Package: postfix Version: 3.3.0-1 Severity: wishlist Hi,
I report this bug following my own advice in [1]. I have set the severity to wishlist, but from a security point of view, it could be considered much higher. The default Postfix configuration, when keeping the default debconf answers, listens on all network interfaces. Unlike what's said in #418511, this doesn't make it an open relay though, since mynetworks is restricted to localhost. Nevertheless, OP in [1] is IMHO quite right, this is still a "network-exposed attack surface". My rationale is : until Stretch, the "standard" installation comprised exim4-daemon-light, which fulfilled all dependencies on the "mail-transport-agent" virtual package, which in turn implicated that users installing Postfix did so manually, and knew what they were doing. Unfortunately, from Stretch onward, now that no MTA is present in the standard installation, some dependencies chains can end up installing a random MTA "unexpectedly" (I put quotes around "unexpectedly", because one should always carefully read the list of installed dependencies when installing a package, but we all know that users are not always that careful). IMHO it would be wise to change the default answer to the debconf question "postfix/main_mailer_type" to "Local only" instead of "Internet site", in order to limit the security risk in case Postfix was installed "unexpectedly" due of an overlooked dependency chain. [1] https://bugs.launchpad.net/debian/+source/tlp/+bug/1758798 Regards, -- Raphaël Halimi
