• https://www.mirrorservice.org/sites/ftp.apache.org/spamassassin/source/ (Download)
• https://mirrors.dotsrc.org/apache/spamassassin/source/ (Download)
• https://downloads.apache.org/spamassassin/source/ (Download)
• https://archive.apache.org/dist/spamassassin/source/ (Download)
• http://ftp.meisei-u.ac.jp/mirror/apache/dist/spamassassin/source/ (Download)
• https://apache.belnet.be/spamassassin/source/ (Download)

• (2021-04-30) Updated to version: p5-Mail-SpamAssassin-3.4.6
• (2021-03-25) Updated to version: p5-Mail-SpamAssassin-3.4.5
• (2020-01-30) Updated to version: p5-Mail-SpamAssassin-3.4.4
• (2019-12-12) Updated to version: p5-Mail-SpamAssassin-3.4.3
• (2018-09-18) Updated to version: p5-Mail-SpamAssassin-3.4.2
• (2015-04-30) Updated to version: p5-Mail-SpamAssassin-3.4.1
• (2014-03-16) Updated to version: p5-Mail-SpamAssassin-3.4.0
• (2011-06-23) Updated to version: p5-Mail-SpamAssassin-3.3.2
• (2010-05-24) Updated to version: p5-Mail-SpamAssassin-3.3.1p0
• (2010-03-25) Updated to version: p5-Mail-SpamAssassin-3.3.1

Log message:
bugfix update to 3.4.6

Log message:
Update to 3.4.5
security fix for CVE-2020-1946
bug fixes and improvements on OLEMacro detection, Bayes and rbl checks
ok sthen@

Log message:
Update to 3.4.5
security fix for CVE-2020-1946
bug fixes and improvements on OLEMacro detection, Bayes and rbl checks

Log message:
Update to 3.4.4
fixes CVE-2020-1930 and CVE-2020-1931

Log message:
Update to 3.4.4
fixes CVE-2020-1930 and CVE-2020-1931

Log message:
Update to 3.4.3
fixes CVE-2018-11805 and CVE-2019-12420
hints by sthen@

Log message:
Update to 3.4.3
fixes for:
CVE-2018-11805 and CVE-2019-12420
Upgrade notice available at https://svn.apache.org/repos/asf/spamassassin/branches/3.4/UPGRADE

Log message:
replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes

Log message:
add GeoIP2 support and make it the default
remove optional Geo::IP support from dependencies,
databases are not updated anymore
with input from sthen@

Log message:
Fix a possible use after free

Log message:
Update to 3.4.2,
lot of fixes and new features, four CVE security bug fixed for PDFInfo.pm and
the SA core:
CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781
ok pea@

Log message:
Major update to 3.4.2,
lot of fixes and new features, four CVE security bug fixed for PDFInfo.pm and
the SA core:
CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781
ok pea@

Log message:
convert to PKGSTEM

Log message:
Security fixes from upstream

Log message:
More security fixes from upstream

Log message:
Security fixes from upstream
ok sthen@

Log message:
More security fixes from upstream

Log message:
Security fix for spamassassin
if the root user starts spamd with the --username
flag, the supplemental group list of the spamd worker processes is never
changed. The worker processes execute with root's original supplemental
group list.
ok sthen@

Log message:
restore old patches and bump

Log message:
Security fix for spamassassin
if the root user starts spamd with the --username
flag, the supplemental group list of the spamd worker processes is never
changed. The worker processes execute with root's original supplemental
group list.

Log message:
Add compatibility patches for perl 5.23+

Log message:
Change the shebang line from /bin/sh to /bin/ksh in all ports rc.d
daemon scripts and bump subpackages that contain the *.rc scripts.
discussed with and OK aja@
OK tb

Log message:
Install ldap docs and take maintainership
ok sthen@

Log message:
Drop maintainer, I'm moving away from this (rspamd is better).

Log message:
MFC: backport SpamAssassin fixes to cope with p5-Net-DNS API breaks

Log message:
pull back more patches from spamassassin 3.4 branch, again mostly coping
with Net::DNS API changes not documented in their changelog

Log message:
Set RD properly on DNS queries. Broken by Net::DNS 1.01+

Log message:
explicitly search ${LOCALBASE}/bin and sbin when looking for gpg etc.,
fixing a problem seen by wesley at e-solutions.re where /usr/local is not
in the path for cronjobs running sa-update

Log message:
Make the regression tests of p5-Mail-SpamAssassin pass.
- Replace SSLv3_client_method() with  SSLv23_client_method() in spamc.
- Do not choose a specific SSL version, let IO::Socket::SSL decide.
- Print SSL error messages to make debugging easier.
- Fix search path in test.
input and OK sthen@

Log message:
update to p5-Mail-SpamAssassin 3.4.1
http://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.1.txt

Log message:
switch SpamAssassin's forced p5-libwww dependency for one which can accept
either p5-libwww or curl (possible now that libwww is updated and HTTP::Date
is split off).

