[Rspamd-Users] Rspamd 1.9.2 has been released

Vsevolod Stakhov vsevolod at rspamd.com
Tue Apr 16 16:43:01 UTC 2019

We have released Rspamd 1.9.2 today.

This release contains some new features and bug fixes. The only
potentially slashing changes are the changes in Clickhouse module:

-   Times are now stored in GMT timezone so you can use Clickhouse for
    analytics that crosses time zones. The potential drawback is the
    mess with the currently stored data. This should be resolved
    automatically once new data arrives.

-   Clickhouse schema has been updated to the version 4 with new fields
    and some minor changes. The existing database should be converted
    automatically and there are no incompatible changes in columns.

This release includes the following features.

Improvements in Clickhouse plugin

Rspamd now stores more data in Clickhouse:

-   Mime recipients
-   Message IDs
-   Scan time for a message, both normal and virtual
-   SPF checks results
-   Some new calculated columns, such as MIMERcpt, MIMEFrom, SMTPFrom
    and SMTPRcpt

These columns are intended to improve analytical capabilities of
Clickhouse plugin.

OpenDKIM compatible DKIM signing setup

This version now includes a simplified DKIM signing setup option
inspired with OpenDKIM.

You can read more about it here:

This mode is intended to simplify migration from the existing setups
based on OpenDKIM to Rspamd.

Better encrypted archives support

Rspamd can now properly detect encryption in ZIP archives. Mime types
plugin now also tries to resolve hex encoding hack used by some spammers
to send malware to users (see PR 2582).

Calendar files parser

>From the version 1.9.2, Rspamd can extract meaningful data from Calendar
files in iCal format (.ics files). These files are sometimes used by
spammers so Rspamd can now extract hyperlinks and emails from calendar
attachments to improve filtering quality.

New rspamadm dns_tool utility

It is now possible to do some DNS checks with the new tool. For example,
it is now possible to verify SPF records as they are observed by Rspamd,
including elements extraction, for example a or mx and verification of
the IP addresses. Here is how it looks like:

Better bitcoin addresses detection

We have improved bitcoin addresses detection by fixing some issues in
the BTC wallet validation code. It now allows to catch Pay-To-Script

Full list of the meaningful changes

-   [Conf] Allow to load users plugins from plugins.d
-   [Conf] oversign openpgp and autocrypt headers
-   [Feature] Add SPF FFI library for Lua
-   [Feature] Add more verbosity for SPF caching
-   [Feature] Antivirus: Handle encrypted files specially
-   [Feature] Clickhouse: Slashing - add new fields to CH
-   [Feature] Dkim_signing: Add OpenDKIM like signing_table and
-   [Feature] Dkim_signing: Allow to use new options as maps
-   [Feature] Import fpconv library
-   [Feature] Lua_maps: Allow static regexp and glob maps
-   [Feature] Parse ical files
-   [Feature] Rspamadm: Add dns_tool utility
-   [Feature] Store SPF records digests
-   [Feature] Use fpconv girsu2 implementation for printing floats
-   [Fix] Clickhouse: Use integer seconds when inserting rows
-   [Fix] Fix floating point printing
-   [Fix] Fix processing of embedded urls
-   [Fix] Lua_clickhouse: Fix CH errors processing
-   [Fix] Make spf digest stable
-   [Fix] Properly detect encrypted files in zip archives
-   [Fix] Slashing: Store times in GMT timezone in ClickHouse
-   [Rules] Add additional conditions to perform BTC checks
-   [Rules] Fix pay-to-hash addresses validation

More information about the Users mailing list