CVE-2019-13612

Name of the Vulnerable Software and Affected Versions MDaemon Email Server versions 19 through 20.0.1

Description The issue concerns the default behavior of skipping SpamAssassin checks for email messages larger than 2 MB. This behavior might interfere with risk management for malicious email, potentially allowing large malicious emails to bypass checks. The default limit of checks to 10 MB, even with special configuration, could also impact the effectiveness of spam filtering for larger messages.

Recommendations For MDaemon Email Server versions 19 through 20.0.1, consider configuring the server to scan large messages or implement additional risk management measures to mitigate the risk of malicious emails bypassing SpamAssassin checks. As a temporary workaround, restrict the acceptance of large email messages until a more comprehensive solution is available.