[Fix] Fix refcount leak in fuzzy_session destructor for TCP sessions
The fuzzy_session created for TCP command processing holds a reference
to its parent fuzzy_tcp_session but failed to release it in the destructor,
causing a refcount leak and potential use-after-free issue.
[Fix] Use rspamd event wrapper consistently for TCP session timer
The TCP session timer was incorrectly mixing rspamd's rspamd_io_ev wrapper
with direct libev API calls (ev_timer_init/start/stop), creating inconsistent
state that could lead to resource management issues.
Fixed by using rspamd_ev_watcher_init/start/stop consistently throughout,
passing fd=-1 for pure timers without file descriptors. Also removed the
now-unused fuzzy_tcp_timer_libev_cb wrapper function.
Merge branch 'master' into vstakhov-fuzzy-tcp-rework
Resolved conflict in src/plugins/fuzzy_check.c by including both:
- HTML shingles configuration parsing from master
- TCP connection initialization from feature branch
Fixed trailing whitespace in config files from master.
[Fix] Fix frequency-based ordering in HTML domain hashing
The hash_top_domains function was sorting domains by frequency (descending),
but hash_domain_list was immediately re-sorting them alphabetically, which
negated the frequency information. This resulted in incorrect hashes where
domain order mattered for fuzzy matching.
Added preserve_order parameter to hash_domain_list to optionally skip
alphabetical re-sorting when frequency-based ordering should be maintained.
- Skip empty domains in hash_domain_list and hash_top_domains
- Validate HTML features are initialized before hashing
- Return zero hash for invalid/empty input instead of garbage
[Fix] Fix memory leaks in HTML shingles generation
- Require mempool parameter (cannot be NULL) for consistent memory management
- Change helper function to fill shingle structure in-place instead of allocating
- Eliminate unnecessary allocation, memcpy, and potential memory leaks
- All allocations now use rspamd_mempool_alloc0 consistently
[Fix] Fix set_addr validation to prevent malformed addresses
The set_addr function now properly checks that both addr.user and addr.domain
are non-empty strings before constructing addr.addr and addr.raw. This prevents
creating malformed addresses like '@domain.com' when addr.user is empty, and
ensures consistent state when addr.domain is empty.
[Fix] Fix is_local_domain to support backend objects
The is_local_domain function was directly accessing module_state.local_domains
as a table, which caused it to always return false when local_domains was
configured as a backend object (MapBackend, CDBBackend, etc).
Fixed by:
- Moving get_from_source helper function before is_local_domain
- Using get_from_source to handle both plain tables and backend objects
- Updating return logic to handle different truthy values from backends
[Minor] Fuzzy TCP: enable TCP_NODELAY for reduced latency
Disables Nagle's algorithm on fuzzy TCP connections to minimize latency
for request-response traffic patterns. This prevents small packets from
being buffered, which is optimal for the fuzzy check protocol.
[Fix] Fuzzy TCP: refresh timeout during active data transfer
Prevents active TCP connections from timing out when data is being actively transferred.
The timeout is now refreshed after each successful read/write operation, ensuring that
connections only timeout during actual inactivity, not during normal traffic flow.
[Fix] Fuzzy TCP: separate session timeouts from connection failures
This addresses several timeout handling issues:
- Session timeouts no longer mark entire TCP connection as failed, allowing other sessions to continue
- Made tcp_retry_delay configurable (default: 10.0s)
- Added diagnostic reason strings to all cleanup paths
- Fixed reference counting with proper free_func for connection pool
- Added periodic timeout checks to detect stalled requests
- Unconditional timer cleanup (ev_timer_stop is safe to call)
- Enhanced logging with connection state and elapsed time details
The TCP framing protocol had an endianness mismatch for the 2-byte frame size header. The client was sending and expecting frame lengths in little-endian, while the server was sending and expecting them in network byte order (big-endian). This inconsistency corrupted frame lengths, leading to protocol errors and communication failures.
Changes:
* Server now uses GUINT16_TO_LE() instead of htons() for frame length encoding
* Server now uses GUINT16_FROM_LE() instead of ntohs() for frame length reading
* Server frame length parsing now reconstructs little-endian format
* Updated comment to reflect little-endian byte order consistency
All TCP frame lengths are now consistently transferred as little-endian numbers.
