You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2004/08/16 08:29:08 UTC
SpamAssassin 3.0.0-rc1 RELEASE CANDIDATE available!
*** THIS IS A RELEASE CANDIDATE ONLY, NOT THE FINAL 3.0.0 RELEASE ***
SpamAssassin 3.0.0-rc1 is released! SpamAssassin 3.0.0 is a major update
and includes a number of new email and anti-spam technologies.
SpamAssassin is a mail filter which uses advanced statistical and
heuristic tests to identify spam (also known as unsolicited bulk email).
This is the release candidate build for the 3.0.0 release.
Highlights of the release
-------------------------
- SpamAssassin is now part of the Apache Software Foundation, bringing an
improved and clearer software license, the 2.0 version of the Apache
License.
- We added a new architecture which allows third-parties to easily add
plugin modules.
- There is now SQL database support for both the Bayes and auto-whitelist
subsystems, allowing more large sites to easily deploy SpamAssassin.
- A more accurate simulation of email client handling of MIME and HTML
improves our accuracy. In addition, there is better detection and
handling of spammer techniques used to trick email clients and filters.
- Web sites contained in the message body are checked against network
databases of domains that advertise with spam.
- SpamAssassin now includes support for SPF (the Sender Policy Framework,
http://spf.pobox.com/) and Hashcash (http://www.hashcash.org/).
Downloading
-----------
Pick it up from:
http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc1.tar.gz
http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc1.tar.bz2
http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc1.zip
md5sum of archive files:
135e9b7f0943e9660afbb6f19be3f008 Mail-SpamAssassin-3.0.0-rc1.tar.bz2
551d1d21410ffee714099a366c5a394c Mail-SpamAssassin-3.0.0-rc1.tar.gz
af5245a75b2a1d0f1d20ac3dc6cb6afe Mail-SpamAssassin-3.0.0-rc1.zip
sha1sum of archive files:
9162f745fe0101acb7eaa007f5fb06019ff70c94 Mail-SpamAssassin-3.0.0-rc1.tar.bz2
c622ea83991bd72811dfd68752b8b784e3523f2d Mail-SpamAssassin-3.0.0-rc1.tar.gz
ce934f6521a9142c2c8d2a92ff8e21c3eea6a5a7 Mail-SpamAssassin-3.0.0-rc1.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <re...@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
Important installation notes
----------------------------
- The SpamAssassin 2.6x release series was the last set of releases to
officially support perl versions earlier than perl 5.6.1. If you are
using an earlier version of perl, you will need to upgrade before you
can use the 3.0.0 version of SpamAssassin.
- SpamAssassin 3.0.0 has a significantly different API (Application
Program Interface) from the 2.x series of code. This means that if you
use SpamAssassin through a third-party utility (milter, etc,) you need
to make sure you have an updated version which supports 3.0.0.
- The --auto-whitelist and -a options for "spamd" and "spamassassin" to
turn on the auto-whitelist have been removed and replaced by the
"use_auto_whitelist" configuration option which is also now turned on by
default.
- The "rewrite_subject" configuration setting was deprecated and is now
removed. Instead, using "rewrite_header Subject [your desired setting]".
e.g.
rewrite_subject ****SPAM(_SCORE_)****
becomes
rewrite_header Subject ****SPAM(_SCORE_)****
- The Bayesian storage modules have been completely re-written and now
include Berkeley DB (DBM) storage as well as SQL based storage (see
sql/README.bayes for more information). In addition, a new format has
been introduced for the bayes database that stores tokens in fixed
length hashes. All DBM databases should be automatically converted to
this new format the first time they are opened for write. You can
manually perform the upgrade by running "sa-learn --sync" from the
command line.
The "sa-learn --rebuild" command has been deprecated; please use
"sa-learn --sync" instead. The --rebuild option will remain temporarily
for backwards compatibility.
- "spamd" now has a default max-children setting of 5; no more than 5
child scanner processes will be run in parallel. Previously, there was
no default limit unless you specified the "-m" switch when starting
spamd.
