Package: exim4 Version: 4.88-5 Severity: minor Debian (not upstream) has this comment in 40_exim4-config_check_data in reference to an example config which enables spamassassin.
# Please note that this is only suiteable as an example. There are # multiple issues with this configuration method. For example, if you go # this way, you'll give your spamassassin daemon write access to the # entire exim spool which might be a security issue in case of a # spamassassin exploit. # # See the exim docs and the exim wiki for more suitable examples. This clearly implies that exim docs or the exim wiki have something about dealing with the example security issue. They don't. Exim docs suggest doing the same thing as this example with regard to spamassissin access to the exim spool, except for excluding mail which is too big and would cause performance problems or failures if sent to spamassassin. This leads people like me spending a fair bit of time reading all the exim documentation that mentions spamassassin with the false expectation of finding something which is not there. I also did not turn up any discussion of this issue with a few web searches. If I missed something, clarify the comment. If not, reword and move the "for example ..." sentence outside the context of "the solution is the docs", and directly state how someone could deal with this issue. The only obvious thing to me is that you can exclude classes of mail from going to spamassassin, so you might classify and exclude security sensitive mail. For example, mail from debian-security-announce-requ...@lists.debian.org which could inform the user in the case of a security exploit in spamassassin.