The write-only mode test was failing because after fixing the
variable name (RSPAMD_SETTINGS_FUZZY_CHECK), the mode was correctly
applied to the client. In write-only mode, clients do not send
CHECK requests, so symbols should not appear during scanning.
The test was incorrectly expecting symbols to be found after adding
hashes. Changed test to verify correct write-only behavior:
- Hashes can be added via controller
- Scanning does not find symbols (CHECK not sent in write-only)
- Random messages still don't match
This validates that write-only mode prevents fuzzy checks while
allowing hash updates.
[Fix] Fuzzy TCP: fix server replies and client event handling
Server was accepting TCP connections but never sending replies back,
causing all TCP requests to timeout. The issue had multiple causes:
Server side:
- TCP replies were routed through UDP code path, which doesn't queue
replies for TCP sessions
- Async backend operations used stack-allocated session, causing
segfaults when callback executed after stack frame destroyed
Client side:
- Event handler used equality checks (==) instead of bitwise (&)
for libev event flags, preventing read events from being processed
- Timer initialization used rspamd IO wrapper for pure timer,
causing fd=-1 assertion failures in ev_io_start
- Pending requests not cleaned up on timeout, causing use-after-free
when late replies arrived after task completion
Fix by implementing TCP reply queue on server, using heap allocation
for async operations with proper reference counting, fixing event
handling to use bitwise operators, and implementing pure libev timer
for TCP timeout handling.
[Feature] Fuzzy check: add protocol logging and TCP tests
Add explicit protocol logging:
- Log TCP vs UDP decision with rate and threshold
- Log actual protocol used for each request
- Log TCP connection status and fallbacks
- Shows current request rate for TCP auto-switch
Add functional tests for TCP:
- tcp.robot - basic TCP with auto-switch
- tcp-explicit.robot - forced TCP mode
- tcp-encrypted.robot - TCP with encryption
- Test high rate scenario and protocol switching
Update test configuration:
- Support SETTINGS_FUZZY_WORKER and SETTINGS_FUZZY_CHECK
- Allow dynamic TCP configuration in tests
[Feature] Fuzzy check: add reply processing and lifecycle management
Complete TCP reply handling:
- Process all error codes (403, 503, 415, 401) like UDP
- Handle FUZZY_STAT commands with proper storage
- Mark commands as replied and check session completion
Add memory safety and lifecycle management:
- Cleanup pending requests when task finishes before reply
- Timeout checking for pending requests (io_timeout)
- Proper session cleanup for TCP (no fd/ev_watcher)
- Initialize TCP session fields (fd=-1, event_loop)
Prevents use-after-free when:
- Task completes before TCP reply arrives
- Reply takes too long (timeout)
- Connection fails with pending requests
[Feature] Fuzzy check: implement TCP error handling and command sending
Add comprehensive error handling for TCP connections:
- Cleanup pending requests when connections fail
- Handle timeout, write, read, and protocol errors
- Track connection per pending command for cleanup
Implement TCP command sending:
- Add TCP framing to encrypted commands
- Queue commands for asynchronous sending
- Register in pending pool for reply matching
- Integrate with main check flow with UDP fallback
Add async TCP connection establishment and I/O framework. This
implements Phase 2 of the TCP support - connection management with
event-driven architecture.
Changes:
- Add fuzzy_tcp_connection structure for per-rule TCP state
- Add fuzzy_tcp_pending_command for request/reply matching
- Implement fuzzy_tcp_connect_async() with non-blocking connect
- Implement fuzzy_tcp_io_handler() for connection/read/write events
- Add connection lifecycle management with reference counting
- Handle connection establishment with getsockopt SO_ERROR check
- Add timeout handling and upstream failure reporting
- Add placeholder write and read handlers for next phase
TCP connection is established lazily when rate threshold is exceeded.
Event handler manages connection state machine: connecting -> connected.
Write/read handlers will be implemented in Phase 3.
[Feature] Fuzzy check: add TCP support with auto-switch
Add TCP protocol support to fuzzy check client with rate-based
automatic switching between UDP and TCP transports. This enables
efficient bulk checking while maintaining UDP fallback.
