Rspamd 3.11.0 has been released

16 Dec 2024

Rspamd 3.11 Released: Major Updates to Elasticsearch Support, New Features and Important Fixes

The Rspamd team is pleased to announce the release of Rspamd 3.11, bringing significant improvements to the spam filtering system’s functionality, security, and performance.

Major Elasticsearch/OpenSearch Modernization

The most notable change in this release is the complete rework of the Elasticsearch/OpenSearch integration. The plugin now supports Elasticsearch 8 and OpenSearch 2, featuring:

  • Modern index management with automated retention policies
  • Improved data organization and storage efficiency
  • Updated configuration format for better clarity and control
  • Enhanced compatibility with modern Elasticsearch security features

Users upgrading from previous versions should review their Elasticsearch configurations as these changes are not backward compatible.

Enhanced Security and Performance Features

New Ratelimiting Capabilities

The release introduces helper tools to manage ratelimits:

  • LRU cache implementation for tracking recent ratelimit buckets
  • New management utilities for better control over ratelimits
  • Improved monitoring and administration tools via rspamadm

Architectural Improvements

  • Replacement of fastutf with simdutf library, providing:
    • Superior performance across different CPU architectures
    • Better support for non-x86 platforms
    • Enhanced UTF-8 processing capabilities

Message Processing Enhancements

  • New message anonymization tools for privacy-conscious deployments rspamadm mime anonymize
  • Addition of rspamadm mime strip for secure attachment handling

Critical Fixes and Security Updates

Several important security and functionality fixes have been implemented:

  • Improved upstream selection with smarter address rotation
  • Comprehensive fixes for RFC 2047 header encoding
  • Enhanced fuzzy storage security with improved dynamic key handling
  • Optimized TCP connection handling with cumulative timeouts
  • Strengthened DNS limit controls in SPF processing
  • Reduced false positives in phishing detection
  • Corrected DMARC structured headers encoding

Web Interface Improvements

The web interface received significant usability updates:

  • Redesigned symbol description system with improved hover functionality
  • Enhanced keyboard navigation for accessibility
  • Modernized symbol rendering system
  • Improved user experience with clearer information display

Configuration and Administration

New configuration capabilities have been added:

  • Introduction of lua.local.d folder to allow user’s plugins to be placed there
  • Extended configuration options for user based plugins and rules in conf.local.d/*.conf
  • Improved documentation and examples

Performance Optimizations

Several performance-focused improvements have been implemented:

  • Optimized RBL checking logic (e.g. received checks exclude from IP)
  • Refined multimap text part processing: so no more double scoring for multipart/alternative hits
  • Enhanced GPT module response parsing
  • Improved memory management and resource utilization

Installation and Upgrade Notes

Users upgrading to version 3.11 should:

  1. Review Elasticsearch/OpenSearch configurations if using these features (please bear in mind, that by default this module is disabled now, so you will need to enable it explicitly after review of the configuration, e.g. by specifying enabled = true).
  2. Review the new scores for multimap plugin if your score relied on double hits for multipart/alternative and content multimap type

The Rspamd team recommends testing the upgrade in a staging environment first, particularly if using the Elasticsearch integration.

Looking Forward

For detailed technical information and full changelog, please visit the Rspamd documentation website.