On 01.10.23 00:00, mailmary--- via Postfix-users wrote:
In my case, libspf2 is a dependent package of OpenDMARC
(Alma Linux, Rocky Linux, Oracle Linux)
Debian too, but this problem should only appear opendmarc does SPF
resolution.
This seems only to happen when SPFSelfValidate is true and either
SPFIgnoreResults is true ore the machine does not run locally trusted SPF
milter.
On Sat, 30 Sep 2023 16:47:30 -0400 Viktor Dukhovni via Postfix-users
<postfix-users@postfix.org> wrote:
Recent news of security issues in Exim appear to in part implicate
libspf2.
While Postfix does not directly use libspf2, and the issues could
perhaps be in part related to how libspf2 is integrated into Exim, it
may be prudent for Postfix administrators to audit their MTA software
stack for plugin components (milters, ...) that use libspf2, and keep an
eye out for updates. It may also be prudent to disable such components
in the meantime, if possible.
https://lists.exim.org/lurker/message/20230930.083414.4e1a37f5.en.html
https://seclists.org/oss-sec/2023/q3/254
https://www.zerodayinitiative.com/advisories/ZDI-23-1472/
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may get the worm, but the second mouse gets the cheese.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