Log message:
Do not depend on net/p5-IO-Socket-IP.  The module IO::Socket::IP
0.29 is included in Perl 5.20.1 and installed in base.  The port
will be removed soon.
OK giovanni@ nigel@

Log message:
Install sql files
ok sthen@ (Maintainer)

Log message:
update SpamAssassin to 3.3.2, thanks Brad and pea@ for testing. ok pea@

Log message:
fix a spamassassin --lint warning, from upstream, suggested by Armin Wolfermann

Log message:
Better pexp in rc script.

Log message:
Simplify after recent rc.subr change.
The framework is now stable and we will start documenting it (at last).

Log message:
Cope with recent rc.subr changes.

Log message:
Kill 2 very annoying warnings when running spamd, merged from upstream.
ok sthen@ (maintainer)

Log message:
make use of PKGSPEC to simplify depends, requires most recent security/gnupg
to compile correctly

Log message:
new depends

Log message:
rc script for spamassassin; suggestions and ok aja@

Log message:
USE_GROFF=Yes

Log message:
perl 5.12.2 fixes

Log message:
Force dependency on gnupg1 since gnupg2 has the same PKGNAME, it can
create some depency mess.
The long term solution is to update+merge gnupg2 into gnupg1 but for now
at least we have a clean dependency chain.
looks ok to jasper@ and pea@

Log message:
@sample v330.pre and bump PKGNAME-main.

Log message:
update to 3.3.1; thanks pea@ for testing and comments

Log message:
MFC:
Adjust FH_DATE_PAST_20XX rule so it doesn't trigger on all dates from 2010.
From upstream repository.
ok jasper@ william@

Log message:
Adjust FH_DATE_PAST_20XX rule so it doesn't trigger on all dates from 2010.
From upstream repository.

Log message:
- unbreak with perl 5.10.1 (don't rely on an internal MakeMaker api
which changed).
- take MAINTAINER.
looks ok to jasper.

Log message:
remove marc balmer as maintainer of all of his ports, to take away the
illusion marc still maintains them. as requested by himself.

Log message:
Replace p5-IO-INET6 with p5-IO-Socket-INET6 as the upstream cpan
package has been renamed.  Unfortunately there is no smooth upgrade
path.  Packages have to be deleted and added manually.
discussed with bernd@ and sturm@

Log message:
Adjust dependencies for IO::Zlib and Archive::Tar which now come
as part of base Perl. Regen PLIST while there, some manpages missed.
ok simon@ "commitski" mbalmer@

Log message:
Update to SpamAssassin 3.2.5; minor bug fix update.
ok mbalmer@

Log message:
Maintenance update of SpamAssassin to version 3.2.4.
This is a major bug-fix release, with a few minor new features.

Log message:
add RUN_DEPENDS=::devel/re2c so you can compile your ruleset to
native code with sa-compile(1).
"committ it" mbalmer@

Log message:
Remove surrounding quotes in COMMENT*/PERMIT_*

Log message:
Minor bugfix update to SpamAssassin 3.2.2.

Log message:
MFC:
SECURITY update to 3.2.1
fixes a local user symlink-attack DoS vulnerability; more details at
http://spamassassin.apache.org/advisories/cve-2007-2873.txt

Log message:
SECURITY update to 3.2.1
fixes a local user symlink-attack DoS vulnerability; more details at
http://spamassassin.apache.org/advisories/cve-2007-2873.txt

Log message:
SECURITY update to 3.2.1
fixes a local user symlink-attack DoS vulnerability; more details at
http://spamassassin.apache.org/advisories/cve-2007-2873.txt
ok mbalmer@

Log message:
get ride of RUN_DEPENDS=${BUILD_DEPENDS} construct.
checked by naddy@, ok mbalmer@

Log message:
Fix a problem with the last update.

Log message:
Update to SpamAssassin 3.2.0
ok simon

Log message:
base64 checksums.

