./mail/rspamd, Fast, free and open-source spam filtering system

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.6.6, Package name: rspamd-1.6.6, Maintainer: bartosz.kuzma

Rspamd is fast, modular and lightweight spam filter. It is designed to work
with big ammount of mail and can be easily extended with own filters written in
lua.


Required to run:
[textproc/icu] [security/gnupg2] [mail/gmime] [devel/fann] [devel/glib2] [devel/ragel] [devel/lua-lpeg] [databases/hiredis] [lang/lua53]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: abd0f9ff4eba09888c7f2fe508defe38acab8238
RMD160: d4baae5bd369a95025d48d65f10640ef38bf331f
Filesize: 2429.182 KB

Version history: (Expand)


CVS history: (Expand)


   2018-02-19 12:49:01 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
mail/rspamd: Update to 1.6.6.

- [CritFix] Add sanity guards for badly broken HTML
- [CritFix] Another errors path handling fix
- [CritFix] Fix ARC chain verification
- [CritFix] Fix crash in milter errors handler
- [Feature] Allow to insert headers into specific position
- [Feature] Allow to receive signing keys from mempool vars
- [Feature] Authentication-Results: support hiding usernames
- [Fix] Another try to deal with #1998
- [Fix] Another try to fix #1998
- [Fix] Better handling of the legacy protocol
- [Fix] Check decoded headers sanity (e.g. by excluding \0)
- [Fix] Deal with nan and inf encoding in json/ucl
- [Fix] Deal with URLs wrapped in [] in text parts
- [Fix] DKIM signing: allow for auth_only to be false
- [Fix] Do not crash on empty subtype
- [Fix] Do not fail rbl plugin when there are no received or emails
- [Fix] Do not skip the last character
- [Fix] Do not try to dereference last character
- [Fix] Do not try to sign unknown domains
- [Fix] Exim Received header protocol parsing
- [Fix] First load selector_map and path_map. And only return false
  when domain not found if try_fallback is false
- [Fix] Fix bad archive characters stripping
- [Fix] Fix comparision
- [Fix] Fix connecting to a unix socket in rspamadm statconvert
- [Fix] Fix empty headers simple canonicalization
- [Fix] Fix extra hits in PCRE mode for regular expressions
- [Fix] Fix parsing of the per-user script
- [Fix] Fix processing of skip-hashes in fuzzy storage
- [Fix] Fix Redis timeout setup
- [Fix] Fix sanity checks on macro value
- [Fix] Fix text splitting: stack overflow (too many captures)
- [Fix] Fix urls/emails distinguishing found in queries
- [Fix] F-PROT Antivirus: only check return code to determine
  infection
- [Fix] Metadata exporter: check IP sanity
- [Fix] Multimap: received: filtering of artificial header
- [Fix] Plan new event on HTTP errors
- [Fix] Plug another possible memory leak
- [Fix] Remove hop-by-hop headers in proxy
- [Fix] Sanitize IP in history redis
- [Fix] Setting check_local / check_authed in plugins (#1954)
- [Fix] Settings: avoid checking invalid IP (#1981)
- [Fix] Try harder in passing IPv6 addresses
- [Fix] WebUI: use relative path for savemap (#1943)
- [WebUI] Fix message count in throughput summary (#1724)
- [WebUI] Fix NaNs display on Throughput graph
- [WebUI] Restore passwordless login support (#2003)
   2018-02-01 14:42:31 by Filip Hajny | Files touched by this commit (3)
Log message:
Amend patches with the pull request submitted to upstream.
   2018-02-01 10:58:11 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update mail/rspamd to 1.6.5.

