Default installation should be Local Only

Hello Christian, thanks for filing this bug in Ubuntu.

I think your point number 2 has been discussed many times in the past, and it's one of the opinionated differences between debian systems and, say fedora ones. In debian, the opinion is that services should be running with sensible defaults right after installation. There are pros and cons to both.

The first point is a bit more concerning, though. I was just wondering what led you to this situation, given there are debconf questions covering exactly this use case.

Was it a "next -> next -> finish" type of install, and as such you got that undesired (in your case) default by accident, or was this some sort of automated install where debconf questions cannot be answered unless they are seeded beforehand, like landscape-client for example?

What I imagine is that the bug submitter did want to configure a public MTA, so he chose the "Internet site" debconf answer (the "right" answer for his use case), and not "Local only". This led to a nonfunctional setup, e.g. because he has ldap users, and the debconf setup of Postfix supports only very basic configurations.

I too find this less than optimal, however I'm not sure I have a better solution that works better in every case. One idea could be the following: add a debconf question asking on which interface Postfix should listen on. Currently when selecting "Internet site" we get this setting in main.cf:

  inet_interfaces = all

Other valid settings are "loopback-only" or explicit IP addresses [0]. A debconf question, defaulting to "all", could ask on which interfaces/IPs listen on, suggesting to use an internal IP address for testing before exposing the service to the public Internet.

[0] http://www.postfix.org/postconf.5.html#inet_interfaces

Right, I'm not suggesting leaving the postfix service off upon install, which would not fit the general model of Debian packages.

I am suggesting the current behavior is not a good default, for the reasons I've already outlined. That could be fixed by defaulting to Local Only, or it could be fixed by asking which interfaces.

Hi kiko,

> I have a highly customized set up, with vhosts, ldap, etc, and I installed the package first to be able to configure it, and immediately after installed I started dropping email.

Clearly this was surprising to you. I would expect (knowing the behaviour) that in your situation "No configuration" would be appropriate choice, followed by manual or automatic configuration and service enablement.

Is the problem here perhaps instead that the "Internet Site" choice wasn't clear that it would enable SMTP on all interfaces after automatic configuration, rather than asking you further first?

I'm on the fence about changing the default FWIW, so I wonder if we can address this without changing it.

On Monday, January 27, 2020 5:05:06 AM EST you wrote:
> Hi kiko,
>
> > I have a highly customized set up, with vhosts, ldap, etc, and I
>
> installed the package first to be able to configure it, and immediately
> after installed I started dropping email.
>
> Clearly this was surprising to you. I would expect (knowing the
> behaviour) that in your situation "No configuration" would be
> appropriate choice, followed by manual or automatic configuration and
> service enablement.
>
> Is the problem here perhaps instead that the "Internet Site" choice
> wasn't clear that it would enable SMTP on all interfaces after automatic
> configuration, rather than asking you further first?
>
> I'm on the fence about changing the default FWIW, so I wonder if we can
> address this without changing it.

The current default for postfix has been there approximately forever. I don't
intend to change it in Debian, so if you take it up in Ubuntu, you'd have to
maintain the diff. While I understand the theory of the bug, I think that
changing a long standing default would also be very surprising to many users
and should generally be avoided.

Scott K

Thanks Scott. Sincere questions: do you have any evidence users appreciate the current default? I'm asking myself what is the use case in which a user wants postfix to be installed, listening on all interfaces and yet.. unconfigured?

And thanks Robie. Yeah, I honestly had no idea that the option would have caused mail loss the moment the package got installed. I normally don't worry too much about debconf options, because I know I can change them later, and trust the maintainer to set a default that won't hurt. This is one of those few cases where it isn't safe.

On Thursday, January 30, 2020 12:52:00 AM EST you wrote:
> Thanks Scott. Sincere questions: do you have any evidence users
> appreciate the current default? I'm asking myself what is the use case
> in which a user wants postfix to be installed, listening on all
> interfaces and yet.. unconfigured?
>
> And thanks Robie. Yeah, I honestly had no idea that the option would
> have caused mail loss the moment the package got installed. I normally
> don't worry too much about debconf options, because I know I can change
> them later, and trust the maintainer to set a default that won't hurt.
> This is one of those few cases where it isn't safe.

It's impossible to know, but I think the case for changing a long-term default
needs to be stronger than "I wasn't paying attention when I installed the
package and it caused problems". That may sound harsh, but that's how it
comes across to me. No configuration is an option. If I am understanding
correctly, all you had to do was select it.

Scott K

My question remains: what do you get with the current default of Internet Site that is different to No Configuration?

For instance, do you automatically get outbound email working out of the box, i.e. if I install it and then fire up mutt and send a message to somebody @gmail.com or at, say @ubuntu.com, will they actually receive it? Or is there more configuration you are expected to put in before it works?