[Gllug] Forwarded Spam message which SA missed [Fwd: Hey bro,

Nix nix at esperi.org.uk
Wed Jan 18 00:00:17 UTC 2006


On Mon, 16 Jan 2006, Chris Bell said:
> On Sun 15 Jan, Nix wrote:
>> If that's still not good enough, you can feed a failing message through
>> `spamassassin -D' and I'll have a look at that.
[...]
>    Could the following be relevant?
[...]
>> Package        : fetchmail
[...]
>> CVE ID         : CVE-2005-4348
>> 
>> Daniel Drake discovered a problem in fetchmail, an SSL enabled POP3,
>> APOP, IMAP mail gatherer/forwarder, that can cause a crash when the
>> program is running in multidrop mode and receives messages without
>> headers.

No, that bug causes fetchmail to *crash*, so it never delivers the
message to any MTA or delivery agent at all, and it never reaches
SpamAssassin.

(It also only happens if you're POPping from hostile servers, or perhaps
non-hostile but very-badly-written ones. POPping from hostile servers is
probably a lot less common than SMTP reception from hostile servers...)

-- 
`Logic and human nature don't seem to mix very well,
 unfortunately.' --- Velvet Wood
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list