On Sat, Aug 28, 2010 at 06:24:31PM +0200, gregor herrmann wrote: > On Sun, 15 Aug 2010 15:29:17 +0100, Dominic Hargreaves wrote:
> > - did you consider removing the recipient callout verification in the > > defer rule too? My reading of the config is that you'd need to remove > > that too to have the desired effect, but your patch doesn't include it > > The 'defer' stanza looks different: > i.e. there are more conditions, notably the 'domains = ' check. > Adding this to the 'deny' stanza might also be a solution. Ah yes, well spotted :) Adding 'domains' is going to be a better solution than removing the callout altogether. > > - I disagree with the security tag, and the severity, since I've had this > > configuration running for quite some time and haven't experienced the > > problems you describe (possibly because my antispam measures vary in > > other ways). Therefore the problem demonstrably does not make the > > package unusable. > > Agreed, although I have to admit that I'm running it with domains= in deny :) Right. The impact of adding 'domains=' to the deny ACL is going to be quite low so I think it's safe to upload this fix as an NMU, which I will therefore plan to do soon. Note that this won't fix existing installs; this simply isn't possible with the current setup. I plan to look at fixing #321025 too, if possible. Thanks for your input. Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org