1.6.5: 22 Oct 2017
- [CritFix] Another portion of tokenization fixes
- [CritFix] Fix memory leak in spf caching logic
- [CritFix] Fix milter commands pipelining
- [CritFix] Fix newlines detection
- [Feature] Filter nan and inf when adding scores
- [Feature] Implement headers flags in mime parser
- [Feature] Support Expires header when using HTTP maps
- [Fix] Actively load skip hashes map in fuzzy storage
- [Fix] Add workaround for IPv6 in sendmail
- [Fix] Authentication Results: Fix SPF smtp.mail_from
- [Fix] Check for magic when checking for an archive
- [Fix] Deal with another case when processing exceptions
- [Fix] Deal with URLs with no slashes after protocol
- [Fix] Do not allow garbadge when checking url domain
- [Fix] Do not ignore short words
- [Fix] Do not strip last character in the last word
- [Fix] Do not treat script content as text
- [Fix] Erase unknown HTML entities
- [Fix] Fix another tokenization issue
- [Fix] Fix DKIM forgeries via multiple headers
- [Fix] Fix emails detection
- [Fix] Fix empty threshold check in greylisting module
- [Fix] Fix enormous scores for R_WHITE_ON_WHITE
- [Fix] Fix loading of per-user redis backend for statistics
- [Fix] Fix multiple headers in DKIM headers list
- [Fix] Fix obscured url in format user@@example.com
- [Fix] Further tokenization fixes
- [Fix] Load skip map from all processes as shared cache is
  unavailable
- [Fix] Lowercase words
- [Fix] Milter headers: skip_local / skip_authenticated settings
- [Fix] Milter headers: X-Spamd-Result header if X-Virus ran first
- [Fix] Ratelimit: fix whitelisted_rcpts matching
- [Fix] Some more fixes towards emails detection
- [Fix] SpamAssassin: Fail check_freemail_header if regexp didn't
  match
- [Fix] Use greylisting threshold in greylisting module

1.6.4: 10 Sep 2017
- [Feature] Add method to get all content-type attributes in Lua
- [Feature] Add some sanity checks for actions and controller
- [Feature] Allow randomly select User-Agent from a list
- [Feature] Deal with obscured URLs with @ symbols
- [Feature] Milter headers: support adding/removing arbitrary headers
  from config
- [Fix] Add another workaround to display history properly
- [Fix] Add missing rspamadm control options to help
- [Fix] Auth-Results: Multiple DKIM signatures
- [Fix] Crash in URL processing
- [Fix] Default monitoring domain for surbl plugin
- [Fix] Detection of maillist optimized and fixed
- [Fix] Do not cache SPF records with PTR elements
- [Fix] Fix blacklists and DMARC in whitelist
- [Fix] Fix exceptions list in surbl
- [Fix] Fix processing of closed tags
- [Fix] Fix PTR processing in SPF
- [Fix] Lowercase HTTP headers to make them searchable from Lua
- [Fix] options.local_networks setting
- [Fix] Ratelimit: lowercase email addresses
- [Fix] Rebalance and slightly rework MX check plugin
- [Fix] Redis script loading in DMARC; URL tags; URL reputation
- [Fix] Reject invalid bh for DKIM signatures earlier
- [Fix] Remove incorrect method `task:set_metric_subject`
- [Fix] Rewriting subjects via force actions module
- [Fix] RPM postinstall
- [Fix] Treat 'rewrite subject' as spam action
- [Fix] Try harder to find urls
- [Fix] Use full URL when making an HTTP request
- [Fix] Use raw urls when sending requests to redirector
- [Fix] Use weight from map for fuzzy scoring
- [Rules] Penalise R_BAD_CTE_7BIT for utf8 messages

1.6.3: 26 Jul 2017
- [CritFix] Fix semicolons parsing in the content type
- [Feature] Add EBL to the default config
- [Feature] Allow to configure monitored
- [Feature] Allow to skip specific hashes in fuzzy storage
- [Feature] Multimap: checking of symbol options
- [Feature] Redis settings: support checking multiple keys
- [Fix] ARC: Fix Lua 5.3 compatibility; timestamp should be integer
- [Fix] Avoid changing content-transfer-encoding header's value
- [Fix] Don't use whitelist/greylist maps as regexp, but as map
- [Fix] Fix get_content method
- [Fix] Header checks: Fix get_raw_header method
- [Fix] Header checks: REPLYTO_UNPARSEABLE rule
- [Fix] Lua_http: freeing
- [Fix] Milter headers: custom headers: removing headers
- [Fix] Parse HREF urls without explicit prefix
- [Fix] WHITE_ON_WHITE: Ensure score is matched to part that fired the
  rule
- [WebUI] Escape strings inside HTML in history

