On April 8, 2018 5:41:37 PM UTC, "Raphaël Halimi" <raphael.hal...@gmail.com>
>I report this bug following my own advice in .
>I have set the severity to wishlist, but from a security point of view,
>it could be considered much higher.
>The default Postfix configuration, when keeping the default debconf
>answers, listens on all network interfaces. Unlike what's said in
>#418511, this doesn't make it an open relay though, since mynetworks is
>restricted to localhost. Nevertheless, OP in  is IMHO quite right,
>this is still a "network-exposed attack surface".
>My rationale is : until Stretch, the "standard" installation comprised
>exim4-daemon-light, which fulfilled all dependencies on the
>"mail-transport-agent" virtual package, which in turn implicated that
>users installing Postfix did so manually, and knew what they were
>Unfortunately, from Stretch onward, now that no MTA is present in the
>standard installation, some dependencies chains can end up installing a
>random MTA "unexpectedly" (I put quotes around "unexpectedly", because
>one should always carefully read the list of installed dependencies
>installing a package, but we all know that users are not always that
>IMHO it would be wise to change the default answer to the debconf
>question "postfix/main_mailer_type" to "Local only" instead of
>site", in order to limit the security risk in case Postfix was
>"unexpectedly" due of an overlooked dependency chain.
Your example isn't relevant to Debian. In Ubuntu, Postfix is the default MTA.
In Debian, it's not. If a non-default MTA is being pulled in by a package that
only needs a generic MTA, then it's buggy and should be fixed.