- If you are using a UNIX machine with all database files on local disks,
and no sharing of those databases across NFS filesystems, you can use a
more efficient, but non-NFS-safe, locking mechanism. Do this by adding
the line "lock_method flock" to the /etc/mail/spamassassin/local.cf
file. This is strongly recommended if you're not using NFS, as it is
much faster than the NFS-safe locker.
- Please note that the use of the following command line parameters for
spamassassin and spamd have been deprecated and are now removed. If you
currently use these flags, please remove them:
in the 2.6x series: --add-from, --pipe, -F, -P, --stop-at-threshold, -S
in the 3.0.x series: --auto-whitelist, -a
- The following flags are deprecated and will be removed in a future major
release: --whitelist-factory, -M, --warning-from, -w, --log-to-mbox, -l.
- SpamAssassin runs in "taint mode" by default for improved security.
Certain third-party modules, such as Razor v2, may be incompatible with
taint mode. For Razor v2, you will need to be using v2.40 of
razor-agents or higher which allows taint mode by default. Earlier
versions which are patched to allow taint mode may be used as well.
- Finally, 2.6x deprecated the use of the "check_bayes_db" script, and it
is now no longer available. Please see the sa-learn man/pod
documentation for more info.
Summary of major changes since 2.6x
-----------------------------------
Licensing:
- Relicensed using Apache License v2.0, instead of dual GPL/PAL licensing,
since we are now an Apache Incubator project.
New rules:
- SPF testing, if the Mail::SPF::Query module is installed.
- added new rules and code to combat Bayes poisoning text and random
hash-busters; Habeas rules now verify against the Habeas user
list, to combat forged marks used in spam.
- URIDNSBL rules. These do DNSBL lookups on URLs, allowing URLs found
in the message body to be used in spam determination. Added the SURBL
blocklist (http://www.surbl.org/).
- Spamhaus XBL and a variety of new DNSBL rules
- Hashcash support.
- added Bob Menschel's 'longwords' rules
- added 'backhair' rule, technique based on Jennifer Wheeler's ruleset
- added Matt Kettler's 'antidrug' ruleset
- added anti-fraud rules from Matt Yackley
- added some hostname-based blocklist tests based on the envelope
sender address.
- a *lot* of other new rules, too many to detail here
Spamd:
- spamd now uses a 'preforking' model instead of 'fork per message'.
- new log format, detailing message-id, resent-message-id, the tests hit,
autolearn status, and several other things in a mass-check compatible
format, to provide more information for spamd log-summarizer scripts.
Infrastructure:
- Plugins. Third-party modules can now be written and loaded dynamically
from inside SpamAssassin, to provide support for entirely new rule types
or eval tests.
- SQL support for Bayes and AWL storage, thanks to Michael Parker.
See sql/README.bayes and sql/README.awl for additional information.
- ground-up rewrite of the MIME parser. Now deals correctly with complex
MIME structures, including entire message/rfc822 message attachments.
- rules can now test the "MAIL FROM:" address used in the SMTP transaction,
if it was logged to the message headers, using the "EnvelopeFrom"
pseudoheader. This allows rules such as SPF to be applied.
- Added optional faster but NFS-unsafe Bayes locking mechanism, using
"lock_method flock"
- support for parsing mbx mailboxes, as used by UW IMAP. Thanks to John
Newman for this patch.
- refactored configuration parser to split parser code from configuration
settings.
- Bayes databases can now be backed up and restored using --backup and
--restore.
- Config files can now include other files using the "include" command.
- replaced GA-based evolver with fast Perceptron score generation tool by
Henry Stern; scores can now be generated much more quickly.
- The "spamassassin" script can now check collections of mail en masse. This
lets us do things like 'spamassassin -d --mbox file1' and have the
functionality go over the entire mbox file. same for checks, adding to
white/black-lists, etc.
- Windows support improved.
Translations:
- Dutch translation, thanks to Jesse Houwing
- Polish translations from Jerzy Szczudlowski and radek at alter dot pl
- French translations, Michel Bouissou
- German translations, Klaus Heinz
Re: SpamAssassin 3.0.0-rc1 RELEASE CANDIDATE available!
