ANNOUNCE: Apache SpamAssassin 3.4.4 available

    Date29 Jan 2020
    706
    Posted ByDave Wreski
    512 Powered By Spamassassin
    One of the most significant projects from the Apache Foundation has released another version of SpamAssassin. This is primarily a security release, but also includes improvements to macro document processing with OLVBMacro and a set of smaller fixes.Apache SpamAssassin is a mature, widely-deployed open source project that serves as a mail filter to identify spam. SpamAssassin uses a variety of mechanisms including mail header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. In addition, Apache SpamAssassin has a modular architecture that allows other technologies to be quickly incorporated as an addition or as a replacement for existing methods.
    On behalf of the Apache SpamAssassin Project, I am pleased to announce
    version 3.4.4 is available.
    
    Release Notes -- Apache SpamAssassin -- Version 3.4.4
    
    Introduction
    ------------
    
    Apache SpamAssassin 3.4.4 is primarily a security release.
    
    In this release, there are bug fixes for two CVEs.
    
    *** On March 1, 2020, we will stop publishing rulesets with SHA-1
    signatures.
        If you do not update to 3.4.2 or later, you will be stuck at the last
        ruleset with SHA-1 signatures. ***
    
    Many thanks to the committers, contributors, rule testers, mass checkers,
    and code testers who have made this release possible.
    
    Notable features:
    =================
    
    None noted.
    
    
    Notable changes
    ---------------
    
    In addition to two CVEs which shall be announced separately, this release
    includes fixes for the following:
    
      - Improvements to OLEVBMacro
      - Fix for CRLF handling with SpamAssMilter & DKIM
      - Small fix for a regexp to provide Perl 5.8.x compatability again
      - Increased fns_extrachars default value to 50
      - Fixed nosubject and maxhits tflags when sa-compile is used
      - Limited the Bayes parsed token count
      - Improvements to whitespace trimming
    
    New configuration options
    -------------------------
    
    None noted.
    
    Notable Internal changes
    ------------------------
    
    None noted.
    
    Other updates
    -------------
    
    None noted.
    
    Optimizations
    -------------
    
    None noted.
    
    
    Downloading and availability
    ----------------------------
    
    Downloads are available from:
    
    https://spamassassin.apache.org/downloads.cgi
    
      XXX - To be added when built
    
    Note that the *-rules-*.tgz files are only necessary if you cannot,
    or do not wish to, run "sa-update" after install to download the latest
    fresh rules.
    
    See the INSTALL and UPGRADE files in the distribution for important
    installation notes.
    
    
    GPG Verification Procedure
    --------------------------
    The release files also have a .asc accompanying them.  The file serves
    as an external GPG signature for the given release file.  The signing
    key is available via the wwwkeys.pgp.net key server, as well as
    https://www.apache.org/dist/spamassassin/KEYS
    
    
    
    The following key is used to sign releases after, and including SA 3.3.0:
    
    pub   4096R/F7D39814 2009-12-02
          Key fingerprint = D809 9BC7 9E17 D7E4 9BC2  1E31 FDE5 2F40 F7D3 9814
    uid                  SpamAssassin Project Management Committee
    <private@spamassassin.apache.org>
    uid                  SpamAssassin Signing Key (Code Signing Key,
    replacement for 1024D/265FA05B) <dev@spamassassin.apache.org>
    sub   4096R/7B3265A5 2009-12-02
    
    The following key is used to sign rule updates:
    
    pub   4096R/5244EC45 2005-12-20
          Key fingerprint = 5E54 1DC9 59CB 8BAC 7C78  DFDC 4056 A61A 5244 EC45
    uid                  updates.spamassassin.org Signing Key
    <release@spamassassin.org>
    sub   4096R/24F434CE 2005-12-20
    
    To verify a release file, download the file with the accompanying .asc
    file and run the following commands:
    
      gpg --verbose --keyserver wwwkeys.pgp.net --recv-key F7D39814
      gpg --verify Mail-SpamAssassin-3.4.4.tar.bz2.asc
      gpg --fingerprint F7D39814
    
    Then verify that the key matches the signature.
    
    Note that older versions of gnupg may not be able to complete the steps
    above. Specifically, GnuPG v1.0.6, 1.0.7 & 1.2.6 failed while v1.4.11
    worked flawlessly.
    
    See https://www.apache.org/info/verification.html for more information
    on verifying Apache releases.
    
    
    About Apache SpamAssassin
    -------------------------
    
    Apache SpamAssassin is a mature, widely-deployed open source project
    that serves as a mail filter to identify spam. SpamAssassin uses a
    variety of mechanisms including mail header and text analysis, Bayesian
    filtering, DNS blocklists, and collaborative filtering databases. In
    addition, Apache SpamAssassin has a modular architecture that allows
    other technologies to be quickly incorporated as an addition or as a
    replacement for existing methods.
    
    Apache SpamAssassin typically runs on a server, classifies and labels
    spam before it reaches your mailbox, while allowing other components of
    a mail system to act on its results.
    
    Most of the Apache SpamAssassin is written in Perl, with heavily
    traversed code paths carefully optimized. Benefits are portability,
    robustness and facilitated maintenance. It can run on a wide variety of
    POSIX platforms.
    
    The server and the Perl library feels at home on Unix and Linux platforms
    and reportedly also works on MS Windows systems under ActivePerl.
    
    For more information, visit https://spamassassin.apache.org/
    
    
    About The Apache Software Foundation
    ------------------------------------
    
    Established in 1999, The Apache Software Foundation provides
    organizational, legal, and financial support for more than 100
    freely-available, collaboratively-developed Open Source projects. The
    pragmatic Apache License enables individual and commercial users to
    easily deploy Apache software; the Foundation's intellectual property
    framework limits the legal exposure of its 2,500+ contributors.
    
    For more information, visit https://www.apache.org/
    
    -- 
    Kevin A. McGrail
    KMcGrail@Apache.org
    
    Member, Apache Software Foundation
    Chair Emeritus Apache SpamAssassin Project
    https://www.linkedin.com/in/kmcgrail - 703.798.0171
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"48","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"4","type":"x","order":"2","pct":7.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.