postfix: Mail for root at localhost forwarded to root at isp
Tony Ayre
localzuk at gmail.com
Sun Nov 13 12:39:45 UTC 2005
> Package: postfix
> Version: 2.2.4-1ubuntu2
> Severity: grave
> Justification: user security hole
>
>
> I have tagged the report Severity: grave because of the possibility of
sensitive information
> leak.
>
> PROBLEM:
> After installation setup, mail for root was delivered locally without
problems.
> However after I reconfigured postfix (using dpkg-reconfigure, of course)
as a "Internet with
> smarthost" system, all root mail thereafter was forwarded to root at isp.
> Not only is this embarrassing, but also a big security hole. I do not
normally trust my isp to
> read through my sysadmin notices, nor would I like to begin now. Who knows
what people work
> there?
>
> Note that I have never manually edited postfix config files (before this).
Personally I would say this is not a bug but instead a config error. I would
never trust any automated system to set up a mail server as things like this
happen.
If you wish to run a mail server of any kind other than completely local, I
would advise manually setting it up - and then only if you know exactly what
you are doing.
Running a mail server can be a huge security risk and can lead to major
legal problems if done incorrectly.
Also, it is normal for a mail server to send email elsewhere as most servers
are not logged onto locally for mail, instead being managed from a remote
location.
Cheers
Tony Ayre
Localzuk
More information about the ubuntu-users
mailing list