Changes:
- Add TCP configuration parameters (enabled, auto, threshold, window, timeout)
- Implement sliding window rate tracker for request frequency monitoring
- Add TCP connection state tracking (connected, connecting)
- Implement fuzzy_should_use_tcp() decision logic
- Add fuzzy_update_rate_tracker() for rate tracking
- Add fuzzy_tcp_connect_async() placeholder for lazy TCP connection
- Integrate TCP/UDP selection in register_fuzzy_client_call()
[Feature] Fuzzy storage: implement TCP protocol support
Implement TCP transport for fuzzy storage protocol to enable efficient
bulk request handling. This adds TCP accept handlers, frame-based I/O
processing, and proper session management.
Changes:
- Add TCP session structure with framing state machine
- Implement TCP accept handler with rate limiting and access control
- Add TCP I/O handler supporting frame-based protocol (size header + payload)
- Implement TCP write reply with queuing support
- Add TCP timeout configuration parameter (default: 5.0 seconds)
- Refactor rate limit checks to accept parameters instead of session objects
- Update worker socket type to support both UDP and TCP
- Add debug logging infrastructure for fuzzy storage
[Feature] Add type specifiers support to lua_logger
Add support for format type specifiers in lua_logger:
- %d - signed integer (int64)
- %ud - unsigned integer (uint64)
- %f - floating point with smart formatting (no trailing zeros)
- %.Nf - floating point with N decimal places precision
- %% - escape literal percent sign
Type specifiers can be combined with positional (%1d) and
sequential (%d) argument references. String to number conversion
is supported. Added comprehensive unit tests.
[Rework] Use postconf utility for Postfix configuration in configwizard
Replace direct file reading with postconf calls for better portability:
- Use postconf to get config_directory, alias_maps, virtual_alias_maps
- Use postconf to get mydestination instead of parsing main.cf
- Use postconf to check milter configuration (smtpd_milters, non_smtpd_milters)
- Add proper parsing of postconf output (handle prefixes like "hash:")
- Improve cross-platform compatibility by relying on Postfix's own tools
This approach is more portable and handles Postfix variables ($myhostname, etc.) correctly.
Ensure classifiers are fetched when the dropdown is empty even if cache suggests skipping,
preventing an empty selector on Scan tab after RO → Disconnect → Enable.
- Walk ESMTP args as NUL-terminated tokens until double-NUL or end
- Pass the correct range to rspamd_milter_parse_esmtp_args
- Advance cursor past args terminator to avoid infinite loop or OOB read
- Keep rcpts/rcpt_esmtp_args indices aligned with NULL placeholders
[Feature] Persist milter ESMTP args in task and expose via Lua API
- Store MAIL/RCPT ESMTP arguments in task (mempool-backed)
- Transfer args from milter session and over HTTP headers
- Parse X-Rspamd-{Mail,Rcpt}-Esmtp-Args in protocol and fill task
- Update Lua API to read from task with HTTP fallback
- Keep milter flag semantics intact and robust across proxy hops
* [Feature] Fuzzy check: Add separate encryption keys for read and write operations
* [Feature] DKIM: Add ED25519 support for DKIM signing and verification with OpenSSL version checks
* [Feature] Vault: Add HashiCorp Vault KV version 2 support for DKIM key management
* [Feature] MetaDefender: Add MetaDefender Cloud Lua module for SHA256 hash lookups
* [Feature] LLM: Add user/domain context support for LLM-based classification with Redis-based conversation context
* [Feature] DMARC: Add RUA address exclusion configuration option
* [Fix] DKIM: Fix relaxed bodyhash calculation for lines with only spaces to comply with RFC 6376
* [Fix] DKIM: Fix ED25519 key loading to prevent memory corruption in union handling
* [Fix] HTTP maps: Enforce server-controlled refresh intervals and prevent aggressive polling
* [Fix] HTTP maps: Prevent time_t overflow in expires header processing
* [Fix] Once received plugin: Fix duplicate symbol addition by changing break to return
* [Fix] Redis: Propagate unused Sentinel options properly
* [Fix] Fuzzy check: Fix reply decryption when using separate read/write keys
* [Fix] Fuzzy check: Add fallback when only one specific encryption key is set
* [Fix] Fuzzy check: Fix duplicate key filtering in reply decryption
* [Fix] Fuzzy ping: Allow read/write servers configuration
* [Minor] Fuzzy check: Refactor encryption key selection into helper functions
* [Minor] Fuzzy check: Stop early when found a correct key
* [Minor] Add cursor rules for development
[Fix] Use correct html_features field to fix compilation error
The part->html->features path was incorrect since part->html is void*.
