Ubuntu
postfix package

main.cf silently modified during postfix 2.9.1-4 upgrade on 12.04LTS

Bug #1323704 reported by Raubvogel
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
postfix (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Postfix 2.9.6-1~12.04.1 on Ubuntu 12.04.4 LTS

I did apt-get upgrade to the host in question and found out that /etc/postfix/main.cf was silently changed (I was not asked to validateverify changes)

(/var/log/apt/term.log)
Setting up mail-stack-delivery (1:2.0.19-0ubuntu2.1) ...^M
Mail stack delivery changes some postfix settings.^M
Old values are stored in /var/backups/mail-stack-delivery/main.cf-backup.^M
Feel free to revert any of them when the process is done.^M
Configuring postfix for mail-stack-delivery integration: .................... done.^M

Change summary:

1. It decided to change my tls files to default values

smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem

2. It deleted entries in smtpd_recipient_restrictions

diff /etc/postfix/main.cf /tmp/main.cf
45c45,56
< smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
---
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient,
> permit_mynetworks,
> permit_sasl_authenticated,
> check_client_access hash:/etc/postfix/access,
> check_helo_access hash:/etc/postfix/access,
> check_sender_access hash:/etc/postfix/access,
> reject_unknown_recipient_domain,
> reject_unauth_destination,
> reject_rbl_client sbl-xbl.spamhaus.org,
> check_sender_mx_access cidr:/etc/postfix/bogus_mx,
> permit
118,123d128
< smtpd_sasl_authenticated_header = yes
< smtpd_sasl_local_domain = $myhostname
< smtpd_sender_restrictions = reject_unknown_sender_domain
< mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-mail-stack-delivery.conf -m "${EXTENSION}"
< smtpd_tls_mandatory_protocols = SSLv3, TLSv1
< smtpd_tls_mandatory_ciphers = medium

and changed the command used by postfix to pass emails to dovecot. Note that before I had a command similar to the mailbox_comand but in /etc/postfix/main.cf,

   flags=DRhu user=virtual:virtual argv=/usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-dovecot-postfix.conf -f ${sender} -d ${recipient}

Which was then rewritten as

  flags=DRhu user=virtual:virtual argv=/usr/lib/dovecot/dovecot-lda -c /etc/dovecot/conf.d/01-mail-stack-delivery.conf -f ${sender} -d ${recipient}

as dovecot-lda replaces deliver for dovecot 2.X. Incidentally, deliver is now an alias to dovecot-lda,

ls -lh /usr/lib/dovecot/deliver
lrwxrwxrwx 1 root root 11 May 14 14:24 /usr/lib/dovecot/deliver -> dovecot-lda

probably as a stopgap until people change their configs.

3. There are a few more additions done to main.cf but they do not seem to be bad, so I am going to brush over them.

So, why was the file changed without warning? Were some of the options I used -- reject_rbl_client comes to mind -- deprecated? Still that does not warrant a silent change.

Revision history for this message
Robie Basak (racb) wrote :

Thank you for your report.

It looks like you have the mail-stack-delivery package installed, which is designed to alter postfix's configuration as declared in the package description: "This package modifies postfix's configuration to integrate with dovecot".

If you do not want to have your postfix configuration automatically managed, then why do you have mail-stack-delivery installed?

Marking this bug as Invalid, as I think the behaviour you describe is by design. If this is not correct, please explain and then change the bug status back to New. Thanks!

Changed in postfix (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.