On Fri, 2003-09-05 at 09:16, John Pettigrew wrote:
If this is so, is everyone running postfix at risk? I use postfix only as a local MDA (AFAIK, that is) - my email is fetched by fetchmail and sending remotely is dealt with by my MUA without involving postfix. Postfix's only role here is dealing with system emails and delivering email once it's gone through procmail.
To sum up: the important part of what I was saying is that if you're running a default config of postfix on a machine that has port 25 directly exposed to an external connection, you are at risk. The machine must be actually connected to the internet with no intervening firewall. As long as you're behind a firewall -- even if you forward port 25 to your email server -- you won't be at risk. (I'm assuming that your "broadband" IP addresses are different from your internal addresses by way of NAT. If not, i.e. if you have "real" internet addresses inside your firewall, you're hosed. But, who does this these days? I'm just trying to be complete.) dk