Skip to main content
🚀 Major Release

Rspamd 3.14.0

Major Release with HTML Fuzzy Hashing, TCP Fuzzy Protocol, and Enhanced URL Processing

Added

  • HTML fuzzy hashing: Structural similarity matching for HTML content with per-rule text_hashes toggle and dedicated shingles generation (#5661, #5720)
  • Fuzzy TCP protocol: Full TCP support in fuzzy storage and check with auto-switch, connection management, and proper framing (#5669)
  • CTA URL extraction: New task:get_cta_urls() API and dedicated CTA module for proper call-to-action domain extraction (#5732)
  • Web search context: LLM plugin integration with search API for domain context enrichment with Redis caching (#5732)
  • HTML URL rewriting: Infrastructure for async HTML URL rewriting with Lua bindings and UTF-8 support (#5676)
  • Dark mode: Full dark mode implementation in WebUI with theme toggle and auto detection (#5725)
  • Email aliases: Advanced aliases resolution with loop detection for converging paths and expand_multiple mode (#5655)
  • ESMTP arguments: Milter ESMTP argument parsing with Lua API access for per-recipient metadata (#5663)
  • URL hash method: Exposed url:get_hash() method for efficient deduplication without string conversion overhead (#5732)
  • Postfix wizard: Configwizard integration for automated Postfix setup using postconf utility (#5667)
  • BSD workflows: Comprehensive GitHub Actions workflows for FreeBSD, NetBSD, and OpenBSD with Lua version selection (#5726, #5728, #5729)
  • Automated code review: GitHub Actions workflow for Droid-powered code review with Rspamd-specific guidelines (#5732)
  • Multimap multisymbol: Support for symbols with leading numerals in multimap plugin (#5680)
  • Remove headers array: Support array of positions for milter remove_headers operations (#5673)
  • Client IP forwarding: Proxy client IP preservation in message headers through chain (#5671)
  • Milter header support: rspamc --mime support for milter.add_headers object format (#5684)
  • Public suffix automation: Automatic synchronization of public suffix list via GitHub Actions (#5718)
  • Fuzzy migration utility: Redis migration utility for fuzzy storage data (#5692)
  • Integration test suite: Docker-based integration tests with ASAN, leak detection, and real corpus (#5688)
  • DMARC report headers: Auto-Reply-To and Precedence headers to prevent out-of-office replies (#5686)
  • NetBSD memory support: Memory usage tracking for NetBSD platform (#5726)

