Package: postfix
Version: 2.7.1-1+squeeze1
Severity: important
Hi There,
We just had our monthly PCI Scan with Qualys come back with a fail for postfix
(and dovecot, but I'm yet to look at that to see if dovecot has a config option
to fix this..), relating to CVE-2012-4929.
I see that the debian project has had bugs raised and fixed against this CVE
entry for lighttpd, apache, and nginx. But not for much else.
After much googling, and trawling through postfix source, I can't find an
option which disables compression, so decided it was time to lodge a bug to
raise the question/issue to those with far more postfix knowledge than I :)
Is there a configuration option which I'm missing, or is this something for
which I'll need to wait on a patch for?
Thanks,
Damien
-- System Information:
Debian Release: 6.0.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages postfix depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii dpkg 1.15.8.13 Debian package management system
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
ii libsasl2-2 2.1.23.dfsg1-7 Cyrus SASL - authentication abstra
ii libssl0.9.8 0.9.8o-4squeeze14 SSL shared libraries
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii netbase 4.45 Basic TCP/IP networking system
ii ssl-cert 1.0.28 simple debconf wrapper for OpenSSL
Versions of packages postfix recommends:
ii python 2.6.6-3+squeeze7 interactive high-level object-orie
Versions of packages postfix suggests:
ii bsd-mailx [mail-re 8.1.2-0.20100314cvs-1 simple mail user agent
ii libsasl2-modules 2.1.23.dfsg1-7 Cyrus SASL - pluggable authenticat
ii mutt [mail-reader] 1.5.20-9+squeeze2 text-based mailreader supporting M
pn postfix-cdb <none> (no description available)
pn postfix-ldap <none> (no description available)
ii postfix-mysql 2.7.1-1+squeeze1 MySQL map support for Postfix
pn postfix-pcre <none> (no description available)
pn postfix-pgsql <none> (no description available)
ii procmail 3.22-19 Versatile e-mail processor
pn resolvconf <none> (no description available)
ii sasl2-bin 2.1.23.dfsg1-7 Cyrus SASL - administration progra
pn ufw <none> (no description available)
-- Configuration Files:
/etc/postfix/main.cf, TLS Parameters:
smtpd_tls_cert_file=/etc/ssl/private/ourcert.pem
smtpd_tls_key_file=/etc/ssl/private/ourcert.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_ciphers = medium
smtpd_tls_protocols=!SSLv2
smtpd_tls_mandatory_ciphers=high
smtpd_tls_exclude_ciphers=aNULL,MD5,DES
-- debconf information:
postfix/root_address:
postfix/rfc1035_violation: false
postfix/mydomain_warning:
postfix/mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
* postfix/mailname: smtp01.iconbusinessgroup.com
postfix/tlsmgr_upgrade_warning:
postfix/recipient_delim: +
* postfix/main_mailer_type: Internet Site
postfix/destinations: smtp01.iconbusinessgroup.com, smtp01,
localhost.localdomain, localhost
postfix/retry_upgrade_warning:
postfix/kernel_version_warning:
postfix/not_configured:
postfix/mailbox_limit: 0
postfix/relayhost:
postfix/procmail: true
postfix/bad_recipient_delimiter:
postfix/protocols: all
postfix/chattr: false
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
