ipv6 firewall?

[Derek Broughton]

Rashkae wrote:

> Derek Broughton wrote:
> 
>> 
>> What part of "wide open" do you get when you install postfix?  You _must_
>> tell it which interfaces you want it to listen on, and how to send mail. 
>> At some point in there, you should be starting to worry...
> 
> Huh? Postfix, like most applications. listens on all interfaces by
> default.  When you install postfix, you are only asked one question,
> which is what "role" do you want it to be given. 

Sorry, you're right (essentially).  I've just installed it on a VM.  The 
problem is that when you select that role it defaults to "Internet Site".  
Which is not an unreasonable default for people who actually DO want 
postfix, but a stupid default for somebody who's installing, say, 
smartmontools.  It did ask for the name of my host, too. If you select 
"Satellite system", which is probably what any home user should be doing, it 
gives you more (and more intimidating) prompts - and only listens on 
"localhost" by default.

> And this was just an example I pulled from the top of my head because I
> thought it was so bizzare there was no user friendly simple way to check
> hard drive SMART without installing a frikking MTA.  The take away
> point, it's ridiculously easy for someone to install software that opens
> a port to the Internet without having any knowledge that they have done
> so, which is why it's a good idea to always firewall any computer that
> is directly attached to the Internet.

I am suitably chastened :-(
-- 
derek