[Bug 360689] [NEW] Default Ubuntu configuration is backscatter source in Jaunty
Imre Gergely
gimre at narancs.net
Mon Apr 13 21:29:38 BST 2009
Public bug reported:
Binary package hint: amavisd-new
The default Jaunty config of amavisd-new comes with the option
$final_banned_destiny set to D_BOUNCE. This setting causes mail with
banned attachments (like .com files) getting bounced back to the sender.
This in turn can cause backscatter, which is a sure way to getting the
server blacklisted.
TEST CASE:
install stock amavisd-new from Jaunty, configure postfix content_filter to use amavisd-new, start both, send a mail with ie eicar's testing signature (attaching eicar.com to the mail). The file gets banned, and bounce message goes back to the sender.
Edit /etc/amavisd-new/conf.d/21-ubuntu_defaults, and set $final_banned_destiny to D_DISCARD. Restart, send mail, no bounce.
** Affects: amavisd-new (Ubuntu)
Importance: Undecided
Status: New
--
Default Ubuntu configuration is backscatter source in Jaunty
https://bugs.launchpad.net/bugs/360689
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to amavisd-new in ubuntu.
More information about the Ubuntu-server-bugs
mailing list