On Tue, 16 Mar 2010 14:19:25 -0700 (PDT), Paul Heinlein <[email protected]> wrote: > On Tue, 16 Mar 2010, Paul Heinlein wrote: > >> This is a heads-up that there might be an actively exploited >> vulnerability in either the spamassassin or spamass-milter package. > > Belatedly, I found a notice: > > http://seclists.org/fulldisclosure/2010/Mar/267 > > And some exploit code: > > http://seclists.org/fulldisclosure/2010/Mar/att-264/adv.txt
I'm kinda curious about this - as I run this combo all over the place and from what I can understand, it looks like the stock config isn't vulnerable. Checking a few of my servers, I get: 220 mail.server.com ESMTP Sendmail 8.13.8/8.13.8; Wed, 17 Mar 2010 10:49:34 +1100 250 mail.server.com Hello localhost [127.0.0.1], pleased to meet you 553 5.5.4 <root () gmail com>... Domain name required for sender address root.gmail.com 503 5.0.0 Need MAIL before RCPT 503 5.0.0 Need MAIL command 500 5.5.1 Command unrecognized: "XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X" Am I reading this right? -- Steven Haigh Email: [email protected] Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 Fax: (03) 8338 0299 _______________________________________________ users mailing list [email protected] http://lists.rpmforge.net/mailman/listinfo/users
