tor, 2003-01-30 kl. 07:41 skrev Michael Jakscht:
> as we could see these days in the bugtraq, SpamAssassin meets a security
> hole (buffer overflow) when being used in BSMTP-mode.
> As the configuration guide on the SpamAssassin website points out to use
> BSMTP mode for both 3 and 4 versions, I think most of the exim-users are
> affected... (?)
> At last, in our configuration SpamAssassin is used as described with exim
> 3.36 (on the primary mx) and bsmtp=all.
> My question now is if I can use SpamAssassin without BSMTP at all or if I
> must patch SpamAssassin...
You don't say which SpamAssassin. SA 2.50-CVS doesn't have this bug
(source: spamassassin talk) and the 2.50 general release is planned for
end Feb to end March. So I don't reckon it's worth it to patch the
present code. The only thing holding back the 2.50 release at the moment
are the scores. I'm running 2.50-CVS with Marc's SA-Exim (needs Exim 4),
which doesn't use BSMTP and have absolutely no problems.
Best,
Tony
--
Tony Earnshaw
When all's said and done ...
there's nothing left to say or do.
e-post: tonni@???
www: http://www.billy.demon.nl
