgrade before you
can use the 3.0.0 version of SpamAssassin.
- SpamAssassin 3.0.0 has a significantly different API (Application
Program Interface) from the 2.x series of code. This means that if
you use SpamAssassin through a third-party utility (milter, etc,) you
need to make sure you have an updated version which supports 3.0.0.
- The --auto-whitelist and -a options for "spamd" and "spamassassin" to
turn on the auto-whitelist have been removed and replaced by the
"use_auto_whitelist" configuration option which is also now turned on
by default.
- The "rewrite_subject" and "subject_tag" configuration options were
deprecated and are now removed. Instead, using "rewrite_header Subject
[your desired setting]". e.g.
rewrite_subject 1
subject_tag ****SPAM(_SCORE_)****
becomes
rewrite_header Subject ****SPAM(_SCORE_)****
- The Bayesian storage modules have been completely re-written and now
include Berkeley DB (DBM) storage as well as SQL based storage (see
sql/README.bayes for more information). In addition, a new format has
been introduced for the bayes database that stores tokens in fixed
length hashes. All DBM databases should be automatically converted to
this new format the first time they are opened for write. You can
manually perform the upgrade by running "sa-learn --sync" from the
command line.
The "sa-learn --rebuild" command has been deprecated; please use
"sa-learn --sync" instead. The --rebuild option will remain
temporarily for backwards compatibility.
- "spamd" now has a default max-children setting of 5; no more than 5
child scanner processes will be run in parallel. Previously, there
was no default limit unless you specified the "-m" switch when
starting spamd.
- If you are using a UNIX machine with all database files on local
disks, and no sharing of those databases across NFS filesystems, you
can use a more efficient, but non-NFS-safe, locking mechanism. Do
this by adding the line "lock_method flock" to the
/etc/mail/spamassassin/local.cf file. This is strongly recommended if
you're not using NFS, as it is much faster than the NFS-safe locker.
- Please note that the use of the following command line parameters for
spamassassin and spamd have been deprecated and are now removed. If
you currently use these flags, please remove them:
in the 2.6x series: --add-from, --pipe, -F, -P, --stop-at-threshold, -S
in the 3.0.x series: --auto-whitelist, -a
- The following flags are deprecated and will be removed in a future
major release: --whitelist-factory, -M, --warning-from, -w,
--log-to-mbox, -l.
- SpamAssassin runs in "taint mode" by default for improved security.
Certain third-party modules, such as Razor v2, may be incompatible
with taint mode. For Razor v2, you will need to be using v2.40 of
razor-agents or higher which allows taint mode by default. Earlier
versions which are patched to allow taint mode may be used as well.
- Finally, 2.6x deprecated the use of the "check_bayes_db" script, and
it is now no longer available. Please see the sa-learn man/pod
documentation for more info.
New rules:
- SPF is supported using the Mail::SPF::Query module.
- There are new rules and code to combat Bayes-poisoning text and random
hash-busters; Habeas rules now check against the Habeas user list to
combat forged marks used in spam.
- URIDNSBL rules: these do DNSBL lookups on URLs using SURBL and SBL,
allowing spamvertised URLs found in the message body to be scored.
- Spamhaus XBL and a variety of new DNSBL rules were added.
- Hashcash is supported.
- Bob Menschel's "longwords" rules were added.
- The "backhair" rules were added to combat HTML obfuscation, a
technique based on Jennifer Wheeler's "backhair" ruleset.
- Matt Kettler's "antidrug" rules were added.
- Anti-fraud rules from Matt Yackley were added.
- Some hostname-based blocklist tests based on the envelope sender
address were added.
- And more...
Spamd changes:
- spamd now uses a "preforking" model instead of "fork per message".
- There is a new log format, detailing message-id, resent-message-id,
tests hit, autolearn status, and other data in a format compatible
with mass-check to provide more information for spamd log-summary
scripts.
Engine changes:
- Plugins: third-party modules can now be written and loaded dynamically
from inside SpamAssassin, to provide support for entirely new tests
and functionality.
