[Bug 1860315] Re: Default installation should be Local Only
My question remains: what do you get with the current default of Internet Site that is different to No Configuration? For instance, do you automatically get outbound email working out of the box, i.e. if I install it and then fire up mutt and send a message to somebody @gmail.com or at, say @ubuntu.com, will they actually receive it? Or is there more configuration you are expected to put in before it works? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860315 Title: Default installation should be Local Only To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1860315/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1860315] Re: Default installation should be Local Only
On Thursday, January 30, 2020 12:52:00 AM EST you wrote: > Thanks Scott. Sincere questions: do you have any evidence users > appreciate the current default? I'm asking myself what is the use case > in which a user wants postfix to be installed, listening on all > interfaces and yet.. unconfigured? > > And thanks Robie. Yeah, I honestly had no idea that the option would > have caused mail loss the moment the package got installed. I normally > don't worry too much about debconf options, because I know I can change > them later, and trust the maintainer to set a default that won't hurt. > This is one of those few cases where it isn't safe. It's impossible to know, but I think the case for changing a long-term default needs to be stronger than "I wasn't paying attention when I installed the package and it caused problems". That may sound harsh, but that's how it comes across to me. No configuration is an option. If I am understanding correctly, all you had to do was select it. Scott K -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860315 Title: Default installation should be Local Only To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1860315/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1860315] Re: Default installation should be Local Only
Thanks Scott. Sincere questions: do you have any evidence users appreciate the current default? I'm asking myself what is the use case in which a user wants postfix to be installed, listening on all interfaces and yet.. unconfigured? And thanks Robie. Yeah, I honestly had no idea that the option would have caused mail loss the moment the package got installed. I normally don't worry too much about debconf options, because I know I can change them later, and trust the maintainer to set a default that won't hurt. This is one of those few cases where it isn't safe. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860315 Title: Default installation should be Local Only To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1860315/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1860315] Re: Default installation should be Local Only
On Monday, January 27, 2020 5:05:06 AM EST you wrote: > Hi kiko, > > > I have a highly customized set up, with vhosts, ldap, etc, and I > > installed the package first to be able to configure it, and immediately > after installed I started dropping email. > > Clearly this was surprising to you. I would expect (knowing the > behaviour) that in your situation "No configuration" would be > appropriate choice, followed by manual or automatic configuration and > service enablement. > > Is the problem here perhaps instead that the "Internet Site" choice > wasn't clear that it would enable SMTP on all interfaces after automatic > configuration, rather than asking you further first? > > I'm on the fence about changing the default FWIW, so I wonder if we can > address this without changing it. The current default for postfix has been there approximately forever. I don't intend to change it in Debian, so if you take it up in Ubuntu, you'd have to maintain the diff. While I understand the theory of the bug, I think that changing a long standing default would also be very surprising to many users and should generally be avoided. Scott K -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860315 Title: Default installation should be Local Only To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1860315/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1860315] Re: Default installation should be Local Only
Hi kiko, > I have a highly customized set up, with vhosts, ldap, etc, and I installed the package first to be able to configure it, and immediately after installed I started dropping email. Clearly this was surprising to you. I would expect (knowing the behaviour) that in your situation "No configuration" would be appropriate choice, followed by manual or automatic configuration and service enablement. Is the problem here perhaps instead that the "Internet Site" choice wasn't clear that it would enable SMTP on all interfaces after automatic configuration, rather than asking you further first? I'm on the fence about changing the default FWIW, so I wonder if we can address this without changing it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860315 Title: Default installation should be Local Only To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1860315/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1860315] Re: Default installation should be Local Only
** Changed in: postfix (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860315 Title: Default installation should be Local Only To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1860315/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1860315] Re: Default installation should be Local Only
Right, I'm not suggesting leaving the postfix service off upon install, which would not fit the general model of Debian packages. I am suggesting the current behavior is not a good default, for the reasons I've already outlined. That could be fixed by defaulting to Local Only, or it could be fixed by asking which interfaces. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860315 Title: Default installation should be Local Only To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1860315/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1860315] Re: Default installation should be Local Only