1.6.2: 08 Jul 2017
- [Conf] Remove Rambler email bl for now
- [Conf] Switch RAMBLER_URIBL to a locally managed source
- [CritFix] Switch from ragel to C for Content-Type parsing
- [Feature] Add `-e` option for lua_repl
- [Feature] Add per-domain emails normalisation rules
- [Feature] Add sessions cache to debug dangling sessions
- [Feature] Add short_text_direct_hash for fuzzy check module
- [Feature] Add text_part:get_stats function
- [Feature] Allow to add custom processing script for surbl
- [Feature] Allow to check reply-to email
- [Feature] Allow to customize spam header, remove existing spam
  headers
- [Feature] Allow to disable specific workers in the config
- [Feature] Allow to discard messages instead of rejection
- [Feature] Allow to specify custom delimiter in emails plugin
- [Feature] Allow to specify custom User-Agent for rspamc
- [Feature] Allow to store symbols data in Clickhouse
- [Feature] Allow to use HTTPS when connecting to Clickhouse
- [Feature] Enable sessions cache tracking for milter connections
- [Feature] Implement per-line mode in lua_repl (like `perl -p`)
- [Feature] Implement rdns-curve plugin based on rspamd cryptobox
- [Feature] Improve maps cached data lifetime
- [Feature] Improve maps checking frequency
- [Feature] Improve monitored timeouts logic
- [Feature] milter_headers: add `extended_headers_rcpt` option
- [Feature] Milter headers: Add X-Spam-Flag to rmilter-compatibility
  headers
- [Feature] Milter headers: remove-header routine
- [Feature] Multimap: received filters for extracting TLDs from
  hostnames
- [Feature] Normalize email aliases in emails module
- [Feature] Re-add rambler email bl (as hashed list)
- [Feature] Reload file maps more frequently
- [Feature] Rework newlines strip parser one more time
- [Feature] Skip updates for messages scanned via controller
- [Feature] Split long DKIM public keys
- [Feature] Store more data when stripping newlines
- [Feature] Support SPF macros transformations
- [Feature] Support suppressing DMARC reports for some domains
- [Fix] Add missing `break` statement
- [Fix] Allow modifiers in SPF macros
- [Fix] DKIM sign tools: edge-cases around use_esld
- [Fix] Do not cache SPF records with macros
- [Fix] Do not overwrite score when setting pre-action
- [Fix] Fix comparison logic
- [Fix] Fix DKIM base64 folding for milter flagged messages
- [Fix] Fix emails module configuration
- [Fix] Fix folding for arc headers when milter interface is used
- [Fix] Fix gmail dots removal
- [Fix] Fix rspamc detection in greylist module
- [Fix] Fix some more issues with HTTP maps
- [Fix] Milter sessions can live forever
- [Fix] Normalize fuzzy probability better
- [Fix] Plug memory leak
- [Fix] RBL: Fixed hashed email address lookups
- [Fix] Try to deal with brain-damaged milter behaviour
- [Fix] Use `\n` to fold headers for milter
- [Rework] Allow to use custom callback for monitored checks
- [Rework] Further steps towards one process monitoring
- [Rework] Send health checks from a single worker
- [WebUI] Round-up throughput summary values
   2018-02-01 10:07:23 by Filip Hajny | Files touched by this commit (3)
Log message:
mail/rspamd: Fix unprivileged execution in rc.d and SMF.
   2018-01-31 21:09:20 by Filip Hajny | Files touched by this commit (3)
Log message:
mail/rspamd: Provide endian detection and fcntl support. Fixes SunOS builds.
   2017-11-30 17:45:43 by Adam Ciarcinski | Files touched by this commit (654) | Package updated
Log message:
Revbump after textproc/icu update
   2017-09-18 11:53:40 by Maya Rashish | Files touched by this commit (676)
Log message:
revbump for requiring ICU 59.x
   2017-06-23 15:47:06 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
Updated rspamd to 1.6.1.

