The NetBSD Project

CVS log for pkgsrc/mail/spamassassin/PLIST

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / mail / spamassassin

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.24: download - view: text, markup, annotated - select for diffs
Tue Aug 16 14:21:48 2022 UTC (2 years, 2 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3, pkgsrc-2024Q2-base, pkgsrc-2024Q2, pkgsrc-2024Q1-base, pkgsrc-2024Q1, pkgsrc-2023Q4-base, pkgsrc-2023Q4, pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, HEAD
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +2 -1 lines
spamassassin: update to use latest rules file and install .asc file again

This makes the package break later in 'make install' when it finds out
that updates.spamassassin.org does not exist.

Bump PKGREVISION.

Revision 1.23: download - view: text, markup, annotated - select for diffs
Wed Sep 9 19:13:48 2015 UTC (9 years, 1 month ago) by christos
Branches: MAIN
CVS tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +1 -3 lines
update to 3.4.1:
    - improved automation to help combat spammers that are abusing
      new top level domains;
    - tweaks to the SPF support to block more spoofed emails;
    - increased character set normalization to make rules easier to
      develop and stop spammers from using alternate character sets
      to bypass tests;
    - continued refinement to the native IPv6 support; and
    - improved Bayesian classification with better debugging and
      attachment hashing.

Revision 1.22: download - view: text, markup, annotated - select for diffs
Tue Mar 11 14:05:05 2014 UTC (10 years, 7 months ago) by jperkin
Branches: MAIN
CVS tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +1 -2 lines
Remove example rc.d scripts from PLISTs.

These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.

Revision 1.21: download - view: text, markup, annotated - select for diffs
Wed Mar 24 21:41:10 2010 UTC (14 years, 7 months ago) by heinz
Branches: MAIN
CVS tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +4 -1 lines
Updated to version 3.3.1.

Pkgsrc changes:
  - Removed most of the package options; using the options framework for
    those choices was not quite correct in the first place. Some have now
    fixed values (Perl warnings and taint checks always enabled), some
    got converted to variables settable from the make command line, see
    options.mk.
  - pkglint complained about the variable PLIST_ADD so I renamed it to
    DYNAMIC_PLIST.
  - SpamAssassin does not come with rules anymore. As a starting point
    the official archive of rules at the time of the SA release is
    included. At installation time this set of rules gets installed
    through the pkgsrc INSTALL file.
  - Removed patch-ba and patch-bc, both were integrated upstream.
  - Removed patch-be. The quick fix for the bad rule was replaced by
    a permanent solution.

Summary of major changes since 3.3.0
====================================

bug 6335: add Spamhaus DBL as URIBL_DBL_SPAM rule

Bug 6370: update ImageInfo plugin to latest release

bug 6215, bug 6294: RCVD_IN_CSS rule was broken.  the check_rbl_sub() syntax
was incorrect, resulting in missing hits

bug 6361: list 2tld and 3tld sub-domain hosters for URIBL/SURBL/DBL queries;
NOTE for SARE users: This file replaces the SARE file
http://www.rulesemporium.com/rules/90_2tld.cf, which will be deprecated as from
2010-05-01.

Bug 6369, 6356, 6373: WIN32 support for spamd improved

Bug 6267: Solaris 10 requires --syslog-socket=native

bug 6304 spamd is spawning and killing processes too often - Added spamd
adjustments to info level and more information for administrators + small fix
to Makefile.PL

Bug 6310: sa-learn --import gives Insecure dependency in open

Bug 6313: -Q or -q AND -x should not result in creation of a ~/.spamassassin
dir; plus: taint issues fixed

Bug 6342: make test failure on if_can under perl 5.6

Bug 6340: Impossible to find user home directory of VPOPMAIL alias

Bug 6072, 6343: POD warnings, documentation fixes

Bug 6304 (trivial), reduce sysadmin's stress level by lowercasing
the 'INTERRUPTED' in a logged message:
 spamd: handled cleanup of child pid [...] due to SIGCHLD: INTERRUPTED

Bug 6329: POSIX::strftime in call under Win32 ActivePerl causes Perl to hang up;
formatting option %e is not in a POSIX standard, use %d instead and edit

Bug 6322: In DKIM ADSP eval test check_dkim_adsp() the '*' is handled incorrectly

Bug 6327: Fix calling argument in utility used to determine DCC's homedir

Bug 6316: DCC.pm, wrong options for dcc_proc, (plus: avoid a warning on undef
in logger when dccifd socket is not provided)

Bug 6287: improved DKIM plugin debugging

Bug 6321 - _TOKENSUMMARY_ not working in 3.3.0 (Plugin/Bayes.pm looks-up a tag
from wrong location)

Bug 6312 - uninitialized value $start_time in spamd

bug 5761: trivial doc fix: document SPAMD_LOCALHOST test-control env variable


Summary of major changes since 3.2.5
====================================
COMPATIBILITY WITH 3.2.5

- rules are no longer distributed with the package, but installed by
  sa-update - either automatically fetched from the network (preferably)
  or from a tar archive, which is available for downloading separately
  (see below, section INSTALLING RULES);

- CPAN module requirements:
  - minimum required version of ExtUtils::MakeMaker is 6.17;
  - modules now required: Time::HiRes, NetAddr::IP (4.000 or later),
    Archive::Tar (1.23 or later), IO::Zlib;
  - minimal version of Mail::DKIM is 0.31 (preferred: 0.37 or later);
    expect some tests in t/dkim2.t to fail with versions older than 0.36_5;
  - no longer used: Mail::DomainKeys, Mail::SPF::Query;
  - either Digest::SHA or the older Digest::SHA1 is required, though
    note that the DKIM plugin requires Digest::SHA for sha256 hashes
    and Razor agents still need Digest::SHA1;
  - some IPv6 functionality requires IO::Socket::INET6;

- if keeping the AWL database in SQL, the field awl.ip must be extended to
  40 characters. The change is necessary to allow AWL to keep track of IPv6
  addresses which may appear in a mail header even on non-IPv6 -enabled host.
  While at it, consider also adding a field 'signedby' to the SQL table 'awl'
  (and adding 'auto_whitelist_distinguish_signed 1' to local.cf);
  see sql/README.awl for details. The change need not be undone even if
  downgrading back to 3.2.* for some reason;

- fixing a protocol implementation error regarding a PING command required
  bumping up the SPAMC protocol version to 1.5.  Spamd retains compatibility
  with older spamc clients. Combining new spamc clients with pre-3.3 versions
  of a spamd daemon is not supported (but happens to work, except for the
  PING and SKIP commands);

- if using one of the plugins (FreeMail, PhishTag, Reuse) which were
  previously not part of the official package, please retire your local copy
  to avoid it conflicting with a new native plugin;

- as the plugin AWL is no longer loaded by default, to continue using it
  the following line is needed in one of the .pre files (e.g. local.pre):
    loadplugin Mail::SpamAssassin::Plugin::AWL

- it may be worth mentioning that a rule DKIM_VERIFIED has been renamed
  to DKIM_VALID to match its semantics;

- the DKIM plugin is now enabled by default for new installs, if the perl
  module Mail::DKIM is installed.  However, installation of SpamAssassin
  will not overwrite existing .pre configuration files, so to use DKIM when
  upgrading from a previous release that did not use DKIM, a directive:

    loadplugin Mail::SpamAssassin::Plugin::DKIM

  will need to be uncommented in file "v312.pre", or added to some
  other .pre file, such as local.pre;

- due to changes in some internal data structures (like Bug 6185, 6254),
  some third-party plugins may need to be updated. One such example is
  the ClamAVPlugin plugin - please find a fresh version, which can be used
  with both SpamAssassin versions 3.2.5 and 3.3.0, on its wiki page at
  http://wiki.apache.org/spamassassin/ClamAVPlugin

- versions of amavisd-new between 2.5.2 and 2.6.1 (inclusive) are incompatible
  with SpamAssassin 3.3; please upgrade amavisd to 2.6.2 or later, or apply
  a workaround https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6257

- support for versions of perl 5.6.* is being gradually revoked
  (may still work, but no promises and no support);

- preferred versions of perl are 5.8.8, 5.8.9, and 5.10.1 or later;

- on FreeBSD, please avoid using multithreaded versions of perl older
  than 5.10.0 due to small default main thread's stack size, which may
  not suffice for some regular expression evaluations;


INSTALLING RULES

Rules are normally installed by running a sa-update command.
The version of sa-update program should match the version of SpamAssassin
modules, so invoking sa-update should be performed only after installing
or upgrading SpamAssassin code, not before.

