Prevent Unrestricted Mail Relaying
An XCCDF Rule
Description
Modify the
/etc/postfix/main.cffile to restrict client connections to the local network with the following command:
$ sudo postconf -e 'smtpd_client_restrictions = permit_mynetworks,reject'
Rationale
If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending spam or other unauthorized activity.
- ID
- xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay
- Severity
- Medium
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q postfix; then
if ! grep -q ^smtpd_client_restrictions /etc/postfix/main.cf; then
echo "smtpd_client_restrictions = permit_mynetworks,reject" >> /etc/postfix/main.cf
else
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- DISA-STIG-RHEL-08-040290
- low_complexity