What I imagine is that the bug submitter did want to configure a public MTA, so he chose the "Internet site" debconf answer (the "right" answer for his use case), and not "Local only". This led to a nonfunctional setup, e.g. because he has ldap users, and the debconf setup of Postfix supports only very basic configurations. I too find this less than optimal, however I'm not sure I have a better solution that works better in every case. One idea could be the following: add a debconf question asking on which interface Postfix should listen on. Currently when selecting "Internet site" we get this setting in main.cf: inet_interfaces = all Other valid settings are "loopback-only" or explicit IP addresses [0]. A debconf question, defaulting to "all", could ask on which interfaces/IPs listen on, suggesting to use an internal IP address for testing before exposing the service to the public Internet. [0] http://www.postfix.org/postconf.5.html#inet_interfaces -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860315 Title: Default installation should be Local Only To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1860315/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1860315] Re: Default installation should be Local Only
Hello Christian, thanks for filing this bug in Ubuntu. I think your point number 2 has been discussed many times in the past, and it's one of the opinionated differences between debian systems and, say fedora ones. In debian, the opinion is that services should be running with sensible defaults right after installation. There are pros and cons to both. The first point is a bit more concerning, though. I was just wondering what led you to this situation, given there are debconf questions covering exactly this use case. Was it a "next -> next -> finish" type of install, and as such you got that undesired (in your case) default by accident, or was this some sort of automated install where debconf questions cannot be answered unless they are seeded beforehand, like landscape-client for example? ** Changed in: postfix (Ubuntu) Status: New => Incomplete ** Tags removed: server-triage-discuss -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860315 Title: Default installation should be Local Only To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1860315/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1860315] Re: Default installation should be Local Only
Hello Christian, thanks for filing this bug in Ubuntu. I think your point number 2 has been discussed many times in the past, and it's one of the opinionated differences between debian systems and, say fedora ones. In debian, the opinion is that services should be running with sensible defaults right after installation. There are pros and cons to both. The first point is a bit more concerning, though. I was just wondering what led you to this situation, given there are debconf questions covering exactly this use case. Was it a "next -> next -> finish" type of install, and as such you got that undesired (in your case) default by accident, or was this some sort of automated install where debconf questions cannot be answered unless they are seeded beforehand, like landscape-client for example? ** Changed in: postfix (Ubuntu) Status: New => Incomplete ** Tags removed: server-triage-discuss -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to postfix in Ubuntu. https://bugs.launchpad.net/bugs/1860315 Title: Default installation should be Local Only To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1860315/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1860315] Re: Default installation should be Local Only
** Tags added: server-triage-discuss -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860315 Title: Default installation should be Local Only To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1860315/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1860315] Re: Default installation should be Local Only
** Tags added: server-triage-discuss -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to postfix in Ubuntu. https://bugs.launchpad.net/bugs/1860315 Title: Default installation should be Local Only To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1860315/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1860315] Re: Default installation should be Local Only
** Description changed: At the moment, an apt-get install postfix has Internet Site as the default, which leaves postfix running and listening on all interfaces. I'm aware of some history around this, i.e. bug 29741, but I don't think that rationale actually makes sense. We should listen on localhost for the default installation path, i.e. Local Only should be the default. There are two important reasons why listening on localhost only is sensible: 1. MTA interactions are "stateful", and by this I mean: once an email server is listening as an MX, a transmitting MTA will consider answers from it definitive. If the MX says user doesn't exist, or otherwise rejects the email, then that is final. 2. Once you run an MTA on a public interface on a public host, such as on a public cloud instance, it is immediately available over to probing and attacking. The first is actually what bit me personally -- I have a highly - customized set up, with vhosts, ldap, etc, and I couldn't figure out + customized set up, with vhosts, ldap, etc, and I installed the package + first to be able to configure it, and immediately after installed I + started dropping email. Others have discussed this in the past, including https://major.io/2015/10/14/what-i-learned-while-securing-ubuntu/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860315 Title: Default installation should be Local Only To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1860315/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
