Rspamd, a widely used open-source spam filtering system for mail servers, gateways, and security appliances, has released version 4.0, introducing significant architectural changes, new protocols, and enhanced detection capabilities.
A key addition is the checkv3 protocol, available through the /checkv3 endpoint. It replaces legacy request handling with multipart/form-data input and multipart/mixed responses, supports structured metadata via JSON or Msgpack, offers optional zstd compression, and enables zero-copy response handling. Enable the protocol with rspamc --protocol-v3 or --msgpack.
The external libfasttext dependency has been replaced with a built-in mmap-based implementation. Fasttext models are now shared across worker processes using shared memory, reducing memory usage significantly. Existing .bin and .ftz models remain compatible.
Moreover, Rspamd 4.0 adds multi-flag fuzzy hashes, enabling a single hash to match multiple rules. It also introduces HTML fuzzy phishing detection to identify reused phishing templates with varying destination domains. Plus, configuration handling now supports Jinja2-compatible templating through the Lupa engine.
Infrastructure changes include replacing Jump Hash with Ring Hash (Ketama) consistent hashing, ensuring predictable key redistribution in sharded environments, and minimizing disruption during upstream changes. Deployments using sharded Redis for Bayes classification must run rspamadm statistics_dump migrate before upgrading to prevent data mapping issues.
Proxy behavior has also changed, with token bucket load balancing now enabled by default, replacing round-robin. Additionally, HTTPS support is now built directly into workers, with SSL automatically detected from the bind socket configuration, removing the need for a reverse proxy in some setups.
The neural subsystem now supports external pretrained models, LLM embedding providers, and advanced training and classification options. Bayes classification also gains multi-class support, moving beyond traditional spam and ham categorization.
Other enhancements include a pluggable Hyperscan cache backend with asynchronous compilation, structured metadata export with compression, UUID v7 generation per task, and improved PDF parsing and header validation.
Rspamd 4.0 also introduces several breaking changes. Content URLs are now included by default in message analysis, the ssl = true worker option has been removed, and SenderScore reputation checks are disabled by default. Lastly, keep in mind that DKIM handling now strictly follows RFC behavior, which may affect validation results for malformed signatures.
For more information, see the announcement or refer to the project’s GitHub changelog.
