The release of the Rspamd 3.0 spam filtering system is presented, which provides tools for evaluating messages according to various criteria, including rules, statistical methods and black lists, on the basis of which the final weight of the message is formed, which is used to decide whether to block. Rspamd supports almost all the features implemented in SpamAssassin and has a number of features that allow you to filter mail on average 10 times faster than SpamAssassin, as well as provide better filtering quality. The system code is written in C and distributed under the Apache 2.0 license.
Rspamd is built using an event-driven architecture and was originally designed for use in high-load systems, allowing it to process hundreds of messages per second. The rules for detecting spam signs are highly flexible and can contain regular expressions in the simplest form, and in more complex situations they can be written in the Lua language. Extending the functionality and adding new types of checks is implemented through modules that can be created in the C and Lua languages. For example, modules are available for verifying the sender using SPF, verifying the sender's domain via DKIM, and querying DNSBL lists. An administrative web interface is provided to simplify configuration, create rules, and track statistics.
The significant increase in the version number is due to significant changes to the internal architecture, especially the HTML parsing parts, which have been completely rewritten. The new parser parses HTML using the DOM and generates a tree of tags. The new release also introduces a CSS parser that, in combination with a new HTML parser, allows you to correctly extract data from emails with modern HTML markup, including distinguishing between visible and invisible content. It is noteworthy that the parser code is written not in C, but in C ++ 17, which requires a compiler with support for this standard to be assembled.
Other innovations:
- Added support for the Amazon Web Services (AWS) API, which provided the ability to directly access Amazon cloud services from the Lua API. As an example, a plugin is proposed that saves all messages to Amazon S3 storage
- The code for generating reports related to the use of DMARC technology has been redesigned. The functionality for sending reports has been moved to a separate spamadm dmarc_report command.
- Added support for "DMARC munging" for mailing lists, replacing the From address in messages with the mailing address if the message has valid DMARC rules.
- Added an external_relay plugin that solves an issue with plugins such as SPF using the trusted mail relay IP address instead of the sender address.
- Added "rspamadm bayes_dump" command to write and download Bayesian tokens, allowing them to be transferred between different Rspamd instances.
- Added plugin to support Pyzor's collaborative spam blocking system.
- The monitoring tools have been redesigned, which are now called less often and create less load on external modules.
Source: opennet.ru