Skip to main content
Feature Release

Rspamd 3.13.2

Feature Update with Enhanced Security and Performance

Added

  • Fuzzy check encryption: Separate encryption keys for read and write operations in fuzzy_check plugin (#5665)
  • DKIM ED25519 support: Full ED25519 support for DKIM signing and verification with OpenSSL version checks (#5664)
  • Vault KV v2 support: HashiCorp Vault KV version 2 support for DKIM key management with backward compatibility (#5654)
  • MetaDefender integration: MetaDefender Cloud Lua module for SHA256 hash lookups as free-tier anti-malware scanning alternative (#5656)
  • LLM context support: User/domain context support for LLM-based classification with Redis-based conversation context (#5647)
  • DMARC RUA exclusion: Configuration option to exclude specific RUA addresses from DMARC report storage (#5653)

🔧 Fixed

  • DKIM bodyhash calculation: Fixed relaxed bodyhash calculation for lines with only spaces to comply with RFC 6376 Section 3.4.4 (#5662)
  • DKIM key loading: Fixed ED25519 key loading to prevent memory corruption in union handling (#5664)
  • HTTP map intervals: Enforced server-controlled refresh intervals and prevented aggressive polling behavior (#5660)
  • HTTP map overflow: Prevented time_t overflow in expires header processing (#5660)
  • Once received plugin: Fixed duplicate symbol addition by changing break to return in check_quantity_received (#5658)
  • Redis Sentinel: Properly propagate unused Sentinel options (#5597)
  • Fuzzy check decryption: Fixed reply decryption when using separate read/write keys (#5665)
  • Fuzzy check fallback: Added fallback when only one specific encryption key is set (#5665)
  • Fuzzy check filtering: Fixed duplicate key filtering in reply decryption (#5665)
  • Fuzzy ping servers: Allow read/write servers configuration (#5665)

🔄 Improved

  • Fuzzy check performance: Refactored encryption key selection into helper functions for better maintainability (#5665)
  • Fuzzy check efficiency: Stop early when found a correct key to improve performance (#5665)
  • Development workflow: Added cursor rules for improved development experience (#5665)

This release introduces significant security enhancements with separate encryption keys for fuzzy operations, modern cryptographic support with ED25519 DKIM keys, improved infrastructure integration with Vault KV v2, and enhanced anti-malware capabilities with MetaDefender. The release also includes important fixes for DKIM compliance, HTTP map behavior, and various stability improvements. This is recommended as a security and feature update.