aboutsummaryrefslogtreecommitdiffstats
path: root/centos/rspamd.spec
Commit message (Collapse)AuthorAgeFilesLines
* RPM: Add missing file to spec (Fixes #516)Andrew Lewis2016-02-221-0/+1
|
* RPM BuildRequires: s/perl/perl-Digest-MD5/Andrew Lewis2016-02-221-2/+2
|
* Release 1.1.01.1.0Vsevolod Stakhov2016-01-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Incompatible change: sqlite3 and per_user behaviour: Now both redis and sqlite3 follows the common principles for per-user statistics: 1) If per-user statistics is enabled check per-user tokens ONLY 2) If per-user statistics is not enabled then check common tokens ONLY If you need old behaviour, then you'd need to use separate classifier for per-user statistics. * Implement redis statistics backend and cache * Implement autolearning for statistics * Reworked statistics architecture from scratch * Add hyperscan (https://github.com/01org/hyperscan) engine for regular expressions: - add lazy loader for hyperscan databases - rework regexp cache to have joint pcre/hyperscan scanning - implement hyperscan pre-filter support - add compilation guards for bad expressions - implement `rspamadm control recompile` command - implement hyperscan cache monitoring - slides: <https://highsecure.ru/rspamd-hyperscan.pdf> * Implement flexible task logging * Rework fuzzy worker: - it is now possible to run multiple fuzzy workers; - implement lazy writing as sqlite3 is bad at concurrent writing; - add retries for simple sql commands in fuzzy backend; - use fine-grained transactions for fuzzy; - implement new multi-pubkeys mode; - allow encrypted only storages; - rework statistics for fuzzy; - add `rspamadm control fuzzystat` command for extended statistics; - implement human readable output for the previous command; - add condition script for learning fuzzy storage; * Various fixes to SPF: - fix `redirect` records; - fix domains when parsing mx/ptr/a records in includes/redirects; - fix issues with multiple addresses in SPF records; - ignore SPF results in case of DNS failure; - adjust TTL of records when resolving subelements of SPF records; - always select `v=spf1` line if it is available - do not cache records with DNS failure in subrequests; - ignore records with temporary fails during subrequests resolving; - fix `RDNS_RC_NOREC` support; * Add clang plugin for static analysis: - implement static checks for `rspamd_printf` format strings; * Add 'allow_raw_input' option for non-mime messages * Recognize types using libmagic * Fix parsing of IPv6 received headers * Add new interface of communication between workers in rspamd * Add support for named socketpairs * Don't write URLs by default as it is too verbose * Set status for HTTP replies * Try load `rspamd.conf.override` * Implement words decaying for text parts to limit many checks * Improve support of SA rules and plugins: - add check_for_shifted_date and check_for_missing_to_header eval rules; - add 'check_relays_unparseable' support; - add `check_for_mime('mime_attachement')` function; - use new re_cache interface for all SA rules; - add support for `Mail::SpamAssassin::Plugin::MIMEHeader`; - add support of 'special' SA headers to `exists` function; - fix issue when SA metas contain other metas; - fix freemail rules; * Many fixes to the URL parser * Match any newline character in regexps * Fix resolving of upstreams and detection of poor IPv6 configurations * Parse upstreams selection algorithm from the configuration line * Add `reresolve` command to the control interface * Generate fuzzy hashes from task metadata (URLs and headers) * Add method to check if IP is local and `local_addrs` option * Implement forced timeout for delayed filters * Disable fast path of pcre-jit as it seems to be broken * Bayes fixes: - new normalizer function; - really use weights of tokens from the OSB algorithm; - restore multiple classifiers support; * Rules changes: - add `R_SUSPICIOUS_URL` rule that detects obfuscated URL's; - improve empty image rule; - rework `FORGED_RECIPIENTS` rule; - reduce weight of `SUSPICIOUS_RECIPS`; - fix `*_NORESOLVE_MX` symbols in hfilter; - add `SUBJ_ALL_CAPS` rule with support of UTF8 - add spamhaus SBL to uribl - fix `SUSPICIOUS_RECIPS` and `SORTED_RECIPS` rules - remove `R_TO_SEEMS_AUTO` as it generates a lot of FP; - add new Message-ID regexp for Thunderbird (by @moisseev); * Plugins changes: - allow ratelimit plugin to set symbol instead of pre-result - support IP DNS black lists for URIBL (e.g spamhaus SBL); - drop