Installing rules from network is done with a single command,
normally run as root:
  sa-update

Installing rules from files:
  obtain all the following files:
    Mail-SpamAssassin-rules-xxx.tgz
    Mail-SpamAssassin-rules-xxx.tgz.asc
    Mail-SpamAssassin-rules-xxx.tgz.md5
    Mail-SpamAssassin-rules-xxx.tgz.sha1
      (where xxx may look something like '3.3.0.r893295')
  install rules from a compressed tar archive:
    sa-update --install Mail-SpamAssassin-rules-xxx.tgz
      (sa-update will need corresponding .asc and .sha1 files with the
       same base name in the same directory as the .tgz file)


MAIN NEW FEATURES

- IPv6 support was substantially improved (see below);

- many improvements to the DKIM plugin (understands author domain signatures,
  supports multiple signatures, ADSP support with overrides) - (see below);

- added 'if can(Class::method)' conditional statement, allowing configuration
  settings to be conditional on plugin capabilities without requiring
  new version releases to do so;

- added a --verbose option to the sa-update utility to show updated channels;

- added a configuration option 'time_limit', defaulting to 300 seconds
  or whatever the caller (like spamd) provides; attempting to gracefully
  terminate the checking when a time limit is reached, reporting the score
  and test hits that were collected so far, along with an added hit on
  a rule TIME_LIMIT_EXCEEDED;

- more expensive code sections are now instrumented with timing measurements;
  timing report is logged as a debug message by the end of processing,
  and made available to a caller and to 'add_header' directives through
  a TIMING tag;

- added a configuration option skip_uribl_checks to the URIDNSBL plugin,
  cross-documented it with skip_rbl_checks;

- preserve order of declared 'add_header' header fields;

- configurable network mask length for the AWL plugin (see below);

- added support for DCC reputations (see below);

- improved error handling and robustness (see below);

- added timestamps when logging on stderr;

- allowed debug areas to be excluded from debugging,
  e.g.: -D all,norules,noconfig,nodcc


BUILDING AND PACKAGING

- rules are no longer distributed with the package, but installed by
  sa-update

- Makefile.PL has been simplified and a bug fixed in a DESTDIR support
  by increasing the minimum required version of ExtUtils::MakeMaker to 6.17

- tools check_whitelist and check_spamd are now included in the distribution,
  now called 'sa-awl' and 'sa-check_spamd'


WORKAROUNDS TO PERL BUGS AND LIMITATIONS

- modified the Check.pm plugin to produce smaller chunks of source code
  from rules (60 kB) to avoid Perl compiler crashing on exceeding stack size;

- localized global variables $1, $2, etc at several places, avoiding taint
  issue from propagating;

- avoided Perl I/O bug by replacing line-by-line reading with read() where
  suitable, or played down the EBADF status in other places and only report
  it as a dbg instead of a die - while also providing a little speedup
  (10 .. 25 %) on reading a message;

- provided a new sub Message::split_into_array_of_short_lines to split
  a text into array of paragraph chunks of sizes between 1 kB and 2 kB,
  giving less opportunity to runaway regular expressions in rules;
  fixes bugs: 5717, 5644, 5795, 5486, 5801, 5041;


MEMORY FOOTPRINT

- as a side-effect of compiling rules in smaller chunks (to avoid compiler
  crashes), virtual memory footprint of SpamAssassin is reduced;

- saved some memory by not importing the Pod::Usage unless it is needed;

- saved 350k+ of memory in sa-compile by replacing DynaLoader with XSLoader;

- removed unneeded index from MySQL bayes_token table;


IPv6 SUPPORT

- added IPv6 support for trusted_networks, internal_networks, msa_networks,
  whitelist_from_rcvd, and other stuff that uses NetSet and the Received
  header field parser, using NetAddr::IP;

- allowed usage of a remote dccifd host through an INET or INET6 socket;

- added IPv6 support to AWL plugin and its utility modules; a network
  mask length is now configurable and defaults to /48, which controls
  what data is stored in an AWL database;

- sql/README.awl and sql/awl_*.sql: increased suggested awl.ip field width
  to 40 characters to be able to hold IPv6 addresses;

- IP_PRIVATE now includes ipv6 variants of private address space,
  as well as the ipv6-mapped ipv4 addresses.

- NetSet now understands that ::ffff:192.168.1.2 and 192.168.1.2 are
  the same address;

- IPv6 addresses are now properly read from Received header fields;

- when reading Received header fields, the "IPv6:" prefix is stripped from
  IPv6 addresses, and "::ffff:" is removed from IPv6-mapped IPv4 addresses
  (so strings can match them as simply IPv4 addresses);

- ::1/128 is always included in the trusted_networks/internal_networks set
  similar to 127.0.0.0/8;

- some of the IPv6 functionality in SpamAssassin requires that a perl module
  IO::Socket::INET6 is available (like accessing a DNS resolver over inet6,
  talking to a dccifd host over inet6 socket, SPAMC protocol);


SPAMC

- Mail::SpamAssasin::Client ping may erroneously result in broken pipe;
  bump spamc protocol version to 1.5, updated spamd, spamc and Client.pm;

- added -n / --connect-timeout switch to spamc, allowing to separate
  a connection timeout from communication timeout;

- added --filter-retries and --filter-retry-sleep;

- increased allowed line length in spamc.conf files to 8 KiB and report
  an error when the limit is exceeded;

- fixed issue where spamc would not time out connections to a hung spamd;

- spamc client library leaked the zlib compression buffer if compression
  is used;

- spamc long option '--dest' was broken;


SPAMD

- when spamd is started with the daemonize option do not exit the parent
  until a child signals that it has logged the pid, to allow a wrapper
  script to simply continue immediately after starting spamd;

- additional tempfile cleanup in kill_handler;

- added SPAMD_LOCALHOST option to "make test" to allow specifying
  non-127.0.0.1 IP address for use in FreeBSD jail;


API

- adding one optional argument to Mail::SpamAssassin::parse allows caller
  to pass additional out-of-band information to SpamAssassin (such as a
  deadline time, DKIM verification results, information about a SMTP session,
  or dynamic rule hits); this information is made available to plugins and
  the rest of the code through a 'suppl_attrib' hash;

- added option 'master_deadline' to the suppl_attrib argument of a
  Mail::SpamAssassin::parse method, allowing the caller to override a
  time_limit configuration setting;

- Plugin::Check - pick up 'rule_hits' from caller via the new mechanism
  and call got_hit() on them;

- simplified adding dynamic score hits and dynamic rules by plugins
  (such as AWL, CRM114, FuzzyOcr, Check) by letting got_hit() accept
  options tflags and description, and letting it store a supplied
  dynamic score for proper reporting;

- let the timing breakdown information be accessible to a caller through
  the existing get_tag mechanism (tag TIMING);

- let the generated header fields ('add_header' configuration options)
  be accessible to a caller through the existing get_tag mechanism
  (tags ADDEDHEADER, ADDEDHEADERHAM, ADDEDHEADERSPAM);


RULES

- rules are no longer distributed with the package;

- new scores were generated by a genetic algorithm (GA) and then manually
  tweaked based on cleaned datasets supplied by a dozen volunteers;

- dropped redundant rules or rules causing too many false positives;

