SpamAssassin 2010 Bug

Posted by Scott on Jan 10th, 2010

SpamAssassin is one of those mission-critical services that I run on my mail server, and if you haven’t heard, there is a bug in SpamAssassin that has been marking legitimate messages (ham) as spam if the date of the email was 2010 or later. Now that it really is 2010, this is a serious problem. More details about the bug can be found here.

I’ve confirmed that my CentOS 5.4 install was vulnerable and I had to apply a workaround. There are a couple of ways to do this. You can either edit your local.cf file and disable the rule with the following line (on CentOS it’s in /etc/mail/spamassassin/local.cf):

score FH_DATE_PAST_20XX 0.0

Or you can enable the cron job to run sa-update nightly, which I would recommend. My CentOS system had the cron entry commented out in /etc/cron.d/sa-update, so I uncommented it.

If you’re running spamd on your system, don’t forget to restart the service for the new rules to be reloaded.

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Blog Badges



[FSF Associate Member]

Archives