https://blog.kalfaoglu.net/tags/spam/Recent content in Spam on kalfaoglu.netHugoenSun, 07 Jun 2026 00:00:00 +0000https://blog.kalfaoglu.net/posts/2026-06-07-rspamd-410-security-mx-rework-en/Sun, 07 Jun 2026 00:00:00 +0000https://blog.kalfaoglu.net/posts/2026-06-07-rspamd-410-security-mx-rework-en/<p>Rspamd 4.1.0 dropped on June 5 — a major release tagged &ldquo;recommended upgrade for all users&rdquo; by the development team. There&rsquo;s enough in it that&rsquo;s immediately relevant to anyone running a mail server to warrant reading the changelog before blindly upgrading.</p> <h2 id="the-security-fixes">The security fixes</h2> <p>This release addresses several memory-safety issues that can be triggered by crafted incoming mail.</p> <p><strong>S/MIME DoS via recursive PKCS7</strong>: A deeply nested <code>application/pkcs7-mime</code> message re-entered the parser without incrementing the nesting counter. In practice this means a malicious sender could craft a message that exhausts your rspamd worker&rsquo;s stack. The fix gates S/MIME re-entry against the existing <code>max_nested</code> limit.</p>