On 29/11/2023 15:38, Viktor Dukhovni via Postfix-users wrote:
On Wed, Nov 29, 2023 at 03:00:24PM +1100, duluxoz via Postfix-users wrote:
I was reading an on-line guide about hardening Postfix and came across
a line that said that the Verify service could/should be turned off I
the master.cf file.
Is this actually good advice, or is there some sort of "gotcha" hiding in
the background that'll bite us in the @rse?
The advice is largely misguided, but mostly harmless, if you don't use
sender or recipient verification. Leaving the service enabled does
not materially affect the Postfix "attack surface", but it off when
unused is fine too.
Thanks Viktor,
For what it's worth, it is my opinion that misguided information,
harmless or otherwise, is worse than useless, because it encourages bad
habits which then enter the zeitgeist and perpetuate (see mandatory
rotating passwords every 90 days) :-)
Cheers
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