Use the correct part->html_features field which is populated by
rspamd_html_get_features() during message parsing. Also added NULL check
for html_features before accessing its fields.
[Minor] Add NULL check in hash_html_features for safety
Add explicit NULL check for html_content pointer in hash_html_features()
to prevent potential undefined behavior. While features are initialized by
the HTML parser and checked in rspamd_shingles_from_html(), this provides
an additional safety layer against unexpected function calls.
[Fix] Fix segfault due to incorrect HTML features access
The fuzzy_cmd_from_html_part() function incorrectly accessed HTML features
via part->html_features (which doesn't exist), causing segmentation faults.
Fixed to use the correct path part->html->features for accessing tags_count,
links.total_links, and max_dom_depth properties.
[Fix] Fix HTML fuzzy cache key to prevent overwriting text cache
HTML fuzzy hashes were incorrectly cached using the standard text fuzzy
cache key via fuzzy_cmd_set_cached(), causing HTML hashes to overwrite
text hashes for the same part. Now HTML fuzzy uses the dedicated
html_cache_key for both read and write operations, preventing cache
conflicts and ensuring proper retrieval of HTML fuzzy data.
[Fix] Fix memory leak in rspamd_shingles_from_html
The struct_sgl object from generate_shingles_from_string_tokens() was only
deleted when pool == nullptr, causing memory leaks when a memory pool was
active. Now struct_sgl is always deleted after copying to res, regardless
of pool allocation method.
[Fix] Update HTML fuzzy encryption to use helper functions
The fuzzy_cmd_from_html_part() function was using legacy encryption logic
that only checked rule->peer_key. Updated to use fuzzy_rule_has_encryption()
and fuzzy_select_encryption_keys() helpers for consistency with other fuzzy
command functions and to support separate read/write encryption keys.
[Fix] Add fallback when only one specific encryption key is set
When only read_encryption_key or write_encryption_key is configured without
a general encryption_key, the unspecified operation type was left with NULL
keys. Now if only one specific key is set, it's used for both read and write
operations as a fallback, ensuring encryption works in all configurations.
[Fix] Fix duplicate key filtering in reply decryption
When read/write encryption keys fall back to common encryption_key,
rspamd_pubkey_ref() returns pointer to the same object. Previous duplicate
checks using pointer comparison incorrectly filtered out these keys,
causing decryption failures. Now properly checks if key was already added
to the decryption attempt list before adding it.
[Minor] Refactor encryption key selection into helper functions
Extract repeated key selection logic into fuzzy_select_encryption_keys()
and fuzzy_rule_has_encryption() helper functions. This reduces code
duplication and improves readability across fuzzy_cmd_stat(),
fuzzy_cmd_ping(), fuzzy_cmd_hash(), fuzzy_cmd_from_text_part(),
fuzzy_cmd_from_data_part(), and fuzzy_process_reply() functions.
[Fix] Fix reply decryption when using only separate read/write keys
In fuzzy_process_reply(), the tag was accessed from encrypted data before
decryption, leading to incorrect key selection. When only separate
read_encryption_key and write_encryption_key were configured (without common
encryption_key), the fallback to NULL keys caused crashes.
Now the function tries decryption with all available key pairs (read, write,
and common) until MAC verification succeeds, properly handling all key
configuration scenarios.
[Fix] Ensure encryption works with separate read/write keys in fuzzy_check
Fix condition checks that determine whether to use encryption. Previously,
functions checked only rule->peer_key, causing encryption to be disabled
when using only read_encryption_key and write_encryption_key without a
common encryption_key. Now checks for any encryption keys (peer_key,
read_peer_key, or write_peer_key) to properly enable encryption.
[Feature] Add separate encryption keys for read and write operations in fuzzy_check
Allow using different encryption keys for read (CHECK, STAT, PING) and write
(WRITE, DEL) operations by introducing read_encryption_key and write_encryption_key
configuration parameters. Falls back to encryption_key if separate keys are not
specified for backward compatibility.
[Minor] Add safety checks for short HTML to prevent false positives
Require minimum complexity for HTML fuzzy matching:
- At least 2 links (single-link emails too generic)
- At least DOM depth 3 (flat structures too common)
This prevents false positives on trivial HTML like:
<html><body><p>text <a href="...">link</a></p></body></html>
Such simple structures are not unique enough for reliable fuzzy matching.
