It has been found a possible buffer overflow bug inside the DNS resolver that could enable attackers to execute arbitrary code inside the XMail machine. This kind of exploit is not for kids but it could be done. It's not for kids coz it affects XMail when it acts as DNS client not as a server, so basically to attack the server You've to make XMail to call the attacker machine ( like when resolving an MX record ). The attacker must also tweak a DNS server to send the exploit when it's receiving a query from the target machine. This affects all versions < 0.73 But, since all this could be done I'll sleep a lot better if ALL XMAIL USERS will update to 0.73 : http://www.xmailserver.org/ This is basically a 0.72 with the security fix. - Davide
