Re: [Exim] Exim and SpamAssassin - Bugtraq

Top Page
Delete this message
Reply to this message
Author: Tony Earnshaw
Date:  
To: exim-users
Subject: Re: [Exim] Exim and SpamAssassin - Bugtraq
tor, 2003-01-30 kl. 07:41 skrev Michael Jakscht:

> as we could see these days in the bugtraq, SpamAssassin meets a security
> hole (buffer overflow) when being used in BSMTP-mode.
> As the configuration guide on the SpamAssassin website points out to use
> BSMTP mode for both 3 and 4 versions, I think most of the exim-users are
> affected... (?)
> At last, in our configuration SpamAssassin is used as described with exim
> 3.36 (on the primary mx) and bsmtp=all.
> My question now is if I can use SpamAssassin without BSMTP at all or if I
> must patch SpamAssassin...


You don't say which SpamAssassin. SA 2.50-CVS doesn't have this bug
(source: spamassassin talk) and the 2.50 general release is planned for
end Feb to end March. So I don't reckon it's worth it to patch the
present code. The only thing holding back the 2.50 release at the moment
are the scores. I'm running 2.50-CVS with Marc's SA-Exim (needs Exim 4),
which doesn't use BSMTP and have absolutely no problems.

Best,

Tony

--

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:        tonni@???
www:        http://www.billy.demon.nl