Pkgsrc changes:
- Generic option "online-tests" replaces "spamassassin-test-net".
- Removed underscore from package-internal variables (pkglint
complained).
- patch-ay disables the SPF plugin to avoid confusing warnings in the log
files.
- patch-az fixes http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4826.
Relevant changes since version 3.1.0:
=====================================
- better validate a number of different configuration options
- support new Mail::DomainKeys API, which changed incompatibly between
0.18 and 0.80 without warning
- more properly handle new Received header formats
- bug 4788: backport sa-update from 3.2 along with the local_state_dir
code, etc.
- bug 4760: strictly validate trusted/internal network configurations
- bug 4696: consolidated fixes for timeout bugs
- bug 3710: add timeout to connect so spamc -t works
- bug 4363: if a message uses CRLF for line endings, use it for header
rewrites as well
- bug 4748: add ExpressionEngine and Google redirector patterns
- bug 3815: add _RELAYCOUNTRY_ tag so that the RelayCountry plugin can
put in the list of countries relayed through
- bug 4090: x86_64 platforms (linux specifically) have an issue compiling
libspamc.so causing RPM build failures
- bug 4791: fix issue where perl would throw a UTF-8 warning for certain
messages
- bugs 4606, 4609: Adjust MIME parsing limits
- bug 4780: fix IP_ADDRESS & LOCALHOST regexes to correctly parse IPv6
addresses
- bug 4728: DUL rules should only use the last external IP, not all but
the first of the external IPs
- bug 4700: certain privileged configuration settings can inject code,
due to a bad fix for bug 3846. Back that out
Pkgsrc changes:
- p5-Storable is no longer a necessary.
- Let DragonFlyBSD also use the rc.d script (patch-ad).
- Sa-update needs p5-libwww (for LWP::UserAgent, HTTP::Date),
p5-Archive-Tar and p5-IO-Zlib.
- Many of the plugins are available as pkgsrc packages (p5-Mail-SPF-Query,
p5-IP-Country, p5-Net-Ident, ...) but are not required.
- Renamed some options to follow the naming conventions described in the
pkgsrc guide.
- Removed patch-ax again; it is already incorporated in 3.1.0.
- Reworked DESCR to use less than 25 lines.
- Removed SPAMASSASSIN_VERSION for clarity of DISTNAME and PKGNAME.
- Prepended variables internal to the package with an underscore.
- Rearranged MAKE_PARAMS alphabetically.
- Simplified some internal variables (concatenation instead of
substitution: _EGDIR, _DOCDIR,...)
- Loop variables use all lower-case now.
- Added a rule to lower score for mail from pkgsrc-bugs in netbsd_lists.cf.
- The test t/spf.t (fails for SPF_HELO_*) has a know problem (SA Bug 4685).
Relevant changes since version 3.0.4:
=====================================
- Apache preforking algorithm adopted; number of spamd child processes is now
scaled, according to demand. This provides better VM behaviour when not
under peak load.
- Inclusion of sa-update script which will allow for updates of rules and
scores in between code releases.
- added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. SQL
storage is now recommended for Bayes, instead of DB_File. NDBM_File support
has been dropped due to a major bug in that module.
- detect legitimate SMTP AUTH submission, to avoid false positives on
Dynablock-style rules.
- new Advance Fee Fraud (419 scam) rules.
- removed use of the Storable module, due to several reported hangs on SMP
Linux machines.
- Converted several rule/engine components into Plugins such as:
AccessDB, AWL, Pyzor, Razor2, DCC, Bayes AutoLearn Determination, etc.
- new plugins: DomainKeys (off by default), MIMEHeader: a new plugin to perform
tests against header in internal MIME structure, ReplaceTags: plugin by Felix
Bauer to support fuzzy text matching, WhiteListSubject: plugin added to
support user whitelists by Subject header.
- TextCat language guesser moved to a plugin. (This means "ok_languages"
is no longer part of the core engine by default.)
- Razor: disable Razor2 support by default per our policy, since the
service is not free for non-personal use. It's trivial to reenable.
- DCC: disable DCC for similar reasons, due to new license terms.
- Net::DNS bug: high load caused answer packets to be mixed up and delivered as
answers to the wrong request, causing false positives. worked around.
- DNSBL lookups and other DNS operations are now more efficient, by using a
custom single-socket event-based model instead of Net::DNS.
- add support for accreditation services, including Habeas v2.
- better URI parsing -- many evasion tricks now caught.
- URIBL lookups are prioritized based on the location in the message
the URI was found.
- mass-check now supports reusing realtime DNSBL hit results, and sample-based
Bayes autolearning emulation, to reduce complexity.
- sa-learn, spamassassin and mass-check now have optional progress bars.
- modify header ordering for DomainKeys compatibility, by placing markup
headers at the top of the message instead at the bottom of the list.
- spamd/spamc now support remote Bayes training, and reporting spam.
- spamc now supports reading its flags from a configuration file using the -F
switch, contributed by John Madden.
