SpamAssassin 2010 Bug

Posted by Scott on Jan 10th, 2010

SpamAssassin is one of those mission-critical services that I run on my mail server, and if you haven’t heard, there is a bug in SpamAssassin that has been marking legitimate messages (ham) as spam if the date of the email was 2010 or later. Now that it really is 2010, this is a serious problem. More details about the bug can be found here.

I’ve confirmed that my CentOS 5.4 install was vulnerable and I had to apply a workaround. There are a couple of ways to do this. You can either edit your local.cf file and disable the rule with the following line (on CentOS it’s in /etc/mail/spamassassin/local.cf):

score FH_DATE_PAST_20XX 0.0

Or you can enable the cron job to run sa-update nightly, which I would recommend. My CentOS system had the cron entry commented out in /etc/cron.d/sa-update, so I uncommented it.

If you’re running spamd on your system, don’t forget to restart the service for the new rules to be reloaded.

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Links

Blog Badges

Open Source Bridge 2010 Badge Open Source Bridge 2010 Badge

Reject UltraViolet DRM Logo

[FSF Associate Member]

Recent Posts

Archives

Meta