SpamAssassin 3.0 Released

davemabe writes "At long last, SpamAssassin 3.0.0 has been released. I've been using the release candidates for a month or so, and the results have been far improved over previous versions. Its use of SURBL along with Bayes auto learning make it seem like this solution is the one to beat. It looks like they've introduced a new logo as well. Snazzy!"

SURBL

[alatesystems]

For those not in the know, SURBL is really cool. It actually lets you scan the message(well, SA does that) and then look for urls that it links to. It compares this to a realtime BL of other people getting spam like you and if it is a known spam TARGET url then it blocks the message based on that.

It makes it really hard for them unless they just register countless domains.

Excellent technology, and I will be upgrading to the newest stable.

Chris

Plugin Architecture

[CleverFox]

The real news here is not Bayes filtering or SURBL, but the totally rebuilt plug-in architecture of SA 3.0. Plug-ins for the 2.x version were quite a bit harder to write.

Version 3.0 will result in a proliferation of good third party plug-ins that are going to put SA into more direct competition with some of the commercial vendors out there.

Re:Artificial intelligence was born...

[Duke+Thomas]

"Here I am, brain the size of a planet and they ask me to filter your spam."

Re:Improved Performance?

[xcomputer_man]

I've been using RC1 for over a month now, and I'll tell you confidently that

-- Performance is MUCH better than it used to be. It scans messages much faster than I've ever seen SA 2.x do, and doesn't hog my server's resources anymore.

-- THIS THING ROCKS. For almost two weeks after I installed it I kept instinctively sending myself test emails to make sure I hadn't broken my mail system, because my volume of incoming mail had reduced so drastically. I was used to getting at least a new spam every 2 minutes. After installing SA 3.0 I got one false negative in a 72 hour period. It is *that* good. To date I still have not recorded a single false positive. I really had to convince myself that this thing was real.

This spamfilter rocks. I'd award it product of the year if I could.

Re:anto-spam

[Skuto]

There was a good scientific test linked on slashdot a while ago, comparing spamfilters and including DSPAM and SpamAssassin.

Contrary to DSPAM author's claims, both it and and CRM-114 (another package which likes to self-hype) performed quite a bit worse than SpamAssassin.

Then again, I've heard people being happy with DSPAM that were not happy with SA.

Guess it depends on the mailfeed you get.

3.0 New Features

[CleverFox]

Major feature list:

- SpamAssassin is now part of the Apache Software Foundation and has an
improved software license, the 2.0 version of the Apache License.

- SpamAssassin now includes support for SPF (the Sender Policy
Framework, http://spf.pobox.com/).

- Web site links contained in the message are checked against SURBL and
SBL. SURBL and SBL track sites that advertise with spam, known spam
sources, and spam services.

- The new 3.0 architecture allows third-parties to easily add plugin
modules.

- There is now SQL database support for both the Bayes and
auto-whitelist modules, allowing more large sites to easily deploy
SpamAssassin.

- A more accurate simulation of email client handling of MIME and HTML
improves our accuracy. In addition, there is better detection and
handling of spammer techniques that try to trick anti-spam software.

Important installation notes:

- The SpamAssassin 2.6x release series was the last set of releases to
officially support perl versions earlier than perl 5.6.1. If you are
using an earlier version of perl, you will need to upgrade before you
can use the 3.0.0 version of SpamAssassin.

- SpamAssassin 3.0.0 has a significantly different API (Application
Program Interface) from the 2.x series of code. This means that if
you use SpamAssassin through a third-party utility (milter, etc,) you
need to make sure you have an updated version which supports 3.0.0.

- The --auto-whitelist and -a options for "spamd" and "spamassassin" to
turn on the auto-whitelist have been removed and replaced by the
"use_auto_whitelist" configuration option which is also now turned on
by default.

- The "rewrite_subject" and "subject_tag" configuration options were
deprecated and are now removed. Instead, using "rewrite_header Subject
[your desired setting]". e.g.

rewrite_subject 1
subject_tag ****SPAM(_SCORE_)****

becomes

rewrite_header Subject ****SPAM(_SCORE_)****

- The Bayesian storage modules have been completely re-written and now
include Berkeley DB (DBM) storage as well as SQL based storage (see
sql/README.bayes for more information). In addition, a new format has
been introduced for the bayes database that stores tokens in fixed
length hashes. All DBM databases should be automatically converted to
this new format the first time they are opened for write. You can
manually perform the upgrade by running "sa-learn --sync" from the
command line.

The "sa-learn --rebuild" command has been deprecated; please use
"sa-learn --sync" instead. The --rebuild option will remain
temporarily for backwards compatibility.

- "spamd" now has a default max-children setting of 5; no more than 5
child scanner processes will be run in parallel. Previously, there
was no default limit unless you specified the "-m" switch when
starting spamd.

- If you are using a UNIX machine with all database files on local
disks, and no sharing of those databases across NFS filesystems, you
can use a more efficient, but non-NFS-safe, locking mechanism. Do
this by adding the line "lock_method flock" to the /etc/mail/spamassassin/local.cf file. This is strongly recommended if
you're not using NFS, as it is much faster than the NFS-safe locker.

- Please note that the use of the following command line parameters for
spamassassin and spamd have been deprecated and are now removed. If
you currently use these flags, please remove them:

in the 2.6x series: --add-from, --pipe, -F, -P, --stop-at-threshold, -S
in the 3.0.x series: --auto-whitelist, -a

- The following flags are de

Re:Release notes?

[AnotherScratchMonkey]

You can browse the version 3.0.0 Subversion repository. I'd suggest looking at the files UPGRADE and Changes.

For those who may have forgotten

[numbski]

I'm building the latest on all of my clients' mail exchangers and our primary boxen. ;)

Here's the command to install/upgrade 3.0 via CPAN:

# perl -MCPAN -e shell;
cpan > install Mail::SpamAssassin

(many lines, type in the administrator's e-mail address, say no to network tests)

exit

#

Very difficult stuff. :) Keep up the good work.

Oh! Some link whoring as well:

SpamAssassin Milter for Sendmail - Filters everyone without procmail

SpamAssassin Milter Quarantine - Quarantines spam messages and sends summaries in digest for 1 or more times daily rather than simply delivering to the end user.

Better names?

[Da+Twink+Daddy]

Well, since it's capable of removing a certain caste of emails entirely how about SpamGenocide or SpamacialCleansing?

Perhaps we should identify it with (im)famous person(s) to drive up hits like SpamHitler, SpamNazi, or SpamlobodanMilosevic?

Maybe something that has an associated coolness factor, instead of being (almost) universaly hated, like Dr. Spamibal Lecter?

Well, there's still the problem of overwhelming evil there. It's not really evil, just heartless and calculating. Hmm, heartless, calculating, killer... I got it! How about SpamAssassin? Oh, wait...

Re:Does it use IP's or URI's ?

[platipusrc]

One of the problems with using IPs is the massive amount of Virtual Hosting being used. Say I'm a 1&1 customer, and there are 400 other domains going to the same IP as one of my domains, and I send you an email with a link to something on my site, but one spammer has managed to get an account with 1&1 for now. If they're on the same box as me, you just blacklisted 399 other domains that shouldn't have been blacklisted.