- added SPF-based whitelisting.
- Polish rules contributed by Radoslaw Stachowiak.
- many rule changes and additions.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
3.0.
Important changes since 2.64 (for details see the file 'Changes')
- support for sender authentication using the Sender Policy Framework
(SPF)
- checking for web links of known spam advertisers (SURBL)
- modular plugin architecture
- improved SQL database support for storing user data in server
installations
- improved email classification
- SpamAssassin is now part of the Apache Foundation
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
Summary of major changes since 2.62
-----------------------------------
- Fixed bug related to perl 5.005 which stopped SpamAssassin from being
runnable
- Fixed bug where "spamassassin -l" parameter wouldn't be untainted before
being used
- Added caching of body rendering results so that the message wouldn't
be rendered the same way multiple times unnecessarily.
Summary of major changes since 2.61
-----------------------------------
- Fixed two bugs related to Received line generation and parsing.
- Modified two rules to reduce false positives.
- Fixed bug where spamd temporary init directory wasn't removed in some
situations.
- Modified HABEAS_SWE to function even if the Habeas headers were out of
their normal order.
- Fixed bug where reporting wouldn't remove message markup before being
learned by Bayes.
- Fixed bug where report_safe_copy_headers would reverse the order of the
Received headers.
- Fixed several bugs in the Bayes system caused by DB_File oddities.
Summary of major changes since 2.60
-----------------------------------
- Dramatically reduced memory usage of Bayes expiry.
- avoid false positives on Outlook 2003 messages, mails from Mac, Palm, and
localized versions of Eudora, several AOL MUAs, and newer versions of The
Bat!
- new set of French translations from Michel Bouissou
- updated to reflect new Dynablock DNSBL location
- avoids a possible hole that was giving AWL bonuses to
spammer forgeries on some networks
- miscellaneous bug fixes
Summary of changes since 2.5x
-----------------------------------
- spamd supports UNIX-domain sockets
- SSL support for spamc/spamd now usable
- improved Bayes text analysis
- improved expiration of Bayes-DB
- better detection of 'invisible text' and other obfuscation techniques
in HTML
- new RBL (eg SORBS, SpamCop, Osirusoft dropped)
- better handling of RBL timeouts
- support for Razor V1 dropped
- more flexible header and report rewriting
- Perl taint mode enabled by default
- bug fixes
- new rules
This also closes PR pkg/21114 (thanks to Todd Vierling for dynamic PLIST)
Most serious bugs since release of SA 2.50 fixed (hence the 'long'
delay for the Pkgsrc package).
Dependence on procmail removed. You still need a mail delivery agent
but procmail is only a recommendation, not a prerequisite.
Runs on Solaris (somewhat tested on Solaris 8, feedback welcome).
Includes some SSL support for spamc/spamd. Not yet recommended due to
lurking bug(s) (SA bugzilla ID 1751).
Uses Perl module DB_File now instead of NDBM_File. This changes the
name and format of the auto-whitelist database ('auto-whitelist'
instead of 'auto-whitelist.db' on NetBSD).
! This release adds/changes/removes configuration options, PLEASE use !
! 'perldoc Mail::SpamAssassin::Conf' and make sure your mail !
! configuration still works as expected. !
==========================================================================
Changes since 2.52:
- corruption of Bayes db where nspam/nham was getting zeroed, fixed.
- Bayes now has much lower lock timeouts for opportunistic expiry
and auto-learning, to avoid overloading busy servers with an expiry
run. (This may result in occasional "lock failed" messages in the
syslog while you're doing manual sa-learn ops, but those are
not serious; it just means that an auto-learn could not take place
because the dbs were opened by you in another process.)
- NDBM_File does not provide an EXISTS method, worked around.
- BSMTP support (spamc -B) fixed.
- Bayes allowed the user to 'forget' messages they hadn't learned.
- sa-learn broken when installed in a non-standard location.
- spamc was failing to dump message if out of memory.
- add-all-addrs-to-blacklist was a no-op, fixed.
- syslog-socket support was broken, fixed.
- sslspamc compilation fixed.
- SIGCHLD handling in spamd was causing an ugly warning on Red Hat 8.
- user_prefs were left world-writable after auto-whitelist use.
- Razor was zeroing %ENV; protected against this.
- some test failures on 5.005 and with Razor fixed; some tests were
also still using the user's Bayes dbs.
- Windows portability fix in new Bayes journal code.
- dialup_codes now a privileged setting.
- clean PATH env variable immediately upon spamd start; fixed problem
with taint mode failures when getting hostname in Perl 5.005.
- NetBSD: fixed SSL support, spamd start script.
- single-Received-header mails were not getting DNSBL checks.
- some doco fixes.
