Deploy360 12 February 2014

New Apache SpamAssassin Release 3.4.0 Includes Native IPv6 Support!

By Dan YorkSenior Advisor

Apache Spam Assassin logoVery cool news out of the Apache SpamAssassin project that the new release 3.4.0 has full native IPv6 support!  This is important because SpamAssassin is widely used as an anti-spam tool for email servers.  This update nows means that it can be used in mail servers running on IPv6, including on mail servers running in an IPv6-only environment.  From the release notes:

Improved support for IPv6
————————-

The rules-updating program sa-update and its infrastructure is now usable over either IPv4 or IPv6, including from an IPv6-only hosts (bug 6654).

SpamAssassin is now usable on an IPv6-only host: affects installation, self-tests, rule updates, client, server, and a command-line spamassassin.

Command line options -4 and -6 were added to prefer/choose/force IPv4 or IPv6 in programs spamassassin, spamd, spamc, and sa-update.

Command line options –listen and –allowed-ips in spamd can now accept IPv6 addresses.

Preferably a perl module IO::Socket::IP is used (if it is available) for network communication regardless of a protocol family – for DNS queries, by spamd server side, and by a client code in Mail::SpamAssassin::Client. As a fallback when the module IO::Socket::IP is unavailable, an older module IO::Socket::INET6 is used, or eventually the IO::Socket::INET is used as last resort.

If spamd fails to start with an ‘Address already in use’ message, please install perl module IO::Socket::IP, or deintall IO::Socket::INET6, or specify a socket bind address explicitly with a spamd –listen option. See bug 6953 for details.

The spamd server can now simultaneously listen on multiple sockets, possibly in different protocol domains (Unix sockets, INET or INET6 protocol families.

DnsResolver was updated allowing it to work on an IPv6-only host (bug 6653)

A plugin RelayCountry now uses module Geo::IP and its database of IPv6 addresses GEOIP_COUNTRY_EDITION_V6 when available.

The following configuration options were extended to accept IPv6 addresses: dns_server, trusted_networks, internal_networks, msa_networks, (but not yet the whitelist_from_rcvd), and their defaults were adjusted accordingly.

The parser code of Received header fields can now deal with IPv6 addresses in a mail header section.

The AutoWhitelist plugin was updated and can now deal with IPv6 addresses.

Installation unit tests were updated to prevent them from failing on an IPv6-only host.

This is excellent news and we congratulate the Apache SpamAssassin team on making this happen.  If you are a SpamAssassin user, you can get release 3.4.0 now to be able to fight spam on email connections over IPv6!

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...