Le 13 avr. 06 à 20:45, Matt Kettler a écrit :
Daniel Madaoui wrote:
<snip>
So I restart the spamd daemon whith this options
/usr/local/bin/spamd -d -m10 -u spamassassin ( spamassassin in an
user
with its directory /home/spamassassin/.spamassassin )
He try to use the .spamassassin directory who belong to root
(/root/.spamssassin/ )
Known bug, fixed in SA 3.1.0 and higher.
I installed the version 3.1.1 but I've got the same comportement. It
's not use the /home/spamassassin/.spamassassin directory for bayes
and auto-whitelist
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3900
Also be aware that unless your source has back ported fixes, SA
3.0.3 is
vulnerable to a two different DoS attacks triggered by sending it a
specially
crafted messages.
3.0.4, possibly older versions: "many to: headers" DoS vulnerability
http://secunia.com/advisories/17386/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351
3.0.1-3.0.3: malformed message with long headers DoS
http://secunia.com/advisories/15704/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266
