Ubuntu
amavisd-new package

Default Ubuntu configuration is backscatter source

Bug #306889 reported by Scott Kitterman
8
Affects Status Importance Assigned to Milestone
amavisd-new (Ubuntu)
Fix Released
High
Unassigned
Intrepid
Fix Released
High
Unassigned

Bug Description

Binary package hint: amavisd-new

Backscatter is something that must be avoided. It is an easy way to get your mail server blacklisted.

> /etc/amavis/conf.d/21-ubuntu_defaults:
> $warnbadhsender = 1;
> $warnbannedsender = 1;

These need to be dropped. Fixed in Jaunty already.

TEST CASE:

Send mail from a banned sender and see the bounce message.

Install from intrepid propsed. Repeat. Don't see a bounce message.

Revision history for this message
Scott Kitterman (kitterman) wrote :

Will upload SRU candidate to intrepid-proposed shortly.

Changed in amavisd-new:
importance: Undecided → High
status: New → Fix Released
assignee: nobody → kitterman
importance: Undecided → High
status: New → In Progress
Scott Kitterman (kitterman)
Changed in amavisd-new:
status: In Progress → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Revision history for this message
Martin Pitt (pitti) wrote :

Anyone (Scott?) who is actually using the intrepid-proposed version and can tell us whether it still works as expected?

Scott Kitterman (kitterman)
Changed in amavisd-new:
assignee: kitterman → nobody
Revision history for this message
Imre Gergely (cemc) wrote :

Not sure if I did the tests right, but here it is. I did the following:

- installed the stock amavisd-new on Intrepid, sent a test mail, and got a bounce back to the sender.
- removed amavisd-new with purge
- enabled intrepid-proposed, installed amavisd-new from there, checked the conf, the two options were gone
- sent the same test mail (with attached virus), and got back bounce message, because of this, I think:

root@utest-ii:/etc/amavis/conf.d# cat /etc/amavis/conf.d/21-ubuntu_defaults |grep banned_dest
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)

This would still bounce back a message to the sender. After changing this to D_DISCARD, I didn't get back any bounce mail. Double-checked the config file is indeed installed by the package from -proposed.

Revision history for this message
Imre Gergely (cemc) wrote :

Correction: the bounce is caused by a banned attachment, not a virus. Viruses get discarded. But the banned filenames still cause backscatter.

Revision history for this message
Martin Pitt (pitti) wrote :

Thanks for the testing. The remaining issue with the file names will be handled in bug 360689.

This update makes it better, but isn't perfect yet. Thus I'll move this to -updates now and we'll discuss the remainder in bug 360689.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package amavisd-new - 1:2.6.1.dfsg-2ubuntu1.1

---------------
amavisd-new (1:2.6.1.dfsg-2ubuntu1.1) intrepid-proposed; urgency=low

  * Drop settings from /etc/amavis/conf.d/21-ubuntu_defaults that could cause
    backscatter in the default configuration (LP: #306889)

 -- Scott Kitterman <email address hidden> Wed, 10 Dec 2008 14:00:33 -0500

Changed in amavisd-new (Ubuntu Intrepid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.