deprecated SURBL bits (by @fatalbanana) - rename `JP_SURBL_MULTI` to `ABUSE_SURBL` (by @fatalbanana) - add `SURBL_BLOCKED` (by @fatalbanana) - add `CR_SURBL` - SURBL: allow fallthrough to default symbol (by @fatalbanana) - Settings: fix IP match (by @fatalbanana) - SURBL: add missing symbols to metric (by @fatalbanana) - allow processing images urls for SURBL - unconditionally disable SPF for authenticated users and local networks * Rework ratelimit plugin - switch to `rates` instead of old and stupid strings to setup; - check if a bucket is zero and disable the corresponding limits' - turn off all buckets by default; - check either `rcpt` or `user` buckets, not all together' - document new `rates` and `symbol` options; - inform user about what buckets are used in the configuration; * Add neural network **experimental** plugin * Add a sample script to learn neural network from rspamd logs * Add documentation strings support to rspamd: - add strings for the main configuration options; - document workers options; - add internal plugin options; - create `rspamadm confighelp` routine; - implement human readable output for the previous command; - add subtree search support; - add keyword search support; * Documentation improvements, tutorials section, statistics description * Many other minor and major bugfixes not noted here Signed-off-by: Vsevolod Stakhov <vsevolod@highsecure.ru>
* Remove hiredis from dependsVsevolod Stakhov2016-01-111-3/+2
|
* Simplify specVsevolod Stakhov2015-12-221-25/+3
|
* Fix centos specAlexey AL2015-12-131-1/+1
| | | libmagic included in file-devel package
* Add libmagic dependencyVsevolod Stakhov2015-11-121-2/+2
|
* Update version.Vsevolod Stakhov2015-10-271-1/+1
|
* Update specVsevolod Stakhov2015-10-261-1/+2
|
* Add missing entries to spec.Vsevolod Stakhov2015-09-281-0/+2
|
* Release 1.0.21.0.2Vsevolod Stakhov2015-09-231-1/+1
| | | | | | | | | | | | | | | | | | | * Fix critical bug in webui that prevents password from being sent * Rework webui view: - Switch to d3.js for graphs - Improve piechart look - Rework colors for piechart - Fix layout for symbols - Fix refresh button * Add descriptions for whitelist maps * Fix build on arm (#379) * Fix issue with the last element in the radix trie * Add more tests for radix trie algorithm * Allow to extract URLs from query strings of other URLs (#361) * Initialize rrd fields before writing to file * Fix double free if no password has been specified Signed-off-by: Vsevolod Stakhov <vsevolod@highsecure.ru>
* Release 1.0.11.0.1Vsevolod Stakhov2015-09-221-1/+1
| | | | | | | | | | | | | | | | | | | | * Add writing to rrd from the controller * Fixed lots of bugs in rrd code * Adopt new DNS API in hfilter plugin (by @AlexeySa) * Allow only one controller process to manage rrd file * Set event base for fuzzy calls * Improve fuzzy IO errors logging * Add rra extraction function to rrd library * Add graph handler to the controller * Cache correct passwords to avoid too high CPU usage when working with webui * Controller sockets are owned by router do not export them to task * Optimize logging by skipping hash table search if it's empty * Fix loading issue whith broken statfiles * Print assertions from glib to rspamd logger * Load legacy `lua/rspamd.local.lua` * Update webui with some fixes to learning and scanning Signed-off-by: Vsevolod Stakhov <vsevolod@highsecure.ru>
* Merge changes from OBS (except for EL6 stuff)Andrew Lewis2015-09-171-2/+13
|
* Update linux build specs.Vsevolod Stakhov2015-09-171-22/+29
|
* Try to fix build on suse.Vsevolod Stakhov2015-06-231-0/+3
|
* Release 0.9.40.9.4Vsevolod Stakhov2015-05-211-1/+4
| | | | | | | | | | | | | | | | * Fix critical bugs in tokenization algorithm * Write unit tests for tokenization * Add documentation for lua_tcp * Switch off legacy tokenization by default. * Fix critical bugs in words normalization * Add lua bindings to tokenizer. * Implement storing of HTTP headers inside task * Add lua API to accerss HTTP headers data * Implemented base64 encoding suitable for MIME * Use caseless hash and equal functions for HTTP request headers. * Improve debian architectures support (by @dottedmag) Signed-off-by: Vsevolod Stakhov <vsevolod@highsecure.ru>
* Release 0.9.30.9.3Vsevolod Stakhov2015-05-191-1/+4
| | | | | | | * Revert incorrect regexp change that broke the default rules * Fix lua_tcp module Signed-off-by: Vsevolod Stakhov <vsevolod@highsecure.ru>
* Release 0.9.20.9.2Vsevolod Stakhov2015-05-191-1/+4
