SpamAssassin 2.60 is released! SpamAssassin 2.60 is the first major update of SpamAssassin since February 2003 (when the 2.50 series was released). SpamAssassin is a mail filter which uses advanced statistical and heuristic tests to identify spam (also known as unsolicited commercial/bulk email). Downloading ----------- Pick it up from: http://SpamAssassin.org/released/Mail-SpamAssassin-2.60-rc6.tar.gz http://SpamAssassin.org/released/Mail-SpamAssassin-2.60-rc6.tar.bz2 http://SpamAssassin.org/released/Mail-SpamAssassin-2.60-rc6.zip md5sum: ffabc6756210a745475b76bc10c4f1b7 Mail-SpamAssassin-2.60-rc6.tar.gz 9ccdb03cf8516a2d69e188339833d502 Mail-SpamAssassin-2.60-rc6.tar.bz2 037c774377e5b9aac57b01070df64f99 Mail-SpamAssassin-2.60-rc6.zip sha1sum: 20862c80552c636c80df12d0a4682fcea3cc5310 Mail-SpamAssassin-2.60-rc6.tar.gz 6a4cb638dc5799ac2be2dcb9da12af40f97d0851 Mail-SpamAssassin-2.60-rc6.tar.bz2 f401f7363c81ecb9715f9868ba2908481986e4e4 Mail-SpamAssassin-2.60-rc6.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net keyserver, as well as http://www.spamassassin.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B Important installation notes ---------------------------- - Bayes FYI: 2.60 has a new Bayes backend and database format. Your old database(s) will automatically be upgraded the first time 2.60 tries to write to the DB, and any journal, if it exists, will be wiped out without being synced. In addition, we have had to drop support for Bayes databases in formats other than DB_File, due to a large number of serious issues (including crash and concurrency bugs) with those formats. So, what you want to do is something like this: - stop running spamassassin/spamd (ie: you don't want it to be running during the upgrade) - run "sa-learn --rebuild", this will sync your journal. - upgrade SA to 2.60 - install DB_File module if necessary - if you were using another database module, run "sa-learn --import" to migrate the data into new DB_File files - run "sa-learn --rebuild", this will cause the db format to be upgraded - start running spamassassin/spamd again Obviously the steps will be different depending on your environment, but you get the idea. :) - Bayes FYI 2: Because of the new database format, "check_bayes_db" will no longer function properly. The functionality from that script was added to sa-learn via the "--dump" parameter. Please see the sa-learn man/pod documentation for more info. - SpamAssassin 2.6x will be the last release supporting perl 5.005, so it's suggested to upgrade to at least perl 5.6.1 - Razor2 isn't fully taint safe. So since SpamAssassin 2.60 enables taint mode by default, there's a Razor2.patch file which needs to be applied to Razor2. Documentation exists in the patch file. Summary of major changes since 2.5x ----------------------------------- spamd improvements - spamd now supports UNIX-domain sockets for low-overhead scanning, thanks to Steve Friedl for this. This is strongly recommended if you're running spamc on the same host as the spamd server Bayes improvements - new tweaks to the Bayes engine: it now breaks down email addresses and URI elements while learning to use as additional features when testing email - new bayes backend, including new database format, ability to learn messages to the journal, etc. Improved expiration mechanism HTML parser improvements - HTML::Parser 3.24 or higher is now required - major improvements to the HTML engine, including better support for detecting 'invisible text' and similar obfuscation techniques used in spam DNS blacklist and network testing improvements - DNS blacklists (RBLs) overhauled; lots of new lists, including SORBS and SpamCop; dropped Osirusoft due to their retirement (brought on by a DDOS) - RBL timeouts are now handled much more efficiently; if one RBL is taking much longer than all the others, it will be cut short and ignored - the RBL engine improves the extraction and selection of IP addresses queried by inferring trust relationships between Received headers; trust can also be manually specified using the new "trusted_networks" option - a generalised Received-header parser to more easily detect HELO string forgery and faked relay lines - support for domain-based blacklists and TXT record queries - dccifd support added - Razor 1 support dropped Report improvements - to reduce confusion, the default report now includes the hostname of the machine where SpamAssassin is running and the installer also asks for an administrative address or URL - more flexible header and report rewriting including a simple template system Other changes - workaround for red hat kernel with NPTL reporting "application bug" in spamd due to use of waitpid() when SIGCHLD is set to SIG_IGN - taint mode is now enabled by default (for perl versions 5.6.0 and higher) for extra security - Makefile variables were changed to use DESTDIR instead of the various INST_* variables. Please read the PACKAGING file for more information. - Lots of bugs fixed and new rules added. ;) - timelog code has been removed