Posted by Kai Schaetzl <ma...@conactive.com>.
Daniel Quinlan wrote on 23 Aug 2004 11:06:08 -0700:
> That's a bug. It should be fixed in 3.0 HEAD now.
Thanks.
>
> > Does this test fall under the skip_rblchecks rule? (I may want to use this
> > and only this RBL test.)
>
> No, it's a plugin, activated via the loadplugin command in init.pre.
>
Ah, great!
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
Re: SpamAssassin 3.0.0-rc1 RELEASE CANDIDATE available!
Posted by Daniel Quinlan <qu...@pathname.com>.
"Kai Schaetzl" <ma...@conactive.com> writes:
> There's another confusing thing with --lint. I commented out all stuff in
> init.pre, including URIDNSBL, and now I get
That's a bug. It should be fixed in 3.0 HEAD now.
> Does this test fall under the skip_rblchecks rule? (I may want to use this
> and only this RBL test.)
No, it's a plugin, activated via the loadplugin command in init.pre.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
Re: SpamAssassin 3.0.0-rc1 RELEASE CANDIDATE available!
Posted by Kai Schaetzl <ma...@conactive.com>.
Justin Mason wrote on Sun, 15 Aug 2004 23:29:08 -0700:
> All DBM databases should be automatically converted to
> this new format the first time they are opened for write.
Justin, that doesn't seem to be the case. I saw with -D --lint that it
barked about the format and did nothing. Or is it that the --lint doesn't
do a write operation? It's at least confusing
You can
> manually perform the upgrade by running "sa-learn --sync" from the
> command line.
>
That worked just fine.
There's another confusing thing with --lint. I commented out all stuff in
init.pre, including URIDNSBL, and now I get
warning: score set for non-existent rule URIBL_SBL
warning: score set for non-existent rule URIBL_PH_SURBL
warning: score set for non-existent rule URIBL_SC_SURBL
warning: score set for non-existent rule URIBL_AB_SURBL
warning: score set for non-existent rule URIBL_OB_SURBL
warning: score set for non-existent rule URIBL_WS_SURBL
when I enable it I get:
debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
debug: plugin: registered
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x858eea8)
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x858eea8)
implements 'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x858eea8)
inhibited further callbacks
(last line repeated several times)
is that like it should be?
Does this test fall under the skip_rblchecks rule? (I may want to use this
and only this RBL test.)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
Re: SpamAssassin 3.0.0-rc1 RELEASE CANDIDATE available!
Posted by Mike Burger <mb...@bubbanfriends.org>.
On Mon, 16 Aug 2004, Michael W Cocke wrote:
> On Sun, 15 Aug 2004 23:29:08 -0700, you wrote:
>
> >*** THIS IS A RELEASE CANDIDATE ONLY, NOT THE FINAL 3.0.0 RELEASE ***
> >
> >SpamAssassin 3.0.0-rc1 is released! SpamAssassin 3.0.0 is a major update
> >and includes a number of new email and anti-spam technologies.
>
> I thought they were up to rc3 or 4 now??? Didn't rc1 release
> something like 2 months ago?
It was pre4.
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org
To be notified of updates to the web site, visit
http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a
message to:
site-update-request@bubbanfriends.org
with a message of:
subscribe
Re: SpamAssassin 3.0.0-rc1 RELEASE CANDIDATE available!
Posted by Bill Landry <bi...@pointshare.com>.
----- Original Message -----
From: Michael W Cocke
>>*** THIS IS A RELEASE CANDIDATE ONLY, NOT THE FINAL 3.0.0 RELEASE ***
>>
>>SpamAssassin 3.0.0-rc1 is released! SpamAssassin 3.0.0 is a major update
>>and includes a number of new email and anti-spam technologies.
>
> I thought they were up to rc3 or 4 now??? Didn't rc1 release
> something like 2 months ago?
No, those were pre-releases, these are actual "release candidates".
Bill
Re: SpamAssassin 3.0.0-rc1 RELEASE CANDIDATE available!
