[non DA related bug] Exim 4.x & Exim 3.x

Icheb

Icheb

Verified User
Joined
Sep 15, 2003
Messages
556
Location
The Netherlands
For everyone who's still running Exim 4.24 or older, it is really recommended you update.

Due to the following:
http://secunia.com/advisories/11558/?menu=prod

The following guide will allow you to update to 4.32, so i recommend not using it:
http://www.directadmin.com/forum/showthread.php?s=&threadid=2990
This vulnerability has been reported in versions 3.35 and 4.32. Other versions are likely also affected.
Link to the latest version (Exim 4.34) I could find on official FTP:
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.34.tar.gz

Can now anyone make a nice guide on how to update using source and retain the MailScanner with ClamAV & Spamasssin options ? :D
 
The page you point to shows two vulnerabilities.

The default exim.conf file (and our own) do not turn on any of the options required for either of them.

Unless you've actually changed your exim.conf file to allow the vulnerabilty, you have nothing to worry about at this time.

Jeff
 
I was thinking of upgrading my exim. I am trying to use MAPS RBL as is mentioned on http://mail-abuse.org to try and cut down on the amount of spam that we have going in and out of our server...

When I follow the directions at mail-abuse.org and exim.org I end up getting error messages and total mail loss in and out of the server.

How would anyone here suggest cutting the spam in and out of the server? And, how would I go about implementing a blacklist on the server? It appears that there is a custom build of exim, I am just getting frustrated.

Thanks for the help.
 
See my SpamBlocker version of exim.conf here.

Then just edit it to use the blocklists you want to use.

Jeff
 
You must log in or register to reply here.
Back
Top