Apache SpamAssassin Takes a New Route in Version 3.30


Spammers beware! A new version of Apache SpamAssassin has you in its sights.

After over two and half years of development, SpamAssassin 3.3.0 is now available, providing mail administrators with new features to better stem the flow of spam into their organizations.

The popular open source antispam project, which is run either as a mail server or locally as a spam filter, uses a variety of techniques to detect unwanted bulk e-mail. Now with its 3.30 release, SpamAssassin (SA) is taking a major step forward in separating its rules engine from the core product -- a move that aims to improve the overall efficacy of spam detection.

"Removing the rules from the core product eliminates duplication of rule files and confusion about which rules on a system are actually used," Daryl O'Shea, Apache SpamAssassin's project management committee (PMC) chair, told InternetNews.com.

"In SA 3.2, the product came with a base set of rules that were used until you ran sa-update for the first time," he said, referring to SA's updating mechanism. "Now, no rules are included and you need to run sa-update immediately following installation."

The change "ensures that people are installing up-to-date rules regardless of when they install SA 3.3. Whether it's today or next month or six months from now, they're going to download the most up-to-date rules available via sa-update," he added.

Additionally, decoupling the two components is meant to lead to faster spam rules deployment, with rule updates no longer being tied to core product release schedules. According to O'Shea, rule updates will be made available on an as-needed basis at any time during a core product version's life span.

He added that the project is currently working toward the goal of providing rule updates once a week.

Long-awaited update

The SA 3.3 update is the first major update for the project since the 3.2.0 release in May 2007. SpamAssassin became a top-level Apache project in 2004, at the time of its 3.0 release.

O'Shea noted that the SA project was probably a little later releasing 3.3.0 than it had been in releasing 3.1.0 and 3.2.0, but with good reason.

"SpamAssassin development activity is highly dependent on the perceived need for improvement of the product by those willing to do so," O'Shea said. "If the current released versions are catching most of the spam out there, development slows. If spammers' tactics change and SA needs to adapt, there is a spike in development activity."

He added that the SA project doesn't really set release milestones until enough has changed that developers feel there's a need for a new release. While 3.3 is a major release, the project has been pushing out incremental point updates to the 3.2.x release.

"The 3.2.x series was our last series of stable (bug fix) releases," O'Shea said, referring to Apache SpamAssassin's policy of dividing its code base between "stable" and "trunk" (that is, development) branches. "While those were going on, we were working on the now-3.3.0 version (then trunk development branch), which brings new features, optimizations and changes to some APIs. It's the new features, optimizations and API changes that distinguish 3.3 as a 'major' release, rather than 'minor' bug fix release."

New structure, improvements

In addition to the separation of the spam rules engine, SA 3.3 includes some changes to the structure of the software's features. Among them is a change to its Bayesian scoring function, which now becomes a plug-in -- though it is still included with the core product installation.

"Getting 'Bayes' into a plug-in forced us to better define some of our APIs or create APIs where some useful features were reaching into the core engine's internals, and allows for people to swap out our Bayesian implementation with their own," O'Shea said.

O'Shea added that improvements were also made to instrumentation of rule run times and timeouts of DNS-based rules. "SA now returns the results it has if it runs out of [the user-defined] time it is allowed to run for on each message, rather than its old 3.2.x behavior of returning no results," O'Shea said.

For users of SA 3.2.x, the move to the new 3.3.0 release will also not require a system shutdown as users can upgrade to 3.3.0 while an older version is running. However, "once 3.3.0 is installed, you need to run sa-update to retrieve the rules for 3.3.0 -- you then need to restart spamd," O'Shea said. "This step may cause mail to go unscanned for a couple of seconds, depending on your setup."

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.