Hi list,
what happend to channel 70_zmi_german.cf.zmi.sa-update.dostech.net ?
is this not being updated anymore although still advertised on
http://wiki.apache.org/spamassassin/CustomRulesets ?
sa-update reports
Feb 11 10:22:16.646 [20894] dbg: channel: current version is
20100831, new
On 10/02/2011 19:21, David F. Skoll wrote:
On Thu, 10 Feb 2011 12:42:40 -0500
Michael Scheidellmichael.scheid...@secnap.com wrote:
heads up:
Aieee popen() in security-sensitive software!??!??
Also, why does the milter process run as root? That seems like a huge
hole all by itself.
On 10/02/2011 22:01, David F. Skoll wrote:
On Fri, 11 Feb 2011 09:50:05 +1300
Jason Haarjason.h...@trimble.co.nz wrote:
That exploit is dated Mar 2010? Has this really not been fixed in
about a year???
If everyone is talking about http://savannah.nongnu.org/projects/spamass-milt/,
it looks
Am 11.02.2011 00:54, schrieb Adam Katz:
On 02/10/2011 09:42 AM, Michael Scheidell wrote:
active exploits going on.
http://seclists.org/fulldisclosure/2010/Mar/140
http://www.securityfocus.com/bid/38578
Vulnerable: SpamAssassin Milter Plugin SpamAssassin Milter Plugin 0.3.1
I don't see
Am 10.02.2011 22:26, schrieb Patrick Ben Koetter:
* Mark Martinec mark.martinec...@ijs.si:
On Thursday February 10 2011 21:14:59 Adam Katz wrote:
Does this affect sendmail as well as postfix? I assume so,
but wanted an explicit confirmation.
Yes, the security hole is entirely within the
On 2011/02/11 4:26 AM, C.M. Burns wrote:
what happend to channel 70_zmi_german.cf.zmi.sa-update.dostech.net ?
is this not being updated anymore although still advertised on
http://wiki.apache.org/spamassassin/CustomRulesets ?
The CustomRuleset wiki is dreadfully out of date and needs wiping.
On 2/11/2011 9:41 AM, Jason Bertoch wrote:
On 2011/02/11 4:26 AM, C.M. Burns wrote:
what happend to channel 70_zmi_german.cf.zmi.sa-update.dostech.net ?
is this not being updated anymore although still advertised on
http://wiki.apache.org/spamassassin/CustomRulesets ?
The CustomRuleset wiki
On 02/11/2011 03:39 AM, Giles Coochey wrote:
Under CentOS spamass-milter appears to run as sa-milt.
IIRC, Debian does this too. However, the -x flag may require running as
root, so it is possible (I have not verified) that it never downgrades
its privileges.
The Vulnerability is only active
Am 11.02.2011 20:11, schrieb Adam Katz:
On 02/11/2011 03:39 AM, Giles Coochey wrote:
Under CentOS spamass-milter appears to run as sa-milt.
IIRC, Debian does this too. However, the -x flag may require running as
root, so it is possible (I have not verified) that it never downgrades
its
On 02/10/2011 03:41 PM, Warren Togami Jr. wrote:
On 2/10/2011 1:29 PM, John Hardin wrote:
I suppose we ought to compose a boilerplate response for the
inevitable visitors who will show up asking about this exploit in
SpamAssassin...
Perhaps more than boilerplate, but rather an official
On Fri, 11 Feb 2011 12:08:35 -0800
Adam Katz antis...@khopis.com wrote:
I consider it a mission-critical component to be able to deliver a
rejection notice at SMTP-time (to avoid backscatter from an emailed
bounce message). The other systems out there (specifically amavis and
mailscanner)
Am 11.02.2011 21:08, schrieb Adam Katz:
On 02/10/2011 03:41 PM, Warren Togami Jr. wrote:
On 2/10/2011 1:29 PM, John Hardin wrote:
I suppose we ought to compose a boilerplate response for the
inevitable visitors who will show up asking about this exploit in
SpamAssassin...
Perhaps more than
Hey SA Users,
I'm writing to the mailing list to hopefully obtain a list or clarification
on SA flags that are no longer present in versions of SA newer than v3.2.5.
Currently we have numerous BlackBerry users that are having their emails
bounce back or being rejected because of spam.
Here's
Adam Katz wrote:
I consider it a mission-critical component to be able to deliver a
rejection notice at SMTP-time (to avoid backscatter from an emailed
bounce message). The other systems out there (specifically amavis and
mailscanner) just can't do this while spamass-milter does it with very
On 2/11/2011 3:24 PM, Brendan Murtagh wrote:
Hey SA Users,
I'm writing to the mailing list to hopefully obtain a list or clarification
on SA flags that are no longer present in versions of SA newer than v3.2.5.
Currently we have numerous BlackBerry users that are having their emails
bounce
On Fri, 11 Feb 2011, Brendan Murtagh wrote:
Currently we have numerous BlackBerry users that are having their emails
bounce back or being rejected because of spam.
Here's an exerpt of the SA email headers:
X-Spam-Status: No, hits=4.01 required=7.00
On Fri, 2011-02-11 at 15:36 -0500, Bowie Bailey wrote:
On 2/11/2011 3:24 PM, Brendan Murtagh wrote:
Currently we have numerous BlackBerry users that are having their emails
bounce back or being rejected because of spam.
Here's an exerpt of the SA email headers:
X-Spam-Status: No,
Something might be wedged in that channel generation... I'll have to look.
Daryl
On 11/02/2011 4:26 AM, C.M. Burns wrote:
Hi list,
what happend to channel 70_zmi_german.cf.zmi.sa-update.dostech.net ?
is this not being updated anymore although still advertised on
On 02/11/2011 06:53 AM, Bowie Bailey wrote:
The khop rules should probably be added to that list.
The only official site I could find referencing these rules is
http://khopesh.com/wiki/Anti-spam (under the sa-update channels
heading), but this also has some out of date information regarding
On Fri, Feb 11, 2011 at 09:30:15PM +0100, Mark Martinec wrote:
Adam Katz wrote:
I consider it a mission-critical component to be able to deliver a
rejection notice at SMTP-time (to avoid backscatter from an emailed
bounce message). The other systems out there (specifically amavis and
20 matches
Mail list logo