We're running spamassassin 3.0.2 with perl 5.8.4, and exim 3.35 on Debian.
<<jdow>> Don't wipe out SA, necessarily. It's not time to do that yet.
But it is time to update to 3.0.5, at least. 3.0.2 has a DoS vulnerability.
That's not an option unless you get away from Debian packages. Installing by
more than one method will cause problems, so it would be best to stick with
the Debian package. The Debian package has been patched for the said DOS
vulnerability. On a Debian box, if a given Perl program is installed using
apt, then the same program is installed from source (or CPAN), the one
installed from source will be found first. If a user now wants to upgrade to
a new version using apt, it will be ignored, but in the case of
SpamAssassin, the rules and configuration files would not be ignored. This
is guaranteed to kill SpamAssassin and leave the user bewildered. A user
would then have to manually search and destroy the version installed via
source in order to get the Debian package noticed and functional. The trick
would be to know which files/directories you can rename/remove and which
ones you can't. In my experience on Debian (not true on all distros), in the
case of SpamAssassin, all that is needed is to rename the offending
SpamAssassin.pm file. Other distros may also require removal/renaming of the
directory containing the standard rules files of the offending install and
it would also need to be determined if there is more than one directory
containing the config files, and if so, which one is being used.
Gary V
_________________________________________________________________
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
