On April 8, 2018 5:41:37 PM UTC, "Raphaël Halimi" <raphael.hal...@gmail.com> 
>Package: postfix
>Version: 3.3.0-1
>Severity: wishlist
>I report this bug following my own advice in [1].
>I have set the severity to wishlist, but from a security point of view,
>it could be considered much higher.
>The default Postfix configuration, when keeping the default debconf
>answers, listens on all network interfaces. Unlike what's said in
>#418511, this doesn't make it an open relay though, since mynetworks is
>restricted to localhost. Nevertheless, OP in [1] is IMHO quite right,
>this is still a "network-exposed attack surface".
>My rationale is : until Stretch, the "standard" installation comprised
>exim4-daemon-light, which fulfilled all dependencies on the
>"mail-transport-agent" virtual package, which in turn implicated that
>users installing Postfix did so manually, and knew what they were
>Unfortunately, from Stretch onward, now that no MTA is present in the
>standard installation, some dependencies chains can end up installing a
>random MTA "unexpectedly" (I put quotes around "unexpectedly", because
>one should always carefully read the list of installed dependencies
>installing a package, but we all know that users are not always that
>IMHO it would be wise to change the default answer to the debconf
>question "postfix/main_mailer_type" to "Local only" instead of
>site", in order to limit the security risk in case Postfix was
>"unexpectedly" due of an overlooked dependency chain.
>[1] https://bugs.launchpad.net/debian/+source/tlp/+bug/1758798

Your example isn't relevant to Debian.  In Ubuntu, Postfix is the default MTA.  
In Debian, it's not.  If a non-default MTA is being pulled in by a package that 
only needs a generic MTA, then it's buggy and should be fixed.

Scott K

Reply via email to