On Wed, Nov 29, 2023 at 03:00:24PM +1100, duluxoz via Postfix-users wrote:
I was reading an on-line guide about hardening Postfix and came across
a line that said that the Verify service could/should be turned off I
the master.cf file.
Is this actually good advice, or is there some sort of "gotcha" hiding in
the background that'll bite us in the @rse?
On 29/11/2023 15:38, Viktor Dukhovni via Postfix-users wrote:
The advice is largely misguided, but mostly harmless, if you don't use
sender or recipient verification. Leaving the service enabled does
not materially affect the Postfix "attack surface", but it off when
unused is fine too.
On 29.11.23 16:28, duluxoz via Postfix-users wrote:
For what it's worth, it is my opinion that misguided information,
harmless or otherwise, is worse than useless, because it encourages
bad habits which then enter the zeitgeist and perpetuate (see
mandatory rotating passwords every 90 days) :-)
I completely agree, perhaps if you sent us a link we could comment.
There is of course security practice of turning off everything you don't
use, but in case of verify, it is only used when you configure it, so
commenting it in master.cf means disabling it, not just turning it off.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