1.6.1: 14 Jun 2017
	* [Fix] Allow to init resolver without rspamd_config
	* [Fix] Do not crash when resolver failed to initialize
	* [Fix] Fix abstract context layout
	* [Fix] Fix CGP helper reply parsing
	* [Fix] Fix crashes when socket write errors occur
	* [Fix] Fix parsing IPv6 nameservers in resolv.conf
	* [Fix] Milter: Don't defer on "greylist" action

1.6.0: 12 Jun 2017
	* [Conf] Add rspamd_proxy to the default configuration set
	* [Conf] Add sample arc module config
	* [Conf] Do away with systemd specifics completely
	* [Conf] Increase min_bytes to avoid FP
	* [Conf] Remove ratelimits from default configuration
	* [CritFix] Fix accepting on IPv6 sockets
	* [CritFix] Fix corruption when multiple fuzzy are defined
	* [CritFix] Fix learn condition in fuzzy check
	* [CritFix] Fix memory leak in fuzzy check
	* [CritFix] Fix memory leak in maps scheduling
	* [CritFix] Paese the last character in DKIM signature correctly
	* [CritFix] Zero fill sockaddr_un
	* [Feature] Add ability to add doc strings by example
	* [Feature] Add API to verify DKIM (and ARC) signatures
	* [Feature] Add compression/decompression to proxy
	* [Feature] Add count to url structure
	* [Feature] Add initial support of the new protocol reply
	* [Feature] Add Lua plugin spamtrap
	* [Feature] Add `monitored_address` for rbls
	* [Feature] Add new schema for bayes tokens
	* [Feature] Add preliminary ARC support to dkim code
	* [Feature] Add preliminary support of ARC signing
	* [Feature] Add rules to detect bad 8bit characters in From and To
	* [Feature] Add scanning support for milter protocol
	* [Feature] Add support for bidirectional symbols in rspamd_stats
	* [Feature] Add support for static maps
	* [Feature] Add support of maps with multiple regexps matches
	* [Feature] Add `text_multiplier` param
	* [Feature] Add the preliminary ARC plugin
	* [Feature] Add top redirector targets rank
	* [Feature] Allow async events to be registered from LUA rules
	* [Feature] Allow storing bayes tokens in Redis
	* [Feature] Allow to exclude specific domains from mx check
	* [Feature] Allow to have a stack of watcher finalisers
	* [Feature] Allow to pass hostname to `-i` flag in Rspamc
	* [Feature] Allow to set custom user agent in url redirector
	* [Feature] Allow to use custom callback when parsing resolv.conf
	* [Feature] Allow to use domain from authenticated user
	* [Feature] Bayes expiry plugin
	* [Feature] Check dkim sign keys for modifications
	* [Feature] DKIM signing: sign_networks/local address specific use_domain settings
	* [Feature] DMARC: Support excluding domains from sampling
	* [Feature] Expire processing items for URL redirector aggressively
	* [Feature] Fix surbl monitored for IP lists, add `monitored_domain` option
	* [Feature] Implement caching for dkim body hashes
	* [Feature] Implement milter protocol scan reply
	* [Feature] Improve omograph phishing detection
	* [Feature] Initial support of self-scan in Rspamd proxy
	* [Feature] Keep track of headers in milter interface
	* [Feature] Milter headers: better controls for local/authenticated
	* [Feature] Multimap: email:domain:tld filter
	* [Feature] Preliminary DMARC reporting implementation
	* [Feature] Reuse stemmers in the cache
	* [Feature] Rework confighelp to load Lua plugins
	* [Feature] Rework hfilter to use hyperscan if possible
	* [Feature] Rework lua RSA API
	* [Feature] Rmilter_headers: approximate rmilter's extended_spam_headers
	* [Feature] Start integration of milter support in proxy
	* [Feature] Store average words length and short words count
	* [Feature] Store hash of headers order and names
	* [Feature] Support MTA name header
	* [Feature] Support multiple types of dkim signing in Lua
	* [Feature] Support numeric arguments for Redis requests
	* [Feature] Use headers hash in bayes metatokens
	* [Feature] Use normal resolv.conf rules of rotation in Rspamd
