Rspamd 4.0 Spam Filtering System Released With checkv3 Protocol

Rspamd 4.0, the latest release of the popular open-source spam filtering system for mail servers and gateways, brings major architectural updates, new protocols, and stronger detection features.

One of the standout additions is the new checkv3 protocol, accessible via the /checkv3 endpoint. It replaces the older request system with multipart/form-data input and multipart/mixed responses, supports structured metadata using JSON or Msgpack, and includes optional zstd compression along with zero-copy response handling. It can be enabled using rspamc --protocol-v3 or --msgpack.

The external libfasttext dependency has been removed in favor of an internal mmap-based implementation. Fasttext models are now shared across worker processes through shared memory, greatly reducing overall memory usage while remaining compatible with existing .bin and .ftz models.

Rspamd 4.0 also introduces multi-flag fuzzy hashes, allowing a single hash to match multiple rules, and adds HTML fuzzy phishing detection to catch reused phishing templates even when target domains differ. Configuration management has been enhanced with support for Jinja2-style templating via the Lupa engine.

On the infrastructure side, consistent hashing has been switched from Jump Hash to Ring Hash (Ketama), improving key distribution stability in sharded setups and reducing disruptions when nodes change. Users running sharded Redis for Bayes classification are required to run rspamadm statistics_dump migrate before upgrading to avoid data mapping issues.

Proxy behavior has been updated as well. Token bucket load balancing is now the default, replacing round-robin, and HTTPS support is built directly into worker processes, automatically detected from bind socket settings—eliminating the need for a reverse proxy in some cases.

The neural subsystem has been expanded with support for external pretrained models, LLM embedding providers, and more advanced training and classification methods. Bayes classification now supports multiple classes instead of just spam and ham.

Additional improvements include a pluggable Hyperscan cache backend with asynchronous compilation, compressed structured metadata export, UUID v7 generation per task, and better PDF parsing and header validation.

However, this release also introduces some breaking changes. Content URLs are now analyzed by default, the ssl = true worker option has been removed, and SenderScore checks are disabled by default. DKIM handling has also been tightened to strictly follow RFC standards, which may impact validation of improperly formatted signatures.

For more information, see the announcement or refer to the project’s GitHub changelog.