To: users, dev, announce Subject: ANNOUNCE: Apache SpamAssassin 3.4.0 available Release Notes -- Apache SpamAssassin -- Version 3.4.0 Introduction ------------ This is a major release. It introduces nearly two years of bug fixes and features including the Bayes Redis (http://redis.io/) back-end (bug 6879), eDNS changes (bug 6910), Native IPv6 Support, numerous URIBL.pm changes/features and a small API change in libspamc (bug 6562) with many other subtle changes. IPv6 note: Besides testing on a dual-protocol hosts, this was also tested on an IPv6-only host (works fine except Razor, using an external recursive DNS server running on a dual-protocol host). SpamAssassin was tested on perl 5.18.0, and (out of curiosity) also on a Raspberry PI (ARM6, Raspbian / Debian 7.0 Wheezy, perl 5.14.2) ... yes it is 20 times slower than on an i7-960, but all tests pass! Overall, this release has been tested in many production-level environments for nearly a year. It is highly recommended and stable. NOTE: Complete changes are available at http://svn.apache.org/repos/asf/spamassassin/branches/3.4/Changes Important Bayes Change ---------------------- Beyond the ability to use Redis as a Bayes backend server, Bug 5185 changed the way that message IDs were calculated for emails. Because of this change, if you use Bayes and you are upgrading from a version prior to 3.4.0, you should consider wiping your Bayes database and starting fresh. However, this is not mandatory. If you choose to keep your current database tokens, these are the ramifications: 1 - If you re-process emails that have already been learned before, it will create duplicate entries because of the new msg_id format. The duplicates will expire, eventually, and should cause minimal impact unless it occurs frequently. 2 - If you try and unlearn or reclassify an email processed prior to the upgrade, the system will be unable to do so because of the new msg_id format. If unlearning a message is important, consider just clearing your Bayes store and starting from scratch. Redis database backend for a Bayes database ------------------------------------------- In addition to existing backends, the 3.4.0 introduces support for keeping a Bayes database on a Redis server, either running locally, or accessed over network. Similar to SQL backends, the database may be concurrently used by several hosts running SpamAssassin. The current implementation only supports a global Bayes database, i.e. per-recipient sub-databases are not supported. Due to current limitations in Redis 2.6.* server, accessing it is not possible over IPv6, but one may chose connection over IPv4 or over a Unix socket. Bear in mind that Redis server only offers limited access controls, so it is advisable to let the Redis server bind to a loopback interface only, or to use other mechanisms to limit access, such as local firewall rules. The Redis backend can put a Lua scripting support in a Redis server to good use, significantly reducing network packet rate and improving performance. The Lua support is available in Redis server since version 2.6. In absence of a Lua support, the Redis backend uses multiple traditional Redis command so in principle it should work with a Redis server version 2.4, although this is not recommended for busy sites. Expiration of token and 'seen' message id entries is left to the Redis server. There is no provision for manually expiring a database, so it is highly recommended to leave the setting bayes_auto_expire to its default value 1 (i.e. enabled). Example configuration: bayes_store_module Mail::SpamAssassin::BayesStore::Redis bayes_sql_dsn server=localhost:6379 bayes_token_ttl 21d bayes_seen_ttl 8d bayes_auto_expire 1 Downloading and availability ---------------------------- Downloads are available from: http://spamassassin.apache.org/downloads.cgi md5sum of archive files: 568915b8d227eb5fc5d50abf8c10c35f Mail-SpamAssassin-3.4.0-rc2.tar.bz2 e653fd06387e15e24ab1d14ba81f473b Mail-SpamAssassin-3.4.0-rc2.tar.gz d1880f5dc3d1a784d634b193bc83092a Mail-SpamAssassin-3.4.0-rc2.zip de3929f93119523b5492fa9126cb2a68 Mail-SpamAssassin-rules-3.4.0-rc2.r1494509.tgz sha1sum of archive files: 0863d52a5590f1fc22320c5631fb83ebb470e1fb Mail-SpamAssassin-3.4.0-rc2.tar.bz2 5aae5424de04978a0ca4f077be03a8c02b006397 Mail-SpamAssassin-3.4.0-rc2.tar.gz 88e31041894e5e05860253d055a13f5b1ef7e7aa Mail-SpamAssassin-3.4.0-rc2.zip 8ef4014b5e37d6f00c602d5c931879d17555e17a Mail-SpamAssassin-rules-3.4.0-rc2.r1494509.tgz Note that the *-rules-*.tar.gz files are only necessary if you cannot, or do not wish to, run "sa-update" after install to download the latest fresh rules. See the INSTALL and UPGRADE files in the distribution for important installation notes. GPG Verification Procedure -------------------------- The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://www.apache.org/dist/spamassassin/KEYS The key information is: pub 4096R/F7D39814 2009-12-02 Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814 uid SpamAssassin Project Management Committee uid SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) sub 4096R/7B3265A5 2009-12-02 To verify a release file, download the file with the accompanying .asc file and run the following commands: gpg -v --keyserver wwwkeys.pgp.net --recv-key F7D39814 gpg --verify Mail-SpamAssassin-3.4.0-pre1.tar.bz2.asc gpg --fingerprint F7D39814 Then verify that the key matches the signature. Note that older versions of gnupg may not be able to complete the steps above. Specifically, GnuPG v1.0.6, 1.0.7 & 1.2.6 failed while v1.4.11 worked flawlessly. See http://www.apache.org/info/verification.html for more information on verifying Apache releases. About Apache SpamAssassin ------------------------- Apache SpamAssassin is a mature, widely-deployed open source project that serves as a mail filter to identify spam. SpamAssassin uses a variety of mechanisms including mail header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. In addition, Apache SpamAssassin has a modular architecture that allows other technologies to be quickly incorporated as an addition or as a replacement for existing methods. Apache SpamAssassin typically runs on a server, classifies and labels spam before it reaches your mailbox, while allowing other components of a mail system to act on its results. Most of the Apache SpamAssassin is written in Perl, with heavily traversed code paths carefully optimized. Benefits are portability, robustness and facilitated maintenance. It can run on a wide variety of POSIX platforms. The server and the Perl library feels at home on Unix and Linux platforms, and reportedly also works on MS Windows systems under ActivePerl. For more information, visit http://spamassassin.apache.org/ About The Apache Software Foundation ------------------------------------ Established in 1999, The Apache Software Foundation provides organizational, legal, and financial support for more than 100 freely-available, collaboratively-developed Open Source projects. The pragmatic Apache License enables individual and commercial users to easily deploy Apache software; the Foundation's intellectual property framework limits the legal exposure of its 2,500+ contributors. For more information, visit http://www.apache.org/