Walter Smith: > Hi there! > ? > How severe this bug is? Please read the announcement, section "overview and impact". http://www.postfix.org/CVE-2011-0411.html
"This is not as big a problem as it may appear to be. The reason
is that many SMTP client applications don't verify server TLS
certificates. These SMTP clients are always vulnerable to command
injection and other attacks. Their TLS sessions are only encrypted
but not protected."
Wietse
