Mailing List Archive

ANNOUNCE: Apache SpamAssassin 3.4.6 available
On behalf of the Apache SpamAssassin Project, I am pleased to announce version 3.4.6 is available.

Release Notes -- Apache SpamAssassin -- Version 3.4.6


Apache SpamAssassin 3.4.6 fixes two small but potentially annoying bugs in 3.4.5

*** On March 1, 2020, we stopped publishing rulesets with SHA-1 signatures.
If you do not update to 3.4.2 or later, you will be stuck at the last
ruleset with SHA-1 signatures. Such an upgrade should be to 3.4.6 to
obtain the contained security fixes ***

*** Ongoing development on the 3.4 branch has ceased. All future releases
and bug fixes will be on the 4.0 series, unless a new security issue
is found that necessitates a 3.4.7 release. ***

Many thanks to the committers, contributors, rule testers, mass checkers,
and code testers who have made this release possible.

Notable features:

None noted.

Notable changes

This release includes fixes for the following:

- Fixed URIDNSBL not triggering meta rules
- Fix false positive in T_KAM_HTML_FONT_INVALID on CSS color !important

New configuration options

None noted.

Notable Internal changes

None noted.

Other updates

None noted.


None noted.

Downloading and availability

Downloads are available from:

sha256sum of archive files:

bc4875f3e4bb5979f0c10283213a512c4c9646220ae0132a78c8e3af94789610 Mail-SpamAssassin-3.4.6.tar.bz2
500c7e2a7cdf3aa4dd822d97aaff2ab22235a60cf17a68ab817861d215a4e568 Mail-SpamAssassin-3.4.6.tar.gz
b1efcdc57e6b100735855e24ee8391b0857327d70e1e1d2c2757d5f66e8a1ce6 Mail-SpamAssassin-rules-3.4.6.r1888502.tgz

sha512sum of archive files:

bb53ba928917b02071b2e6690a11240e1af503334f292c870a8c49c24b0a58b44c78f827e2f43e71a3ce920481fa0e1e62b78a39452658c57d18f4e11daeb593 Mail-SpamAssassin-3.4.6.tar.bz2
7910852f04463a7363a2fc3b70a35adadf5714552e57c5b8ca57beaa534ee18d9f06526cdbcf8bcd5781e5ca778f98d2f84ef2efd1872fa550cfe1689440364a Mail-SpamAssassin-3.4.6.tar.gz
29167c2ab50de26954181ad53395d4270b8b15b7d3bb13d6c62aa2f13ed3bb7a54adcda944bbd4c8d0cf4fe918a2eb0f542ef420af2bd96a121cb3d9b55dd572 Mail-SpamAssassin-rules-3.4.6.r1888502.tgz

Note that the *-rules-*.tgz files are only necessary if you cannot,
or do not wish to, run "sa-update" after install to download the latest
fresh rules.

See the INSTALL and UPGRADE files in the distribution for important
installation notes.

GPG Verification Procedure
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the or key servers,
as well as

The following key is used to sign releases after, and including SA 3.3.0:

pub 4096R/F7D39814 2009-12-02
Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814
uid SpamAssassin Project Management Committee <>
uid SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) <>
sub 4096R/7B3265A5 2009-12-02

The following key is used to sign rule updates:

pub 4096R/5244EC45 2005-12-20
Key fingerprint = 5E54 1DC9 59CB 8BAC 7C78 DFDC 4056 A61A 5244 EC45
uid Signing Key <>
sub 4096R/24F434CE 2005-12-20

To verify a release file, download the file with the accompanying .asc
file and run the following commands:

gpg --verbose --keyserver --recv-key FDE52F40F7D39814
gpg --verify Mail-SpamAssassin-3.4.6.tar.bz2.asc
gpg --fingerprint FDE52F40F7D39814

Then verify that the key matches the signature.

Note that older versions of gnupg may not be able to complete the steps
above. Specifically, GnuPG v1.0.6, 1.0.7 & 1.2.6 failed while v1.4.11
worked flawlessly.

See for more information
on verifying Apache releases.

About Apache SpamAssassin

Apache SpamAssassin is a mature, widely-deployed open source project
that serves as a mail filter to identify spam. SpamAssassin uses a
variety of mechanisms including mail header and text analysis, Bayesian
filtering, DNS blocklists, and collaborative filtering databases. In
addition, Apache SpamAssassin has a modular architecture that allows
other technologies to be quickly incorporated as an addition or as a
replacement for existing methods.

Apache SpamAssassin typically runs on a server, classifies and labels
spam before it reaches your mailbox, while allowing other components of
a mail system to act on its results.

Most of the Apache SpamAssassin is written in Perl, with heavily
traversed code paths carefully optimized. Benefits are portability,
robustness and facilitated maintenance. It can run on a wide variety of
POSIX platforms.

The server and the Perl library feels at home on Unix and Linux platforms
and reportedly also works on MS Windows systems under ActivePerl.

For more information, visit

About The Apache Software Foundation

Established in 1999, The Apache Software Foundation provides
organizational, legal, and financial support for more than 100
freely-available, collaboratively-developed Open Source projects. The
pragmatic Apache License enables individual and commercial users to
easily deploy Apache software; the Foundation's intellectual property
framework limits the legal exposure of its 2,500+ contributors.

For more information, visit

Sidney Markowitz
Chair, Apache SpamAssassin PMC