Enable Postfix Service

An XCCDF Rule

Description

The Postfix mail transfer agent is used for local mail delivery within the system. The default configuration only listens for connections to the default SMTP port (port 25) on the loopback interface (127.0.0.1). It is recommended to leave this service enabled for local mail delivery. The postfix service can be enabled with the following command:

$ sudo systemctl enable postfix.service

Rationale

Local mail delivery is essential to some system maintenance and notification tasks.

ID: xccdf_org.ssgproject.content_rule_service_postfix_enabled
Severity: Unknown
Updated: about 1 year ago


[customizations.services]
enabled = ["postfix"]

include enable_postfix

class enable_postfix {
  service {'postfix':
    enable => true,
    ensure => 'running',  }
}

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'postfix.service'
"$SYSTEMCTL_EXEC" start 'postfix.service'"$SYSTEMCTL_EXEC" enable 'postfix.service'

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

- name: Enable service postfix
  block:

  - name: Gather the package facts
    package_facts:
      manager: auto
  - name: Enable service postfix
    systemd:
      name: postfix
      enabled: 'yes'
      state: started
      masked: 'no'
    when:
    - '"postfix" in ansible_facts.packages'
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:
  - enable_strategy
  - low_complexity
  - low_disruption
  - no_reboot_needed
  - service_postfix_enabled
  - unknown_severity

Enable Postfix Service

Description

Rationale

Remediation - OS Build Blueprint

Remediation - Puppet

Remediation - Shell Script

Remediation - Ansible