On Wed, 28 Feb 2018, Laurent Bigonville wrote: > Le 28/02/18 à 14:36, Alexander Wirt a écrit : > > On Wed, 28 Feb 2018, Laurent Bigonville wrote: > > > > > Le 28/02/18 à 14:28, Alexander Wirt a écrit : > > > > severity #891744 minor > > > > thanks > > > > > > > > On Wed, 28 Feb 2018, Laurent Bigonville wrote: > > > > > > > > > Package: amavisd-new > > > > > Version: 1:2.10.1-4 > > > > > Severity: important > > > > > > > > > Hi, > > > > > According to the RELEASE_NOTES: > > > > > > > > > > - due to popular demand to reduce undesired and unintentional > > > > > backscatter, > > > > > defaults for the settings $final_spam_destiny and > > > > > $final_banned_destiny > > > > > were changed. Previously they both defaulted to D_BOUNCE, new > > > > > defaults > > > > > are: > > > > > > > > > > $final_virus_destiny = D_DISCARD; > > > > > $final_banned_destiny = D_DISCARD; > > > > > $final_spam_destiny = D_PASS; > > > > > $final_bad_header_destiny = D_PASS; > > > > > > > > > > I think that the defaults should be updated in debian as well. > > > > > > > > > > I got my mail server banned from hotmail.com because of debian default > > > > > value being D_BOUNCE. > > > > This is more minor. The configuration is explicitly an example. If you > > > > run it > > > > unaudited noone can help you. I find it more dangerous just to drop > > > > mails by > > > > default, especially during the implementation of a proper policy it > > > > helps to > > > > see that things get lost. However, it is not important. > > > Well, spamming other people because you are generating DSN to random > > > addresses seems quite bad(tm) by my book. > > And people not reviewing example config on my. > > Then please at least add a comment telling that using D_BOUNCE in production > is actually dangerous and can lead to risks of people being banned from mail > providers (hotmail/gmail/...) or generate spam to other people. We will change it, I just disagreed on the severity.
Alex