The new stable version of Rspamd is available: 1.3.3. This release includes a couple of critical bugs fixes and important improvements. We recommend to update Rspamd to version 1.3.3 as soon as possible due to a serious error in fuzzy hashes processing.
Important fuzzy hashes incompatibility
There was a serious bug in fuzzy check plugin when using transport encryption and the default fuzzy key. Since encryption is enabled in the default configuration, all users should consider updating their Rspamd packages. Another important consequence of this bug is that the private fuzzy storages should be relearned because of a wrong key used for hashing. To summarize, here is a list of issues for different types of fuzzy storages:
- For private fuzzy storages that are used without
encryption_keynothing has changed and everything should work as desired - For storages with explicit
fuzzy_keyeverything should work as desired with the exception of attachments hashes: they no longer use customfuzzy_keyfor performance and architecture reasons. So it is recommended to relearn such a storage after upgrading to1.3.3 - For storages without explicit
fuzzy_keybut withencryption_keythe recommended action is to upgrade to1.3.3and relearn a storage since all old hashes won’t be recognized (there won’t be any false positive hits however).
Rspamd.com fuzzy storage has changed hashing algorithm
Users of rspamd.com storage should either use the provided default configuration for fuzzy_check plugin or update their custom configuration to include the following line in the rule for rspamd.com storage:
rule "rspamd.com" {
algorithm = "mumhash";
# The rest of the configuration
}
The default rule provided by Rspamd distribution is now the following:
rule "rspamd.com" {
algorithm = "mumhash";
servers = "rspamd.com:11335";
encryption_key = "icy63itbhhni8bq15ntp5n5symuixf73s1kpjh6skaq4e7nx5fiy";
symbol = "FUZZY_UNKNOWN";
mime_types = ["application/*"];
max_score = 20.0;
read_only = yes;
skip_unknown = yes;
fuzzy_map = {
FUZZY_DENIED {
max_score = 20.0;
flag = 1;
}
FUZZY_PROB {
max_score = 10.0;
flag = 2;
}
FUZZY_WHITE {
max_score = 2.0;
flag = 3;
}
}
}
Failure to update hashing algorithm will cause Rspamd not to find any hits in the rspamd.com storage.
Support for Redis maps in the Multimap plugin
There is now Redis support in the Multimap plugin. With this feature you can create maps that can be easily scaled and frequently modified. For example, you could use it for temporary records that work as DNS blacklists but using Redis storage.
Hyperscan cache important fix
This version contains an important fix for Hyperscan caching inconsistency. After rules change, there were no checks against sanity of regexp ids stored in the cache. In turn, that caused random regexps misdetections and false positive detections. In version 1.3.3 Rspamd checks every single ID using checksum and recompiles the whole cached file when a checksum is invalid.
SARBL URL black list support has been added to the default configuration
Rspamd now will check URLs using SARBL list to detect bad or phishing domains in messages.
Lua API improvements
There are number of improvements in Lua API shipped with Rspamd:
util.get_tldfunction has been fixed to find the longest possible TLDrspamd_urlnow allows initialization of the library and provides a simpler API to parse URLs in stringsrspamd_cryptoboxnow provides a one step hashing APIutil.strequal_caselessfunction now works as intendedrspamd_redisnow returnsnilfordatawhen Redis returnsNIL(e.g. when a key is not found)rspamd_httpnow always performs DNS request even when maximum number of DNS requests for a message has been reached
Prefilters and postfilters registered in Rspamd are now executed in order defined by their priority:
- Prefilters with higher priority are executed first
- Postfilters with higher priority are executed last