[Bug 1323704] [NEW] main.cf silently modified during postfix 2.9.1-4 upgrade on 12.04LTS

Raubvogel 1323704 at bugs.launchpad.net
Tue May 27 14:58:43 UTC 2014 

Public bug reported:

Postfix 2.9.6-1~12.04.1 on Ubuntu 12.04.4 LTS

I did apt-get upgrade to the host in question and found out that
/etc/postfix/main.cf was silently changed (I was not asked to
validateverify changes)

(/var/log/apt/term.log)
Setting up mail-stack-delivery (1:2.0.19-0ubuntu2.1) ...^M
Mail stack delivery changes some postfix settings.^M
Old values are stored in /var/backups/mail-stack-delivery/main.cf-backup.^M
Feel free to revert any of them when the process is done.^M
Configuring postfix for mail-stack-delivery integration: .................... done.^M

Change summary:

1. It decided to change my tls files to default values

smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem

2. It deleted entries in smtpd_recipient_restrictions

diff /etc/postfix/main.cf /tmp/main.cf 
45c45,56
< smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
---
> smtpd_recipient_restrictions =
>         reject_non_fqdn_recipient,
>         permit_mynetworks,
>         permit_sasl_authenticated,
>         check_client_access hash:/etc/postfix/access,
>         check_helo_access hash:/etc/postfix/access,
>         check_sender_access hash:/etc/postfix/access,
>         reject_unknown_recipient_domain,
>         reject_unauth_destination,
>         reject_rbl_client sbl-xbl.spamhaus.org,
>         check_sender_mx_access cidr:/etc/postfix/bogus_mx,
>         permit
118,123d128
< smtpd_sasl_authenticated_header = yes
< smtpd_sasl_local_domain = $myhostname
< smtpd_sender_restrictions = reject_unknown_sender_domain
< mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-mail-stack-delivery.conf -m "${EXTENSION}"
< smtpd_tls_mandatory_protocols = SSLv3, TLSv1
< smtpd_tls_mandatory_ciphers = medium

and changed the command used by postfix to pass emails to dovecot. Note
that before I had a command similar to the mailbox_comand but in
/etc/postfix/main.cf,

   flags=DRhu user=virtual:virtual argv=/usr/lib/dovecot/deliver  -c
/etc/dovecot/conf.d/01-dovecot-postfix.conf -f ${sender} -d ${recipient}

Which was then rewritten as

  flags=DRhu user=virtual:virtual argv=/usr/lib/dovecot/dovecot-lda  -c
/etc/dovecot/conf.d/01-mail-stack-delivery.conf -f ${sender} -d
${recipient}

as dovecot-lda replaces deliver for dovecot 2.X.  Incidentally, deliver
is now an alias to dovecot-lda,

ls -lh /usr/lib/dovecot/deliver
lrwxrwxrwx 1 root root 11 May 14 14:24 /usr/lib/dovecot/deliver -> dovecot-lda

probably as a stopgap until people change their configs.

3. There are a few more additions done to main.cf but they do not seem
to be bad, so I am going to brush over them.

So, why was the file changed without warning?  Were some of the options
I used -- reject_rbl_client comes to mind -- deprecated? Still that does
not warrant a silent change.

** Affects: postfix (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in Ubuntu.
https://bugs.launchpad.net/bugs/1323704

Title:
  main.cf silently modified during postfix 2.9.1-4 upgrade on 12.04LTS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1323704/+subscriptions

More information about the Ubuntu-server-bugs mailing list