- added or updated many rules; incomplete list in no particular order:
  vbounce, lotsa_money, muchmoney, image spam, fill_this_form, FreeMail,
  European Parliament, HTML attachments, uri_obfu*, urinsrhsbl, urinsrhssub,
  urifullnsrhsbl, URI_OBFU_X9_WS, rDNS=localhost, INVALID_DATE_TZ_ABSURD,
  RCVD_IN_PSBL, FRT_VALIUM*, BOUNCE_MESSAGE, VBOUNCE_MESSAGE,
  __BOUNCE_UNDELIVERABLE, HELO_STATIC_HOST, FILL_THIS_FORM_FRAUD_PHISH,
  CHALLENGE_RESPONSE, DKIM_VALID, DKIM_VALID_AU, DKIM_ADSP_*,
  NML_ADSP_CUSTOM_{LOW,MED,HIGH}, __VIA_ML, MIME_BASE64_TEXT, LOTTO_URI,
  FORGED_MUA_THEBAT_BOUN, FORGED_MUA_THEBAT_CS, UNRESOLVED_TEMPLATE,
  __THEBAT_MUA, __ANY_OUTLOOK_MUA, RP_MATCHES_RCVD, one-word X-Mailer,
  SPAN rules, skype and misquoted-HTML rules, HTML obfuscation and
  Google feedproxy URI rules, advance_fee updates including further
  evolved advance fee second-order metarules, test rule for
  postmaster+abuse missing, FROM_MISSPACED, fixed FROM_CONTAINS_TAB, a
  Facebook redirector pattern, fixed FPs with TVD_SPACE_RATIO regarding
  one-word emails and ISO-2022-JP, added exclusion for __ISO_2022_JP_DELIM
  to OBFUSCATING_COMMENT, GAPPY_SUBJECT, PLING_QUERY and FM_FRM_RN_L_BRACK
  rules, RATWARE_BOUNDARY plus variant, superseded all previous
  RATWARE_OUTLOOK stuff, resolved FP in obfuscated URI rule, fixed breakage
  in tbird image rule, fixed SUBJECT_FUZZY_MEDS FP on unobfuscated "meds",
  added misspaced From header field rule, numeric+cctld URI rule,
  updated FH_DATE_PAST_20XX, ...

- added PSBL blacklist - http://psbl.surriel.com/

- added support for http://www.spamhaus.org/css/

- replaces HABEAS, BSP and SSC with RP CERTIFIED;

- use ReturnPath's RNBL, replacing SSBL;

- added rule for plain text attachments with octet-stream MIME type;

- avoided false positives on ISO-2022-JP messages in several rules;

- removed massmailers from uridnsbl_skip_domain in 25_uribl.cf;

- updated various default whitelists, uridnsbl_skip_domain, adsp_override, ...


PLUGINS

- new plugins: FreeMail, PhishTag, Reuse;

- now enabled by default: DKIM;

- now disabled by default: AWL;

- retired plugin: DomainKeys;


AWL PLUGIN

- plugin AWL is now disabled by default;

- added new configuration options auto_whitelist_ipv4_mask_len and
  auto_whitelist_ipv6_mask_len to allow more control on what part of
  an IP address is stored into an AWL database;

- README.awl: increased a suggested awl.ip field width to 40 characters
  to support IPv6 addresses;

- AutoWhitelist.pm: allowed storing a canonicalized IPv6 address, cropped
  to a configurable network mask (previously causing SQL server errors:
  'value too long');

- let AWL with SQL keep separate records for DKIM-signed and unsigned mail
  (when auto_whitelist_distinguish_signed configuration option is true,
  and a field awl.signedby exists);

- avoided a race condition in SQLBasedAddrList.pm when multiple processes
  try to insert-or-update an awl SQL record: trying INSERT first, and if
  that fails go for UPDATE;

- gracefully handle NaN from corrupted database or a broken emulator or
  virtualizer;


DCC PLUGIN

- added support for DCC reputations, added setting dcc_rep_percent,
  new test check_dcc_reputation_range(), new tag DCCREP
  (DCC servers supply reputation data only to licensed clients);

- allowed usage of a remote dccifd host through an INET or INET6 socket;


DKIM PLUGIN

- the DKIM plugin is now enabled by default for new installs if the perl
  module Mail::DKIM is installed.  However, installing SpamAssassin will
  not overwrite existing .pre configuration files, so to use DKIM when
  upgrading from a previous release that did not use DKIM, the directive:

    loadplugin Mail::SpamAssassin::Plugin::DKIM

  will need to be uncommented in file "v312.pre", or added to some
  other .pre file, such as local.pre;

- absolute minimal version of Mail::DKIM is 0.31;
  support for ADSP requires Mail::DKIM 0.34;
  a DNS test (and rule) for NXDOMAIN is operational since Mail::DKIM 0.36_5,
  so effectively the recommended version is Mail::DKIM 0.37 or later;

- a perl module Digest::SHA is required if the DKIM plugin is enabled.
  If a perl module Digest::SHA is available, the module Digest::SHA1
  becomes optional as far as SpamAssassin is concerned, but is still
  needed by Razor agents;

- added support for multiple signatures (useful for whitelisting);

- plugin now distinguishes author domain signatures from third party
  signatures (useful for whitelisting);

- provides a tag DKIMIDENTITY (in addition to DKIMDOMAIN);

- DKIM now supports Author Domain Signing Practices - ADSP (RFC 5617);

- use the Mail::DKIM::AuthorDomainPolicy instead of Mail::DKIM::DkimPolicy,
  when available (since Mail::DKIM 0.34);

- implements an 'adsp_override' configuration directive and adds
  an eval:check_dkim_adsp check, which is used by new DKIM_ADSP_* rules;

- rules contain an initial set of 'adsp_override' directives, listing
  some of the more popular target domains for phishing (applicable only to
  domains which sign all their direct mail with a DKIM or DK signature);

- this plugin can now re-use Mail::DKIM verification results if made
  available by a caller, which saves resources and makes it possible
  for SpamAssassin to work on a truncated large mail without breaking
  DKIM signatures;

- check_dkim_signed and check_dkim_adsp eval rules can now take an optional
  list of domain names, which limits their action to listed domains only.
  It facilitates building DKIM-based rules for specific domains, without
  having to resort to meta rules;

- draft-ietf-dkim-ssp-10/RFC-5617 made Author Domain Signature based on 'd':
  updated ADSP code accordingly; changed whitelisting code to be based on
  SDID ('d') instead of AUID ('i');

- Plugin/DKIM.pm: terminology changes in comments and logging according
  to RFC 5617 and draft-ietf-dkim-rfc4871-errata-07;


BUG FIXES

- fixed Rule2XSBody segfaults;

- no longer treat user data as perl booleans (a string "0" is a false);

- avoid data from the wild be interpreted as perl regular expressions;

- ArchiveIterator: prevent _scan_directory from passing directories
  to _scan_file (on NFS it would fail with EISDIR on read(2);

- fixed inserting the SpamAssassin -generated header fields after a
  multiline Return-Path header field;

- fixed vpopmail support;

- fixed incorrect mode bits when creating lock files for AWL;

- fixed some cases where :addr headers were parsed incorrectly;

- fixed leakage of 'whitelist_from_rcvd' entries between spamd users;

- fixing run_and_catch, which failed to catch a non-timed run;

- 127/8 isn't an illegal IP;

- reworked the M::S::Timeout module to deal with nested timers as one would
  expect: an inner timer shouldn't be able to extend an outer timer's limit;
  account for time elapsed in the submitted subroutine when restarting an
  outer timer; reset() should have accounted for time already spent;
  deal with nested timed runs where alarm(0) does not provide remaining time;

- the 'exists:' evaluator in HEADER rules now works as documented
  and tests for existence of a header field, instead of testing for
  a header field body being nonempty; internally, the pms->get can
  also now distinguish between empty and nonexistent header fields;

- applied fixes to header fields parsing in several places: header field
  names are case-insensitive, whitespace is not required after a colon,
  obsolete rfc822 syntax allowed whitespace before a colon;
  VBounce: match "Received:" only at the beginning of a line;

- fixed bugs 6237 and 6295: 1.0.0.0/8 and 2.0.0.0/8 are now valid allocated
  address ranges, fixed a corresponding rule RCVD_ILLEGAL_IP;

- fixed bug 6205 comment 5 in URIDetail.pm;

- 'pyzor_options' in Plugin/Pyzor.pm was not untainted;

- made the URIDetail plugin taint safe;

- fixed parsing of multi-line Received header fields for
  BOUNCE_MESSAGE/VBOUNCE_MESSAGE et al;

- Bug 6206, Bug 2536: spamd: untaint directory as obtained from a password
  file or from vpopmail utilities, avoid implicit untainting; report error
  if user preferences file exists but cannot be accessed;

- avoided using raw data from DNS as a regexp in Plugin/ASN.pm;

- ensured the dbg() and info() calls always return the same value (true)
  regardless of log level;

- suppressed logging of $& when its value is not available (i.e. when
  no regexp has been evaluated during rule evaluation);

- Exporter never really worked in SA, was not enclosed in BEGIN {};

