Enable Postfix Service

An XCCDF Rule

Description

The Postfix mail transfer agent is used for local mail delivery within the system. The default configuration only listens for connections to the default SMTP port (port 25) on the loopback interface (127.0.0.1). It is recommended to leave this service enabled for local mail delivery. The postfix service can be enabled with the following command:

$ sudo systemctl enable postfix.service

Rationale

Local mail delivery is essential to some system maintenance and notification tasks.

ID: xccdf_org.ssgproject.content_rule_service_postfix_enabled
Severity: Unknown
Updated: over 1 year ago

Remediation Templates

[customizations.services]
enabled = ["postfix"]

include enable_postfix
class enable_postfix {
  service {'postfix':
    enable => true,
    ensure => 'running',
  }
}

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'postfix.service'
"$SYSTEMCTL_EXEC" start 'postfix.service'
"$SYSTEMCTL_EXEC" enable 'postfix.service'
else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

- name: Enable service postfix
  block:
  - name: Gather the package facts
    package_facts:
      manager: auto
  - name: Enable service postfix
    systemd:
      name: postfix
      enabled: 'yes'
      state: started
      masked: 'no'
    when:
    - '"postfix" in ansible_facts.packages'
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:
  - enable_strategy
  - low_complexity
  - low_disruption
  - no_reboot_needed
  - service_postfix_enabled
  - unknown_severity

Enable Postfix Service

Description

Rationale

Remediation Templates

OS Build Blueprint

A Puppet Snippet

A Shell Script

An Ansible Snippet