Rspamd

Rspamd is an open source web-based filtering system that has been initially designed as a replacement of popular spamassassin (spamd) daemon on Linux/UNIX operating systems. It is very fast and modular, it is written in the C programming language and speciafically designed to process connections asynchronous.

Features at a glance

Key features include support for SURBL filters, support for Fuzzy hashes, regular expression rules for filtering various parts of a message, various built-in functions for easily analyzing messages, support for character tables and emails, as well as support for remote management and statistics gathering.

In addition, we can mention that the software is highly extendable via a Lua and Perl-based plugin system, supports statistics (Winnow/OSB), supports statistics auto-learning, and it’s fully compatible with the spamassassin tool.

Getting started with Rspamd

As its name suggests, Rspamd is a daemon that, once started, it runs in the background and you won’t be able to interact with it like you would do with a regular command-line program or a graphical application. However, it comes with a web-based administration interface.

To install it, download the latest version from Softoware, extract it on a location of your choice, open a terminal emulator and navigate to the location of the extracted files. Type the “cmake .” command to configure the program, run the “make” command to compile it and the “make install” command, as root, to install it system wide. Please note that all commands must be run without quotes.

Under the hood and availability

Rspamd is a very fast, stable and simple program written entirely in the C programming language and designed to be deployed only on GNU/Linux systems. It is available for download as a single, universal sources archive, but you can also clone it from Git. Various distributions of Linux might have the Rspamd package in their default software repositories if you’re looking for an easy way to install it. It supports both 32-bit and 64-bit hardware platforms.

What is new in this release:

• Improved optimizations via abstract syntax tree for all expressions (my presentation describes some basic principles of optimizations.
• Switched to luajit and pcre jit by default. JIT compilation allowed to improve the performance in the bottlenecks so now rspamd is significantly faster than 0.8 branch.
• Added spamassassin rules support: you can now use the most of your spamassassin rules in rspamd natively. Of course, they are optimized with JIT and AST techniques.
• Added encryption support: rspamd now can encrypt all traffic with extremely fast and low latency encryption based on public key cryptography and cryptobox construction.
• New aho-corasic implementation has been imported. Now rspamd can search for hundreds thousands of search patterns in almost linear time.
• New statistics architecture:
• advanced tokenization techniques (secure or fast hashes);
• improved UTF8 tokenization;
• avoid multiple learning by the same message by maintaining learning cache;
• improved features normalization to reduce false positives rate.

What is new in version 0.7.2:

• This version fixes a bug when the controller was bound to 127.0.0.1 by default instead of localhost.
• Various fixes and improvements for the rbl module.
• Allows custom configuration via .try_include macro in the default config file.
• Fixes an issue with the random number generator in DNS code.
• Optimizes the hfilter plugin. Fixes the whitelist module.
• Some default weights and actions were tuned.

What is new in version 0.6.7:

• This release fixes several important issues.
• It binds on the both IPv6 and IPv4 wildcard addresses.
• A serious calculation bug in statistic has been fixed (it was valid for some platforms, including FreeBSD).
• The DNS ID generator now uses a more fast and secure ChaCha20 based permutator (the TEA permutator was used previously).
• A number of minor bugs have been fixed, including setting zero weight for unknown symbols.
• A new documentation project has been started.

What is new in version 0.6.6:

• An issue with the BUFSIZ limitation in the controller output was fixed.
• Escaping of logging symbols was simplified.
• Weights were adjusted for several rules.
• Spamhaus RBL support was improved.
• PBL was removed from received header checks.
• A hfilter module that performs various HELO and IP checks was added.
• Rspamd can now be reloaded using the HUP signal.
• Fuzzy storage should expire hashes properly.
• The build system has been reworked for better support of pkg-config.
• Various minor bugs were fixed.

What is new in version 0.6.5:

• A critical bug in the DNS resolver was fixed. multimap and rbl plugins were improved to skip invalid IP addresses.
• A dns_sockets option was added for tuning sockets per server in the DNS resolver.
• Packages for rspamd were improved.

What is new in version 0.6.4:

• This version added IO channels for DNS requests to balance load and reduce the chance of ID collisions.
• A bug in the SPF filter that may have caused core dumps in specific circumstances was fixed.
• The default config of the rbl module was fixed .
• It is now possible to get a list of rspamc commands with their descriptions.
• SORBS dnsbl was added to the default config.
• The 2tld file for the surbl module has been significantly extended.
• An issue in libucl when parsing macros was fixed.

What is new in version 0.5.6:

• This version fixes bugs in the rolling history update and in UDP socket handling in the fuzzy storage code.
• It adds an ability to scan input streams without Content-Length headers, making it possible to handle streaming clients.
• It implements the counters output for controller and rspamc client to display statistics about rspamd symbols, their frequencies, and average execution times.
• It improves the build system to work with lua 5.2 and to detect the mathematical functions required.

What is new in version 0.5.5:

• The Bayes statistical module now uses the inverse chi-square distribution for normalizing, which increases accuracy of spam filtering.
• Support for IPv6 was improved with the ability to listen on IPv6 addresses, address selection algorithms, and support for IPv6 DNS resolvers.
• Fuzzy storage has been improved to support update requests only from specific IP addresses.
• A number of bugs in the main code and Web UI were fixed.
• A CentOS RPM spec file has been added.

What is new in version 0.5.4:

• This is the first rspamd version with a user-friendly Web interface based on JS+HTML5.
• Many cleanups and bugfixes have been done, oriented to maximum performance and stability.

What is new in version 0.5.2:

• This version adds Lua bindings for basic MIME parts and a DNS resolver.
• Existing Lua bindings now work without a task object, allowing you to use them in custom code.
• The threads system was reworked to avoid global Lua interpreter lock.
• The DKIM module now converts all line endings to CRLF as opendkim does.
• The URL detector is now more accurate for text parts.
• Several critical bugs and memory leaks were fixed.