- masses/runGA and masses/mk-baseline-results: prevent a shell 'source'
  command from loading an unrelated file named 'config' which happens to be
  in the current PATH - must use a ./ in an arg to a 'source' command;


ERROR HANDLING, ROBUSTNESS

- improved error detection and reporting: test status of all system calls
  and I/O operations (or explicitly document where not), and report
  unexpected failures;

- eval calls now check for eval result instead of testing the $@, which
  is not always reliable;

- localized $@ and $! in DESTROY methods to prevent potential calls to eval
  and calls to system routines in code executed from a DESTROY method
  from clobbering global variables $@ and $!;

- Util::helper_app_pipe_open_unix: contain a failing exec with an eval
  to prevent additional cases of process cloning. The exec could fail
  this way when given tainted arguments;

- Util::helper_app_pipe_open_unix: flush stdout and stderr before forking,
  otherwise an error reported by exec (such as 'insecure dependency')
  was lost in a buffer;

- eval-protected an open($fh,'-|') to capture implied fork failures
  due to lack of system resource;

- explicit untainting: combine "use re 'taint'" with untaint_var(),
  avoiding implicit perl untainting, along with workarounds to prevent it;

- added 'use strict' where missing;

- avoided a bunch of warnings on "Use of uninitialized value";

- clearly report reasons for helper application process failures;

- t/SATest.pm: provide information about the process failure reason
  if a system() call fails;  improved its reporting of failures;

- improved error reporting in Plugin/DCC.pm on finding a DCC home directory
  to facilitate troubleshooting;


OTHER CHANGES

- pseudoheader "ALL:raw" returns a pristine header section,
  and pseudoheader "ALL" returns a cleaned header section

- total rewrite of URI detection in plain text body;

- many updates to the list of top level domains;

- added 'util_rb_3tld', allowing 3-level TLDs to be listed in URIBLs and
  allowing new 3TLDs to be added from rule updates;

- avoided trusted_networks bog down due to O(n^2) loop with millions
  of entries;

- applied fixes to Plugin/VBounce.pm, updated VBounce ruleset;

- added support for a 'Communigate Pro' Received header field;

- parse Communigate Pro "with HTTPU" auth token;

- let DependencyInfo.pm understand a concept of recommended module version,
  besides a required version;

- provided a workaround for Net::DNS::Packet::new inconsistency;

- let SpamAssassin use either Digest::SHA or Digest::SHA1, whichever is
  available (the Digest::SHA is now a base module since perl 5.10.0);

- improved parsing of eval-type rules: allow unquoted domain names as
  arguments, disallow unmatched quotes;

- provided a new module Mail::SpamAssassin::BayesStore::BDB. It should be
  treated as alpha-quality (needs more testing) and is not yet ready for
  production use;

- exposed existing function 'received_within_months' as an eval function
  in Plugin/HeaderEval.pm;

- moved rc script to /var/lock/subsys/spamd instead of
  /var/lock/subsys/spamassassin so 'service spamd status' will work;

- added feature to re-download MIRRRORED.BY files at least once a week, or if
  'sa-update --refreshmirrors' switch is used;

- input delimiter $/ can be corrupted by a plugin, localize $/ and $\ before
  calling a plugin;

- bumped the retry counter to 180 seconds for starting spamd on slow machines;

- resolved Bug 5325: syslog severity level in spamc/libspamc.c for max
  message size (changed LOG_ERR into LOG_NOTICE for the message:
  "skipped message, greater than max message size");

- added checker to avoid taint warnings if hostname is returned as '(none)';

- altered sa-update to produce an error message if a channel doesn't exist;

- Bug 6150, Bug 6127, Bug 5981, Bug 5950, Bug 6191: let spamd log/report
  a child process exit status or aborting condition in an informative way;

- added checker to detect accidental match-everything regexps in rules;

- updated garescorer for 3.3.0: use more epochs in GA runs for better scores;
  clarify some mass-check warning output, ensure rule name always appears at
  start of line; if a rule had no default/existing score in 50_scores.cf,
  don't tell the GA that 1.0 is an appropriate default value, instead pick
  the midway point of its score range. this produces better results;
  remove some dead code from masses/score-ranges-from-freqs;

- set garescorer.c to report performance as iterations per second;

- added test to ensure that all config settings are correctly handled when
  switching between users; added more config setting type metadata to enable
  those tests to work; and fix URIDetail to store config on the {conf} object,
  not on the plugin;

- moved 'release tests' to xt/ directory; mirror long-running, net-tests and
  stress tests with xt/50_testname.t scripts to enforce their run before a
  release;

- made numerous additional and updated self-tests;

- added a Test::Perl::Critic release-test;

- cleaned up some code based on suggestions by perl module Test::Perl::Critic,
  among others:
  . enable TestingAndDebugging::ProhibitNoStrict test but allow the
    use of 'no strict "refs"';
  . deal with BuiltinFunctions::RequireGlobFunction;
  . deal with ControlStructures::ProhibitMutatingListFunctions
    removing this exception from xt/60_perlcritic.t;
  . deal with BayesStore/BDB.pm, Variables::ProhibitConditionalDeclarations
  . now that the module Time::HiRes is a required module, we can afford
    to replace a select() with Time::HiRes::sleep, and remove exception
    BuiltinFunctions::ProhibitSleepViaSelect from xt/60_perlcritic.t;

- updated documentation, fixing numerous typos and mistakes in documentation
  text and in log messages;

- extensively improved development process:
  . automated testing through Hudson, a continuous integration tool;
  . improved mass-check system and rules oversight;

Revision 1.20: download - view: text, markup, annotated - select for diffs
Wed May 2 15:20:45 2007 UTC (17 years, 6 months ago) by heinz
Branches: MAIN
CVS tags: pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2, cwrapper, cube-native-xorg-base, cube-native-xorg
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +1 -2 lines
Updated to version 3.2.0.

Pkgsrc changes:
  - Removed PKG_DESTDIR_SUPPORT until the issue with encoded ownership in
    +INSTALL files is resolved.
  - made pkglint shut up about some warnings (CONFIGURE_DIRS, BUILD_DIRS,
    hidden commands with @)
  - parse-rules-for-masses has moved in the source archive.
  - The directories "masses" and "tools" are no longer distributed in the
    archive so I simplified the post-install target.
  - Since "tools" is gone, the post-extract: target is obsolete.
  - MESSAGE now points at sa-compile.
  - Spamc depends on zlib now, so we needed the appropriate buildlink3 file.

Summary of changes since version 3.1.8:
=======================================
 * new behavior for trusted_networks/internal_networks: the 127.* network
 is now always considered trusted and internal, regardless of configuration.

 * bug 3109: short-circuiting of 'definite ham' or 'definite spam' messages
 based on individual short-circuit rules using the 'shortcircuit' setting,
 by Dallas Engelken <dallase /at/ uribl.com>.

 * bug 5305: implement 'msa_networks', for ISPs to specify their Mail
 Submission Agents, and extend network trust accordingly.

 * bug 4636: Add support for charset normalization, so rules can be written
 in UTF-8 to match text in other charsets.

 * sa-compile: compilation of SpamAssassin rules into a fast parallel-matching
 DFA, implemented in native code.

 * "tflags multiple": allow writing of rules that count multiple hits in a
 single message.

 * bug 4363: if a message uses CRLF for line endings, we should use it as
 well, otherwise stay with LF as usual; important for Windows users.

 * bug 4515: content preview was omitting first paragraph when no Subject:
 header was present.

 * The third-party modules used by sa-update are now required by the
 SpamAssassin package, instead of being optional.

 * Bug 5165: 'sa-update --checkonly' added to check for updates without
 applying them; thanks to <anomie /at/ users.sourceforge.net>

 * Bugs 4606, 4609: Adjust MIME parsing limits for nested multipart/* and
 message/rfc822 MIME parts.

 * bug 5295: add 'whitelist_auth', to whitelist addresses that send mail
 using sender-authorization systems like SPF, Domain Keys, and DKIM

 * Removed dependency on Text::Wrap CPAN module.

 * Received header parsing updates/fixes/additions.

Spamc / spamd:

 * bug 4603: Mail::SpamAssassin::Spamd::Apache2 -- mod_perl2 module,
 implementing spamd as a mod_perl module, contributed as a Google Summer of
 Code project by Radoslaw Zielinski.

