3.0.
Important changes since 2.64 (for details see the file 'Changes')
- support for sender authentication using the Sender Policy Framework
(SPF)
- checking for web links of known spam advertisers (SURBL)
- modular plugin architecture
- improved SQL database support for storing user data in server
installations
- improved email classification
- SpamAssassin is now part of the Apache Foundation
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
This also includes the fix for PR pkg/26386 (problems with
PKG_CONFIG=no).
Summary of major changes since 2.63
-----------------------------------
- Security fix prevents a denial of service attack open to certain
malformed messages; this DoS affects all SpamAssassin 2.5x
and 2.6x versions to date.
- Backported several very reliable rules from the SpamAssassin 3.0.0
codebase.
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
Summary of major changes since 2.62
-----------------------------------
- Fixed bug related to perl 5.005 which stopped SpamAssassin from being
runnable
- Fixed bug where "spamassassin -l" parameter wouldn't be untainted before
being used
- Added caching of body rendering results so that the message wouldn't
be rendered the same way multiple times unnecessarily.
Summary of major changes since 2.61
-----------------------------------
- Fixed two bugs related to Received line generation and parsing.
- Modified two rules to reduce false positives.
- Fixed bug where spamd temporary init directory wasn't removed in some
situations.
- Modified HABEAS_SWE to function even if the Habeas headers were out of
their normal order.
- Fixed bug where reporting wouldn't remove message markup before being
learned by Bayes.
- Fixed bug where report_safe_copy_headers would reverse the order of the
Received headers.
- Fixed several bugs in the Bayes system caused by DB_File oddities.
Summary of major changes since 2.60
-----------------------------------
- Dramatically reduced memory usage of Bayes expiry.
- avoid false positives on Outlook 2003 messages, mails from Mac, Palm, and
localized versions of Eudora, several AOL MUAs, and newer versions of The
Bat!
- new set of French translations from Michel Bouissou
- updated to reflect new Dynablock DNSBL location
- avoids a possible hole that was giving AWL bonuses to
spammer forgeries on some networks
- miscellaneous bug fixes
Summary of changes since 2.5x
-----------------------------------
- spamd supports UNIX-domain sockets
- SSL support for spamc/spamd now usable
- improved Bayes text analysis
- improved expiration of Bayes-DB
- better detection of 'invisible text' and other obfuscation techniques
in HTML
- new RBL (eg SORBS, SpamCop, Osirusoft dropped)
- better handling of RBL timeouts
- support for Razor V1 dropped
- more flexible header and report rewriting
- Perl taint mode enabled by default
- bug fixes
- new rules
* Use ALL_TARGET appropriately instead of using a post-build target.
* Get rid of DEPTHFIRST* variables and do the "depth-first" listing by
using a reverse sort instead.
* Get rid of extra shell processes.
* Tabify.
now set to "pure_install" in perl5/module.mk, so we need to append the
additional target "inst_cfs" that is normally invoked by the "install"
target in ${WRKSRC}/Makefile.
spamassassin. These patches remove all references to osirusoft from
the rules files (perhaps leaving some of the comments a tad stale),
but leaving information about them in the stats files.
This bumps us to 2.55nb2.
learning a message without Message-Id as ham (see bugzilla #2030)
- depend on p5-IO-Socket-SSL>=0.92 because of bugs in earlier versions
- bump revision
This also closes PR pkg/21114 (thanks to Todd Vierling for dynamic PLIST)
Most serious bugs since release of SA 2.50 fixed (hence the 'long'
delay for the Pkgsrc package).
Dependence on procmail removed. You still need a mail delivery agent
but procmail is only a recommendation, not a prerequisite.
Runs on Solaris (somewhat tested on Solaris 8, feedback welcome).
Includes some SSL support for spamc/spamd. Not yet recommended due to
lurking bug(s) (SA bugzilla ID 1751).
Uses Perl module DB_File now instead of NDBM_File. This changes the
name and format of the auto-whitelist database ('auto-whitelist'
instead of 'auto-whitelist.db' on NetBSD).
! This release adds/changes/removes configuration options, PLEASE use !
! 'perldoc Mail::SpamAssassin::Conf' and make sure your mail !
! configuration still works as expected. !
==========================================================================
Changes since 2.52:
- corruption of Bayes db where nspam/nham was getting zeroed, fixed.
