Rspamd 1.9.2 has been released

16 Apr 2019

We have released Rspamd 1.9.2 today.

This release contains some new features and bug fixes. The only potentially slashing changes are the changes in Clickhouse module:

  • Times are now stored in GMT timezone so you can use Clickhouse for analytics that crosses time zones. The potential drawback is the mess with the currently stored data. This should be resolved automatically once new data arrives.

  • Clickhouse schema has been updated to the version 4 with new fields and some minor changes. The existing database should be converted automatically and there are no incompatible changes in columns.

This release includes the following features.

Improvements in Clickhouse plugin

Rspamd now stores more data in Clickhouse:

  • Mime recipients
  • Message IDs
  • Scan time for a message, both normal and virtual
  • SPF checks results
  • Some new calculated columns, such as MIMERcpt, MIMEFrom, SMTPFrom and SMTPRcpt

These columns are intended to improve analytical capabilities of Clickhouse plugin.

OpenDKIM compatible DKIM signing setup

This version now includes a simplified DKIM signing setup option inspired with OpenDKIM.

You can read more about it here: https://rspamd.com/doc/modules/dkim_signing.html#use-of-signing_table

This mode is intended to simplify migration from the existing setups based on OpenDKIM to Rspamd.

Better encrypted archives support

Rspamd can now properly detect encryption in ZIP archives. Mime types plugin now also tries to resolve hex encoding hack used by some spammers to send malware to users (see PR 2582).

Calendar files parser

From the version 1.9.2, Rspamd can extract meaningful data from Calendar files in iCal format (.ics files). These files are sometimes used by spammers so Rspamd can now extract hyperlinks and emails from calendar attachments to improve filtering quality.

New rspamadm dns_tool utility

It is now possible to do some DNS checks with the new tool. For example, it is now possible to verify SPF records as they are observed by Rspamd, including elements extraction, for example a or mx and verification of the IP addresses. Here is how it looks like:

Better bitcoin addresses detection

We have improved bitcoin addresses detection by fixing some issues in the BTC wallet validation code. It now allows to catch Pay-To-Script addresses.

Full list of the meaningful changes

  • [Conf] Allow to load users plugins from plugins.d
  • [Conf] oversign openpgp and autocrypt headers
  • [Feature] Add SPF FFI library for Lua
  • [Feature] Add more verbosity for SPF caching
  • [Feature] Antivirus: Handle encrypted files specially
  • [Feature] Clickhouse: Slashing - add new fields to CH
  • [Feature] Dkim_signing: Add OpenDKIM like signing_table and key_table
  • [Feature] Dkim_signing: Allow to use new options as maps
  • [Feature] Import fpconv library
  • [Feature] Lua_maps: Allow static regexp and glob maps
  • [Feature] Parse ical files
  • [Feature] Rspamadm: Add dns_tool utility
  • [Feature] Store SPF records digests
  • [Feature] Use fpconv girsu2 implementation for printing floats
  • [Fix] Clickhouse: Use integer seconds when inserting rows
  • [Fix] Fix floating point printing
  • [Fix] Fix processing of embedded urls
  • [Fix] Lua_clickhouse: Fix CH errors processing
  • [Fix] Make spf digest stable
  • [Fix] Properly detect encrypted files in zip archives
  • [Fix] Slashing: Store times in GMT timezone in ClickHouse
  • [Rules] Add additional conditions to perform BTC checks
  • [Rules] Fix pay-to-hash addresses validation