Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Help

New libspf2 release

 

 

SPF help RSS feed   Index | Next | Previous | View Threaded


scott at kitterman

Oct 15, 2008, 9:59 AM

Post #1 of 5 (1767 views)
Permalink
New libspf2 release

There is (at last) a new libspf2 release. All the patches that I had
collected from people were looked at and the issues addressed either by that
patch or with an alternative solution (the maintainer had patches from
multiple sources and sometimes they overlapped). All of you who contributed,
thank you.

In addition to the run of the mill bugfixes, this release also includes a
security fix for a buffer overflow. I understand a CVE will be published
soon at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-2469

Because of the large numer of fixes for significant bugs (a number of memory
leaks are fixed in addition to the overflow), anyone using libspf2 should
seriously consider upgrading very soon.

The upstream release announcement is here:

http://libspf2.org/index.html

The new version can be downloaded from here:

http://libspf2.org/download.html

A number of vendors and distributors that provide libspf2 were contacted and
are in varying states of providing updates.

For Ubuntu Linux a patch to correct the buffer overflow has been uploaded for
all supported releases and will be published soon. I intend to upload the
new 1.2.8 to the current development release and will explore backporting it
to earlier releases.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


friz at godshell

Oct 15, 2008, 10:35 AM

Post #2 of 5 (1678 views)
Permalink
Re: New libspf2 release [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Oct 15, 2008, at 12:59 PM, Scott Kitterman wrote:
> There is (at last) a new libspf2 release. All the patches that I had
> collected from people were looked at and the issues addressed either
> by that
> patch or with an alternative solution (the maintainer had patches from
> multiple sources and sometimes they overlapped). All of you who
> contributed,
> thank you.

I've been running libspf 1.0 for quite a while now. Though,
apparently, the author of that library up and vanished at some point,
so it hasn't been updated since 2005 or so. Is libspf2 a drop in
replacement, or will code need to be altered to fit?

> Scott K

Thanks,

- ---------------------------
Jason 'XenoPhage' Frisvold
Engine / Technology Programmer
friz [at] godshell
RedHat Certified - RHCE # 803004140609871
MySQL Pro Certified - ID# 207171862
MySQL Core Certified - ID# 205982910
- ---------------------------
"Something mysterious is formed, born in the silent void. Waiting alone
and unmoving, it is at once still and yet in constant motion. It is the
source of all programs. I do not know its name, so I will call it the
Tao of Programming."

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkj2Kd0ACgkQhR5xme3cl745TACgpwB9U+qlMfY+Ykr1evbdOkqK
IF8Ani1dHhGFjpd9WS8kMexOfmEO/EuI
=Vkn7
-----END PGP SIGNATURE-----


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


scott at kitterman

Oct 15, 2008, 1:29 PM

Post #3 of 5 (1664 views)
Permalink
Re: New libspf2 release [In reply to]

On Wednesday 15 October 2008 13:35, Jason Frisvold wrote:
> On Oct 15, 2008, at 12:59 PM, Scott Kitterman wrote:
> > There is (at last) a new libspf2 release. All the patches that I had
> > collected from people were looked at and the issues addressed either
> > by that
> > patch or with an alternative solution (the maintainer had patches from
> > multiple sources and sometimes they overlapped). All of you who
> > contributed,
> > thank you.
>
> I've been running libspf 1.0 for quite a while now. Though,
> apparently, the author of that library up and vanished at some point,
> so it hasn't been updated since 2005 or so. Is libspf2 a drop in
> replacement, or will code need to be altered to fit?

Code does need to be changed to work with it. If you switch, I think you'll
find that libspf2 is slightly more CPU intensive, but it does many more
checks for validity and has a much more robust implementation of processing
limits. I generally recommend migration from libspf to libspf2, particularly
now that libspf2 is being actively maintained again.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


steve at teamITS

Oct 31, 2008, 2:32 PM

Post #4 of 5 (1611 views)
Permalink
RE: New libspf2 release [In reply to]

>>> There is (at last) a new libspf2 release.

Hi Scott,

At libspf2.org/download.html, do you know if the Sendmail
spfmilter v1.0.8 is different than the "spfmilter site" listed that
shows it in beta since 2005?

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Wisdom of Bart: I do not have diplomatic immunity

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


scott at kitterman

Oct 31, 2008, 2:38 PM

Post #5 of 5 (1609 views)
Permalink
Re: New libspf2 release [In reply to]

On Friday 31 October 2008 17:32, Steve Yates wrote:
> >>> There is (at last) a new libspf2 release.
>
> Hi Scott,
>
> At libspf2.org/download.html, do you know if the Sendmail
> spfmilter v1.0.8 is different than the "spfmilter site" listed that
> shows it in beta since 2005?
>

I'm pretty sure it's the same.

http://hcpnet.free.fr/milter-greylist/

seems to be actively maintained and also supports libspf2.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

SPF help RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.