Changes since 2.51:
- bug 1664: expiry imposed way too much load when a single
site-wide Bayes db was used, fixed
- bug 1672: a typo in a backported patch for 2.51 caused Bayes to
sometimes not unlock the db, fixed
- INSTALL now strongly recommends using DB_File
- some NetBSD support fixes
- bug 1601: option --syslog-socket wasn't implemented
- bug 1260: corrected description of --nocreate-prefs option
Changes since 2.50:
- Bayes locking and concurrency issues fixed
- Bayes expiration was not working; fixed
- spamd was not enabling Bayes after auto-learning without restart;
fixed
- safer way to attach spams, for broken mail clients, using 'report_safe
2'
- a few doco cleanups
Main changes since 2.4x:
- Bayesian filtering, using a Bayesian-style form of probability-analysis
classification. This uses an algorithm based on the one detailed in
Paul Graham's 'A Plan For Spam' paper, along with aspects taken from
Graham Robinson's work, and the chi-combining technique developed by the
SpamBayes project.
- Auto-learning. This trains the Bayesian filter automatically, based on
the results from traditional SpamAssassin diagnosis. It uses a set of
heuristics and separate thresholds to ensure (as much as is possible)
that it trains on guaranteed non-spam and spam. Old, unused tokens are
automatically expired.
- much-improved rule set. A whole new set of rules based on Message-Id
analysis is now in place, which accurately detects forged headers from
a wide range of spamware. Many inaccurate rules have been dropped.
HTML tests much improved, with a set to detect image-only spam.
- new default format for detected-spam messages; the message is
encapsulated as a MIME part, with a preview and the spam report
in the main part of the message.
- Score sets. Based on whether you are using just SpamAssassin rules,
adding network tests, and using a trained Bayesian database,
SpamAssassin will use a set of scores appropriately to gain the
maximum degree of accuracy.
- Italian, Polish, Spanish, French and German rule sets and translations.
- Much improved reliability with spamd. The problems with signals
have been cleared up thanks to a pipe-based child tracking system,
and all spamd-hanging bugs reported have proved unreproducable.
- Unicode problems with Red Hat 8 and perl 5.8 fixed. Works on Perl
5.005, 5.6.x, and 5.8.x.
- Taint-safe. SpamAssassin runs with perl's taint-checking enabled for
better security.
- Razor 1 support is now officially deprecated.
- "spamc -c" was not working, fixed. This fix required increasing the
revision of the spamd protocol; only difference is that now more than
one protocol header can appear in the reply from spamd.
- all fixes from 2.44 included.
Item 1) was already provided by 'inofficial' patch-af for 2.42 (now
removed).
Two new patches (-ag and -ah) from the SpamAssassin-current repository
work around a roblem with razor2 timeouts.
Logo 'ninjabutton.png' is now in the correct html directory.
Official changes:
1) AWL change reverted; instead of decreasing the AWL bias gradually to
allow frequently-seen addresses to get into the "nonspam" area, it now
behaves like 2.31 did, in that the AWL simply represents the
long-term average score from that correspondent.
2) core-dump bug in spamd worked around, _except for the "-m" switch_.
The "-m" switch relies on signal handling in the Perl interpreter,
which seems to have some bugs we cannot work around reliably on some
platforms, so its use is no longer recommended.
3) some portability fixes for SunOS.
Boquist).
- Included fix for bad AWL behaviour which will also be in 2.50 (maybe 2.43)
(ie AWL works the same again as in SA 2.31). This causes revision bump.
Uses buildlink2 and module.mk. Some perl scripts for rule developers
(in PREFIX/share/doc/spamassassin/{masses,tools}/) and a small SpamAssassin
logo (PREFIX/share/doc/spamassassin/html/) are now included.
New netbsd_lists.cf file to reduce false positives on NetBSD lists (so
far, only some rules for netbsd-bugs).
Changes:
- bug fixes
- new, better scores (intensive testing was done to improve on 2.40 and
2.41)
- netbsd rc.d script works now with NetBSD 1.5 and 1.6
- management of addresses in the automatic whitlist now easier with
dedicated options (--add-addr-to-whitelist, --remove-addr-from-whitelist)
Major changes include:
- SpamAssassin now *REQUIRES* procmail for local delivery support; "-P"
option is now the default. Unless you use procmail, Mail::Audit, KMail,
or an MTA-level integration, do not upgrade blindly, your mail *WILL*
spill all over the floor in a big mess.
- significant speed increases, mostly from Matt Sergeant and Dan Quinlan
- bugs in whitelist_to, all_spam_to and friends fixed
- rules which were causing too many false-positives removed or fixed:
DOUBLE_CAPSWORD, UPPERCASE_25_50, PARTIAL_RFC_2369, MSGID_CHARS_SPAM,
many others
- lots of rule fixes, and lots of new rules
SpamAssassin is a mail filter which attempts to identify spam using text
analysis and several internet-based realtime blacklists.
Using its rule base, it uses a wide range of heuristic tests on mail
headers and body text to identify "spam", also known as unsolicited
commercial email.
Once identified, the mail can then be optionally tagged as spam for later
filtering using the user's own mail user-agent application.
In its most recent test, SpamAssassin differentiated between spam and
non-spam mail correctly in 99.94% of cases. Since then, it's just been
getting better and better!