	* [Feature] Use version 2 proto for checking messages
	* [Fix] Allow to follow symlinks when safe
	* [Fix] Append MX name for authentication results as required
	* [Fix] Change default text multiplier from 0.5 to 2.0
	* [Fix] Check min_bytes for images as well
	* [Fix] Deal with 7bit charsets properly
	* [Fix] Deal with 8bit characters in email addresses
	* [Fix] Deal with unpaired <a> tags
	* [Fix] Detect confighelp in plugins initialisation
	* [Fix] Disable certain checks for utf spoof detection
	* [Fix] DKIM Signing: avoid nil index when From header is missing
	* [Fix] Do not add exact hashes from different parts
	* [Fix] Do not check DMARC if SPF or DKIM were not checked
	* [Fix] Do not check URLs that are resolved to be redirected
	* [Fix] Do not set bayes probability if we don't use it
	* [Fix] Do not stop on illegal unicode points - replace them
	* [Fix] Fix another race condition in arc checks
	* [Fix] Fix arc count logic
	* [Fix] Fix ARC signing
	* [Fix] Fix brain-damaged spamc protocol for now
	* [Fix] Fix calling for peak functions
	* [Fix] Fix couple of issues in FORWARDED rule
	* [Fix] Fix CTE propagation from parent containers to children parts
	* [Fix] Fix errors processing in the controller
	* [Fix] Fix format string in milter
	* [Fix] Fix issues in SPF macros parsing
	* [Fix] Fix logging format string
	* [Fix] Fix logic of cached passwords check
	* [Fix] Fix lowercasing of stemmed words
	* [Fix] Fix LRU elements removal
	* [Fix] Fix memory leak when accepting from unix sockets
	* [Fix] Fix milter connections persistence
	* [Fix] Fix objects merging in UCL
	* [Fix] Fix order of operations to avoid race condition
	* [Fix] Fix parsing of long regexp types
	* [Fix] Fix passing data to log helper when many symbols defined
	* [Fix] Fix pools management for milter session
	* [Fix] Fix processing of the watchers
	* [Fix] Fix queue id macro in milter
	* [Fix] Fix R_BAD_CTE_7BIT rule
	* [Fix] Fix Redis timeout set
	* [Fix] Fix REPLYTO_UNPARSEABLE rule
	* [Fix] Fix setting of email address
	* [Fix] Fix some more issues about duplicated fuzzy requests
	* [Fix] Fix spamc support in rspamd proxy
	* [Fix] Fix syntax error in spamtrap plugin
	* [Fix] Fix url counts for href urls
	* [Fix] Fix url handling in the protocol
	* [Fix] Multimap: Received IP filters with Redis
	* [Fix] Oops, fix d9d0fa5e86db2f4470d34395a233b450478b2f60
	* [Fix] Parse rgb[a](x,x,x[,x]) css colors
	* [Fix] Phishing: strict_domains
	* [Fix] Reduce maps aggressiveness
	* [Fix] Reresolve upstreams even if there is a single server there
	* [Fix] Rspamadm grep: Disable Lua patterns in string search by default
	* [Fix] Skip text parts when checking binary parts in fuzzy check
	* [Fix] Support v2 checks in controller
	* [Fix] Treat empty address as valid
	* [Fix] Try harder to detect CTE
	* [Fix] Try to deal with v4 mapped to v6 addresses on accept
	* [Fix] Use dkim signing callback properly
	* [Fix] Use non-volatile memory for storing data
	* [Fix] Use static maps instead of ugly hack for radix_from_config
	* [Fix] Use the same pool for related sessions
	* [Rework] Continue modularisation for lua library
	* [Rework] Initial milter protocol support
	* [Rework] Make log pipes worker agnostic, add scanners API
	* [Rework] Move authentication results generation to a separate routine
	* [Rework] Move common DKIM functions to a separate lua module
	* [Rework] Move global functions to a separate directory
	* [Rework] Prepare dkim module for ARC checks
	* [Rework] Propagate ucl variables from the command line
	* [Rework] Remove multiple metrics support from Rspamd
	* [Rework] Stop using name 'rmilter' for the modern protocol
	* [Rework] Use LFU algorithm in LRU cache
	* [Rules] Fix received TLS rules
	* [Rules] Improve URL_COUNT_ODD rule
	* [WebUI] Fix add header filter in history
	* [WebUI] Use modern protocol for checking messages

