| 2020-01-20 12:25:40 |
Christian Reis |
description |
At the moment, an apt-get install postfix has Internet Site as the default, which leaves postfix running and listening on all interfaces. I'm aware of some history around this, i.e. bug 29741, but I don't think that rationale actually makes sense.
We should listen on localhost for the default installation path, i.e. Local Only should be the default.
There are two important reasons why listening on localhost only is sensible:
1. MTA interactions are "stateful", and by this I mean: once an email server is listening as an MX, a transmitting MTA will consider answers from it definitive. If the MX says user doesn't exist, or otherwise rejects the email, then that is final.
2. Once you run an MTA on a public interface on a public host, such as on a public cloud instance, it is immediately available over to probing and attacking.
The first is actually what bit me personally -- I have a highly customized set up, with vhosts, ldap, etc, and I couldn't figure out
Others have discussed this in the past, including https://major.io/2015/10/14/what-i-learned-while-securing-ubuntu/ |
At the moment, an apt-get install postfix has Internet Site as the default, which leaves postfix running and listening on all interfaces. I'm aware of some history around this, i.e. bug 29741, but I don't think that rationale actually makes sense.
We should listen on localhost for the default installation path, i.e. Local Only should be the default.
There are two important reasons why listening on localhost only is sensible:
1. MTA interactions are "stateful", and by this I mean: once an email server is listening as an MX, a transmitting MTA will consider answers from it definitive. If the MX says user doesn't exist, or otherwise rejects the email, then that is final.
2. Once you run an MTA on a public interface on a public host, such as on a public cloud instance, it is immediately available over to probing and attacking.
The first is actually what bit me personally -- I have a highly customized set up, with vhosts, ldap, etc, and I installed the package first to be able to configure it, and immediately after installed I started dropping email.
Others have discussed this in the past, including https://major.io/2015/10/14/what-i-learned-while-securing-ubuntu/ |
|
