Rspamd 4.1 has been released as a major update to the open-source spam filtering system for mail servers, gateways, and security appliances.
A major change is the redesigned MX check system. The new three-layer Redis cache tracks domains, MX hosts, and resolved IP addresses, improving efficiency for domains sharing mail infrastructure, such as those hosted by Google Workspace, Microsoft 365, or other large providers.
Rspamd 4.1 also enhances upstream server selection with Power of Two Choices, latency tracking using an exponentially weighted moving average, and slow start for recovered upstreams. Plus, each SRV reply target now has its own upstream structure with separate error budgets, weights, latency data, and address lists.
Temporary DNS failures during configuration loading no longer cause upstreams to be dropped or modules to fail. Unresolved hostnames are now retried asynchronously, allowing the daemon to start and recover automatically when DNS becomes available.
Moreover, Rspamd 4.1 adds dynamic composites, enabling composite rules to be loaded from hot-reloadable maps using the same syntax as static composites. Maps can be file-based, URL-based, or signed. Reloads can register new names, retain removed names as stubs, and switch generations without interrupting ongoing scans.
The URL redirector now features a chain-aware Redis cache that stores per-hop results, enabling reuse of shared intermediate links across redirect chains. Rspamd 4.1 also introduces browser-like fingerprint profiles for redirect checks, replacing the previous flat User-Agent list with profiles for Chrome, Edge, Firefox, and Safari.
Container deployments benefit from new configuration options. The baseline pidfile and logging settings can now be overridden with environment variables such as RSPAMD_PIDFILE, RSPAMD_LOG_TYPE, and RSPAMD_LOG_FILE. Setting an empty pidfile disables its creation, which is useful when running Rspamd as PID 1. RSPAMD_LOG_TYPE=console directs logs to stdout.
Additional features include enhanced Elasticsearch logging, ClickHouse column presets, DMARC report throttling, improved autolearnstats output, feedback report parsers for DSN and ARF reports, a structured Lua extras loader, an eXpurgate scanner engine, per-worker memory statistics via rspamadm control memstat, and automatic loading of the fastText language model when available.
On the security side, Rspamd 4.1 addresses S/MIME parser crashes and recursion issues, strengthens MIME parser safeguards, resolves a nested-query URL denial-of-service vulnerability, and improves archive parsing for RAR, ZIP, and 7-zip attachments. Additional fixes address image linking, CSS parsing, header parsing, SPF parsing, DNS label handling, HTML entity decoding, empty-host URL handling, fuzzy network input, and libucl security.
For additional details, see the announcement or refer to the project’s GitHub changelog.