- SQL support for Bayes and AWL storage was added, thanks to Michael
Parker. See sql/README.bayes and sql/README.awl for additional
information.
- There was a ground-up rewrite of the MIME parser. It now deals
correctly with complex MIME structures, including entire
message/rfc822 message attachments.
- Rules can now test the "MAIL FROM:" address used in the SMTP
transaction if it was logged to the message headers using the
"EnvelopeFrom" pseudo-header. This allows rules such as SPF to be
applied.
- Added an optional fast Bayes locking mechanism for local usage only
(it's not NFS safe) using "lock_method flock".
- Support for parsing mbx mailboxes (as used by UW IMAP) was
added. Thanks to John Newman for this patch.
- There is a refactored configuration parser to split parser code from
the configuration settings.
- Bayes databases can now be backed up and restored using --backup and
--restore.
- Config files can now include other files using the "include" command.
- The GA-based evolver was replaced with a fast Perceptron score
generation tool by Henry Stern; scores can now be generated much more
quickly.
- The "spamassassin" script can now check collections of mail en masse.
This allows commands such as "spamassassin -d --mbox file1" to run
over an entire mbox file. It also works for checks, adding to
white/black-lists, etc.
- The Windows support improved.
Translations:
- A Dutch translation was added, thanks to Jesse Houwing.
- A French translation was added, thanks to Michel Bouissou.
- A German translation was added, thanks to Klaus Heinz.
- A Polish translation was added, thanks to Jerzy Szczudlowski and radek
at alter dot pl.
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
Re: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by Michael Parker <pa...@pobox.com>.
On Wed, Sep 22, 2004 at 08:40:38AM -0400, AltGrendel wrote:
> On Wed, 2004-09-22 at 07:37, Daniel Quinlan wrote:
> > (technical information about SpamAssassin 3.0.0 release)
> >
> > SpamAssassin 3.0.0 is released! SpamAssassin 3.0.0 is a major update and
> > includes a number of new email and anti-spam technologies.
> >
>
> Is there an ETA for the CPAN release?
The CPAN release has been made, it should be making its way around the
world as we speak.
Michael
Re: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by Michael Parker <pa...@pobox.com>.
On Wed, Sep 22, 2004 at 09:16:21AM -0400, Codger wrote:
> Did you go from a 2.6x version up using CPAN?
>
ATTENTION PEOPLE WHO INSTALL VIA CPAN!!!!!!
Please, before you blindly install from CPAN, be sure to read INSTALL
and UPGRADE.
Michael
Re: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by "Andrew W. Donoho" <aw...@DDG.com>.
On Sep 22, 2004, at 08:16, Codger wrote:
> Does anyone know what version of CGPSA (for CommuniGate Pro) is
> required for version 3.0.0?
CGPSA 1.4a3 is the version that supports SA3.0.
Andrew
____________________________________
Andrew W. Donoho
awd@DDG.com, PGP Key ID: 0x81D0F250
+1 (512) 453-6652 (o), +1 (512) 750-7596 (m)
Re: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by Danie Marais <da...@attix5.com>.
> Did you go from a 2.6x version up using CPAN?
>
> >
> > FYI, I have just installed using CPAN.
> >
Yeah, I went from 2.64 to 3.
And as Michael says you cannot just blindly update. You probably need to at
least modify local.cf slightly.
My setup is pretty much out-of-the-box with Procmail so almost all my
settings as per 2.64 applied to 3.0. Also, I'm not running an ISP or
anything. I have about 20 users on this box with less than 1000 mails per
day - being without spamassassin for a few minutes while I adjust a setting
or 2 is not the end of the world.
I'd proceed with caution on a mission critical production server. :)
But at first glance everything looks cool. Uses more memory, though. Spamd
seems to spawn several processes - much like Apache.
Regards,
Danie
Re: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by Codger <li...@pmbx.net>.
Did you go from a 2.6x version up using CPAN?