Log message:
MFC:
3.1.8 is a major bug-fix release, including a potential DoS.  The major
highlights are:
- bug 5318: fix for CVE-2007-0451: possible DoS due to incredibly
long URIs found in the message content.
- bug 5240: disable perl module usage in update channels unless
--allowplugins is specified
- bug 5288: files with names starting/ending in whitespace weren't usable
- bug 5056: remove Text::Wrap related code due to upstream issues
- bug 5145: update spamassassin and sa-learn to better deal with STDIN
- bug 5140 and 5179: improvements and bug fixes related to DomainKeys
and DKIM support
- several updates for Received header parsing
- several documentation updates and random taint-variable related issues
A more detailed change log can be read here:
http://svn.apache.org/repos/asf/spamassassin/branches/3.1/Changes

Log message:
MFC:
3.1.8 is a major bug-fix release, including a potential DoS.  The major
highlights are:
- bug 5318: fix for CVE-2007-0451: possible DoS due to incredibly
long URIs found in the message content.
- bug 5240: disable perl module usage in update channels unless
--allowplugins is specified
- bug 5288: files with names starting/ending in whitespace weren't usable
- bug 5056: remove Text::Wrap related code due to upstream issues
- bug 5145: update spamassassin and sa-learn to better deal with STDIN
- bug 5140 and 5179: improvements and bug fixes related to DomainKeys
and DKIM support
- several updates for Received header parsing
- several documentation updates and random taint-variable related issues
A more detailed change log can be read here:
http://svn.apache.org/repos/asf/spamassassin/branches/3.1/Changes

Log message:
3.1.8 is a major bug-fix release, including a potential DoS.  The major
highlights are:
- bug 5318: fix for CVE-2007-0451: possible DoS due to incredibly
long URIs found in the message content.
- bug 5240: disable perl module usage in update channels unless
--allowplugins is specified
- bug 5288: files with names starting/ending in whitespace weren't usable
- bug 5056: remove Text::Wrap related code due to upstream issues
- bug 5145: update spamassassin and sa-learn to better deal with STDIN
- bug 5140 and 5179: improvements and bug fixes related to DomainKeys
and DKIM support
- several updates for Received header parsing
- several documentation updates and random taint-variable related issues
A more detailed change log can be read here:
http://svn.apache.org/repos/asf/spamassassin/branches/3.1/Changes
ok nikolay

Log message:
Maintainer change.  Bump PKGNAME.

Log message:
- update to version 3.1.7 (by Andreas Vvgele, with some cleanings)
- use /var/db/spamassassin as homedir for _spamdaemon user
- does _not_ remove /var/db/spamassassin when using `pkg_delete -c`
"go ahead" steven@

Log message:
- remove 'noauto' and install _spamdaemon user by default.
- bump PKGNAME.

Log message:
Some tweaks to accomodate sa-update:
- Add gnupg dependency.
- Better location for the updates: /var/db/spamassassin
- Install sa-update's default GnuPG keys as config files, so that they
will be removed upon pkg_delete.
- Remove /var/db/spamassassin using @extraunexec.
Specify minimum versions for some dependencies while here.
from maintainer Andreas Vogele <andreas at altroot.de>
looks fine naddy@

Log message:
update to version 3.1.4 which fixes a memleak and other smaller bugs;
ok naddy@

Log message:
security update to p5-Mail-SpamAssassin 3.1.3
fixes CVE 2006-2447

Log message:
security update to p5-Mail-SpamAssassin 3.0.6
fixes CVE 2006-2447

Log message:
update to SpamAssassin 3.1.3
ok maintainer Andreas Voegele

Log message:
maintenance update to 3.1.1
from: new maintainer Andreas Voegele (voegelas at gmx dot net)

Log message:
move any perl or sed substitutions from post-patch to pre-configure
(fixes make update-patches)
ok sturm@; "looks reasonable" steven@

Log message:
- add missing init.pre and v310.pre configuration files.
- depend on p5-Mail-SPF-Query, since the SPF plugin is loaded by default.
based on diff from Andreas Voegele <voegelas at gmx.net>

Log message:
Update to SpamAssassin 3.1.0.
Release notes available:
http://marc.theaimsgroup.com/?l=spamassassin-announce&m=112674318914008&w=2
>From Ben Lovett <ben at tilderoot dot com>

Log message:
MFC:
SECURITY update to SpamAssassin 3.0.4
fixes CAN-2005-1266
from maintainer Ben Lovett <ben at tilderoot.com>

Log message:
SECURITY update to SpamAssassin 3.0.4
fixes CAN-2005-1266
from maintainer Ben Lovett <ben at tilderoot.com>

Log message:
SIZE

Log message:
Add WANTLIB markers

Log message:
update to SpamAssassin 3.0.2
from Ben Lovett <ben at tilderoot.com>

Log message:
update to SpamAssassin 3.01
from maintainer Ben Lovett <ben at tilderoot.com>

Log message:
new style plists.

Log message:
SECURITY:
upgrade to 2.64
- prevents a denial of service attack open to certain
malformed messages;
ok brad@

Log message:
SECURITY:
upgrade to 2.64
- prevents a denial of service attack open to certain
malformed messages;
ok brad@

Log message:
Security update to 2.64.  From release notice:
- Security fix prevents a denial of service attack open to certain
malformed messages; this DoS affects all SpamAssassin 2.5x
and 2.6x versions to date.
- Backported several very reliable rules from the SpamAssassin 3.0.0
codebase.
>From MAINTAINER. OK nagy.

