*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Tyler Hicks (tyhicks):
Last night during the nightly package updates, a new package for postfix was
installed.
This upgrade changed one setting in our configuration file, which I found while
running puppet today:
--- /etc/postfix/main.cf 2012-07-20 06:39:29.604457077 +0200
+++ /tmp/puppet-file20120720-30505-1kjfj0d-0 2012-07-20 13:57:28.712126751
+0200
@@ -37,4 +37,4 @@
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
-inet_interfaces = all
+inet_interfaces = loopback-only
While changing settings behind a user's back is a problem in itself
(package upgrades should never revert changes in config files made by
the user), this particular case is also a security vulnerability because
it changes the mail server from a local server to one that is accessible
from the internet, possibly creating a spam proxy.
If it is any help for troubleshooting: I don't configure postfix using
dpkg. Puppet installs the package and the configuration file.
** Affects: postfix (Ubuntu)
Importance: Undecided
Status: New
--
Postfix upgrade to 2.9.3-2~12.04.1 changes configuration files
https://bugs.launchpad.net/bugs/1027061
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