| | | | | | | | | | | | | * Fix error on spawning unique workers. * Add preliminary version of generic LUA TCP requests API. * Use lua 5.1 if luajit is not available (Arm64, PowerPC, s390x etc) * Fix fuzzy mime strings with only type. * Improve thunderbird sanity checks. * Fix critical bug on matching regular expressions. * Make hiredis optional dependency. * Fix multiple bugs in daemon reloading Signed-off-by: Vsevolod Stakhov <vsevolod@highsecure.ru>
* Release 0.9.1.0.9.1Vsevolod Stakhov2015-05-171-1/+4
| | | | | | | | | | | | | * Restore utf8 validation for regular expressions to avoid crashes * Fix symbols displaying in the interface * Add symbol groups to the interface * Fix maps ID parsing in the controller * Add multimap and regexp modules documentation * Backport fixes from libucl * Fix debian package (by @dottedmag) * Rework XXH32 invocations Signed-off-by: Vsevolod Stakhov <vsevolod@highsecure.ru>
* Update RPM BuildRequires for 0.9Andrew Lewis2015-05-131-2/+3
|
* Fix spec for 0.9.0Vsevolod Stakhov2015-05-131-2/+10
|
* Pull changelogs from rspamd-0.8Mikhail Gusarov2015-03-181-1/+10
|
* Import spec tunes from OBS.Vsevolod Stakhov2015-03-161-0/+9
|
* Merge pull request #221 from fatalbanana/masterVsevolod Stakhov2015-03-131-0/+1
|\ | | | | Add rspamd.sysvinit.conf to RPM packaging list
| * Add rspamd.sysvinit.conf to RPM packaging listAndrew Lewis2015-03-131-0/+1
| |
* | Fixes to spec.Vsevolod Stakhov2015-03-131-1/+1
|/
* RPM: Clean up and unbreak future upgrades on Fedora/CentOS7Andrew Lewis2015-03-131-20/+12
|
* RPM: move patch out of wrong part of specfileAndrew Lewis2015-03-131-4/+3
|
* RPM: don't break rspamd on upgradeAndrew Lewis2015-03-121-0/+2
|
* RPM: Patch systemd service for CentOS7 & fix broken filesystem attributesAndrew Lewis2015-03-121-5/+7
|
* More RPM...Andrew Lewis2015-03-111-1/+1
|
* Fix RPM packaging properlyAndrew Lewis2015-03-111-11/+5
|
* Fixes for RPM packagingAndrew Lewis2015-03-111-21/+17
|
* Cosmetic changesAndrew Lewis2015-02-031-22/+14
|
* Fix regressionAndrew Lewis2015-01-151-4/+4
|
* Update RPM packagingAndrew Lewis2015-01-151-43/+63
|
* Remove whitelist.lua from RPM file listAndrew Lewis2015-01-021-1/+0
|
* Add Perl as build dependency for Debian/RPM packagesAndrew Lewis2015-01-021-2/+2
|
* Add sqlite as dependency for RPM/Debian packagesAndrew Lewis2015-01-021-1/+5
|
* Release 0.8.00.8.0Vsevolod Stakhov2015-01-021-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * New fuzzy check logic: - use shingles algorithm for fuzzy matching - use blake2 instead of md5 for larger output space - combine fuzzy and strict matching - allow to organize private storages by means of keys - preserve compatibility with previous versions * New fuzzy storage: - use sqlite instead of own memory based hash tables - rework commands interface - add conversion from the old format - add fuzzy match by shignles - support old rspamd versions * Add lemmatizing for words used in fuzzy hashes that allows to improve match quality by using of the first forms of all words * Rework language detection * Fix several critical bugs, memory leaks and deadlocks: - memory leak in HTML nodes parsing - deadlock in logger code - deadlock in signals processing - crashes in fuzzy_storage - crashes in tokenizers if the input was empty * Import new libucl with several bugfixes and improvements * Support listening on ipv6 addresses only * Fix macro expansion in SPF module * Several bugfixes in DKIM module * Add load headers support for mime parts to the lua API * Add documentation for: - workers in general - fuzzy_storage worker - fuzzy_check plugin - mimepart and textpart lua API modules Signed-off-by: Vsevolod Stakhov <vsevolod@highsecure.ru>
* Release 0.7.60.7.6Vsevolod Stakhov2014-11-241-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Apply boundary fix for dkim simple canonization * Fix ping command * Return nil if header was not found in lua_task * Fix hang in upstreams revive logic * Decode entitles when normalizing HTML parts * Fix logic of finding URLs in HTML parts * Do not include \0 into length of text when performing conversion to utf8 * Fix raw vs parsed reperesentations Raw parts are now: - decoded b64/qp, but *NOT* converted to utf-8 Processed parts are now: - converted to UTF-8 - normalized if needed (e.g. HTML tags are stripped) * Rework DKIM canonization to line based * Fix fuzzy hashes addding * Use more specific hash function for fuzzy * Fix leaking of iconv descriptors * Fix PTR resolving in lua resolver * Rework spf module. - Copy data to memory pool as cached record might be destroyed causing freed memory being passed to the protocol output (use after free) - Allow SPF_NEUTRAL policy to be handled separately - Add R_SPF_NEUTRAL to the default config * Rework `register_symbols` function * Allow to disable components of hfilter Signed-off-by: Vsevolod Stakhov <vsevolod@highsecure.ru>