 * bug 3991: spamd can now listen on UNIX domain, TCP, and SSL sockets
 simultaneously.  Command-line semantics extended slightly, although fully
 backwards compatibly; add the --ssl-port switch to allow TCP and SSL
 listening at the same time.

 * bug 3466: do Bayes expiration, if required, after results have been
 passed back to the client from spamd; this helps avoid client timeouts.

 * more complete IPv6 support.

 * spamc: Add '-K' switch, to ping spamd.

 * spamc: add '-z' switch, which compresses mails to be scanned using
 zlib compression; very useful for long-distance use of spamc over the
 internet.

 * bug 5296: spamc '--headers' switch, which scans messages and transmits
 back just rewritten headers.  This is more bandwidth-efficient than the
 normal mode of scanning, but only works for 'report_safe 0'.

 * Bump spamd's protocol version to 1.4, to reflect new HEADERS verb used
 for '--headers'.

Mail::SpamAssassin modules and API:

 * bug 4589: allow M::SA::Message to use IO::File objects to read in
 message (same as GLOB).

 * bug 4517: rule instrumentation plugin hooks, to measure performance,
 from John Gardiner Myers <jgmyers /at/ proofpoint.com>.

 * add two features to core rule-parsing code; 1. optional behaviour to
 recurse through subdirs looking for .cf/.pre's, to support rules compilers
 working on rulesrc dir.  2. call back into invoking code on lint failure,
 so rule compiler can detect which rules exactly fail the lint check.

 * bug 5206: detect duplicate rules, and silently merge them internally
 for greater efficiency.

 * bug 5243: add Plugin::register_method_priority() API, allowing plugins
 to control the relative ordering of plugin callbacks relative to other
 plugins' implementations.

 * Reduced memory footprint.

Plugins:

 * bug 5236: Support Mail::SPF replacement for Mail::SPF::Query.

 * bug 5127: allow mimeheader :raw rules to match newlines and folded-header
 whitespace in MIME header strings.

 * bug 4770: add ASN.pm plugin, contributed by Matthias Leisi <matthias at
 leisi.net>

 * bug 5271: move ImageInfo ruleset into 3.2.0 core rules, thanks to
 Dallas Engelken <dallase /at/ uribl.com>.

 * VBounce ruleset and plugin: detect spurious bounce messages sent by
 broken mail systems in response to spam or viruses.  (Based on Tim
 Jackson's "bogus-virus-warnings.cf" ruleset.)

 * DomainKeys/DKIM: Mail::DKIM is now preferred over Mail::DomainKeys,
 since the latter module is no longer actively maintained, and Mail::DKIM
 can handle both DomainKeys and DKIM signatures.

 * DKIM: separate signature verification from fetching a policy: can save
 a DNS lookup for each unverified message by setting score to 0 for all
 policy-related rules (DKIM_POLICY_SIGNALL, DKIM_POLICY_SIGNSOME, and
 DKIM_POLICY_TESTING). (thanks to Mark Martinec)

 * DKIM: support testing flags in the public key, as well as in the policy
 record. (thanks to Mark Martinec)

 * DKIM: skip fetching a policy (SSP) if a signature does verify, according
 to draft-allman-dkim-ssp-02 (thanks to Mark Martinec)

 * Move rule functionality and checking into separate Check plugin, allowing
 third parties to implement alternative scanner core algorithms.

 * core EvalTests code moved into various plugins.

* Plus lots of miscellaneous bug fixes.

Revision 1.18.2.1: download - view: text, markup, annotated - select for diffs
Wed Jun 7 21:28:47 2006 UTC (18 years, 5 months ago) by salo
Branches: pkgsrc-2006Q1
Diff to: previous 1.18: preferred, colored; next MAIN 1.19: preferred, colored
Changes since revision 1.18: +1 -3 lines
Pullup ticket 1693 - requested by heinz
security update for spamassassin

Revisions pulled up:
- pkgsrc/mail/spamassassin/Makefile			1.71, 1.72
- pkgsrc/mail/spamassassin/PLIST			1.19
- pkgsrc/mail/spamassassin/distinfo			1.37, 1.38
- pkgsrc/mail/spamassassin/options.mk			1.6
- pkgsrc/mail/spamassassin/patches/patch-ab		1.12
- pkgsrc/mail/spamassassin/patches/patch-ad		removed
- pkgsrc/mail/spamassassin/patches/patch-az		removed

   Module Name:		pkgsrc
   Committed By:	heinz
   Date:		Fri May 26 20:53:00 UTC 2006

   Modified Files:
   	pkgsrc/mail/spamassassin: Makefile PLIST distinfo options.mk
   	pkgsrc/mail/spamassassin/patches: patch-ab
   Added Files:
   	pkgsrc/mail/spamassassin/patches: patch-bb
   Removed Files:
   	pkgsrc/mail/spamassassin/patches: patch-ad patch-az

   Log Message:
   Updated to version 3.1.2.

   Pkgsrc changes:
     - The updates for rule files go into $VARBASE/spamassassin/.
     - This above directory and the directory sa-update-keys for the GPG keys
       are now handled automatically by OWN_DIRS.
     - The growing number of *.pre files are managed in a loop in the Makefile.
       They are no longer contained in the static PLIST.
     - Removed some unnecessary trailing slashes.
     - Patching init.pre in order to disable the SPF plugin broke the spf.t
       test. This is now fixed, although in a rather ugly way :-/.
     - patch-ab no longer needs to use BSD_INSTALL_DATA_DIR because we create
       the directories through INSTALLATION_DIRS.
     - patch-ad and patch-az were removed (changes integrated upstream).
     - patch-bb fixes a small documentation error.
     - Fixed some warnings by pkglint about the SUBST framework in Makefile
       and options.mk.

   Relevant changes since version 3.1.1:
   =====================================

   - bug 4802: implement DKIM plugin, including whitelist_from_dkim support
   - bug 3838: work around Perl bug causing captured RE variables to become
     tainted -- thanks to Mark Martinec for pointing out the bug with
     Perl itself
   - bug 4850: re-enable the Razor2 plugin by default due to a service
     policy change
   - bug 4826: Razor2 plugin needs to load Mail::SpamAssassin::Timeout module
   - bug 4827: M::SA::first_existing_path() would return the last array
     entry passed in if none of the paths were found.  Now return undef
     instead and handle the error when it happens.
   - bug 4813: generally open RE causes sendmail received header get read
     in as qmail in error
   - bug 4839: Logger.pm converts control chars including tab into
     underscores which confuses a bunch of users when checking debug output.
     Convert tab into space instead, etc.
   - bug 4884: if a null message is passed in, there are several variables
     which end up undefined causing warnings.  fake an empty message if no
     input is given.
   - bug 4793: when replacing tags in a message (_TAG_), leave the tags
     that don't exist alone instead of just removing them
   - bug 4861, 4760: handle dccifd and dccproc failover properly, backport
     relays_internal and relays_external code, backport bug 4760 fix so
     that it's not possible to be in internal_networks without being in
     trusted_networks as well
   - bug 4901: deal more properly with failures in bgsend().  also, use
     the proper variable to show when errors occur.
   - bug 4867: fetchmail changed header formats at some point making Received
     parsing fail in certain conditions
   - bug 4699: use M::SA::Timeout for spamd copy_config call and allow for
     empty $@ values
   - bug 3754: if there's a problem opening a file via sa-learn or
     spamassassin, return an error exit value.
---
   Module Name:		pkgsrc
   Committed By:	heinz
   Date:		Mon Jun  5 23:01:01 UTC 2006

   Modified Files:
   	pkgsrc/mail/spamassassin: Makefile distinfo
   Removed Files:
   	pkgsrc/mail/spamassassin/patches: patch-bb

   Log Message:
   Updated to version 3.1.3.

   Pkgsrc changes:
     - patch-bb for no longer necessary (integrated upstream).

   Changes since version 3.1.2:
   ============================
   - bug 4926: given a certain set of parameters to spamd and a specially
     formatted input message, users could cause spamd to execute arbitrary
     commands as the spamd user
   - bug 4932: the userstate dir and userprefs file would not be created
     under certain conditions.

