I report this bug following my own advice in .
I have set the severity to wishlist, but from a security point of view,
it could be considered much higher.
The default Postfix configuration, when keeping the default debconf
answers, listens on all network interfaces. Unlike what's said in
#418511, this doesn't make it an open relay though, since mynetworks is
restricted to localhost. Nevertheless, OP in  is IMHO quite right,
this is still a "network-exposed attack surface".
My rationale is : until Stretch, the "standard" installation comprised
exim4-daemon-light, which fulfilled all dependencies on the
"mail-transport-agent" virtual package, which in turn implicated that
users installing Postfix did so manually, and knew what they were doing.
Unfortunately, from Stretch onward, now that no MTA is present in the
standard installation, some dependencies chains can end up installing a
random MTA "unexpectedly" (I put quotes around "unexpectedly", because
one should always carefully read the list of installed dependencies when
installing a package, but we all know that users are not always that
IMHO it would be wise to change the default answer to the debconf
question "postfix/main_mailer_type" to "Local only" instead of "Internet
site", in order to limit the security risk in case Postfix was installed
"unexpectedly" due of an overlooked dependency chain.