Matt Kettler wrote: > Ryan Castellucci wrote: > >>I'm running spamassassin 3.0.2 on debian sarge, and this message getts >>flagged with FORGED_YAHOO_RCVD and it's a legit message from yahoo. >> >>http://ryanc.org/junk/yahoo_fp.msg.gz >> > > > Perhaps you should consider running 3.0.4, which has this fixed?
Self correction: This specific case is NOT fixed in 3.0.4. The "dcn" yahoo server designation is newer than 3.0.4. However, 3.0.4 _does_ fix two other FP cases for this rule, so upgrading would reduce your problems. > > http://bugzilla.spamassassin.org/show_bug.cgi?id=4080 > > Not to mention that 3.0.2 is subject to a remotely exploitable DoS attack. > > Nobody should be running SA 3.0.2 on anything that ever receives mail from the > Internet. Period. > Argument here still valid. Anyone running 3.0.1-3.0.3 is just waiting to have their mailserver DoSed. Yes, there are no known "in the wild" exploits of this. However, we know the following: 1) Spammers regularly analyze SA and tweak their mail to evade it. They develop new tricky obfuscation techniques on a daily basis. Just ask the SARE guys. They're also teaming up with virus writers. This means spammers have the means to analyse SA and develop an exploit for this. 2) Spammers often seek to punish those fighting spam (ie: listwashing). This means spammers have a motivation to exploit this. 3) Given the rate at which spam propogates, once a spammer starts exploiting it your mailserver will likely be DoSed before news of the exploits reach you. There's no need to panic, but on the other hand, there's good reason to upgrade as soon as convienient. In general, that's a lot better than forcing yourself to scramble to perform a rushed upgrade on a server that's loaded with affected email.
