Emva konyaka wophuhliso Inguqulelo entsha ye iqonga lokucoca spam, I-SpamAssassin 3.4.3 eyiphi iza notshintsho kunye nokulungiswa kwe-bug Enye yazo yayingumngcipheko onokubangela ukukhanyelwa kwenkonzo.
SpamAssassin yinkqubo yokucoca ugaxekile Esebenzisa iindlela ezahlukeneyo zokufumanisa ugaxekile, kubandakanya i-DNS kunye nokufumanisa okungafunekiyo okusekwe kwispamu, ukuhluza, iinkqubo zangaphandle, uluhlu lwabamnyama kunye noovimba beenkcukacha kwi-intanethi. Inkqubo inokudityaniswa neseva yeposi ukucoca ngokuzenzekelayo yonke imeyile evela kwisiza.
Inokuqhutywa nangabanye abasebenzisi kwiibhokisi zabo zeposi kwaye idibanisa neenkqubo ezahlukeneyo ze-imeyile. I-Apache SpamAssassin iqwalaselwe kakhulu ukuba isetyenziswe njengesihluzi senkqubo yonke.
I-SpamAssassin iphumeza indlela ebanzi yokwenza isigqibo kwibhlokoo: Umyalezo uphantsi kothotho lweetshekhi (uhlalutyo lomxholo, i-DNSBL uluhlu olumnyama nomhlophe, uqeqesho lweBasesi, ukuqinisekiswa kwesiginesha, ukuqinisekiswa komthumeli kusetyenziswa i-SPF kunye ne-DKIM, njl.).
Emva kokuvavanya umyalezo ngeendlela ezahlukeneyo, ubunzima bokulinganisa obuthile buhlanganisiwe. Ukuba umlingani obaliweyo ungaphezulu komqobo othile, umyalezo uyavalwa okanye uphawulwe njengogaxekile.
ngaphandle koko isebenzisa izixhobo ezifanelekileyo kuhlaziyo lomthetho oluzenzekelayo Icebo lokucoca ulwelo, ipakethi inokusetyenziswa kuzo zombini iinkqubo zabaxhasi kunye nezeva Ikhowudi yeSpamAssassin ibhaliwe ePerl kwaye isasazwa phantsi kwelayisensi ye-Apache.
SpamAssassin 3.4.3 amanqaku
Kwisibhengezo senguqulelo entsha yeSpamAssassin 3.4.3 kuyacaciswa ukuba kongezwa igama elingundoqo elitsha "I-Subjprefix" kuqwalaselo lokongeza isimaphambili kumxholo womyalezo xa umthetho ubangela. Ileyibhile "_SUBJPREFIX_»Yongezwe kwiitemplate, zibonisa useto lwe«Imixholo engezantsi«.
Yongezwe check_rbl_ns_from umsebenzi ukukhangela iseva ye-DNS kuluhlu lweRBL. Umsebenzi owongeziweyo cYenzani_rbl_rcvd Ukuqinisekisa imimandla okanye iidilesi ze-IP zazo zonke izihloko ezifunyenwe kwiRBL.
Malunga nokulungiswa kolu hlobo lutsha lweSpamAssassin 3.4.3 ukulungiswa kokuchaphazeleka kukhankanyiwe (I-CVE-2018-11805), que ikuvumela ukuba usebenze imiyalelo yenkqubo kwiifayile zeCF (SpamAssassin iifayile zoqwalaselo) ngaphandle kokubonisa ulwazi malunga nokuqaliswa kwayo.
Kunye nokulungiswa komngcipheko (CVE-2019-12420) enokusetyenziselwa ukubanga ukwaliwa kwenkonzo xa kusenziwa i-imeyile enecandelo leMicrosoft elenzelwe ngokukodwa
Abaphuhlisi Ukusuka kuSpamAssassin nayo ndibhengeze ukulungiswa kwesebe le-4.0, eliya kuthi liphumeze ukuqhubekekiswa okupheleleyo kwe-UTF-8.
Ngomhla woku-1 ku-Matshi 2020, ukupapashwa kwemithetho enesiginitsha esekwe kwi-SHA-1 algorithm nayo iya kuyekwa (kwinguqulo 3.4.2, imisebenzi ye-SHA-256 kunye ne-SHA-512 hash ithathe indawo ye-SHA-1).
Olunye utshintsho Ezimeleyo kwintengiso:
- Yongeze iplagi entsha I-OLEVBMacro yenzelwe ukufumanisa ii-OLE macros kunye ne-VB khowudi ngaphakathi kwamaxwebhu.
- Isantya esiphuculweyo kunye nokhuseleko lokuprinta okukhulu ngokuseto body_part_scan_size kunye ne-rawbody_part_scan_size.
- Umnini wesalathi «Akukho sihloko»Yongezwe kwimigaqo yokulungiswa komzimba wonobumba ukuyeka ukukhangela umxholo weNtloko njengenxalenye yesicatshulwa kumzimba womyalezo
- Ngezizathu zokhuseleko, ukhetho hlaziya -allowpluginsihlisiwe.
- Ikhetho rbl_ iintloko Yongezwe kwiplagi DNSEval Ukuchaza izihloko zokujonga kuluhlu lweRBL.
- Izinketho zongezwe kumsebenzi jonga_hashbl_emails Ukuchaza izihloko, umxholo wazo ekufuneka ujongiwe kuthelekiswa neRBL okanye i-ACL.
- Umsebenzi khangela_hashbl_bodyre Yongezwe ukufumana umzimba wonobumba usebenzisa intetho eqhelekileyo kunye nokukhangela umdlalo ofunyenwe kwiRBL.
- Umsebenzi khangela_hashbl_uris Yongezwe ukukhangela ii-URL kumzimba womyalezo kwaye uziqinisekise kwi-RBL.
Gqibela kwabo bafuna ukufumana le nguqulo intsha unokufumana ikhowudi yemvelaphi kuyo eli khonkco lilandelayo okanye kwelinye icala, linda i-binaries ehambelanayo yolwabiwo olwahlukileyo lweLinux ukuba lwakhiwe kwaye luhlaziywe kumajelo ahambelanayo.