Rspamd 3.11 Released: Major Updates to Elasticsearch Support, New Features and Important Fixes
The Rspamd team is pleased to announce the release of Rspamd 3.11, bringing significant improvements to the spam filtering system’s functionality, security, and performance.
Major Elasticsearch/OpenSearch Modernization
The most notable change in this release is the complete rework of the Elasticsearch/OpenSearch integration. The plugin now supports Elasticsearch 8 and OpenSearch 2, featuring:
- Modern index management with automated retention policies
- Improved data organization and storage efficiency
- Updated configuration format for better clarity and control
- Enhanced compatibility with modern Elasticsearch security features
Users upgrading from previous versions should review their Elasticsearch configurations as these changes are not backward compatible.
New Ratelimiting Capabilities
The release introduces helper tools to manage ratelimits:
- LRU cache implementation for tracking recent ratelimit buckets
- New management utilities for better control over ratelimits
- Improved monitoring and administration tools via
rspamadm
Architectural Improvements
- Replacement of fastutf with simdutf library, providing:
- Superior performance across different CPU architectures
- Better support for non-x86 platforms
- Enhanced UTF-8 processing capabilities
Message Processing Enhancements
- New message anonymization tools for privacy-conscious deployments
rspamadm mime anonymize
- Addition of
rspamadm mime strip for secure attachment handling
Critical Fixes and Security Updates
Several important security and functionality fixes have been implemented:
- Improved upstream selection with smarter address rotation
- Comprehensive fixes for RFC 2047 header encoding
- Enhanced fuzzy storage security with improved dynamic key handling
- Optimized TCP connection handling with cumulative timeouts
- Strengthened DNS limit controls in SPF processing
- Reduced false positives in phishing detection
- Corrected DMARC structured headers encoding
Web Interface Improvements
The web interface received significant usability updates:
- Redesigned symbol description system with improved hover functionality
- Enhanced keyboard navigation for accessibility
- Modernized symbol rendering system
- Improved user experience with clearer information display
Configuration and Administration
New configuration capabilities have been added:
- Introduction of
lua.local.d folder to allow user’s plugins to be placed there
- Extended configuration options for user based plugins and rules in
conf.local.d/*.conf
- Improved documentation and examples
Several performance-focused improvements have been implemented:
- Optimized RBL checking logic (e.g.
received checks exclude from IP)
- Refined multimap text part processing: so no more double scoring for multipart/alternative hits
- Enhanced GPT module response parsing
- Improved memory management and resource utilization
Installation and Upgrade Notes
Users upgrading to version 3.11 should:
- Review Elasticsearch/OpenSearch configurations if using these features (please bear in mind, that by default this module is disabled now, so you will need to enable it explicitly after review of the configuration, e.g. by specifying
enabled = true).
- Review the new scores for multimap plugin if your score relied on double hits for
multipart/alternative and content multimap type
The Rspamd team recommends testing the upgrade in a staging environment first, particularly if using the Elasticsearch integration.
Looking Forward
For detailed technical information and full changelog, please visit the Rspamd documentation website.
Today we have released Rspamd 3.10.2, which is being maintained in the stable rspamd-3.10 branch.
The following fixes are included in this release:
- Fix for ARC signing contributed by
@jscissr
- Added EOF to Prometheus metrics by
@henry-spanka
Today we have released Rspamd 3.10.1 featuring several important bug fixes.
- Fixed Ragel state machine on ARM
- Fixed OpenSSL-related crashes on RedHat systems
- Fixed build with PUC-Rio Lua by
@arkamar
- Avoid null-bytes in Log-Tag header by
@smarsching
- Fixed incorrectly reported ASAN flag
- Fixed counting of ham/spam learns
- Updated to upstream hiredis removing all hacks
Today we have released Rspamd 3.10.0; the most important new features and fixes are highlighted below.
Features
MIME UTF8 support:
Rspamd now correctly processes MIME UTF8 messages and doesn’t penalize them
Support for negative group score limits
Added the ability to set a negative group score limit using the min_score parameter.
Per key fuzzy ratelimit rules
It is now possible to set specific ratelimits and expiration for individual fuzzy encryption keys
Detect CPU using __builtin_cpu_supports where it’s possible
More portable way in some specific configurations
Sender Reputation Improvements:
Added SenderScore Reputation RBL and RPBL return codes to improve sender reputation checks.
Better OpenSSL 3.0 Support:
Introduced full support for OpenSSL 3.0, including integration for DKIM (DomainKeys Identified Mail).
Command Additions:
- Added rspamadm secretbox command for secret key encryption/decryption.
- Added tooling to allow string encryption in Lua scripts.
DMARC Enhancements:
- Implemented a new reporting.only_domains setting for more granular DMARC reporting.
Fixes
- Fixes for ARC and DMARC by
@JasonStephenson and @spacefreak86
- Fix Redis scripts uploading when Redis is not ready
- Fixes for Redis configuration schema
- Removed broken control block support
- Fixed DCC
rep handling
- Fixed learning of empty tasks
- ICAP: encode constructed path to be URL safe by
@oliyks
- Improved error reporting in
lua_redis
Rules
Fixed and updated old rules to enhance overall system performance.
We extend our gratitude to everyone who contributed to this release.
Today we have released Rspamd 3.9.0, featuring many new features and fixes. The most important ones are highlighted below. Refer to the migration notes for an overview of potentially-breaking changes.
Improvements to Bayes configuration
Rspamd now uses a reduced window size of 2 words by default. This change does not require retraining of statistics. In our tests, this reduced window size has produced the equal or better results with better performance and lower storage requirements - around 4 times less than with the previous default window size of 5 words. The new rspamadm classifier_test utility can be used for your own experiments.
New GPT module
This release provides a module for using LLMs for text classification and unsupervised learning. You can read more about it in a dedicated blog post.
Improvements to known_senders and replies modules
This release introduces enhancements to the known_senders and replies modules, enabling them to work together to flag verified user contacts. With these improvements, senders to whom a user has previously replied will automatically receive negative scores. For more details, please refer to the documentation of these modules.
Dynamic multipliers for ratelimits are now disabled by default
To avoid potential confusion, dynamic ratelimits are now disabled by default and must be configured explicitly. Refer to the migration notes for details on how to do this.
Various bug fixes and new features
- Rspamd HTTP API now supports IO in messagepack serialization format,
rspamc client uses it now by default
- Fixed a bug where redis bayes learned cache could grow infinitely (and overflow Redis database)
- Fixed dynamic_symbols in the multimap plugin
- Honor dynamic thresholds for greylisting module
- Fixed a bug with statfiles disabling via settings
- Fixed slow timer so it is can now distinguish slow sync and async rules and act properly in different cases
- Implement fuzzy check retransmits backpressure
- Use libarchive for 7 zip compressed headers
- Serialize control commands to avoid missing/corrupted transfers over the worker <-> main channels
- Improved Lua userdata checks performance
- Reworked
grow_factor to work in an orderly fashion
- Fixed
SUBJ_ALL_CAPS for unicase scripts by @ikedas
- Fixed relearning of Bayes messages by
@aduernberger
- Fixed retrieving word count in the antivirus module by
@PxPert
- Improvements for rules by
@twesterhever and @ishisora
We extend our gratitude to everyone who contributed to this release.