* Release 0.7.50.7.5Vsevolod Stakhov2014-11-171-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | * Fix owner when creating folder /run/rspamd (by @sfirmery) * Fix IP validity checks * Decode URLs obtained from HTML tags * Fix crash with unweighted upstreams * Stop processing headers in parts * Set sockaddr.sa_family properly when connectig to upstreams * Fix reload issues in surbl and fuzzy_check (reported by @citrin) * Fix timeouts in redirector * Improve lua errors reporting * Fix lua closures processing in libucl * Rework calling of lua functions from regexp module * Choose raw regexp for raw headers * Rework conversion to utf since glib one is broken * Ignore SGML style tags in html * Fix old bug with non-capturing https urls * Fix memory corruption on fuzzy reload (reported by @citrin) * Fix percents display in rspamc * Fix buffer update for DKIM * Do not validate utf for raw headers Signed-off-by: Vsevolod Stakhov <vsevolod@highsecure.ru>
* Update versions.Vsevolod Stakhov2014-11-081-1/+4
|
* Release 0.7.3.0.7.3Vsevolod Stakhov2014-11-031-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * New upstreams code: - simplify upstreams API; - unify strings parsing in upstreams definition; - add configuration options for the upstreams; - for failed upstreams re-resolve their addresses; - use all resolved addresses for an upstream (round-robin); - implement stable hashing and use it by default for upstreams; - add unit test for upstreams module. * Rework signals processing in all rspamd workers: - signals are now processed in the event loop; - implement the most common signal handlers for all workers; - add callbacks for workers specific signal handlers * Fix critical issue with fuzzy storage: Fuzzy stroage could not save any hashes on termination due to bugged signals handling * Fix roll history IP storage * Rework ipv4/ipv6 handling in parsing addresses: - turn off support of IPV6_V6ONLY socket option; - create ipv6 socket prior to ipv4 one to handle systems with v6/v4 sockets enabled (Linux) * Remove CBL as it's wholly included in Spamhaus XBL (by @fatalbanana) * Remove nszones.com fake RBL (by @citrin) * Fix upstreams interaction for fuzzy_check * Verify spf PTR records (reported by @citrin) * Fix spf MX records parsing * Add compatibility for old libevent (by @yellowman) * Sync bugfixes from libucl Signed-off-by: Vsevolod Stakhov <vsevolod@highsecure.ru>
* Update rpm spec.Vsevolod Stakhov2014-10-151-1/+4
|
* Release 0.7.1.0.7.1Vsevolod Stakhov2014-09-301-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix typo in stat output. * Fix issues with includes crossing with the system includes * Restore testing framework * Add radix trie test suite * Implement new path-compressed radix trie. - The performance benefit over the old algorithm is about 1.5 times. - Memory usage is significantly lower as well. - Now radix trie can accept any IPv4/IPv6 values * Various improvements to the memory pools code * Fix writing reply to a client when no filters are defined * Write base32 encoded fuzzy * Fix 'soft reject' action * Fix rspamd reload and modules reconfiguration * Fix subject rewriting for the default subject * Fix states for processing task and pre-filters * Fix issues with connection closing * Fix crashes in rdns * Fix ratelimit pre-filter * Update exim patch. - Update to the recent exim version - Strip extra leading src/ from the patch - Remove sendfile since it was broken - Fix rspamd spam report for exim * Improve documentation Signed-off-by: Vsevolod Stakhov <vsevolod@highsecure.ru>
* Prepare for release.Vsevolod Stakhov2014-09-011-2/+9
|
* Remove judy and use glib hash tables.Vsevolod Stakhov2014-02-181-17/+1
| | | | | | | | There is no significant advantage to use Judy arrays over glib HashTables to store hashes in fuzzy storage. Therefore, drop support of Judy completely. Also rename `use_judy` parameter to `strict_hash` indicating that hashes are matched strictly (not a fuzzy match but a hash lookup).
* Start moving to HTTP world.Vsevolod Stakhov2014-01-121-1/+1
|
* Stop for 0.6.7.0.6.7Vsevolod Stakhov2014-01-101-1/+4
|