Hacker News new | past | comments | ask | show | jobs | submit login

I can't tell but is postfix affected?



Yes, there are configuration mitigations though. Also, a patch is in the works:

https://www.mail-archive.com/postfix-announce@postfix.org/ms...


"Mitigation" suggests that the config change makes the problem less severe. This config change is a complete fix for the problem, although for a high-volume server that handles a lot of lists, it might impact performance.

Add me to the list of people who are annoyed that they didn't give due notice to the Postfix maintainers.


From the postfix post:

> A short-term workaround can be deployed now, before the upcoming long holiday and associated production change freeze.

> NOTE: This will stop only the published form of the attack. Other forms exist that will not be stopped in this manner.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: