Enable Postfix Service

An XCCDF Rule

Description

The Postfix mail transfer agent is used for local mail delivery within the system. The default configuration only listens for connections to the default SMTP port (port 25) on the loopback interface (127.0.0.1). It is recommended to leave this service enabled for local mail delivery. The postfix service can be enabled with the following command:

$ sudo systemctl enable postfix.service

Rationale

Local mail delivery is essential to some system maintenance and notification tasks.

ID: xccdf_org.ssgproject.content_rule_service_postfix_enabled
Severity: Unknown
Updated: about 1 month ago

Remediation Templates

include enable_postfix
class enable_postfix {
  service {'postfix':
    enable => true,
    ensure => 'running',
  }
}

service enable postfix

[customizations.services]
enabled = ["postfix"]

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'postfix.service'
"$SYSTEMCTL_EXEC" start 'postfix.service'
"$SYSTEMCTL_EXEC" enable 'postfix.service'
else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

- name: Enable Postfix Service - Enable service postfix
  block:
  - name: Gather the package facts
    package_facts:
      manager: auto
  - name: Enable Postfix Service - Enable Service postfix
    ansible.builtin.systemd:
      name: postfix
      enabled: true
      state: started
      masked: false
    when:
    - '"postfix" in ansible_facts.packages'
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:
  - enable_strategy
  - low_complexity
  - low_disruption
  - no_reboot_needed
  - service_postfix_enabled
  - unknown_severity

Enable Postfix Service

Description

Rationale

Remediation Templates

A Puppet Snippet

script:kickstart

OS Build Blueprint

A Shell Script

An Ansible Snippet