Revision 1.19: download - view: text, markup, annotated - select for diffs
Fri May 26 20:53:00 2006 UTC (18 years, 5 months ago) by heinz
Branches: MAIN
CVS tags: pkgsrc-2007Q1-base, pkgsrc-2007Q1, pkgsrc-2006Q4-base, pkgsrc-2006Q4, pkgsrc-2006Q3-base, pkgsrc-2006Q3, pkgsrc-2006Q2-base, pkgsrc-2006Q2
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +1 -3 lines
Updated to version 3.1.2.

Pkgsrc changes:
  - The updates for rule files go into $VARBASE/spamassassin/.
  - This above directory and the directory sa-update-keys for the GPG keys
    are now handled automatically by OWN_DIRS.
  - The growing number of *.pre files are managed in a loop in the Makefile.
    They are no longer contained in the static PLIST.
  - Removed some unnecessary trailing slashes.
  - Patching init.pre in order to disable the SPF plugin broke the spf.t
    test. This is now fixed, although in a rather ugly way :-/.
  - patch-ab no longer needs to use BSD_INSTALL_DATA_DIR because we create
    the directories through INSTALLATION_DIRS.
  - patch-ad and patch-az were removed (changes integrated upstream).
  - patch-bb fixes a small documentation error.
  - Fixed some warnings by pkglint about the SUBST framework in Makefile
    and options.mk.

Relevant changes since version 3.1.1:
=====================================

- bug 4802: implement DKIM plugin, including whitelist_from_dkim support
- bug 3838: work around Perl bug causing captured RE variables to become
  tainted -- thanks to Mark Martinec for pointing out the bug with
  Perl itself
- bug 4850: re-enable the Razor2 plugin by default due to a service
  policy change
- bug 4826: Razor2 plugin needs to load Mail::SpamAssassin::Timeout module
- bug 4827: M::SA::first_existing_path() would return the last array
  entry passed in if none of the paths were found.  Now return undef
  instead and handle the error when it happens.
- bug 4813: generally open RE causes sendmail received header get read
  in as qmail in error
- bug 4839: Logger.pm converts control chars including tab into
  underscores which confuses a bunch of users when checking debug output.
  Convert tab into space instead, etc.
- bug 4884: if a null message is passed in, there are several variables
  which end up undefined causing warnings.  fake an empty message if no
  input is given.
- bug 4793: when replacing tags in a message (_TAG_), leave the tags
  that don't exist alone instead of just removing them
- bug 4861, 4760: handle dccifd and dccproc failover properly, backport
  relays_internal and relays_external code, backport bug 4760 fix so
  that it's not possible to be in internal_networks without being in
  trusted_networks as well
- bug 4901: deal more properly with failures in bgsend().  also, use
  the proper variable to show when errors occur.
- bug 4867: fetchmail changed header formats at some point making Received
  parsing fail in certain conditions
- bug 4699: use M::SA::Timeout for spamd copy_config call and allow for
  empty $@ values
- bug 3754: if there's a problem opening a file via sa-learn or
  spamassassin, return an error exit value.

Revision 1.18: download - view: text, markup, annotated - select for diffs
Mon Mar 13 21:11:57 2006 UTC (18 years, 7 months ago) by heinz
Branches: MAIN
CVS tags: pkgsrc-2006Q1-base
Branch point for: pkgsrc-2006Q1
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +2 -1 lines
Updated to version 3.1.1.

Pkgsrc changes:
  - Generic option "online-tests" replaces "spamassassin-test-net".
  - Removed underscore from package-internal variables (pkglint
    complained).
  - patch-ay disables the SPF plugin to avoid confusing warnings in the log
    files.
  - patch-az fixes http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4826.

Relevant changes since version 3.1.0:
=====================================
 - better validate a number of different configuration options
 - support new Mail::DomainKeys API, which changed incompatibly between
   0.18 and 0.80 without warning
 - more properly handle new Received header formats
 - bug 4788: backport sa-update from 3.2 along with the local_state_dir
   code, etc.
 - bug 4760: strictly validate trusted/internal network configurations
 - bug 4696: consolidated fixes for timeout bugs
 - bug 3710: add timeout to connect so spamc -t works
 - bug 4363: if a message uses CRLF for line endings, use it for header
   rewrites as well
 - bug 4748: add ExpressionEngine and Google redirector patterns
 - bug 3815: add _RELAYCOUNTRY_ tag so that the RelayCountry plugin can
   put in the list of countries relayed through
 - bug 4090: x86_64 platforms (linux specifically) have an issue compiling
   libspamc.so causing RPM build failures
 - bug 4791: fix issue where perl would throw a UTF-8 warning for certain
   messages
 - bugs 4606, 4609: Adjust MIME parsing limits
 - bug 4780: fix IP_ADDRESS & LOCALHOST regexes to correctly parse IPv6
   addresses
 - bug 4728: DUL rules should only use the last external IP, not all but
   the first of the external IPs
 - bug 4700: certain privileged configuration settings can inject code,
   due to a bad fix for bug 3846.  Back that out

Revision 1.17: download - view: text, markup, annotated - select for diffs
Sun Nov 13 22:48:32 2005 UTC (18 years, 11 months ago) by heinz
Branches: MAIN
CVS tags: pkgsrc-2005Q4-base, pkgsrc-2005Q4
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +2 -1 lines
Updated to version 3.1.0.

Pkgsrc changes:
  - p5-Storable is no longer a necessary.
  - Let DragonFlyBSD also use the rc.d script (patch-ad).
  - Sa-update needs p5-libwww (for LWP::UserAgent, HTTP::Date),
    p5-Archive-Tar and p5-IO-Zlib.
  - Many of the plugins are available as pkgsrc packages (p5-Mail-SPF-Query,
    p5-IP-Country, p5-Net-Ident, ...) but are not required.
  - Renamed some options to follow the naming conventions described in the
    pkgsrc guide.
  - Removed patch-ax again; it is already incorporated in 3.1.0.

  - Reworked DESCR to use less than 25 lines.
  - Removed SPAMASSASSIN_VERSION for clarity of DISTNAME and PKGNAME.
  - Prepended variables internal to the package with an underscore.
  - Rearranged MAKE_PARAMS alphabetically.
  - Simplified some internal variables (concatenation instead of
    substitution: _EGDIR, _DOCDIR,...)
  - Loop variables use all lower-case now.
  - Added a rule to lower score for mail from pkgsrc-bugs in netbsd_lists.cf.
  - The test t/spf.t (fails for SPF_HELO_*) has a know problem (SA Bug 4685).

Relevant changes since version 3.0.4:
=====================================
- Apache preforking algorithm adopted; number of spamd child processes is now
  scaled, according to demand.  This provides better VM behaviour when not
  under peak load.

- Inclusion of sa-update script which will allow for updates of rules and
  scores in between code releases.

- added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. SQL
  storage is now recommended for Bayes, instead of DB_File. NDBM_File support
  has been dropped due to a major bug in that module.

- detect legitimate SMTP AUTH submission, to avoid false positives on
  Dynablock-style rules.

- new Advance Fee Fraud (419 scam) rules.

- removed use of the Storable module, due to several reported hangs on SMP
  Linux machines.

- Converted several rule/engine components into Plugins such as:
  AccessDB, AWL, Pyzor, Razor2, DCC, Bayes AutoLearn Determination, etc.

- new plugins: DomainKeys (off by default), MIMEHeader: a new plugin to perform
  tests against header in internal MIME structure, ReplaceTags: plugin by Felix
  Bauer to support fuzzy text matching, WhiteListSubject: plugin added to
  support user whitelists by Subject header.

- TextCat language guesser moved to a plugin.  (This means "ok_languages"
  is no longer part of the core engine by default.)

- Razor: disable Razor2 support by default per our policy, since the
  service is not free for non-personal use.  It's trivial to reenable.

- DCC: disable DCC for similar reasons, due to new license terms.

- Net::DNS bug: high load caused answer packets to be mixed up and delivered as
  answers to the wrong request, causing false positives.  worked around.

- DNSBL lookups and other DNS operations are now more efficient, by using a
  custom single-socket event-based model instead of Net::DNS.

- add support for accreditation services, including Habeas v2.

- better URI parsing -- many evasion tricks now caught.

- URIBL lookups are prioritized based on the location in the message
  the URI was found.

- mass-check now supports reusing realtime DNSBL hit results, and sample-based
  Bayes autolearning emulation, to reduce complexity.

