It’s a builtin firewall rule enforced by gateways if the mail-filter package is installed.
Our proposal is to not enforce the builtin rule on new mail2 installations, based on the rspamd software.
For existing installations based on amavisd, the mail2-upgrade procedure can migrate the firewall rule to a “visible” state, under Firewall rules page, like any other firewall rule.
I understand the rationale behind the original policy, and I agree with you: it’s a safe default
However we must make the rule more visible. It seems documenting it is not enough.
Existing systems must not change their behavior suddenly.
This is a possible solution. However I’d prefer to enforce the rule by default also in mail2, avoiding policy changes. And make it visible from Firewall rules.