PDA

View Full Version : [non DA related bug] Exim 4.x & Exim 3.x

Icheb
05-12-2004, 01:17 AM
For everyone who's still running Exim 4.24 or older, it is really recommended you update.

Due to the following:
http://secunia.com/advisories/11558/?menu=prod

The following guide will allow you to update to 4.32, so i recommend not using it:
http://www.directadmin.com/forum/showthread.php?s=&threadid=2990
This vulnerability has been reported in versions 3.35 and 4.32. Other versions are likely also affected.
Link to the latest version (Exim 4.34) I could find on official FTP:
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.34.tar.gz

Can now anyone make a nice guide on how to update using source and retain the MailScanner with ClamAV & Spamasssin options ? :D
jlasman
05-12-2004, 09:07 AM
The page you point to shows two vulnerabilities.

The default exim.conf file (and our own) do not turn on any of the options required for either of them.

Unless you've actually changed your exim.conf file to allow the vulnerabilty, you have nothing to worry about at this time.

Jeff
ProWebUK
05-12-2004, 09:25 AM
Originally posted by Icheb
The following guide will allow you to update to 4.32, so i recommend not using it:
http://www.directadmin.com/forum/showthread.php?s=&threadid=2990
This vulnerability has been reported in versions 3.35 and 4.32. Other versions are likely also affected.


Read it again....


Version 4.32 is reportedly not vulnerable.



Solution:
Upgrade to version 4.32 and disable header syntax checking in "exim.conf" if enabled.


;)

Chris
dr2web
05-23-2004, 05:52 PM
I was thinking of upgrading my exim. I am trying to use MAPS RBL as is mentioned on http://mail-abuse.org to try and cut down on the amount of spam that we have going in and out of our server...

When I follow the directions at mail-abuse.org and exim.org I end up getting error messages and total mail loss in and out of the server.

How would anyone here suggest cutting the spam in and out of the server? And, how would I go about implementing a blacklist on the server? It appears that there is a custom build of exim, I am just getting frustrated.

Thanks for the help.
jlasman
05-31-2004, 12:59 PM
See my SpamBlocker version of exim.conf here (http://www.directadmin.com/forum/showthread.php?s=&threadid=3145&highlight=spamblocker).

Then just edit it to use the blocklists you want to use.

Jeff