- Bayes now has much lower lock timeouts for opportunistic expiry
and auto-learning, to avoid overloading busy servers with an expiry
run. (This may result in occasional "lock failed" messages in the
syslog while you're doing manual sa-learn ops, but those are
not serious; it just means that an auto-learn could not take place
because the dbs were opened by you in another process.)
- NDBM_File does not provide an EXISTS method, worked around.
- BSMTP support (spamc -B) fixed.
- Bayes allowed the user to 'forget' messages they hadn't learned.
- sa-learn broken when installed in a non-standard location.
- spamc was failing to dump message if out of memory.
- add-all-addrs-to-blacklist was a no-op, fixed.
- syslog-socket support was broken, fixed.
- sslspamc compilation fixed.
- SIGCHLD handling in spamd was causing an ugly warning on Red Hat 8.
- user_prefs were left world-writable after auto-whitelist use.
- Razor was zeroing %ENV; protected against this.
- some test failures on 5.005 and with Razor fixed; some tests were
also still using the user's Bayes dbs.
- Windows portability fix in new Bayes journal code.
- dialup_codes now a privileged setting.
- clean PATH env variable immediately upon spamd start; fixed problem
with taint mode failures when getting hostname in Perl 5.005.
- NetBSD: fixed SSL support, spamd start script.
- single-Received-header mails were not getting DNSBL checks.
- some doco fixes.
Changes since 2.51:
- bug 1664: expiry imposed way too much load when a single
site-wide Bayes db was used, fixed
- bug 1672: a typo in a backported patch for 2.51 caused Bayes to
sometimes not unlock the db, fixed
- INSTALL now strongly recommends using DB_File
- some NetBSD support fixes
- bug 1601: option --syslog-socket wasn't implemented
- bug 1260: corrected description of --nocreate-prefs option
Changes since 2.50:
- Bayes locking and concurrency issues fixed
- Bayes expiration was not working; fixed
- spamd was not enabling Bayes after auto-learning without restart;
fixed
- safer way to attach spams, for broken mail clients, using 'report_safe
2'
- a few doco cleanups
Main changes since 2.4x:
- Bayesian filtering, using a Bayesian-style form of probability-analysis
classification. This uses an algorithm based on the one detailed in
Paul Graham's 'A Plan For Spam' paper, along with aspects taken from
Graham Robinson's work, and the chi-combining technique developed by the
SpamBayes project.
- Auto-learning. This trains the Bayesian filter automatically, based on
the results from traditional SpamAssassin diagnosis. It uses a set of
heuristics and separate thresholds to ensure (as much as is possible)
that it trains on guaranteed non-spam and spam. Old, unused tokens are
automatically expired.
- much-improved rule set. A whole new set of rules based on Message-Id
analysis is now in place, which accurately detects forged headers from
a wide range of spamware. Many inaccurate rules have been dropped.
HTML tests much improved, with a set to detect image-only spam.
- new default format for detected-spam messages; the message is
encapsulated as a MIME part, with a preview and the spam report
in the main part of the message.
- Score sets. Based on whether you are using just SpamAssassin rules,
adding network tests, and using a trained Bayesian database,
SpamAssassin will use a set of scores appropriately to gain the
maximum degree of accuracy.
- Italian, Polish, Spanish, French and German rule sets and translations.
- Much improved reliability with spamd. The problems with signals
have been cleared up thanks to a pipe-based child tracking system,
and all spamd-hanging bugs reported have proved unreproducable.
- Unicode problems with Red Hat 8 and perl 5.8 fixed. Works on Perl
5.005, 5.6.x, and 5.8.x.
- Taint-safe. SpamAssassin runs with perl's taint-checking enabled for
better security.
- Razor 1 support is now officially deprecated.
- "spamc -c" was not working, fixed. This fix required increasing the
revision of the spamd protocol; only difference is that now more than
one protocol header can appear in the reply from spamd.
- all fixes from 2.44 included.
from stable branch of SA CVS repository.
On other operating systems 'spamc' was reported to cause a core dump if
'spamd' was not running. At least NetBSD/i386 1.5.3 seems not to be as
severely affected, I only got 'spamc in free(): warning: junk
pointer, too high to make sense.'.
from stable branch of SA CVS repository.
