Re: [exim] Exim 4.80.1 security release - details

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMike Ridgers at <-
M 
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: Mike Ridgers
CC: exim-users@exim.org
Subject: Re: [exim] Exim 4.80.1 security release - details
Mike, grab the atrpms SRPM for exim, install it, edit the spec file so
that it adds the appropriate compile time changes, then build the new
rpms. If you've never done that before, it can be a bit daunting, but
it's not a big process if you start from the SRPM itself.

...Todd

On Wed, Dec 12, 2012 at 12:23 PM, Mike Ridgers <mike@???> wrote:
> Bill,
> Many thanks for that.
> I rely on atrpms for my exim packages (I have had my fingers burned compiling & installing from source before - it leaves too much mess) so don't have the option to remove DKIM at compile time otherwise I would do so happily.
> My configs are pretty simple mostly so don't think anything else in the config will leave me vulnerable to the dkim issue.
>
>
> Thanks again,
> Mike
>
>
>
> ----- Original Message -----
> From: W B Hacker [mailto:wbh@conducive.org]
> Sent: Tuesday, December 11, 2012 10:25 PM
> To: exim users <exim-users@???>
> Subject: Re: [exim] Exim 4.80.1 security release - details
>
> Mike Ridgers wrote:
>> Dear all, Further to my last message I will attempt to distil my
>> question as much as possible as I think it was perhaps not very clear
>> what I was asking:
>
> Clear enough. An answer is less so.
>
> IF/AS/WHEN the 'fixup' were to be applied at compile-time, or in a
> 'MAIN' setting or toggle, it would (ordinarily) apply everywhere it was
> relevant.
>
> When you put ANYTHING into an acl, results are predictable as to DENY
> class verbs, (session is GONE) but much harder to predict on any other kind.
>
> For example - is a given acl even always TRAVERSED for all situations
> and all traffic? or even the 'germane' traffic? Or might something else
> in acl's cause it to not be? Or just not have the 'last word'?
>
> Ergo, whether you need this - or anything else - in more than one place
> very much depends on how (the rest of) YOUR acl's are structured and
> sequenced.
>
> As to 'vulnerability'?
>
> I neither generate nor pay any attention WHATSEOVER to dkim. Totally
> ignored here.
>
> We see only about one spam per account per week and no rejections for
> destinations for lack of dkim creds of our own.
>
> BFD, IOW.
>
> YMMV, of course.
>
> Bill
> --
> 韓家標
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/



--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim 4.80.1 security release - details[exim] Auto Responder Problem->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)