To: users, dev, announce Subject: ANNOUNCE: Apache SpamAssassin 3.4.0 available Release Notes -- Apache SpamAssassin -- Version 3.4.0 Introduction ------------ This is a major release. It introduces nearly two years of bug fixes and features including the Bayes Redis (http://redis.io/) back-end (bug 6879), eDNS changes (bug 6910), Native IPv6 Support, numerous URIBL.pm changes/features and a small API change in libspamc (bug 6562) with many other subtle changes. IPv6 note: Besides testing on a dual-protocol hosts, this was also tested on an IPv6-only host (works fine except Razor, using an external recursive DNS server running on a dual-protocol host). SpamAssassin was tested on perl 5.18.0, and (out of curiosity) also on a Raspberry PI (ARM6, Raspbian / Debian 7.0 Wheezy, perl 5.14.2) ... yes it is 20 times slower than on an i7-960, but all tests pass! Overall, this release has been tested in many production-level environments for nearly a year. It is highly recommended and stable. NOTE: Complete changes are available at http://svn.apache.org/repos/asf/spamassassin/branches/3.4/Changes Important Bayes Change ---------------------- Beyond the ability to use Redis as a Bayes backend server, Bug 5185 changed the way that message IDs were calculated for emails. Because of this change, if you use Bayes and you are upgrading from a version prior to 3.4.0, you should consider wiping your Bayes database and starting fresh. However, this is not mandatory. If you choose to keep your current database tokens, these are the ramifications: 1 - If you re-process emails that have already been learned before, it will create duplicate entries because of the new msg_id format. The duplicates will expire, eventually, and should cause minimal impact unless it occurs frequently. 2 - If you try and unlearn or reclassify an email processed prior to the upgrade, the system will be unable to do so because of the new msg_id format. If unlearning a message is important, consider just clearing your Bayes store and starting from scratch. Redis database backend for a Bayes database ------------------------------------------- In addition to existing backends, the 3.4.0 introduces support for keeping a Bayes database on a Redis server, either running locally, or accessed over network. Similar to SQL backends, the database may be concurrently used by several hosts running SpamAssassin. The current implementation only supports a global Bayes database, i.e. per-recipient sub-databases are not supported. Due to current limitations in Redis 2.6.* server, accessing it is not possible over IPv6, but one may chose connection over IPv4 or over a Unix socket. Bear in mind that Redis server only offers limited access controls, so it is advisable to let the Redis server bind to a loopback interface only, or to use other mechanisms to limit access, such as local firewall rules. The Redis backend can put a Lua scripting support in a Redis server to good use, significantly reducing network packet rate and improving performance. The Lua support is available in Redis server since version 2.6. In absence of a Lua support, the Redis backend uses multiple traditional Redis command so in principle it should work with a Redis server version 2.4, although this is not recommended for busy sites. Expiration of token and 'seen' message id entries is left to the Redis server. There is no provision for manually expiring a database, so it is highly recommended to leave the setting bayes_auto_expire to its default value 1 (i.e. enabled). Example configuration: bayes_store_module Mail::SpamAssassin::BayesStore::Redis bayes_sql_dsn server=localhost:6379 bayes_token_ttl 21d bayes_seen_ttl 8d bayes_auto_expire 1 Downloading and availability ---------------------------- Downloads are available from: http://spamassassin.apache.org/downloads.cgi md5sum of archive files: c3db9e19cce2faddf00d35ee192325c0 Mail-SpamAssassin-3.4.0-rc1.tar.bz2 1ea0d12068e58eef3fc1fc2a2583292d Mail-SpamAssassin-3.4.0-rc1.tar.gz 2951e48fe0f88f24e3c7140f0a875f6c Mail-SpamAssassin-3.4.0-rc1.zip 0c1b9f4caa4c8a0e86ec1ea4f09c8a98 Mail-SpamAssassin-rules-3.4.0-rc1.r1493476.tgz sha1sum of archive files: 34845717f796111b6ec072ec06e17a2ccfa9c2a6 Mail-SpamAssassin-3.4.0-rc1.tar.bz2 b1fee565fcc50183f974bd2df8413e4082bc9589 Mail-SpamAssassin-3.4.0-rc1.tar.gz 8b436c6d8a7c683534ac05c614715647d7abec27 Mail-SpamAssassin-3.4.0-rc1.zip 1fe6b7318c3320fefe03e1a0b9216d1628a60408 Mail-SpamAssassin-rules-3.4.0-rc1.r1493476.tgz Note that the *-rules-*.tar.gz files are only necessary if you cannot, or do not wish to, run "sa-update" after install to download the latest fresh rules. See the INSTALL and UPGRADE files in the distribution for important installation notes. GPG Verification Procedure -------------------------- The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://www.apache.org/dist/spamassassin/KEYS The key information is: pub 4096R/F7D39814 2009-12-02 Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814 uid SpamAssassin Project Management Committee uid SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) sub 4096R/7B3265A5 2009-12-02 To verify a release file, download the file with the accompanying .asc file and run the following commands: gpg -v --keyserver wwwkeys.pgp.net --recv-key F7D39814 gpg --verify Mail-SpamAssassin-3.4.0-pre1.tar.bz2.asc gpg --fingerprint F7D39814 Then verify that the key matches the signature. Note that older versions of gnupg may not be able to complete the steps above. Specifically, GnuPG v1.0.6, 1.0.7 & 1.2.6 failed while v1.4.11 worked flawlessly. See http://www.apache.org/info/verification.html for more information on verifying Apache releases. About Apache SpamAssassin ------------------------- Apache SpamAssassin is a mature, widely-deployed open source project that serves as a mail filter to identify spam. SpamAssassin uses a variety of mechanisms including mail header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. In addition, Apache SpamAssassin has a modular architecture that allows other technologies to be quickly incorporated as an addition or as a replacement for existing methods. Apache SpamAssassin typically runs on a server, classifies and labels spam before it reaches your mailbox, while allowing other components of a mail system to act on its results. Most of the Apache SpamAssassin is written in Perl, with heavily traversed code paths carefully optimized. Benefits are portability, robustness and facilitated maintenance. It can run on a wide variety of POSIX platforms. The server and the Perl library feels at home on Unix and Linux platforms, and reportedly also works on MS Windows systems under ActivePerl. For more information, visit http://spamassassin.apache.org/ About The Apache Software Foundation ------------------------------------ Established in 1999, The Apache Software Foundation provides organizational, legal, and financial support for more than 100 freely-available, collaboratively-developed Open Source projects. The pragmatic Apache License enables individual and commercial users to easily deploy Apache software; the Foundation's intellectual property framework limits the legal exposure of its 2,500+ contributors. For more information, visit http://www.apache.org/