It is really simple. If you allow information to go out, then you
will leak information. Postfix assumes that you're willing to send
and receive email, and that means you will have to accept some
leakage that is inherent with SMTP, TLS, TCP, DNS, UDP, and related
protocols. The options for message-shaping and traffic-shaping are
fairly limited.
But wait, there is more. Unless all those protocol implementations
are perfect, there may be exposures that in the worst case provide
remote access to a root shell on the server, as happened recently
in OpenSMTPD. A good mail server architecture can function as a
fire retardant and limit the impact of mistakes.
Personally I am less concerned about the inherent leaks.
Wietse
