Details

The operating system must be configured to prevent unrestricted mail relaying.

Rationale:

If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending spam or other unauthorized activity.

Solution

If postfix is installed, modify the /etc/postfix/main.cf file to restrict client connections to the local network with the following command:

# postconf -e ‘smtpd_client_restrictions = permit_mynetworks,reject’

Or you can manually add this line by editing the file:
Example: vim /etc/postfix/main.cf
Add this line:

smtpd_client_restrictions = permit_mynetworks,reject

Notes:

This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019

Vul ID: V-72297

Rule ID: SV-86921r3_rule

STIG ID: RHEL-07-040680

Severity: CAT II

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2688https://workbench.cisecurity.org/files/2688

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-7b.

Source

• Tenable.com/audits