1.5.9:
	* [Conf] Increase min_bytes to avoid FP
	* [Conf] Remove ratelimits from default configuration
	* [CritFix] Fix accepting on IPv6 sockets
	* [CritFix] Zero fill sockaddr_un
	* [Feature] Add `text_multiplier` param
	* [Fix] Check min_bytes for images as well
	* [Fix] Do not add exact hashes from different parts
	* [Fix] Fix memory leak when accepting from unix sockets
	* [Fix] Fix some more issues about duplicated fuzzy requests
	* [Fix] Phishing: strict_domains
	* [Fix] Skip text parts when checking binary parts in fuzzy check
	* [Minor] Add the same duplicates protection for all fuzzy hashes types
	* [Minor] Fix braces
	* [Minor] Fix test
	* [Minor] SPOOF_DISPLAY_NAME: Use all SMTP/MIME recipients
	* [Minor] Validate assumed spoofed display name domains to contain a dot

1.5.8:
	* [CritFix] Fix memory leak in fuzzy check
	* [CritFix] Fix memory leak in maps scheduling
	* [Feature] Multimap: email:domain:tld filter
	* [Fix] DKIM Signing: avoid nil index when From header is missing
	* [Fix] Do not set bayes probability if we don't use it
	* [Fix] Do not stop on illegal unicode points - replace them
	* [Fix] Fix brain-damaged spamc protocol for now
	* [Fix] Fix Redis timeout set
	* [Fix] Fix spamc support in rspamd proxy
	* [Fix] Multimap: Received IP filters with Redis
	* [Fix] Parse rgb[a](x,x,x[,x]) css colors
	* [Fix] Reresolve upstreams even if there is a single server there
	* [Fix] Treat empty address as valid
	* [Fix] Try harder to detect CTE
	* [Fix] Try to deal with v4 mapped to v6 addresses on accept
	* [Minor] Add `wsf` and `hta` bad archive extensions
	* [Minor] Fix configuration option
	* [Minor] Fix result parsing for SAVAPI
	* [Minor] Further logging improvements
	* [Minor] Improve logging of errors
	* [Minor] Prevent MID_CONTAINS_FROM from firing on empty address
	* [Minor] Reduce digit->number transmission penalty
	* [Minor] Relax CTYPE_MISSING_DISPOSITION rule

1.5.7:
	* [CritFix] Fix corruption when multiple fuzzy are defined
	* [CritFix] Fix learn condition in fuzzy check
	* [Feature] Add rules to detect bad 8bit characters in From and To
	* [Feature] DKIM signing: sign_networks/local address specific use_domain settings
	* [Feature] Support numeric arguments for Redis requests
	* [Fix] Deal with 8bit characters in email addresses
	* [Fix] Fix couple of issues in FORWARDED rule
	* [Fix] Fix passing data to log helper when many symbols defined
	* [Fix] Fix R_BAD_CTE_7BIT rule
	* [Fix] Fix REPLYTO_UNPARSEABLE rule
	* [Fix] Fix setting of email address
	* [Fix] Rspamadm grep: Disable Lua patterns in string search by default
	* [Minor] Add Lua 5.3 workaround
	* [Minor] Add lua methods to detect if a part has 8bit characters
	* [Minor] Allow session-less lua dns requests
	* [Minor] Allow to append greylist end time to message reported
	* [Minor] Avoid `nil` table
	* [Minor] Disable dkim_signing if redis is specified but not configured
	* [Minor] Fix build with pcre2
	* [Minor] Fix rule
	* [Minor] Fix warnings
	* [Minor] Format floating point number
	* [Minor] Push email flags to the lua API
	* [Minor] Silence some warnings
	* [Minor] Silence warning
	* [Minor] Try all hostname regexps to find the most significant one
	* [WebUI] Fix add header filter in history