Posted by Michael W Cocke <co...@catherders.com>.
On Sun, 15 Aug 2004 23:29:08 -0700, you wrote:
>*** THIS IS A RELEASE CANDIDATE ONLY, NOT THE FINAL 3.0.0 RELEASE ***
>
>SpamAssassin 3.0.0-rc1 is released! SpamAssassin 3.0.0 is a major update
>and includes a number of new email and anti-spam technologies.
I thought they were up to rc3 or 4 now??? Didn't rc1 release
something like 2 months ago?
Mike-
--
If you're not confused, you're not trying hard enough.
--
Please note - Due to the intense volume of spam, we have installed
site-wide spam filters at catherders.com. If email from you bounces,
try non-HTML, non-encoded, non-attachments,
Re: SpamAssassin 3.0.0-rc1 RELEASE CANDIDATE available!
Posted by Jeff Chan <je...@surbl.org>.
On Monday, August 16, 2004, 6:18:10 AM, Bob Apthorpe wrote:
> On Mon, 16 Aug 2004 08:12:03 -0400 Jeff Koch <je...@intersessions.com> wrote:
>> What methodology is being used here:
>>
>> - Web sites contained in the message body are checked against network
>> databases of domains that advertise with spam.
>>
>> Are we doing a lookup of the advertised domain name against network
>> databases or are we looking up the IP and matching against that?
> Domain name, not IP address. That entry refers to the following:
> " - URIDNSBL rules. These do DNSBL lookups on URLs, allowing URLs found
> in the message body to be used in spam determination. Added the SURBL
> blocklist (http://www.surbl.org/)."
There are two different sets of functions within the SpamAssassin
3.0 URIDNSBL module:
1. uridnsbl - looks up nameservers of a URI domain and compares
them against sbl.spamhaus.org. In other words detects domains
served by spammy name servers. Quite effective against domains
that are registered in bulk and controlled by the same spam
gangs.
2. urirhsbl and urirhssub - looks up domains and ip addresses
in SURBL lists. In other words detects domains and a few
IP addresses that have already occurred in spams. Effective
against known spam. For more information about SURBLs, please
see:
http://www.surbl.org/
Hope this helps,
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: SpamAssassin 3.0.0-rc1 RELEASE CANDIDATE available!
Posted by Bob Apthorpe <ap...@cynistar.net>.
Hi,
On Mon, 16 Aug 2004 08:12:03 -0400 Jeff Koch <je...@intersessions.com> wrote:
> What methodology is being used here:
>
> - Web sites contained in the message body are checked against network
> databases of domains that advertise with spam.
>
> Are we doing a lookup of the advertised domain name against network
> databases or are we looking up the IP and matching against that?
Domain name, not IP address. That entry refers to the following:
" - URIDNSBL rules. These do DNSBL lookups on URLs, allowing URLs found
in the message body to be used in spam determination. Added the SURBL
blocklist (http://www.surbl.org/)."
hth,
-- Bob
Re: SpamAssassin 3.0.0-rc1 RELEASE CANDIDATE available!
Posted by Steven Dickenson <st...@mrchuckles.net>.
Jeff Koch wrote:
> What methodology is being used here:
>
> - Web sites contained in the message body are checked against network
> databases of domains that advertise with spam.
I believe this refers to the SURBL plugin, essentially a network tests
version of BigEvil. A patch for 2.6[34] has been out for a while, and
works quite nicely.
http://www.surbl.org/
Steven
--
Steven Dickenson <st...@mrchuckles.net>
http://www.mrchuckles.net
Re: SpamAssassin 3.0.0-rc1 RELEASE CANDIDATE available!
Posted by Jeff Koch <je...@intersessions.com>.
Hi Jason:
What methodology is being used here:
- Web sites contained in the message body are checked against network
databases of domains that advertise with spam.
Are we doing a lookup of the advertised domain name against network
databases or are we looking up the IP and matching against that?
Also, what network databases are being used? (SPEWS? Hope not.)
How can we turn this off?
Best Regards,
Jeff Koch