Does anyone know what version of CGPSA (for CommuniGate Pro) is
required for version 3.0.0?
On Sep 22, 2004, at 9:05 AM, Danie Marais wrote:
>>
>> Is there an ETA for the CPAN release?
>
>
> FYI, I have just installed using CPAN.
>
>
Kindest regards,
Ron
The men and women of our great country, whose service or
whose heart for an oppressed and weak people have led to
the altar of final sacrifice, cry out loudly declaring
freedom a treasured right, not a privileged commodity.
These are true heroes.
Re: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by Danie Marais <da...@attix5.com>.
>
> Is there an ETA for the CPAN release?
FYI, I have just installed using CPAN.
Re: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by AltGrendel <al...@exit0.us>.
On Wed, 2004-09-22 at 07:37, Daniel Quinlan wrote:
> (technical information about SpamAssassin 3.0.0 release)
>
> SpamAssassin 3.0.0 is released! SpamAssassin 3.0.0 is a major update and
> includes a number of new email and anti-spam technologies.
>
Is there an ETA for the CPAN release?
--------------------------------------------------------
Now I'm being INVOLUNTARILY shuffled closer to the CLAM DIP with the
BROKEN PLASTIC FORKS in it!!
--------------------------------------------------------
Re: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by Rick Macdougall <ri...@nougen.com>.
Michael Parker wrote:
> On Wed, Sep 22, 2004 at 08:43:17AM -0400, Rick Macdougall wrote:
>
>>Since I can't test this without installing it, can the devs tell me if
>>setting rewrite_header Subject "" will negate the global default ?
>>
>
>
> rewrite_header Subject
>
> Should work, I just tried it.
Thanks muchly! I'll re-write the php/mysql interface as well sometime
this afternoon to support 3.x
Regards,
Rick
Re: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by Michael Parker <pa...@pobox.com>.
On Wed, Sep 22, 2004 at 08:43:17AM -0400, Rick Macdougall wrote:
>
> Since I can't test this without installing it, can the devs tell me if
> setting rewrite_header Subject "" will negate the global default ?
>
rewrite_header Subject
Should work, I just tried it.
Michael
Re: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by Rick Macdougall <ri...@nougen.com>.
Michael Parker wrote:
> On Wed, Sep 22, 2004 at 08:12:36AM -0400, Rick Macdougall wrote:
>
>>Question... if the default setting is
>>
>>rewrite_header Subject ****SPAM(_SCORE_)****
>
> I don't believe that is the default setting.
>
>
>>how do I specify that my email address does NOT want the header re-written ?
>
>
> Just remove that line from your local.cf file.
Hi,
That's the problem. It will be the default setting on our server as
that is what 99.9% of our users want. A few, like myself, do not want
the subject changed (for various reasons including reporting to spam
cop, keeping a list of spammy subjects, just not wanting it there, etc).
Since I can't test this without installing it, can the devs tell me if
setting rewrite_header Subject "" will negate the global default ?
Regards,
Rick
Re: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by Michael Parker <pa...@pobox.com>.
On Wed, Sep 22, 2004 at 08:12:36AM -0400, Rick Macdougall wrote:
>
> Question... if the default setting is
>
> rewrite_header Subject ****SPAM(_SCORE_)****
>
I don't believe that is the default setting.
> how do I specify that my email address does NOT want the header re-written ?
Just remove that line from your local.cf file.
Michael
Re: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by Rick Macdougall <ri...@nougen.com>.
Daniel Quinlan wrote:
>
> - The "rewrite_subject" and "subject_tag" configuration options were
> deprecated and are now removed. Instead, using "rewrite_header Subject
> [your desired setting]". e.g.
>
> rewrite_subject 1
> subject_tag ****SPAM(_SCORE_)****
>
> becomes
>
> rewrite_header Subject ****SPAM(_SCORE_)****
>
Hi,
Question... if the default setting is
rewrite_header Subject ****SPAM(_SCORE_)****
how do I specify that my email address does NOT want the header re-written ?
