I am sorry, I was sure I had saved this information but it seems I hadn't. there were several fixes proposed, one of which was a port of (I believe) netbsd's /usr/libexec/mail.local. this is the one I am really interested in. so if someone would mail the exploit and fix information to me I would surely appreciate it. josh