Rspamd 1.2 has been released

2016-03-21 00:00:00 +0100

The next major release of rspamd: 1.2.0 is now released.

Key features:

  • Dynamic rule updates
  • Regular expressions maps support
  • Better performance: pcre2 support, faster fuzzy hashes, faster IP lookups
  • Improved stability: fixed many important bugs and memory leaks

This version is a gradual improvement over the previous 1.1 branch. It is the first release with rule updates support. I believe that it would be easier to backport new rules or critical score changes from the experimental branch to the stable one. Updates are signed to protect their integrity and authenticate the update source.

Among other features introduced by this version are regular expression maps support (with hyperscan acceleration if available). These maps could be used to match many regular expressions and, at the same time, detect certain patterns in the messages being scanned.

Rspamd 1.2 has a couple of performance improvements: it now supports the PCRE 2 regular expressions library that is usually faster than pcre 1. Fuzzy hashing gets further improvements by utilizing AVX2 instructions which are available for the Intel Haswell CPU family. From version 1.2 onwards, rspamd uses a better algorithm to store IP addresses allowing lookups among millions of IPv4 and IPv6 records in almost zero time.

The new release is scanned with Coverity scan and other static analysis tools that helped to fix many potential bugs and leaks. I believe that rspamd 1.2 is stable, solid and completely production-ready so far.

The complete log of changes can be found here:

There are many important additions in the documentation shipped with rspamd. There is now a frequently asked questions article that describes many aspects of practical rspamd use. The quick start guide has also been updated to improve new users’ experience when installing and running rspamd.

Rmilter has been also upgraded to version 1.7.5 which fixes important greylisting and clamav issues. The rmilter changelog is available here:

Rspamd vs Spamassassin performance comparison

2016-03-03 00:00:00 +0100

Just before 1.2 release, I have measured performance of rspamd comparing to SA. In this experiment, I’ve taken rspamd master branch with default rules. Then I’ve added all rules from SA using spamassassin plugin. Hence, two scanners run with almost exact set of rules.

This set is quite large and it includes about 3k of custom regexp rules. Rspamd runs without hyperscan and pcre2, so it performs literally the same job as SA does. And here are results for about 100k messages being scanned:

Total False Positives: 517
Total False Negatives: 348
Total messages: 101349

Total SA time: 423942 seconds, total rspamd time: 33149 seconds
Average SA time: 4182ms/msg, average rspamd time: 327ms/msg seconds

So the difference in checks is less than 1% and in many cases rspamd does better job than SA because, for example, multiple hits of URIBL rules, phishing detection and some other differences. And it’s still 13 times faster than SA. Moreover, it eats less memory and can process more messages in parallel. In other experiments, rspamd was able to process about 450 messages per second on a single SandyBridge 4 cores scanner box.

I plan to release rspamd 1.2 very soon with a lot of cool features, including dynamic rules updates. I would appreciate any help in testing of the experimental packages. In fact, they are already used in production and are even more stable than 1.1 branch.

Rspamd switches to apache 2 license

2016-02-04 00:00:00 +0100

In the modern world, software patents are a significant threat for the Open Source software. Therefore, I have decided to switch from the original BSD license to Apache-2 license. Whilst Apache license has the same permissive clauses as BSD license has there is an explicit definition of software patents in Apache license. The Apache License contains both a patent grant and a patent retaliation clause.

Another terms of licensing have not been changed: you can still use the code in your projects and you are not obliged to open your modifications to the code like you need in GPL. Contributed code is still licensed under BSD license.