Regards,
Rick
RE: Re[2]: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by "Michele Neylon :: Blacknight Solutions" <mi...@blacknightsolutions.com>.
Robert Menschel wrote:
> The rules files to drop entirely are mentioned in Dan's
> notice. I assume you got those.
>
> We've reviewed the SARE files, and identified all other rules
> that overlap with 3.0.0, and have migrated them to new files.
> For instance, see http://www.rulesemporium.com/rules.htm#header
>
> 70_sare_header_x30.cf contains those rule(s) which duplicate
> 3.0, and should not be used with that version.
>
> 70_sare_header_x264_x30.cf contains those rule(s) which
> duplicate both 3.0 and 2.64, and should not be used with
> either of those versions.
>
> If we've done it correctly, even if you include those files
> in your system you /should/ be OK, since we coded these files
> to give preference to the 2.64 and/or 3.0 rules. There should
> be no harm in including those files, other than increased
> overhead, but it's better for 3.0 installations to avoid the
> x30 files.
>
> Bob Menschel
Bob
Thanks for the clarification :)
Michele
Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101
--
Email scanned by Blacknight for viruses and dangerous content.
Visit http://www.blacknight.ie for more information
Re[2]: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by Robert Menschel <Ro...@Menschel.net>.
Hello Michele,
Wednesday, September 22, 2004, 5:36:13 AM, you wrote:
MNBS> Daniel Quinlan wrote:
>> New rules:
MNBS> Are there any details/list of the "more"?
MNBS> We were using custom rulesets from Rules Emporium with rules du jour
MNBS> previously, so I'd like to know which ones I can remove and which ones I
MNBS> should keep.
The rules files to drop entirely are mentioned in Dan's notice. I assume
you got those.
We've reviewed the SARE files, and identified all other rules that
overlap with 3.0.0, and have migrated them to new files. For instance,
see http://www.rulesemporium.com/rules.htm#header
70_sare_header_x30.cf contains those rule(s) which duplicate 3.0, and
should not be used with that version.
70_sare_header_x264_x30.cf contains those rule(s) which duplicate both
3.0 and 2.64, and should not be used with either of those versions.
If we've done it correctly, even if you include those files in your
system you /should/ be OK, since we coded these files to give preference
to the 2.64 and/or 3.0 rules. There should be no harm in including those
files, other than increased overhead, but it's better for 3.0
installations to avoid the x30 files.
Bob Menschel
RE: ANNOUNCE: SpamAssassin 3.0.0 information
Posted by "Michele Neylon :: Blacknight Solutions" <mi...@blacknightsolutions.com>.
Daniel Quinlan wrote:
> New rules:
>
> - SPF is supported using the Mail::SPF::Query module.
>
> - There are new rules and code to combat Bayes-poisoning
> text and random
> hash-busters; Habeas rules now check against the Habeas
> user list to
> combat forged marks used in spam.
>
> - URIDNSBL rules: these do DNSBL lookups on URLs using
> SURBL and SBL,
> allowing spamvertised URLs found in the message body to be scored.
>
> - Spamhaus XBL and a variety of new DNSBL rules were added.
>
> - Hashcash is supported.
>
> - Bob Menschel's "longwords" rules were added.
>
> - The "backhair" rules were added to combat HTML obfuscation, a
> technique based on Jennifer Wheeler's "backhair" ruleset.
>
> - Matt Kettler's "antidrug" rules were added.
>
> - Anti-fraud rules from Matt Yackley were added.
>
> - Some hostname-based blocklist tests based on the envelope sender
> address were added.
>
> - And more...
Are there any details/list of the "more"?
We were using custom rulesets from Rules Emporium with rules du jour
previously, so I'd like to know which ones I can remove and which ones I
should keep.
Thanks in advance
Michele
Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101
--
Email scanned by Blacknight for viruses and dangerous content.
Visit http://www.blacknight.ie for more information