- sa-learn, spamassassin and mass-check now have optional progress bars.

- modify header ordering for DomainKeys compatibility, by placing markup
  headers at the top of the message instead at the bottom of the list.

- spamd/spamc now support remote Bayes training, and reporting spam.

- spamc now supports reading its flags from a configuration file using the -F
  switch, contributed by John Madden.

- added SPF-based whitelisting.

- Polish rules contributed by Radoslaw Stachowiak.

- many rule changes and additions.

Revision 1.16: download - view: text, markup, annotated - select for diffs
Mon May 2 20:34:01 2005 UTC (19 years, 6 months ago) by reed
Branches: MAIN
CVS tags: pkgsrc-2005Q3-base, pkgsrc-2005Q3, pkgsrc-2005Q2-base, pkgsrc-2005Q2
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +2 -1 lines
RCD_SCRIPTS_EXAMPLEDIR is no longer customizable.
And always is defined as share/examples/rc.d
which was the default before.

This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.

This was discussed on tech-pkg in late January and late April.

Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.

Revision 1.15: download - view: text, markup, annotated - select for diffs
Tue Oct 12 00:11:10 2004 UTC (20 years ago) by heinz
Branches: MAIN
CVS tags: pkgsrc-2005Q1-base, pkgsrc-2005Q1, pkgsrc-2004Q4-base, pkgsrc-2004Q4
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +1 -3 lines
Update to version 3.0.0. Tested on NetBSD 1.6.2, Solaris 9 and Debian
3.0.

Important changes since 2.64 (for details see the file 'Changes')

- support for sender authentication using the Sender Policy Framework
  (SPF)
- checking for web links of known spam advertisers (SURBL)
- modular plugin architecture
- improved SQL database support for storing user data in server
  installations
- improved email classification
- SpamAssassin is now part of the Apache Foundation

Revision 1.14: download - view: text, markup, annotated - select for diffs
Fri Apr 23 22:07:55 2004 UTC (20 years, 6 months ago) by reed
Branches: MAIN
CVS tags: pkgsrc-2004Q3-base, pkgsrc-2004Q3, pkgsrc-2004Q2-base, pkgsrc-2004Q2
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +1 -2 lines
mk/bsd.pkg.install.mk now automatically registers
the RCD_SCRIPTS rc.d script(s) to the PLIST.

This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.

This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)

These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)

I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.

Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
  hard-coded etc/rc.d. These need to be fixed.
- maybe  remove from mk/${OPSYS}.pkg.dist mtree specifications too.

Revision 1.13: download - view: text, markup, annotated - select for diffs
Wed Jan 21 22:19:30 2004 UTC (20 years, 9 months ago) by heinz
Branches: MAIN
CVS tags: pkgsrc-2004Q1-base, pkgsrc-2004Q1
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +1 -2 lines
Update to 2.63. Tested on NetBSD and Solaris 8.

Summary of major changes since 2.62
-----------------------------------

  - Fixed bug related to perl 5.005 which stopped SpamAssassin from being
    runnable
  - Fixed bug where "spamassassin -l" parameter wouldn't be untainted before
    being used
  - Added caching of body rendering results so that the message wouldn't
    be rendered the same way multiple times unnecessarily.

Summary of major changes since 2.61
-----------------------------------

  - Fixed two bugs related to Received line generation and parsing.
  - Modified two rules to reduce false positives.
  - Fixed bug where spamd temporary init directory wasn't removed in some
    situations.
  - Modified HABEAS_SWE to function even if the Habeas headers were out of
    their normal order.
  - Fixed bug where reporting wouldn't remove message markup before being
    learned by Bayes.
  - Fixed bug where report_safe_copy_headers would reverse the order of the
    Received headers.
  - Fixed several bugs in the Bayes system caused by DB_File oddities.

Revision 1.12: download - view: text, markup, annotated - select for diffs
Sat Dec 27 19:16:04 2003 UTC (20 years, 10 months ago) by heinz
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +2 -2 lines
Update to version 2.61

Summary of major changes since 2.60
-----------------------------------

  - Dramatically reduced memory usage of Bayes expiry.
  - avoid false positives on Outlook 2003 messages, mails from Mac, Palm, and
    localized versions of Eudora, several AOL MUAs, and newer versions of The
    Bat!
  - new set of French translations from Michel Bouissou
  - updated to reflect new Dynablock DNSBL location
  - avoids a possible hole that was giving AWL bonuses to
    spammer forgeries on some networks
  - miscellaneous bug fixes

Revision 1.11: download - view: text, markup, annotated - select for diffs
Mon Nov 3 00:56:26 2003 UTC (21 years ago) by heinz
Branches: MAIN
CVS tags: pkgsrc-2003Q4-base, pkgsrc-2003Q4
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +4 -3 lines
Update to version 2.60 (fixes PR pkg/23318):

Summary of changes since 2.5x
-----------------------------------

- spamd supports UNIX-domain sockets
- SSL support for spamc/spamd now usable
- improved Bayes text analysis
- improved expiration of Bayes-DB
- better detection of 'invisible text' and other obfuscation techniques
  in HTML
- new RBL (eg SORBS, SpamCop, Osirusoft dropped)
- better handling of RBL timeouts
- support for Razor V1 dropped
- more flexible header and report rewriting
- Perl taint mode enabled by default
- bug fixes
- new rules

Revision 1.10: download - view: text, markup, annotated - select for diffs
Tue Apr 15 00:02:24 2003 UTC (21 years, 6 months ago) by heinz
Branches: MAIN
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +3 -69 lines
  Update to version 2.53.
  This also closes PR pkg/21114 (thanks to Todd Vierling for dynamic PLIST)

  Most serious bugs since release of SA 2.50 fixed (hence the 'long'
  delay for the Pkgsrc package).

  Dependence on procmail removed. You still need a mail delivery agent
  but procmail is only a recommendation, not a prerequisite.

  Runs on Solaris (somewhat tested on Solaris 8, feedback welcome).

  Includes some SSL support for spamc/spamd. Not yet recommended due to
  lurking bug(s) (SA bugzilla ID 1751).

  Uses Perl module DB_File now instead of NDBM_File. This changes the
  name and format of the auto-whitelist database  ('auto-whitelist'
  instead of 'auto-whitelist.db' on NetBSD).

  ! This release adds/changes/removes configuration options, PLEASE use !
  ! 'perldoc Mail::SpamAssassin::Conf' and make  sure your mail         !
  ! configuration still works as expected.                              !

==========================================================================

Changes since 2.52:

- corruption of Bayes db where nspam/nham was getting zeroed, fixed.

- Bayes now has much lower lock timeouts for opportunistic expiry
  and auto-learning, to avoid overloading busy servers with an expiry
  run.  (This may result in occasional "lock failed" messages in the
  syslog while you're doing manual sa-learn ops, but those are
  not serious; it just means that an auto-learn could not take place
  because the dbs were opened by you in another process.)

- NDBM_File does not provide an EXISTS method, worked around.

- BSMTP support (spamc -B) fixed.

- Bayes allowed the user to 'forget' messages they hadn't learned.

- sa-learn broken when installed in a non-standard location.

- spamc was failing to dump message if out of memory.

- add-all-addrs-to-blacklist was a no-op, fixed.

- syslog-socket support was broken, fixed.

- sslspamc compilation fixed.

- SIGCHLD handling in spamd was causing an ugly warning on Red Hat 8.

- user_prefs were left world-writable after auto-whitelist use.

- Razor was zeroing %ENV; protected against this.

- some test failures on 5.005 and with Razor fixed; some tests were
  also still using the user's Bayes dbs.

- Windows portability fix in new Bayes journal code.

- dialup_codes now a privileged setting.

- clean PATH env variable immediately upon spamd start; fixed problem
  with taint mode failures when getting hostname in Perl 5.005.

- NetBSD: fixed SSL support, spamd start script.

- single-Received-header mails were not getting DNSBL checks.

- some doco fixes.


