I know a lot of folks are sensitive about cost but at this point your organization has NO business running an older version of SmarterMail, 3CX, SonicWALL or X anything with known CVEs baked in. Even Ubuntu 24 had a ~10 Year old bug in Telnet with Auth Bypass that was just discovered a few months ago!!! Who is running Telent in 2026? Supposedly 80K Telnet's are open to the world! Why? If anyone does not want to run SmarterMail themselves then DM me and maybe I can HELP.

#1: I assume SmarterMail is NOT going to back port these CVE fixes and fix all or some of the now Legacy Versions of SmarterMail??!! Maybe a huge RED BANNER is needed or simply remove all these versions OR double or triple opt in?

If NOT then some user that is out of scope on these CVEs is not going to know about these issues and cause more harm in that all these OLD versions of SmarterMail prior to Build 9526 (Jan 30, 2026) are effectively defective! This should become a version Build demarc that we are starting over (Build 10000?) -- this is a watershed moment?

#2: Also, SmarterMail should now be looking at connections at the Web Server level and I'm seeing a lot of garbage of hackers trying to throw other things like wordpress, sql injection, and python scripts at the web server. I just scanned my new logfiles since the weekend and see ~4K python scripts (including "*.env*" requests) and ~9K PHP requests. Can we leverage all of this data as a honeypot that feeds into the IDS to block more bad actors? I am sure we will see more force-reset-password attempts and other things that don't belong in the future. We also have the https://modsecurity.org project to leverage as well.

#3: What about SmarterMail running its own file scanner of the installed files and with hashes can shutdown into a safe mode if a problem exists or when a file shows up in the wrong place. Most of SmarterMail Internals should be RO?