[Minor] Use FUZZY_INCLUDE for HTML fuzzy test configuration
Create fuzzy-html.conf with HTML-specific settings and use
RSPAMD_FUZZY_INCLUDE variable to include it in the fuzzy rule.
This is the correct way to add per-test rule settings.
[Minor] Add debug logging to HTML fuzzy hash generation
Add detailed debug messages to track HTML fuzzy hash generation flow:
- Log when fuzzy_cmd_from_html_part is called
- Log HTML shingles enabled/disabled status
- Log HTML part detection
- Log tag count checks
- Log successful/failed hash generation
This helps diagnose issues with HTML fuzzy matching in tests.
[Minor] Fix HTML fuzzy test to use standard flags and keywords
Use RSPAMD_FLAG1_NUMBER (50) instead of custom flag 100 to match
existing fuzzy.conf configuration. Add proper test flow with setup
checks and standard Robot Framework keywords.
[Test] Add functional tests for HTML fuzzy hashing
Add Robot Framework tests for HTML fuzzy matching:
- html_template_1.eml: legitimate newsletter template
- html_template_1_variation.eml: same structure, different text
- html_phishing.eml: same structure, phishing CTA domains
- html-fuzzy.robot: test suite with add/check/phishing scenarios
Tests verify:
- HTML fuzzy hash generation and matching
- Template variation detection (same structure, different content)
- Phishing detection (same structure, different CTA domains)
- Integration with fuzzy storage backend
[Feature] Integrate HTML fuzzy hashing into fuzzy_check module
Add support for HTML structure fuzzy hashing in fuzzy_check plugin:
Core integration:
- Add FUZZY_CMD_FLAG_HTML flag and FUZZY_RESULT_HTML result type
- Add html_shingles, min_html_tags, html_weight options to fuzzy_rule
- Implement fuzzy_cmd_from_html_part() to generate HTML fuzzy commands
- Integrate into fuzzy_generate_commands() for automatic hash generation
- Handle HTML results with configurable weight multiplier
Configuration:
- html_shingles: enable/disable HTML fuzzy hashing per rule
- min_html_tags: minimum HTML tags threshold (default 10)
- html_weight: score multiplier for HTML matches (default 1.0)
Use cases:
1. Brand protection: detect phishing with copied HTML but fake CTA
2. Spam campaigns: group messages by HTML structure
3. Template detection: identify newsletters/notifications
4. Phishing: text match + HTML CTA mismatch = suspicious
HTML fuzzy works alongside text fuzzy:
- Both hashes generated and sent to storage
- Separate result types allow different handling
- CTA domain verification prevents false positives
Next steps:
- Performance testing on real email corpus
- Fine-tune weights and thresholds
- Collect legitimate brand templates for whitelisting
[Fix] Fix union handling in ED25519 key loading to prevent memory corruption
When loading ED25519 keys from PEM, the code was writing to key_eddsa in the
union and then attempting to free key_ssl pointers, which corrupted the
key_eddsa pointer and caused use-after-free/double-free during cleanup.
The fix saves the EVP_PKEY and BIO pointers to temporary variables, extracts
the raw key, frees the OpenSSL objects, and only then assigns to the union.
This prevents memory corruption and resource leaks.
[Feature] Add ED25519 support for DKIM signing with OpenSSL version checks
This commit adds support for ED25519 DKIM signatures when OpenSSL 1.1.1+ is available.
Key changes:
- Added HAVE_ED25519 detection in CMake to check for EVP_PKEY_ED25519 support
- All ED25519-specific code is conditionally compiled based on HAVE_ED25519
- When ED25519 is not supported, informative error messages are returned
- ED25519 keys loaded from PEM files are extracted and converted to libsodium format
- Fixed union handling to prevent double-free issues
- Updated tests to dynamically select key type based on request header
- Removed unused dkim-ed25519-pem.conf (cannot be passed via rspamc)
The implementation gracefully degrades on older OpenSSL versions while maintaining
full functionality when ED25519 support is available.
feat: Add ED25519 support for DKIM signing and verification
This commit introduces support for ED25519 keys in DKIM signing and verification. It includes changes to the DKIM library to handle ED25519 keys, along with new test cases and configuration files to demonstrate and test this functionality.
Cursor Agent [Sat, 4 Oct 2025 12:31:41 +0000 (12:31 +0000)]
feat: Add milter ESMTP argument parsing and Lua access
This commit introduces parsing for ESMTP arguments from MAIL and RCPT commands in the milter protocol. It also adds Lua functions to access these arguments, enabling more sophisticated mail processing based on ESMTP options.
