vspam-agent v0.2.0: HTTP Check API & Multi-MTA Support
New release adds HTTP check endpoint for universal MTA integration, supporting Exim, OpenSMTPD, Sendmail, and custom mail pipelines alongside existing Postfix support.
What's New
vspam-agent v0.2.0 introduces the HTTP Check API — a lightweight HTTP endpoint on localhost:10046 that any MTA or mail processing pipeline can query for real-time IOC checks. This extends vspam-agent beyond Postfix to support Exim, OpenSMTPD, Sendmail, Haraka, and custom integrations.
HTTP Check API
The new endpoint accepts GET requests with an IOC value and type, returning a JSON response with the blocklist status, confidence score, and listing details. The API binds to localhost only for security.
- GET /check?value=<ioc>&type=<url|domain|ip|email>
- Responses include: listed (bool), confidence (0-100), reason, first_seen
- Average response time: 2ms for cached lookups, 45ms for API calls
- Connection pooling and BoltDB cache shared with the policy server
Upgrade Instructions
Package repositories have been updated. Existing Postfix policy server configuration is unchanged — the HTTP endpoint is additional.
- Debian/Ubuntu: apt update && apt upgrade vspam-agent
- RHEL/CentOS: dnf update vspam-agent
- Manual: download from GitHub releases page
- Config: add 'http_check: { enabled: true, bind: 127.0.0.1:10046 }' to agent.yml
For automated IOC data from this briefing, check the threat feeds. Questions about our analysis? Contact research@vspam.org.