Check: TOSS-04-040700
Tri-Lab Operating System Stack (TOSS) 4 STIG:
TOSS-04-040700
(in versions v2 r1 through v1 r1)
Title
TOSS must be configured to prevent unrestricted mail relaying. (Cat II impact)
Discussion
If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending spam or other unauthorized activity.
Check Content
Verify the system is configured to prevent unrestricted mail relaying. Determine if "postfix" is installed with the following commands: $ sudo yum list installed postfix postfix.x86_64 2:3.5.8-2.el8 If postfix is not installed, this is Not Applicable. If postfix is installed, determine if it is configured to reject connections from unknown or untrusted networks with the following command: $ sudo postconf -n smtpd_client_restrictions smtpd_client_restrictions = permit_mynetworks, reject If the "smtpd_client_restrictions" parameter contains any entries other than "permit_mynetworks" and "reject", this is a finding.
Fix Text
If "postfix" is installed, modify the "/etc/postfix/main.cf" file to restrict client connections to the local network with the following command: $ sudo postconf -e 'smtpd_client_restrictions = permit_mynetworks,reject'
Additional Identifiers
Rule ID: SV-253111r991589_rule
Vulnerability ID: V-253111
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |