Public bug reported:
Postfix 2.9.6-1~12.04.1 on Ubuntu 12.04.4 LTS
I did apt-get upgrade to the host in question and found out that
/etc/postfix/main.cf was silently changed (I was not asked to
validateverify changes)
(/var/log/apt/term.log)
Setting up mail-stack-delivery (1:2.0.19-0ubuntu2.1) ...^M
Mail stack delivery changes some postfix settings.^M
Old values are stored in /var/backups/mail-stack-delivery/main.cf-backup.^M
Feel free to revert any of them when the process is done.^M
Configuring postfix for mail-stack-delivery integration: ....................
done.^M
Change summary:
1. It decided to change my tls files to default values
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
2. It deleted entries in smtpd_recipient_restrictions
diff /etc/postfix/main.cf /tmp/main.cf
45c45,56
< smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
---
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient,
> permit_mynetworks,
> permit_sasl_authenticated,
> check_client_access hash:/etc/postfix/access,
> check_helo_access hash:/etc/postfix/access,
> check_sender_access hash:/etc/postfix/access,
> reject_unknown_recipient_domain,
> reject_unauth_destination,
> reject_rbl_client sbl-xbl.spamhaus.org,
> check_sender_mx_access cidr:/etc/postfix/bogus_mx,
> permit
118,123d128
< smtpd_sasl_authenticated_header = yes
< smtpd_sasl_local_domain = $myhostname
< smtpd_sender_restrictions = reject_unknown_sender_domain
< mailbox_command = /usr/lib/dovecot/deliver -c
/etc/dovecot/conf.d/01-mail-stack-delivery.conf -m "${EXTENSION}"
< smtpd_tls_mandatory_protocols = SSLv3, TLSv1
< smtpd_tls_mandatory_ciphers = medium
and changed the command used by postfix to pass emails to dovecot. Note
that before I had a command similar to the mailbox_comand but in
/etc/postfix/main.cf,
flags=DRhu user=virtual:virtual argv=/usr/lib/dovecot/deliver -c
/etc/dovecot/conf.d/01-dovecot-postfix.conf -f ${sender} -d ${recipient}
Which was then rewritten as
flags=DRhu user=virtual:virtual argv=/usr/lib/dovecot/dovecot-lda -c
/etc/dovecot/conf.d/01-mail-stack-delivery.conf -f ${sender} -d
${recipient}
as dovecot-lda replaces deliver for dovecot 2.X. Incidentally, deliver
is now an alias to dovecot-lda,
ls -lh /usr/lib/dovecot/deliver
lrwxrwxrwx 1 root root 11 May 14 14:24 /usr/lib/dovecot/deliver -> dovecot-lda
probably as a stopgap until people change their configs.
3. There are a few more additions done to main.cf but they do not seem
to be bad, so I am going to brush over them.
So, why was the file changed without warning? Were some of the options
I used -- reject_rbl_client comes to mind -- deprecated? Still that does
not warrant a silent change.
** Affects: postfix (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in Ubuntu.
https://bugs.launchpad.net/bugs/1323704
Title:
main.cf silently modified during postfix 2.9.1-4 upgrade on 12.04LTS
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1323704/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