🔧 Fixed

  • DNS truncation: Preserve req->pos during reply validation to prevent packet truncation on UDP-to-TCP retransmits (#5739)
  • DNS transaction ID: Regenerate transaction ID before copying to TCP buffer to avoid collisions (#5739)
  • DMARC report batching: Add batching and forced GC for Redis connections to prevent connection pool exhaustion (#5737)
  • Batch size validation: Validate and normalize batch_size to prevent fractional indexing and loop errors (#5737)
  • Allocator mismatches: Fix jemalloc/system malloc mixing in getline(), hiredis, and libucl to prevent crashes (#5721, #5724)
  • Hyperscan version: Use runtime version instead of compile-time for database validation and auto-recreate invalid cache files (#5724)
  • DNS round-robin: Fix nameserver rotation from /etc/resolv.conf using ROUND_ROBIN instead of MASTER_SLAVE (#5721)
  • Memory leaks: Fix leaks in fuzzy storage khash, upstream parsing, address parsing, OpenSSL providers, and UCL objects (#5709)
  • Fuzzy TCP bugs: Fix double-release, timeout handling, buffer overflow, endianness mismatch, and race conditions (#5669, #5716)
  • Shutdown tracking: Keep srv events active during shutdown to track auxiliary processes via pipe notifications (#5728)
  • ARC signing: Restore strict header ordering per RFC 8617 and add ed25519 key support (#5684)
  • Composite evaluation: Implement two-phase evaluation for postfilter dependencies and fix symbol lookup (#5681)
  • URL extraction DoS: Refactor to use hash-based deduplication with 50k URL limit to prevent string table exhaustion (#5732)
  • Bayes autolearn: Allow skipping local/authenticated mail in default autolearn condition (#5679)
  • Bayes Redis discovery: Improve Redis server discovery for Bayes storage (#5714)
  • ESMTP args parsing: Robust per-recipient parsing in milter with safe cursor advance and refcount management (#5663)
  • HTML attribute offsets: Correct offset calculation for URL rewriting in HTML attributes (#5676)
  • OpenBSD support: Fix kinfo_proc member names and disable Hyperscan on OpenBSD (#5729)
  • FreeBSD packages: Fix zstd package name and add IGNORE_OSVERSION for version mismatches (#5729)
  • NetBSD build: Fix package installation with pkgin and correct dependency names (#5726, #5729)
  • Bayes metadata leak: Fix memory leak in stat metadata tokenization (#5688)
  • MIME anonymization: Remove Authentication-Results and anonymize envelope-from in Received headers for LLM processing (#5687)
  • Multimap symbols: Handle symbols with leading numerals in multimap (#5680)
  • Aliases validation: Prevent creation of malformed email addresses in aliases module (#5655)
  • HTML fuzzy cache: Fix cache key collision between text and HTML fuzzy hashes (#5661)
  • CSS normalization: Fix CSS class normalization in HTML fuzzy token generation (#5661)

🔄 Improved

  • RBL configuration: Refactored with new from selectors, content_urls checks, and lower_utf8 for hashed domains (#5733)
  • URL prioritization: Prioritize CTA URLs in redirector and Lua helpers with proper phishing bonus preservation (#5732)
  • Fuzzy checks structure: New structured checks configuration with backward-compatible legacy flags support (#5720)
  • Hash performance: Replace GHashTable with khash in fuzzy_check and CTA URL extraction for better performance (#5720, #5732)
  • WebUI icons: Replace Glyphicons with FontAwesome SVG icons (#5702)
  • WebUI libraries: Update CodeJar to 4.3.0, Node.js/ESLint, and D3-based visualization libs (#5684, #5717, #5738)
  • Bayes learn guards: Make learn guards configurable instead of hardcoded (#5701)
  • Lua logger: Add type specifiers support for better formatting (#5668)
  • DMARC reporting: Refactor to use helper functions and async maps for better maintainability (#5722)
  • Config refcounting: Add CFG_REF_* macros with debug logging for better lifecycle tracking (#5709)
  • Memory pool destructors: Smart destructor preallocation based on pool type with specialized allocation strategies (#5693)
  • Heap implementation: Convert to fully intrusive kvec-based implementation eliminating double allocation (#5693)
  • OpenSSL lifecycle: Move providers from global to libs_ctx for clearer ownership (#5709)
  • Libucl stack management: Automatic stack preservation for included files without outer braces (#5717)
  • Body rewriting: Improve body rewriting support in rspamc and proxy (#5675)
  • AI assistant config: Add Claude Code and Cursor AI configuration for development (#5667)
  • Fuzzy logging: Add protocol logging and reduce dumb log verbosity (#5669, #5701)
  • Docker configuration: Add explicit console logging and runtime flags (#5701)

This major release introduces groundbreaking features including HTML fuzzy hashing for structural similarity detection, TCP protocol support for fuzzy storage with improved reliability, and advanced URL processing with CTA extraction and deduplication. The release includes comprehensive memory leak fixes, improved BSD platform support, enhanced WebUI with dark mode, and better integration capabilities through ESMTP argument parsing and Postfix wizard. Critical DNS fixes prevent packet truncation, while DMARC reporting improvements solve Redis connection exhaustion. This is a significant upgrade recommended for all users, especially those processing HTML-heavy email or requiring advanced fuzzy matching capabilities.