SA-Update Problem
Matt Kettler
mkettler at evi-inc.com
Thu Apr 10 14:47:28 IST 2008
Gregory Wong wrote:
> I am running version 3.1.0. I have been weary to upgrade to the latest
> because I’ve read that there are bugs in SA that allows all mail through
> even if its spam.
>
Um, there are multiple security holes in 3.1.0 including one that allows
spammers to DoS your mailserver by sending it a malformed message.
All of the following security advisories apply to 3.1.0:
http://spamassassin.apache.org/advisories/cve-2007-2873.txt
http://spamassassin.apache.org/advisories/cve-2007-0451.txt
http://spamassassin.apache.org/advisories/cve-2006-2447.txt
As for said bugs that allow all mail through, what bugs are you referring to?
I've not seen any such reports, and I'd suspect I'd have heard a *LOT* about it
if that were true.
More information about the MailScanner
mailing list