Dear calcite@setec.org, spamd is trusted service. Exim sends whole received message to spamd. To configure untrusted spamd means to give access to all your mail and is vulnerability by itself. --Sunday, May 13, 2007, 9:18:59 AM, you wrote to bugtraq@securityfocus.com: cso> EXPLOITATION: cso> cso> Exploiting this bug would require social engineering and a fake spamd server. Obviously you will need to get an administrator to add your fake server to exim config. cso> cso> Solution : cso> cso> Run spamd locally or only add trusted spamd servers to your config ( have legitimate credentials). cso> Refferences---- -- ~/ZARAZA http://securityvulns.com/