[Fix] Improve HTTP map interval logic for cache validation
Properly differentiate between maps with and without cache validation:
- With ETag/Last-Modified: use 4x multiplier (cheap conditional requests)
- Without cache validation: enforce strict 10 minute minimum
- Add overflow protection for interval multiplication
- Actually use has_etag/has_last_modified parameters
This avoids overly aggressive slowdown (120x -> 4x) for maps with cache
validation while still preventing abuse of maps without validation.
[CritFix] Prevent time_t overflow in HTTP map expires header processing
Add validation to detect and reject absurdly invalid or overflow-inducing
expires headers (>1 year in future). When expires header is invalid or
causes overflow, properly call rspamd_http_map_process_next_check with
expires=0 instead of setting map->next_check=0 which left stale overflow
values.
This prevents crashes and invalid scheduling like 'next check at Thu,
09 Nov 438498967' when servers send malformed Expires headers.
[Minor] Fix compilation errors and simplify HTML shingles
- Export rspamd_shingles_get_keys_cached() for use in HTML shingles
- Simplify extract_etld1_from_url(): use existing url->tld field
(in Rspamd, tld already contains eTLD+1/eSLD, no need to parse)
- Add proper reinterpret_cast for const char* to unsigned char*
- Fix variable name conflict (html_content parameter vs local var)
- Use rspamd_url_tld_unsafe() and rspamd_url_host_unsafe() macros
[Minor] Move HTML shingles implementation to separate C++ file
The HTML shingles code requires C++ (html_content, std::variant, etc.)
but was placed in #ifdef __cplusplus block in shingles.c (a C file),
causing linker errors.
Solution: Move all HTML-specific code to shingles_html.cxx which is
compiled as C++ and properly exports symbols with extern "C" linkage.
Files:
- shingles.c: Keep only C code (text/image shingles)
- shingles_html.cxx: New file with HTML shingles implementation
- CMakeLists.txt: Add shingles_html.cxx to build
[Feature] Add HTML fuzzy hashing for structural similarity matching
Implement fuzzy hashing algorithm for HTML content to enable efficient
matching of messages by HTML structure, independent of text content.
This feature allows:
- Detecting similar HTML emails (newsletters, notifications, spam campaigns)
- Phishing protection: similar structure but different CTA domains
- Brand protection: identify legitimate vs fake branded emails
- Template detection: group emails from the same template
Implementation details:
1. Multi-layer hash approach:
- Direct hash: blake2b of all HTML tokens (for exact matching)
- Structure shingles: sliding window over DOM tags (for fuzzy matching)
- CTA domains hash: critical for phishing detection (30% weight)
- All domains hash: top-10 most frequent domains (15% weight)
- Features hash: bucketed HTML statistics (5% weight)
6. Memory efficient:
- Uses mempool for temporary allocations
- Final structure: ~304 bytes (32 shingles + metadata + hashes)
- Performance: <1ms for typical HTML (100-200 tags)
7. Compatible with existing fuzzy storage infrastructure:
- Structure shingles use same format as text shingles
- Can be sent to fuzzy storage via standard protocol
- Additional hashes (CTA, domains, features) can be stored as extensions
Key design decisions:
- Direct hash prevents false positives from MinHash collisions
(like text parts: crypto_hash(all_tokens) for exact match)
- Sliding window (size 3) provides tolerance to small structural changes
- Bucketing of numeric features ensures stability
- CTA domain verification critical for phishing prevention
Use cases:
- Whitelisting legitimate branded emails by HTML structure
- Blacklisting spam campaigns with varying personalized text
- Detecting phishing: legitimate structure + different CTA = suspicious
- Fuzzy storage integration for distributed matching
Files changed:
- src/libutil/shingles.h: Add rspamd_html_shingle structure and API
- src/libutil/shingles.c: Implement HTML fuzzy hashing (~540 lines)
- src/lua/lua_mimepart.c: Add text_part:get_html_fuzzy_hashes() method
Future work:
- Integration with fuzzy_check module
- Configuration options (min_html_tags, similarity_threshold)
- Rules for phishing detection based on HTML similarity
- Separate fuzzy storage type for HTML hashes
projects / thirdparty / rspamd.git / log
