At 19:26 -0600 6/1/04, Lewis Butler wrote: >> The problem isn't that we've been used to relay or gotten spam. >>The problem showed up when the server was tested (as it routinely >>is) for vulnerabilities. The test showed that it can be used as a >>relay and that means I have to take it off line or fix it or it >>will be taken off line (firewalled) for me. > >There are no relay exploits in 1.8b (assuming correct config).
The same hole is there in 1.8, sad but verified since the test sent me a relayed message using my server after the upgrade. The message was the same as in 1.7: >BAD HEADER Improper folded header field made up entirely of whitespace >(char 00 hex) in message header 'X-Envelope' so it probably is a new exploit that gets both 1.7 and 1.8 and that would explain why the testing 9 months ago didn't catch it. -Sven ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
