Please vote to release 3.4.0-rc2.
Files at http://people.apache.org/~kmcgrail/devel/
Proposed Announcement follows.
Regards,
KAM
To: users, dev, announce
Subject: ANNOUNCE: Apache SpamAssassin 3.4.0 available
Release Notes -- Apache SpamAssassin -- Version 3.4.0
Introduction
------------
This is a major release. It introduces nearly two years of bug fixes and
features including the Bayes Redis (http://redis.io/) back-end (bug
6879), eDNS changes (bug
6910), Native IPv6 Support, numerous URIBL.pm changes/features and a
small API change in libspamc (bug 6562) with many other subtle changes.
IPv6 note: Besides testing on a dual-protocol hosts, this was also tested
on an IPv6-only host (works fine except Razor, using an external recursive
DNS server running on a dual-protocol host).
SpamAssassin was tested on perl 5.18.0, and (out of curiosity) also
on a Raspberry PI (ARM6, Raspbian / Debian 7.0 Wheezy, perl 5.14.2)
... yes it is 20 times slower than on an i7-960, but all tests pass!
Overall, this release has been tested in many production-level
environments for nearly a year. It is highly recommended and stable.
NOTE: Complete changes are available at
http://svn.apache.org/repos/asf/spamassassin/branches/3.4/Changes
Important Bayes Change
----------------------
Beyond the ability to use Redis as a Bayes backend server, Bug 5185 changed
the way that message IDs were calculated for emails.
Because of this change, if you use Bayes and you are upgrading from a
version
prior to 3.4.0, you should consider wiping your Bayes database and starting
fresh.
However, this is not mandatory. If you choose to keep your current database
tokens, these are the ramifications:
1 - If you re-process emails that have already been learned before, it will
create duplicate entries because of the new msg_id format. The
duplicates
will expire, eventually, and should cause minimal impact unless it
occurs
frequently.
2 - If you try and unlearn or reclassify an email processed prior to the
upgrade, the system will be unable to do so because of the new msg_id
format. If unlearning a message is important, consider just
clearing your
Bayes store and starting from scratch.
Redis database backend for a Bayes database
-------------------------------------------
In addition to existing backends, the 3.4.0 introduces support for keeping
a Bayes database on a Redis server, either running locally, or accessed
over network. Similar to SQL backends, the database may be concurrently
used by several hosts running SpamAssassin.
The current implementation only supports a global Bayes database, i.e.
per-recipient sub-databases are not supported. Due to current limitations
in Redis 2.6.* server, accessing it is not possible over IPv6, but one may
chose connection over IPv4 or over a Unix socket. Bear in mind that Redis
server only offers limited access controls, so it is advisable to let the
Redis server bind to a loopback interface only, or to use other mechanisms
to limit access, such as local firewall rules.
The Redis backend can put a Lua scripting support in a Redis server to good
use, significantly reducing network packet rate and improving performance.
The Lua support is available in Redis server since version 2.6. In absence
of a Lua support, the Redis backend uses multiple traditional Redis command
so in principle it should work with a Redis server version 2.4, although
this is not recommended for busy sites.
Expiration of token and 'seen' message id entries is left to the Redis
server.
There is no provision for manually expiring a database, so it is highly
recommended to leave the setting bayes_auto_expire to its default value 1
(i.e. enabled).
Example configuration:
bayes_store_module Mail::SpamAssassin::BayesStore::Redis
bayes_sql_dsn server=localhost:6379
bayes_token_ttl 21d
bayes_seen_ttl 8d
bayes_auto_expire 1
Downloading and availability
----------------------------
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi
md5sum of archive files:
568915b8d227eb5fc5d50abf8c10c35f Mail-SpamAssassin-3.4.0-rc2.tar.bz2
e653fd06387e15e24ab1d14ba81f473b Mail-SpamAssassin-3.4.0-rc2.tar.gz
d1880f5dc3d1a784d634b193bc83092a Mail-SpamAssassin-3.4.0-rc2.zip
de3929f93119523b5492fa9126cb2a68
Mail-SpamAssassin-rules-3.4.0-rc2.r1494509.tgz
sha1sum of archive files:
0863d52a5590f1fc22320c5631fb83ebb470e1fb Mail-SpamAssassin-3.4.0-rc2.tar.bz2
5aae5424de04978a0ca4f077be03a8c02b006397 Mail-SpamAssassin-3.4.0-rc2.tar.gz
88e31041894e5e05860253d055a13f5b1ef7e7aa Mail-SpamAssassin-3.4.0-rc2.zip
8ef4014b5e37d6f00c602d5c931879d17555e17a
Mail-SpamAssassin-rules-3.4.0-rc2.r1494509.tgz
Note that the *-rules-*.tar.gz files are only necessary if you cannot,
or do not
wish to, run "sa-update" after install to download the latest fresh rules.
See the INSTALL and UPGRADE files in the distribution for important
installation notes.
GPG Verification Procedure
--------------------------
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://www.apache.org/dist/spamassassin/KEYS
The key information is:
pub 4096R/F7D39814 2009-12-02
Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814
uid SpamAssassin Project Management Committee
<priv...@spamassassin.apache.org>
uid SpamAssassin Signing Key (Code Signing Key,
replacement for 1024D/265FA05B) <dev@spamassassin.apache.org>
sub 4096R/7B3265A5 2009-12-02
To verify a release file, download the file with the accompanying .asc
file and run the following commands:
gpg -v --keyserver wwwkeys.pgp.net --recv-key F7D39814
gpg --verify Mail-SpamAssassin-3.4.0-pre1.tar.bz2.asc
gpg --fingerprint F7D39814
Then verify that the key matches the signature.
Note that older versions of gnupg may not be able to complete the steps
above.
Specifically, GnuPG v1.0.6, 1.0.7 & 1.2.6 failed while v1.4.11 worked
flawlessly.
See http://www.apache.org/info/verification.html for more information on
verifying Apache releases.
About Apache SpamAssassin
-------------------------
Apache SpamAssassin is a mature, widely-deployed open source project
that serves as a mail filter to identify spam. SpamAssassin uses a
variety of mechanisms including mail header and text analysis, Bayesian
filtering, DNS blocklists, and collaborative filtering databases. In
addition, Apache SpamAssassin has a modular architecture that allows
other technologies to be quickly incorporated as an addition or as a
replacement for existing methods.
Apache SpamAssassin typically runs on a server, classifies and labels
spam before it reaches your mailbox, while allowing other components of
a mail system to act on its results.
Most of the Apache SpamAssassin is written in Perl, with heavily
traversed code paths carefully optimized. Benefits are portability,
robustness and facilitated maintenance. It can run on a wide variety of
POSIX platforms.
The server and the Perl library feels at home on Unix and Linux
platforms, and reportedly also works on MS Windows systems under ActivePerl.
For more information, visit http://spamassassin.apache.org/
About The Apache Software Foundation
------------------------------------
Established in 1999, The Apache Software Foundation provides
organizational, legal, and financial support for more than 100
freely-available, collaboratively-developed Open Source projects. The
pragmatic Apache License enables individual and commercial users to
easily deploy Apache software; the Foundation's intellectual property
framework limits the legal exposure of its 2,500+ contributors.
For more information, visit http://www.apache.org/