Log message:
upgrade p5-Mail-SpamAssassin to 2.63
--
From: MAINTAINER

Log message:
upgrade p5-Mail-SpamAssassin to 2.62
--
From: MAINTAINER

Log message:
upgrade p5-Mail-SpamAssassin to 2.61
--
From: new MAINTAINER Ben Lovett <ben at tilderoot dot com>

Log message:
fix install after DESTDIR change in perl 5.8.2

Log message:
create _spamdaemon group, too
inspired by diff from Olivier Cherrier <oc at karedas dot cediti dot be>

Log message:
remove procmail dependency, MAINTAINER does not use this software
anymore, so release it to ports@

Log message:
same line twice, is it really needed?; from MAINTAINER

Log message:
new user/group naming schema
bump PKGNAME for bitlbee
Han Boetes <han@mijncomputer.nl> ok

Log message:
sync with spamassassin-cvs for the bounds bugfix (#2041 in their bugzilla):
allocate an extra byte for the array instead of reducing the bounds value

Log message:
fix a couple of off-by-one in spamc->spamd communication
submitted upstream, bugzilla #2074 in their bug db
bump PKGNAME

Log message:
upgrade p5-Mail-SpamAssassin to 2.55
--
MAINTAINER ok

Log message:
update p5-Mail-SpamAssassin to 2.53; from MAINTAINER

Log message:
upgrade p5-Mail-SpamAssassin to 2.53; from MAINTAINER

Log message:
update p5-Mail-SpamAssassin to 2.52; from MAINTAINER

Log message:
disable razor tests (done in "make regress") by default
otherwise "make configure" would ask, if it found razor-agent installed
OK pvalchev@

Log message:
update p5-Mail-SpamAssassin to 2.50; from MAINTAINER

Log message:
update p5-Mail-SpamAssassin to 2.44; from MAINTAINER

Log message:
MFC: Added patch from Timo Sirainen <tss@iki.fi> to fix exploit.
---cut---
Well, I was going to wait until 2.50 release, but it seems to be taking and
this likely affects only few installations. Besides, it's been in their
public bugzilla for over a month. So:
Attacker may be able to execute arbitrary code by sending a specially
crafted e-mail to a system using SpamAssassin's spamc program in BSMTP mode
(-B option). Versions from 2.40 to 2.43 are affected.
Exim users especially should check if they're affected, the -B option is
used in several Exim+SpamAssassin HOWTOs.
The problem is with escaping '.' characters at the beginning of lines.
Off-by-one bounds checking error allows writing '.' character past a
buffer, overwriting the stack frame address. Depending on system this may
be exploitable. Pre-built Debian unstable/x86 package wasn't vulnerable, my
self compiled was.
---cut---

Log message:
Added patch from Timo Sirainen <tss@iki.fi> to fix exploit.
---cut---
Well, I was going to wait until 2.50 release, but it seems to be taking and
this likely affects only few installations. Besides, it's been in their
public bugzilla for over a month. So:
Attacker may be able to execute arbitrary code by sending a specially
crafted e-mail to a system using SpamAssassin's spamc program in BSMTP mode
(-B option). Versions from 2.40 to 2.43 are affected.
Exim users especially should check if they're affected, the -B option is
used in several Exim+SpamAssassin HOWTOs.
The problem is with escaping '.' characters at the beginning of lines.
Off-by-one bounds checking error allows writing '.' character past a
buffer, overwriting the stack frame address. Depending on system this may
be exploitable. Pre-built Debian unstable/x86 package wasn't vulnerable, my
self compiled was.
---cut---

Log message:
Install the man pages for spamd/spamc, move spamd to section 8.
ok maintainer

Log message:
Remove p5-Test-Simple and p5-Time-HiRes depends; now in stock perl

Log message:
update mail/p5-Mail-SpamAssassin to 2.43; from MAINTAINER

Log message:
seems like the fake path sneak into the installed rule files;
from MAINTAINER with heads up by Andrey Smagin (andrey@smagin.com)

Log message:
update p5-Mail-SpamAssassin to version 2.42; from MAINTAINER

Log message:
p5-Mail-SpamAssassin tries to install files outside the fake area.

Log message:
update mail/p5-Mail-SpamAssassin to 2.41; from MAINTAINER

Log message:
remove .packlist

Log message:
add dependency to www/p5-HTML-Parser; from maintainer

Log message:
update mail/p5-Mail-SpamAssassin to 2.40:
--
The #1 big change:
- SpamAssassin now *REQUIRES* procmail  for  local  delivery  support;
-P  option  is  now  the  default.  Unless   you   use   procmail,
Mail::Audit, KMail, or an  MTA-level  integration,  do  not  upgrade
>From maintainer, Han Boetes <han@boetes.org>