Mushure megore rekuvandudza vhezheni itsva ye iyo yekutsvaira spam, Spam Assassin 3.4.3 izvo inouya nenhamba dzinochinja uye kugadzirisa bug chimwe chazvo kwaive kushupika kunogona kutungamira pakurambwa kwebasa.
SpamAssassin chirongwa chekusefa spam iyo inoshandisa nzira dzakasiyana siyana dzekutsvaga spam, kusanganisira DNS uye fuzzy-checksum-based spam detection, kusefa, zvirongwa zvekunze, zvinyorwa zvisingabatsiri, uye zvinyorwa zvepaIndaneti. Iyo purogiramu inogona kubatanidzwa pamwe neye mail server kungoisa yega tsamba dzese saiti.
Inogona zvakare kumhanyisa nevashandisi vega mubhokisi ravo retsamba uye inosangana nezvirongwa zvakasiyana zveemail. Apache SpamAssassin inogadziriswa kwazvo kana ikashandiswa seyese system firita.
SpamAssassin inoshandisa yakazara nzira yekuita sarudzo pane blocko: Meseji inoitwa yakateedzana cheki (kuongorora mamiriro, DNSBL dema uye chena zvinyorwa, zvakadzidziswa maBasesi classifiers, siginicha yekumisikidza, kutumira kweyekutumira uchishandisa SPF uye DKIM, nezvimwewo).
Mushure mekuongorora meseji nenzira dzakasiyana, imwe huremu hwekurema hunowanikwa. Kana iyo coefficient yakaverengwa ichidarika chimwe chikumbaridzo, meseji yakavharwa kana kuiswa se spam.
kunze kwaizvozvo inoshandisa maturusi anoenderana ekugadzirisa otomatiki Sefa, iyo packet inogona kushandiswa pane ese mutengi uye server masisitimu. Iyo SpamAssassin kodhi yakanyorwa muPerl uye inoparadzirwa pasi peapache rezinesi.
SpamAssassin 3.4.3 Zvimiro
Mukuzivisa kweshanduro nyowani yeSpamAssassin 3.4.3 zvinomira pachena kuti yakawedzerwa kiyi nyowani "Subjprefix" kune iyo gadziriso yekuwedzera chinongedzo kuchinyorwa chemeseji apo mutemo unokonzereswa. Chikwata "_SUBJPREFIX_»Yakawedzerwa kumatemplate, zvichiratidza kuiswa kwe«subjprefix".
Wakawedzera check_rbl_ns_from basa rekutarisa DNS server muRBL runyorwa. Yakawedzera basa check_rbl_rcvd kuongorora nzvimbo kana IP kero yemusoro wese wakagashirwa muRBL.
Nezve kugadziriswa mune iyi vhezheni itsva yeSpamAssassin 3.4.3 zvinotaurwa kururamisa kwekusagadzikana (CVE-2018-11805)que inobvumidza iwe kumhanyisa system mirairo kubva kuCF mafaera (SpamAssassin yekumisikidza mafaira) isina kuratidza ruzivo nezve kutanga kwayo.
Zvakare nekugadziriswa kwekusagadzikana (CVE-2019-12420) iyo inogona kushandiswa kukonzera kuramba kwebasa kana uchigadzirisa email ine yakanyanya kugadzirirwa Multipart chikamu.
Vagadziri kubva kuSpamAssassin futi yakazivisa kugadzirira kwebazi 4.0, iro rinozadza rakazara rakapetwa kugadziriswa kweUFT-8.
Musi waKurume 1, 2020, kuburitswa kwemitemo ine masiginecha akavakirwa paSHA-1 algorithm kuchamiswa zvakare (mushanduro 3.4.2, iyo SHA-256 uye SHA-512 hash mabasa akatsiva SHA-1).
Yeimwe shanduko izvo zvinoratidzika kunze mukushambadzira:
- Wakawedzera plugin nyowani OLEVBCro yakagadzirirwa kuona OLE macros uye VB kodhi mukati megwaro.
- Enhanced kumhanya uye chengetedzo hombe yekudhinda scanning ine marongero body_part_scan_size uye rawbody_part_scan_size.
- Mubati wechiratidzo «nosubject»Yakawedzerwa kumitemo yekugadzirisa muviri wetsamba kuti umire kutsvaga Musoro wemusoro sechikamu chemavara mumuviri weshoko.
- Nezvikonzero zvekuchengetedza, sarudzo sa-yekuvandudza -allowpluginsyakadzikiswa.
- Izvozvo rbl_musoro yakawedzerwa kune iyo plugin DNSEval kutsanangura misoro yekutarisa muRBL zvinyorwa.
- Sarudzo dzakawedzerwa kune basa check_hashbl_emails kutsanangura misoro, izvo zvemukati zvinofanirwa kuongororwa zvichipesana neRBL kana ACL.
- Basa racho tarisa_hashbl_bodyre yakawedzerwa kuti uwane mutumbi wetsamba uchishandisa chirevo chenguva dzose uye kutsvaga machisi anowanikwa muRBL.
- Basa racho tarisa_hashbl_uris yakawedzerwa kuti uone ma URL mumuviri meseji uye woaongorora muRBL.
Finalmente kune avo vanoda kuwana iyi nyowani vhezheni unogona kuwana kodhi yekodhi kubva chinotevera chinongedzo kana kune rimwe divi, mirira mabhainari anoenderana ezvikamu zvakasiyana zveLinux kuti zvivakwe nekuvandudzwa mumakiteshi anoenderana