Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Heartbleed Bug & SpamFilter
  FAQ FAQ  Forum Search   Register Register  Login Login

Heartbleed Bug & SpamFilter

 Post Reply Post Reply
Author
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Topic: Heartbleed Bug & SpamFilter
    Posted: 10 April 2014 at 10:46pm
SpamFilter's SSL and TLS implementations use OpenSSL v1.0.1c libraries which are susceptible to the Heartbleed Bug (www.heartbleed.com).

In our tests we were able to confirm that SMTP connections which use TLS to encrypt the email traffic can expose sensitive data as described in the various advisories for the Heartbleed Bug. Connections made over SSL (if an SSL port has been configured in SpamFilter) are instead safe.

To resolve the issue admins should simply update the two OpenSSL v1.0.1c DLLs that are vulnerable. They are located in the SpamFilter's installation directory:

libeay32.dll
ssleay32.dll

You may download the patched OpenSSL files v1.0.1g from our website at:

To install them, simply stop SpamFilter, replace the two existing DLLs with the ones in the zip file, and restart SpamFilter.

Note - the new OpenSSL libraries require the Microsoft Visual C++ 2008 Redistributable to be installed on the server. If the VC++ libraries are not present, you can install them from Microsoft's website: 


Please contact us at support at logsat dot com if you need any additional information or assistance int he deployment.


Edited by LogSat - 15 July 2014 at 6:59pm
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 26 April 2015 at 3:08pm
The latest OpenSSL libraries available are 1.0.2a, and can be downloaded from:

http://www.logsat.com/SpamFilter/pub/Spamfilter-Openssl-1.0.2a-x86.zip (32bit)

Unlike the OpenSSL 1.0.1g above, these libraries should not need the MS Visual C++ 2008 redistributable installed on the server.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.199 seconds.