Re: [SPAM] Re: REPLYTO_WITHOUT_TO_CC

Wed, 05 Feb 2020 08:39:28 -0800 

Thanks for help!


Notice:
same mail on Debian 10 Server Rule dont hit....

spamassassin -V
SpamAssassin version 3.4.2
 running on Perl version 5.28.1


on this server i have installed updates

Debian 9.11 Server which rule was hit: # damn this sounds so wrong

spamassassin -V
SpamAssassin version 3.4.2
  running on Perl version 5.24.1

apt list --upgradable
spamassassin/oldstable 3.4.2-1~deb9u3 all [upgradable from: 3.4.2-1~deb9u1]


Am 05.02.20 um 17:14 schrieb Matus UHLAR - fantomas:

On 05.02.20 17:18, Henrik K wrote:
>The error can only happen if there was unquoted $ in regex.
>
>header   __ZMIfish_ForgedBill01 Message-ID =~ /$Blat.v3/
>
>Newer 3.4.4 don't care about such things, you should upgrade asap since
>there are vulnerabilities.



On Wed, Feb 05, 2020 at 04:55:33PM +0100, Matus UHLAR - fantomas wrote:

the OP reported using debian, which has those bugs fixed in 3.4.2.
developers have backported fixed into the old version.


On 05.02.20 17:58, Henrik K wrote:

It's clearly not using debian version or then the backport is lacking fixes.
I have not reviewed it personally so there are no guarantees.


it's possible that the OP doesn't have security updates installed.

Philipp, please check which SA version you have:

% apt-cache policy spamassassin
spamassassin:
  Installed: 3.4.2-1+deb10u2
  Candidate: 3.4.2-1+deb10u2
  Version table:
*** 3.4.2-1+deb10u2 500
        500 http://security.debian.org/debian-security buster/updates/main i386 
Packages
        100 /var/lib/dpkg/status
     3.4.2-1 500
        500 file:/mount/mirrors/debian buster/main i386 Packages


if it's not 3.4.2-1+deb10u2 (or 3.4.2-1~deb9u3 on Debian 9), try installing
security updated.

I recommend you installing unattended-upgrades package and enabling security
updates, so security updates are installed automatically.



--
Philipp Ewald
Administrator

DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln
Telefon: +49 221 6500-532, Fax: +49 221 6500-690, E-Mail: 
philipp.ew...@digionline.de

AG Köln HRB 27711, St.-Nr. 5215 5811 0640
Geschäftsführer: Werner Grafenhain

Informationen zum Datenschutz: www.digionline.de/ds

Reply via email to