[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: jessie release goals

]] Vincent Lefevre 

> On 2013-05-13 13:01:27 +0200, Tollef Fog Heen wrote:
> > ]] Vincent Lefevre
> > 
> > > On 2013-05-12 18:51:10 +0200, Tollef Fog Heen wrote:
> > > > ]] Vincent Lefevre
> > > > > But not for postfix, which can reject mail by default without an
> > > > > initial configuration. Since it is not working by default, and loses
> > > > > mail, the daemon shouldn't be enabled by default.
> > > > 
> > > > IIRC, postfix defaults to local mail only, listening on localhost only,
> > > > so how it would reject mail by default, I'm not sure?
> > > 
> > > According to the history of my config files, this was not the case
> > > on my Debian machine where I installed postfix. This may depend on
> > > the answers to some questions at install time (there is something
> > > like that for exim, I don't remember for postfix), but in such a
> > > case, I answered according to my use of postfix.
> > 
> > So you configured it through debconf, in a non-default way, and it
> > refused mails according to how you configured it.
> 
> AFAIK, debconf is the *only* choice. Perhaps debconf has a way
> to use the default configuration, but that's also bad (and even
> worse, since more mail could be rejected) as by default, postfix
> listens on all interfaces:

No, it does not, since the default configuration («Local only») sets

  inet_interfaces = loopback-only

And re debconf, the way to use the default configuration the first time
around is to just press enter.  Or set the debconf frontend to
noninteractive.

> > I don't see what the postfix package should have done differently
> > here. It would be more confusing for it to ask you about how it
> > should handle mail and then just not handle mail for you after that.
> 
> It could have asked: Do you want me to start the postfix daemon now,
> or wait after some additional manual configuration? Do this or that
> to start the daemon.

If you want to do that, use policy-rc.d, or heck, do what you should do
anyway: run an ip filter that rejects any incoming services except those
you want to expose to the world.

> Answering something like "local mail" would be wrong, as a manual
> update of the config file from, say, "loopback-only" to "all" could
> be overwritten after an upgrade of the package. I don't know about
> postfix, but something like that happened to me with exim.

If that happens without asking the admin, that's an RC bug.  AFAICS, the
postfix postinst handles the case of pre-existing configuration files
completely fine.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: