Today I eat humble pie…
As webmail client I have long used squirrelmail, but had moved over to RoundCube. At the time of the install I pulled from svn – got it running and moved on.
Logging into my postmaster/abuse account today I was greeted with over 6000 bounced e-mails. The cluprit was a long-fixed bug in RoundCube’s code.
http://secunia.com/advisories/cve_reference/CVE-2008-5619/
While generally very strick on code review and a stickler for running the best stable code releases I was caught napping this time ;-(
Problem fixed, now to try get my IP delisted from some of the blacklists……