Rspamd 1.3.3 has been released

15 Aug 2016

The new stable version of Rspamd is available: 1.3.3. This release includes a couple of critical bugs fixes and important improvements. We recommend to update Rspamd to version 1.3.3 as soon as possible due to a serious error in fuzzy hashes processing.

Important fuzzy hashes incompatibility

There was a serious bug in fuzzy check plugin when using transport encryption and the default fuzzy key. Since encryption is enabled in the default configuration, all users should consider updating their Rspamd packages. Another important consequence of this bug is that the private fuzzy storages should be relearned because of a wrong key used for hashing. To summarize, here is a list of issues for different types of fuzzy storages:

  1. For private fuzzy storages that are used without encryption_key nothing has changed and everything should work as desired
  2. For storages with explicit fuzzy_key everything should work as desired with the exception of attachments hashes: they no longer use custom fuzzy_key for performance and architecture reasons. So it is recommended to relearn such a storage after upgrading to 1.3.3
  3. For storages without explicit fuzzy_key but with encryption_key the recommended action is to upgrade to 1.3.3 and relearn a storage since all old hashes won’t be recognized (there won’t be any false positive hits however).

Rspamd.com fuzzy storage has changed hashing algorithm

Users of rspamd.com storage should either use the provided default configuration for fuzzy_check plugin or update their custom configuration to include the following line in the rule for rspamd.com storage:

rule "rspamd.com" {
  algorithm = "mumhash";
  # The rest of the configuration
}

The default rule provided by Rspamd distribution is now the following:

rule "rspamd.com" {
  algorithm = "mumhash";
  servers = "rspamd.com:11335";
  encryption_key = "icy63itbhhni8bq15ntp5n5symuixf73s1kpjh6skaq4e7nx5fiy";
  symbol = "FUZZY_UNKNOWN";
  mime_types = ["application/*"];
  max_score = 20.0;
  read_only = yes;
  skip_unknown = yes;
  fuzzy_map = {
    FUZZY_DENIED {
      max_score = 20.0;
      flag = 1;
    }
    FUZZY_PROB {
      max_score = 10.0;
      flag = 2;
    }
    FUZZY_WHITE {
      max_score = 2.0;
      flag = 3;
    }
  }
}

Failure to update hashing algorithm will cause Rspamd not to find any hits in the rspamd.com storage.

Support for Redis maps in the Multimap plugin

There is now Redis support in the Multimap plugin. With this feature you can create maps that can be easily scaled and frequently modified. For example, you could use it for temporary records that work as DNS blacklists but using Redis storage.

Hyperscan cache important fix

This version contains an important fix for Hyperscan caching inconsistency. After rules change, there were no checks against sanity of regexp ids stored in the cache. In turn, that caused random regexps misdetections and false positive detections. In version 1.3.3 Rspamd checks every single ID using checksum and recompiles the whole cached file when a checksum is invalid.

SARBL URL black list support has been added to the default configuration

Rspamd now will check URLs using SARBL list to detect bad or phishing domains in messages.

Lua API improvements

There are number of improvements in Lua API shipped with Rspamd:

  • util.get_tld function has been fixed to find the longest possible TLD
  • rspamd_url now allows initialization of the library and provides a simpler API to parse URLs in strings
  • rspamd_cryptobox now provides a one step hashing API
  • util.strequal_caseless function now works as intended
  • rspamd_redis now returns nil for data when Redis returns NIL (e.g. when a key is not found)
  • rspamd_http now always performs DNS request even when maximum number of DNS requests for a message has been reached

Prefilters and postfilters registered in Rspamd are now executed in order defined by their priority:

  • Prefilters with higher priority are executed first
  • Postfilters with higher priority are executed last