Timo Sirainen <tss@iki.fi> writes: > These overflows are found at least in version 2.1.9, none of them are > present in 1.5.28. 2.1.10 was just released which fixed the problems. > > Note that besides the Cyrus project itself, the SASL library is also used > by Postfix-TLS patch, OpenLDAP and probably some other servers. Dr. Lutz Jänicke, maintainer of the Postfix-TLS patch, has just stated on the Postfix-Users list that the Postfix-TLS patch does not use SASL. Links to the list archives, pick a random one to distribute load: 1 http://marc.theaimsgroup.com/?l=postfix-users&m=103950709607868&w=2 2 http://archives.neohapsis.com/archives/postfix/2002-12/1067.html 3 http://article.gmane.org/gmane.mail.postfix.user/25377 4 http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&selm=at46qh%24676%241%40FreeBSD.csie.NCTU.edu.tw 5 http://msgs.securepoint.com/cgi-bin/get/postfix0212/245/2.html 6 roll your die again Postfix can be compiled to use SASL, but this is not the default when compiled from source, but requires additional configuration. Some distributors enable SASL for their packages by default though, watch for their announcements, but also check if your Postfix version uses SASL1 or SASL2. -- Matthias Andree
