Pick it up from:

  http://SpamAssassin.org/released/Mail-SpamAssassin-2.60-rc6.tar.gz
  http://SpamAssassin.org/released/Mail-SpamAssassin-2.60-rc6.tar.bz2
  http://SpamAssassin.org/released/Mail-SpamAssassin-2.60-rc6.zip

md5sum:
  ffabc6756210a745475b76bc10c4f1b7  Mail-SpamAssassin-2.60-rc6.tar.gz
  9ccdb03cf8516a2d69e188339833d502  Mail-SpamAssassin-2.60-rc6.tar.bz2
  037c774377e5b9aac57b01070df64f99  Mail-SpamAssassin-2.60-rc6.zip

sha1sum:
  20862c80552c636c80df12d0a4682fcea3cc5310  Mail-SpamAssassin-2.60-rc6.tar.gz
  6a4cb638dc5799ac2be2dcb9da12af40f97d0851  Mail-SpamAssassin-2.60-rc6.tar.bz2
  f401f7363c81ecb9715f9868ba2908481986e4e4  Mail-SpamAssassin-2.60-rc6.zip

The release files also have a .asc accompanying them.  The file serves
as an external GPG signature for the given release file.  The signing
key is available via the wwwkeys.pgp.net keyserver, as well as
http://www.spamassassin.org/released/GPG-SIGNING-KEY

The key information is:

pub  1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <[EMAIL PROTECTED]>
     Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24  F6D7 DEE0 1987 265F A05B


Changes since 2.5x:

- spamd now supports UNIX-domain sockets for low-overhead scanning, thanks
  to Steve Friedl for this.  Strongly recommended if you're running spamc
  on the same host as the spamd server

- DNSBLs overhauled; lots of new lists, including SORBS and SpamCop BL;
  dropped Osirusoft due to their retirement, brought on by a DDOS

- better support for detecting 'invisible text' in HTML messages

- new Bayes tweaks -- tokenization of partial address and URI elements

- RBL timeouts are now handled much more efficiently; if one RBL is taking
  much longer than all the others, it will be cut short and ignored

- now reduces amount of IP addresses queried, by inferring trust relationships
  between Received headers; trust can be manually specified using
  "trusted_networks"

- generalised Received-header parser to more easily detect HELO string
  forgery and faked relay lines

- default report updated to list the hostname of the machine where
  SpamAssassin is running; also asks installer for administrative address
  or URL, to reduce user confusion

- "add_header": more flexible header rewriting, with a simple template system

- workaround for red hat kernel with NPTL reporting "application bug" in
  spamd due to use of waitpid() when SIGCHLD is set to SIG_IGN

- dccifd support added

- Razor 1 support dropped

- support for domain-based blacklists

- new bayes backend, including new database format, ability to learn messages
  to the journal, etc.  Improved expiration mechanism

- HTML::Parser 3.24 or higher is now required

- taint mode is now enabled by default (for perl versions 5.6.0 and
  higher) for extra security

- timelog code has been removed

- Makefile variables were changed to use DESTDIR instead of the various
  INST_* variables.  Please read the PACKAGING file for more information.

- lots of bugs fixed and new rules added. ;)


Bayes FYI: 2.60 has a new Bayes backend and database format.  Your old
database(s) will automatically be upgraded the first time 2.60 tries
to write to the DB, and any journal, if it exists, will be wiped out
without being synced.

In addition, we have had to drop support for Bayes databases in formats
other than DB_File, due to a large number of serious issues (including
crash and concurrency bugs) with those formats.

So, what you want to do is something like this:

- stop running spamassassin/spamd (ie: you don't want it to be running
  during the upgrade)
- run "sa-learn --rebuild", this will sync your journal.
- upgrade SA to 2.60
- install DB_File module if necessary
- if you were using another database module, run "sa-learn --import"
  to migrate the data into new DB_File files
- run "sa-learn --rebuild", this will cause the db format to be upgraded
- start running spamassassin/spamd again

Obviously the steps will be different depending on your environment,
but you get the idea. :)

Bayes FYI 2: Because of the new database format, "check_bayes_db" will
no longer function properly.  The functionality from that script was
added to sa-learn via the "--dump" parameter.  Please see the sa-learn
man/pod documentation for more info.


Other notes:

- SpamAssassin 2.6x will be the last release supporting perl 5.005,
  so it's suggested to upgrade to at least perl 5.6.1

- Razor2 isn't fully taint safe.  So since SpamAssassin 2.60 enables
  taint mode by default, there's a Razor2.patch file which needs to be
  applied to Razor2.  Documentation exists in the patch file.

- DB_File is now the only DB/perl library used for Bayes.  We found
  there were too many problems with supporting all of the other DB
  libraries out there and standardized on the one that gave us the least
  number of issues.


Changes since 2.60-rc5:

- misc documentation fixes

- actually distribute the Razor2.patch file

- update debian build files to work with 2.60

- cleaned up configuration docs and reordered a few options.  podchecker
  clean now

- update build scripts to do bz2 release file as well as sha1sum hashes

- bug 2466: make untainting of variables a little more paranoid, and
  disable taint check in 5.005

- bug 2468: ignore DNSBL results that aren't in 127.0.0.0/8 as a partial
  fix for the Verisign et al wildcard trick

- bug 2469: message identifiers for bayes were passed around
  unnecessarily, and external-to-SA generated identifiers weren't actually
  used at all.  cleaned up the code and fixed external identifiers.

- bug 2473: _TESTSSCORES_ header tag could get an uninitialized value
  error due to AWL

- bug 2476: remove timelog code

-- 
Randomly Generated Tagline:
You can talk till you're blue in the face, but my wife will continue to
 use "xerox" as a verb.  And reporters will continue to use "hackers" to
 refer to Script Kiddies.
              -- Larry Wall in <[EMAIL PROTECTED]>

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to