Postfix upgrade to 2.9.3-2~12.04.1 changes configuration files
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
postfix (Ubuntu) |
Invalid
|
Wishlist
|
Unassigned |
Bug Description
Last night during the nightly package updates, a new package for postfix was installed.
This upgrade changed one setting in our configuration file, which I found while running puppet today:
--- /etc/postfix/
+++ /tmp/puppet-
@@ -37,4 +37,4 @@
mynetworks = 127.0.0.0/8 [::ffff:
mailbox_size_limit = 0
recipient_
-inet_interfaces = all
+inet_interfaces = loopback-only
While changing settings behind a user's back is a problem in itself (package upgrades should never revert changes in config files made by the user), this particular case is also a security vulnerability because it changes the mail server from a local server to one that is accessible from the internet, possibly creating a spam proxy.
If it is any help for troubleshooting: I don't configure postfix using dpkg. Puppet installs the package and the configuration file.
visibility: | private → public |
Changed in puppet (Ubuntu): | |
status: | New → Incomplete |
Changed in puppet (Ubuntu): | |
importance: | Undecided → High |
I can't replicate this with postfix and apt, so I suspect the puppet involvement being where the issue is.
BTW, while I agree that configurations shouldn't be mucked with, there's no security issue here as postfix is not an open relay by default. It takes some work to get it to behave that way.