[Reportbug-maint] Bug#729240: reportbug can't report security bugs because Debian's SMTP server is misconfigured

Mikulas Patocka mikulas at artax.karlin.mff.cuni.cz
Sun Nov 10 17:51:54 UTC 2013

Package: reportbug
Version: 6.4.4
Severity: normal

Dear Maintainer,

When reporting security bugs, reportbug sends an email to
team at security.debian.org.
However, the Debian's SMTP server where reportbug tries to connect is
misconfigured to reject email to team at security.debian.org.

How to reproduce the bug:
start reportbug -u gtk2
click on Continue
type 'nbd-server'
click on Continue
there's a question 'Your version (1:3.2-4~deb7u3) of nbd-server appears to be
out of date.  The following newer release(s) are available in the Debian
archive: unstable: 1:3.4-2 Do you still want to file a report'
click on Yes
click on Continue
notification 'The following debconf settings were detected:'
click on No
there's 'Briefly describe the problem'
write 'improper authfile parsing, nbd-server allows access for unauthorized
click on Continue
click on critical
click on Continue
click on 'root security hole'
click on Continue
click on security
click on Continue
a notification 'Are you reporting an undisclosed vulnerability? If so, in order
to responsibly disclose the issue, it should not be sent to the public BTS
right now, but instead to the private Security Team mailing list.'
click on Yes
there's a text field
write the description of the bug to the field
click on Continue
click on 'Submit the bug report via email'

you get an error: 'SMTP send failure: {'team at security.debian.org': (550, 'relay
not permitted')}. Do you want to retry (or else save the report and exit)?'
it is impossible to submit the bug, if I click 'Yes', I get the same error

-- Package-specific info:
** Environment settings:

** /home/mikulas/.reportbugrc:
reportbug_version "6.4.4"
mode standard
ui text
email "mikulas at artax.karlin.mff.cuni.cz"
header "X-Debbugs-CC: mikulas at artax.karlin.mff.cuni.cz"
smtphost reportbug.debian.org

-- System Information:
Debian Release: 7.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i586)

Kernel: Linux 3.11.7 (PREEMPT)
Locale: LANG=cs_CZ.UTF8, LC_CTYPE=cs_CZ.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages reportbug depends on:
ii  apt     
ii  python            2.7.3-4+deb7u1
ii  python-reportbug  6.4.4

reportbug recommends no packages.

Versions of packages reportbug suggests:
pn  claws-mail                               <none>
pn  debconf-utils                            <none>
pn  debsums                                  <none>
pn  dlocate                                  <none>
pn  emacs22-bin-common | emacs23-bin-common  <none>
ii  file                                     5.11-2
ii  gnupg                                    1.4.12-7+deb7u2
pn  postfix | exim4 | mail-transport-agent   <none>
ii  python-gtk2                              2.24.0-3+b1
ii  python-gtkspell                          2.25.3-12
ii  python-urwid                             1.0.1-2
ii  python-vte                               1:0.28.2-5
ii  xdg-utils                                1.1.0~rc1+git20111210-6

Versions of packages python-reportbug depends on:
ii  apt     
ii  python            2.7.3-4+deb7u1
ii  python-debian     0.1.21
ii  python-debianbts  1.11
ii  python-support    1.0.15

python-reportbug suggests no packages.

-- no debconf information

More information about the Reportbug-maint mailing list