Viktor Dukhovni:
> > On May 22, 2019, at 1:50 PM, MRob <mro...@insiberia.net> wrote:
> >
> > Thank you for pointing it out. Why is default for the setting same as
> > header_checks? I don't understand the common need for smtp server to run
> > the same header checks on attachment headers, can someone explain?
>
> This is backwards-compatibility. I agree that in most cases you'll
> want nested_header_checks to either be empty, or written specifically
> to handle some appropriate requirement, separate from the primary
> header checks.
Header_checks was introduced to stop malware, and for that reason
it was definitely desirable to inspect attached messages, too.
But I agree, changing defaults is painful.
Wietse
