FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available

Randal, Phil prandal at herefordshire.gov.uk
Tue Jun 12 13:14:55 IST 2007


I've just tested this on a CentOS 5.0 box.

I plonked the 3.2.1 into Julian's install-Clam-0.9.3-SA-3.2.0/perl-tar
directory, edited install.sh to adjust the SA version, and installed.

No problems at all.

Cheers,

Phil

--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
> Of Julian Field
> Sent: 12 June 2007 09:39
> To: MailScanner discussion
> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Please can you summarise the reported problems, and post here?
> Also, please can you keep an eye open for fixes?
> 
> Randal, Phil wrote:
> > There are a few problems reported over on the 
> spamassassin-users mailing
> > list, so proceed with caution.
> >
> > Phil
> >
> > --
> > Phil Randal
> > Network Engineer
> > Herefordshire Council
> > Hereford, UK
> >
> > -----Original Message-----
> > From: jm at jmason.org [mailto:jm at jmason.org] 
> > Sent: 11 June 2007 21:14
> > To: users at spamassassin.apache.org; dev at spamassassin.apache.org;
> > announce at spamassassin.apache.org
> > Subject: ANNOUNCE: Apache SpamAssassin 3.2.1 available
> >
> > Apache SpamAssassin 3.2.1 is now available!  This is a 
> maintenance and
> > security release of the 3.2.x branch.  It is highly recommended that
> > people upgrade to this version from 3.2.0.
> >
> > Downloads are available from:
> >   http://spamassassin.apache.org/downloads.cgi?update=200706111806
> >
> > The release file will also be available via CPAN in the near future.
> >
> >   md5sum of archive files:
> >   7b2fdbcdca5e9a181d4bb1b17663c138  Mail-SpamAssassin-3.2.1.tar.bz2
> >   a7d51294c565999da01f212e5ad2a031  Mail-SpamAssassin-3.2.1.tar.gz
> >   e058ed0dfe82ee62f617c12cc02e538b  Mail-SpamAssassin-3.2.1.zip
> >
> >   sha1sum of archive files:
> >   3095b38d90d0362c4e47e117fb612778a2ac362b
> > Mail-SpamAssassin-3.2.1.tar.bz2
> >   fbb5f538238e188f985c8e6672dad531fa035eea
> > Mail-SpamAssassin-3.2.1.tar.gz
> >   d6566975544cd706052d310481d7a100ffce14d1  
> Mail-SpamAssassin-3.2.1.zip
> >
> > The release files also have a .asc accompanying them.  The 
> file serves
> > as an external GPG signature for the given release file.  
> The signing
> > key is available via the wwwkeys.pgp.net key server, as well as
> > http://spamassassin.apache.org/released/GPG-SIGNING-KEY
> >
> > The key information is:
> >
> > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key
> > <release at spamassassin.org>
> >     Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24  F6D7 DEE0 
> 1987 265F A05B
> >
> >
> > 3.2.1 is a major bug-fix release, including a potential 
> local DoS.  The
> > major highlights are:
> >
> > - bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS
> >   vulnerability. It only affects systems where spamd is run 
> as root, is
> > used
> >   with vpopmail or virtual users via the "-v"/"--vpopmail" OR
> >   "--virtual-config-dir" switch, AND with the 
> "-x"/"--no-user-config AND
> >   WITHOUT the "-u"/"--username" switch AND with the 
> "-l"/"--allow-tell"
> > switch.
> >   This is not default on any distro package, and is not a common
> > configuration.
> >   More details of the vulnerability can be read at
> >   <http://spamassassin.apache.org/advisories/cve-2007-2873.txt>.
> >
> > - bug 5488: zero some rules causing false positives: 
> FH_HOST_EQ_D_D_D_DB
> > and
> >   FH_HOST_EQ_D_D_D_D.
> >
> > - bug 5257: re-raise autolearn ham threshold to 1.0; the lower value
> >   used in 3.2.0 was creating problems.
> >
> > - bug 5422: in spamd, deleting hash entries from the SIGCHLD signal
> > handler is
> >   unsafe, causes corruption of the data structure, and results in
> > 'prefork:
> >   ordered child N to accept, but they reported state '1', 
> killing rogue'
> >   errors.  fix.
> >
> > - bug 5102: tighten up regexp for FORGED_HOTMAIL_RCVD to 
> avoid some FPs.
> >
> > - bug 5457: spamc build and test should handle not having zlib
> > available.
> >
> > - bug 5379: spamd could crash at startup if its preloading temporary
> > directory
> >   already exists. fix.
> >
> > - bug 4616: spamc config can cause command line options to 
> be ignored.
> > fix.
> >
> > - bug 5485: zero score DK/DKIM_POLICY_SIGNSOME rules since they'll
> > always fire
> >   due to defaults (unless there's an explicit SIGNALL policy).
> >
> > - bug 5492: VBounce rule was looking in header instead of body for
> > whitelisted
> >   relays. fix.
> >
> > - bug 5487: prevent multiple "urirhssub"s using the same zone from
> > overwriting
> >   each other.
> >
> > - bug 5432 - Change default in Win32 build to not build spamc.
> >
> > - bug 5446: add --updatedir option to sa-compile and remove 
> inaccurate
> > re2c
> >   required version info from pod.
> >
> > - bug 5436: add omitted "ifplugin" statements to the configuration,
> > which would
> >   otherwise cause lint errors if the default plugins were disabled.
> >
> > - bug 5477: prevent Rule2XSBody info message from appearing 
> on stderr
> > during
> >   spamd startup.
> >
> >
> >   
> 
> Jules
> 
> - -- 
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> For all your IT requirements visit www.transtec.co.uk
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.1 (Build 1012)
> Charset: ISO-8859-1
> 
> wj8DBQFGblvJEfZZRxQVtlQRAitYAJ9ukdzbZfMxJOgA62fdd/pf6Eq/cwCfZ9ln
> DZrqSI6202fefWiIdrWzNOQ=
> =higr
> -----END PGP SIGNATURE-----
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 


More information about the MailScanner mailing list