Release Notes: Spamhaus DBL was added as a URIBL_DBL_SPAM rule. The ImageInfo plugin was updated to the latest release. The RCVD_IN_CSS rule was fixed. 2tld and 3tld sub-domain hosters were listed for URIBL/SURBL/DBL queries. Other fixes were made.
Release Notes: Rules were updated and new scores are assigned by GA. Rules are no longer in the package, but installed by sa-update. A new function can() allows testing for capabilities offered. Support for IPv6 was greatly improved. When the time limit is exceeded, partial results are still returned. The timing report is now logged or offered as a tag. A caller may supply out-of-band data. Detection of URI was rewritten. The DKIM plugin now supports multiple signatures and ADSP with overrides. The FreeMail, PhishTag, and Reuse plugins were added. Error detection, handling, and reporting were improved to facilitate troubleshooting.
Release Notes: Newer gpg versions require keys to be cross-certified, so the sa-update public key was fixed accordingly. A perl version string was added to the storage area for compiled rulesets, to avoid crashes when perl is upgraded between major versions (e.g. perl 5.8.x to 5.10.0) and the ABI breaks. Some FORGED_MUA_OUTLOOK false positives were cleared on the new-format Message-ID generated by the Outlook Express version used in Windows XP service pack 3. Compatibility with Postgres 8.1.0 and later was fixed. Other miscellaneous fixes were done.
Release Notes: Major sa-compile fixes. Minor fixes in other departments. 'score set for a non-existent rule' has been made a debug message, instead of a lint warning, since it's a very frequent FAQ.
Release Notes: The new setuid code has been fixed to work with Perl 5.6.1 and to support DCC and Pyzor in all releases of Perl. The default 'user_scores_ldap_username' is now the null string, allowing anonymous binding. A 'schema' syntax error in LDAP config support has been fixed, along with an error where zeroing an 'eval' rule's score did not stop it from running. The new message ID format seen from Vista or Windows 2003 Server MAPI is now allowed to avoid false positives, and several issues with RDNS_DYNAMIC have been fixed.
Release Notes: The "make test" rule was fixed when running as root; this is needed for CPAN. Certain mail input can take a long time to scan with 100% CPU utilization, due to backtracking in a rule's regexp. Sending a HUP signal to the spamd process causes the ps name to change from spamd to perl. "make test" errors in Windows caused by nonportable use of getpwuid were fixed. Multiple DNS records for a host name should allow use of spamd -H for load balancing installs to work. Network lookup timeouts were fixed, where lookups were being lost once a timeout was hit.
Release Notes: A local user symlink-attack DoS vulnerability (CVE-2007-2873) was fixed. It only affects systems where spamd is run as root, is used with vpopmail or virtual users via the "-v"/"--vpopmail" or "--virtual-config-dir" switch, and with the "-x"/"--no-user-config, and without the "-u"/"--username" switch, and with the "-l"/"--allow-tell" switch. This is not default on any distribution package, and is not a common configuration. Other miscellaneous bugs were also fixed.
Release Notes: Short-circuiting of "definite ham" or "definite spam" messages based on rules was added. Charset normalization was added, so rules can be written in UTF-8 to match text in other charsets. "sa-compile" was added to compile SpamAssassin rules into a fast parallel-matching DFA. "tflags multiple" was added, which allows rules that count multiple hits in a single message. "whitelist_auth" was added to whitelist addresses that send mail using sender-authorization systems like SPF, Domain Keys, and DKIM. Mail::SpamAssassin::Spamd::Apache2 provides spamd as a mod_perl module.
Release Notes: Fixes were made for a bug in date handling affecting DATE_IN_FUTURE_* and DATE_IN_PAST_* rules when more than one Resent-Date header is present. A race condition in spamd preforking code that sometimes left one child process running after sending SIGHUP to spamd was fixed. Hash characters in the config are now unescaped. False SPF_SOFTFAILs when SPF queries timeout were fixed. RCVD_ILLEGAL_IP evaltest was updated to properly deal with 127/8. Adding headers with a single digit zero value was enabled. Support for ecelerity Received headers was added. A bug introduced in 3.1.5 in mbx code was fixed.
Release Notes: All third-party code is now allowed to use rule updates by setting a default path when one is not passed in. Support for whitelisting with DomainKeys was added. Lots of other minor bugfixes and documentation updates were done.