Mike Schrauder wrote: >Hi all, > I really wish I had time to contribute to this list, but you >folks are on a completely higher level. I have sa 2.63 on debian woody >using the filter account to protect an exchange server. >I set it up w/ the very helpful info at >http://advosys.ca/papers/postfix-filtering.html. >This was about 2 years ago and it has been working VERY well. Now some >more spam is getting through and I have two questions. >1. how scary for a novice would it be to apt-get upgrade spammassassin >to 3.0.2-1 and expect everything to keep on working? > > 3.x has some configuration option changes, which are documented in the upgrade file: http://svn.apache.org/repos/asf/spamassassin/branches/3.0/UPGRADE
I'd strongly recommend the upgrade to 3.0.x, or at MINIMUM an upgrade to 2.64 to correct the DoS vulnerability that 2.63 has. Upgrading to 2.64 should be completely painless if you're afraid of 3.x. 3.x also makes broken trust path issues painfully obvious, whereas in 2.6x the problem would be more subtle in nature (mostly DUL FP's). If you see spam matching ALL_TRUSTED with 3.x read: http://wiki.apache.org/spamassassin/TrustPath >2. if that is to stressful, who has already formed rulesets that is >compatible w/ 2.63 that >I could drop in to catch all this drug spam that is getting through? > If you don't go to 3.x, you might want to add antidrug.cf to /etc/mail/spamassassin: http://mywebpages.comcast.net/mkettler/sa/antidrug.cf 3.0 and higher include this ruleset by default as a part of {$PREFIX}/share/spamassassin/20_drugs.cf