On other operating systems 'spamc' was reported to cause a core dump if
'spamd' was not running. At least NetBSD/i386 1.5.3 seems not to be as
severely affected, I only got 'spamc in free(): warning: junk
pointer, too high to make sense.'.
Parts of patch-ag and patch-ah as well as complete patch-aa could be
removed again, they are now included in SA 2.44 (see below).
#### official release announcement ###############
This is a bug-fix release, which fixes the following bugs:
- Backport fix for Bug 1306: Possible buffer overflow in libspamc when
running in BSMTP mode (patch 1.15 -> 1.18)
- Backport workaround from Bug 526: Failed sanity check because of
clobbered STDOUT (patch 1.147 -> 1.148)
- Backport fix for Debian Bug 160206: Insufficient buffer in libspamc
(patch 1.8 -> 1.9)
- Backport fix for warnings in sed_path (patch 1.141 -> 1.142)
- Backport fix for Bug 1127: Existing lowercase x-spam-status header
kills SpamAssassin (patch 1.40 -> 1.41)
- localized %ENV to fix problem where Razor2 erases the PATH so DCC
and
pyzor don't work, etc.
Note that this is *not* 2.50, which offers Bayesian filtering etc. These
bugs are already fixed in the 2.50 CVS tree, but that is not yet ready for
release. This is a stable maintainance release only.
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
load_rc_config in NetBSD 1.6. This resolves PR pkg/18928 by Frank Cusack
(fcusack at fcusack com).
The rc.d script is now called on 'shutdown'.
Included fixes from SA CVS repository (2002-10-21) to minimize
impact of Razor2 on the environment vector, especially PATH.
Bumped PKGREVISION.
RCD_SCRIPT_SRC.spamd definition. The reason is that WRKSRC isn't defined
by the time we get down to bsd.pkg.install.mk, so the dependency logic
replaces "${WRKSRC}" with "", which is wrong.
XXX bsd.pkg.install.mk should really be included by bsd.pkg.mk, in much the
XXX same way bsd.buildlink2.mk is included by bsd.pkg.mk. It would remove
XXX these ordering problems with variables not being available.
Item 1) was already provided by 'inofficial' patch-af for 2.42 (now
removed).
Two new patches (-ag and -ah) from the SpamAssassin-current repository
work around a roblem with razor2 timeouts.
Logo 'ninjabutton.png' is now in the correct html directory.
Official changes:
1) AWL change reverted; instead of decreasing the AWL bias gradually to
allow frequently-seen addresses to get into the "nonspam" area, it now
behaves like 2.31 did, in that the AWL simply represents the
long-term average score from that correspondent.
2) core-dump bug in spamd worked around, _except for the "-m" switch_.
The "-m" switch relies on signal handling in the Perl interpreter,
which seems to have some bugs we cannot work around reliably on some
platforms, so its use is no longer recommended.
3) some portability fixes for SunOS.
Boquist).
- Included fix for bad AWL behaviour which will also be in 2.50 (maybe 2.43)
(ie AWL works the same again as in SA 2.31). This causes revision bump.
Uses buildlink2 and module.mk. Some perl scripts for rule developers
(in PREFIX/share/doc/spamassassin/{masses,tools}/) and a small SpamAssassin
logo (PREFIX/share/doc/spamassassin/html/) are now included.
New netbsd_lists.cf file to reduce false positives on NetBSD lists (so
far, only some rules for netbsd-bugs).
Changes:
- bug fixes
- new, better scores (intensive testing was done to improve on 2.40 and
2.41)
- netbsd rc.d script works now with NetBSD 1.5 and 1.6
- management of addresses in the automatic whitlist now easier with
dedicated options (--add-addr-to-whitelist, --remove-addr-from-whitelist)
Major changes include:
- SpamAssassin now *REQUIRES* procmail for local delivery support; "-P"
option is now the default. Unless you use procmail, Mail::Audit, KMail,
or an MTA-level integration, do not upgrade blindly, your mail *WILL*
spill all over the floor in a big mess.
- significant speed increases, mostly from Matt Sergeant and Dan Quinlan
- bugs in whitelist_to, all_spam_to and friends fixed
- rules which were causing too many false-positives removed or fixed:
DOUBLE_CAPSWORD, UPPERCASE_25_50, PARTIAL_RFC_2369, MSGID_CHARS_SPAM,
many others
- lots of rule fixes, and lots of new rules