On 11 March 2014 20:42, Jens Schüßler <[email protected]> wrote: > * Martin Møller Skarbiniks Pedersen <[email protected]> wrote: >> Hi, >> I suggest that 211.2 is rewritten and procmail is dropped. >> Is anyone using procmail anymore ? > > I do. And many others I'm aware of too. Anything wrong with using it? It > just works like it should.
Well, maildrop is a active project. The last stable procmail release was version 3.22, made in September of 2001. >From https://lwn.net/Articles/416901/ " Officially, the last stable procmail release was version 3.22, made in September of 2001. As one might expect, there has never been an official "the project is dead" announcement. Instead, only circumstantial evidence exists. Although several of the FTP mirrors include what appear to be development "snapshot" packages as recent as November of 2001, there does not appear to have been any substantial work since that time. The developers' mailing list has hardly seen a non-spam blip since 2003. " and " But there are risks inherent in running abandonware, even if it was of stellar quality at the last major release. First and foremost are unfixed security flaws. Mitre.org lists two vulnerabilities affecting procmail since 2001: CVE-2002-2034, which allows remote attackers to bypass the filter and execute arbitrary code by way of specially-crafted MIME attachments, and CVE-2006-5449, which uses a procmail exploit to gain access to the Horde application framework. In addition, of course, there are other bugs that remain unfixed. Matthew G. Saroff pointed out onelong-standing bug, and the procmail site itself lists a dozen or so known bugs as of 2001. Just as importantly, the email landscape and the system administration marketplace have not stood still since 2001, either. Ed Blackman noted that procmail cannot correctly handle MIME headers adhering to RFC 2047 (which include non-ASCII text), despite the fact that RFC 2047 dates back to 1996. RFC 2047-formatted headers are far from mandatory, but they do continue to rise in frequency. " Regards Martin _______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
