--
TMDA is an OSI certified software application designed to significantly
reduce the amount of SPAM/UCE (junk-mail) you receive. TMDA combines a
"whitelist" (for known/trusted senders), a "blacklist" (for undesired
senders), and a cryptographically enhanced confirmation system (for
unknown, but legitimate senders). TMDA strives to be more effectual, yet
less time-consuming than traditional filters.
WWW: http://tmda.sourceforge.net/
--
This note is to announce the availability of the Pine Message System version
4.44. The purpose of this release is to fix a security bug with the treatment
of quotes in the URL-handling code. The bug allows a malicious sender to
embed commands in a URL. This bug is present in all versions of UNIX Pine.
There is no vulnerability from this bug in PC-Pine.
- Fix a remotely exploitable bug in mutt.
- For the time being, I disabled the compressed FLAVOR since the updated patch
is not yet available for the current version.
Version 3.34
------------
1. Exim was failing to diagnose a lone \ at the end of an expansion string as
an error (basically a typo in the code).
2. If logging was only to syslog, and Exim was trying to panic-die, it crashed
instead of dying cleanly.
3. If an address was routed using a DNS lookup that found no MX records, but
one or more A records, and fallback hosts were specified on the transport, the
fallback hosts were ignored.
4. $message_body_size was set incorrectly (to zero) during filter testing.
5. Ensure the configuration file is closed before running the -bi command.
6. Reap all complete processes within the loop for accepting -bs or -bS
messages, because it seems that not all OS do this automatically when SIGCHLD
is set to SIG_IGN.
7. Reset SIGHUP to SIG_IGN before restarting a daemon, in case another SIGHUP
arrives very quickly and kills the newly started Exim before it has a chance to
get going.
8. After "452 space shortage", was not unsetting the sender address. Could lead
to strange effects when the client was pipelining.
9. There was no check that getpeername() was giving a socket address when
called on stdin passed from a previous delivery.
10. If a local part beginning with a pipe symbol was directed to a pipe
transport, the transport got confused as to which command it should run.
This could be a security exposure if unchecked local parts are directed
or routed to pipe transports.
filtering network. Razor establishes a distributed and constantly
updating catalogue of spam in propagation. This catalogue is used by
clients to filter out known spam. On receiving a spam, a Razor Reporting
Agent (run by an end-user or a troll box) calculates and submits a
20-character unique identification of the spam (a SHA Digest) to its
closest Razor Catalogue Server. The Catalogue Server echos this
signature to other trusted servers after storing it in its database.
Prior to manual processing or transport-level reception, Razor Filtering
Agents (end-users and MTAs) check their incoming mail against a
Catalogue Server and filter out or deny transport in case of a signature
match. Catalogued spam, once identified and reported by a Reporting
Agent, can be blocked out by the rest of the Filtering Agents on the
network.
WWW: http://razor.sourceforge.net/
Submitted by Marc Matteo <marcm@lectroid.net>
Mboxgrep is a small utility that scans a mailbox for messages matching
a regular expression. Found messages can be either displayed on standard
output, counted, deleted, piped to a shell command or written to another
mailbox.