Changes since 2.51:

  - bug 1664: expiry imposed way too much load when a single
    site-wide Bayes db was used, fixed
  - bug 1672: a typo in a backported patch for 2.51 caused Bayes to
    sometimes not unlock the db, fixed
  - INSTALL now strongly recommends using DB_File
  - some NetBSD support fixes
  - bug 1601: option --syslog-socket wasn't implemented
  - bug 1260: corrected description of --nocreate-prefs option


Changes since 2.50:

  - Bayes locking and concurrency issues fixed
  - Bayes expiration was not working; fixed
  - spamd was not enabling Bayes after auto-learning without restart;
    fixed
  - safer way to attach spams, for broken mail clients, using 'report_safe
    2'
  - a few doco cleanups


Main changes since 2.4x:

- Bayesian filtering, using a Bayesian-style form of probability-analysis
  classification.  This uses an algorithm based on the one detailed in
  Paul Graham's 'A Plan For Spam' paper, along with aspects taken from
  Graham Robinson's work, and the chi-combining technique developed by the
  SpamBayes project.

- Auto-learning.  This trains the Bayesian filter automatically, based on
  the results from traditional SpamAssassin diagnosis.   It uses a set of
  heuristics and separate thresholds to ensure (as much as is possible)
  that it trains on guaranteed non-spam and spam.   Old, unused tokens are
  automatically expired.

- much-improved rule set.  A whole new set of rules based on Message-Id
  analysis is now in place, which accurately detects forged headers from
  a wide range of spamware.   Many inaccurate rules have been dropped.
  HTML tests much improved, with a set to detect image-only spam.

- new default format for detected-spam messages; the message is
  encapsulated as a MIME part, with a preview and the spam report
  in the main part of the message.

- Score sets.  Based on whether you are using just SpamAssassin rules,
  adding network tests, and using a trained Bayesian database,
  SpamAssassin will use a set of scores appropriately to gain the
  maximum degree of accuracy.

- Italian, Polish, Spanish, French and German rule sets and translations.

- Much improved reliability with spamd.  The problems with signals
  have been cleared up thanks to a pipe-based child tracking system,
  and all spamd-hanging bugs reported have proved unreproducable.

- Unicode problems with Red Hat 8 and perl 5.8 fixed.   Works on Perl
  5.005, 5.6.x, and 5.8.x.

- Taint-safe.  SpamAssassin runs with perl's taint-checking enabled for
  better security.

- Razor 1 support is now officially deprecated.

- "spamc -c" was not working, fixed.  This fix required increasing the
  revision of the spamd protocol; only difference is that now more than
  one protocol header can appear in the reply from spamd.

- all fixes from 2.44 included.

Revision 1.9: download - view: text, markup, annotated - select for diffs
Sun Oct 20 20:09:05 2002 UTC (22 years ago) by heinz
Branches: MAIN
CVS tags: netbsd-1-6-1-base, netbsd-1-6-1
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +3 -3 lines
Update to 2.43

Item 1) was already provided by 'inofficial' patch-af for 2.42 (now
removed).

Two new patches (-ag and -ah) from the SpamAssassin-current repository
work around a roblem with razor2 timeouts.

Logo 'ninjabutton.png' is now in the correct html directory.

Official changes:
 1) AWL change reverted; instead of decreasing the AWL bias gradually to
    allow frequently-seen addresses to get into the "nonspam" area, it now
    behaves like 2.31 did, in that the AWL simply represents the
    long-term average score from that correspondent.

 2) core-dump bug in spamd worked around, _except for the "-m" switch_.
    The "-m" switch relies on signal handling in the Perl interpreter,
    which seems to have some bugs we cannot work around reliably on some
    platforms, so its use is no longer recommended.

 3) some portability fixes for SunOS.

Revision 1.8: download - view: text, markup, annotated - select for diffs
Tue Oct 8 16:41:32 2002 UTC (22 years, 1 month ago) by heinz
Branches: MAIN
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +4 -3 lines
- Setting PKG_SYSCONFBASE in /etc/mk.conf works now (Thanks to Urban
  Boquist).
- Included fix for bad AWL behaviour which will also be in 2.50 (maybe 2.43)
  (ie AWL works the same again as in SA 2.31). This causes revision bump.

Revision 1.7: download - view: text, markup, annotated - select for diffs
Tue Oct 8 00:49:19 2002 UTC (22 years, 1 month ago) by heinz
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +43 -5 lines
Update to 2.42.
Uses buildlink2 and module.mk. Some perl scripts for rule developers
(in PREFIX/share/doc/spamassassin/{masses,tools}/) and a small SpamAssassin
logo (PREFIX/share/doc/spamassassin/html/) are now included.
New netbsd_lists.cf file to reduce false positives on NetBSD lists (so
far, only some rules for netbsd-bugs).

Changes:
- bug fixes
- new, better scores (intensive testing was done to improve on 2.40 and
  2.41)
- netbsd rc.d script works now with NetBSD 1.5 and 1.6
- management of addresses in the automatic whitlist now easier with
  dedicated options (--add-addr-to-whitelist, --remove-addr-from-whitelist)

Revision 1.6: download - view: text, markup, annotated - select for diffs
Sun Sep 29 23:44:28 2002 UTC (22 years, 1 month ago) by simonb
Branches: MAIN
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +5 -1 lines
Update spamassassin to 2.41.

Major changes include:

 - SpamAssassin now *REQUIRES* procmail for local delivery support; "-P"
   option is now the default.  Unless you use procmail, Mail::Audit, KMail,
   or an MTA-level integration, do not upgrade blindly, your mail *WILL*
   spill all over the floor in a big mess.

 - significant speed increases, mostly from Matt Sergeant and Dan Quinlan

 - bugs in whitelist_to, all_spam_to and friends fixed

 - rules which were causing too many false-positives removed or fixed:
   DOUBLE_CAPSWORD, UPPERCASE_25_50, PARTIAL_RFC_2369, MSGID_CHARS_SPAM,
   many others

 - lots of rule fixes, and lots of new rules

Revision 1.5: download - view: text, markup, annotated - select for diffs
Fri Aug 30 10:50:51 2002 UTC (22 years, 2 months ago) by abs
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +2 -1 lines
Updated spamassassin to 2.31nb1
	Add rc.d/spamd (From norm at sandbox org uk)

Revision 1.4: download - view: text, markup, annotated - select for diffs
Mon Aug 26 16:00:52 2002 UTC (22 years, 2 months ago) by hubertf
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +0 -0 lines
Rename pkgsrc/mail/p5-Mail-Spamassassin to pkgsrc/mail/spamassassin.

Revision 1.3: download - view: text, markup, annotated - select for diffs
Mon Aug 26 15:55:58 2002 UTC (22 years, 2 months ago) by hubertf
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +15 -9 lines
Rename pkgsrc/mail/p5-Mail-Spamassassin to pkgsrc/mail/spamassassin.

Revision 1.1.1.2 (vendor branch): download - view: text, markup, annotated - select for diffs
Mon Aug 26 15:54:29 2002 UTC (22 years, 2 months ago) by hubertf
Branches: TNF
CVS tags: pkgsrc-base
Diff to: previous 1.1.1.1: preferred, colored
Changes since revision 1.1.1.1: +15 -9 lines
Rename pkgsrc/mail/p5-Mail-Spamassassin to pkgsrc/mail/spamassassin.

Revision 1.2
Sun Aug 25 22:44:22 2002 UTC (22 years, 2 months ago) by hubertf
Branches: MAIN
FILE REMOVED
Changes since revision 1.1: +1 -1 lines
spamassassin is already present as p5-Mail-SpamAssassin
(how obvious... NOT!)

Revision 1.1.1.1 (vendor branch): download - view: text, markup, annotated - select for diffs
Sat Aug 24 19:46:39 2002 UTC (22 years, 2 months ago) by hubertf
Branches: TNF
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +0 -0 lines
Add spamassassin-2.31: Spam identifier and blocker

SpamAssassin is a mail filter which attempts to identify spam using text
analysis and several internet-based realtime blacklists.

Using its rule base, it uses a wide range of heuristic tests on mail
headers and body text to identify "spam", also known as unsolicited
commercial email.

Once identified, the mail can then be optionally tagged as spam for later
filtering using the user's own mail user-agent application.

In its most recent test, SpamAssassin differentiated between spam and
non-spam mail correctly in 99.94% of cases.  Since then, it's just been
getting better and better!

Revision 1.1: download - view: text, markup, annotated - select for diffs
Sat Aug 24 19:46:39 2002 UTC (22 years, 2 months ago) by hubertf
Branches: MAIN
Initial revision

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>