UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Mail relaying must be restricted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-23952 GEN004710 SV-37514r2_rule Medium
Description
If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending SPAM or other unauthorized activity.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2017-01-27

Details

Check Text ( None )
None
Fix Text (F-31424r2_fix)
If the system uses sendmail, edit the sendmail.mc file and remove the "promiscuous_relay" configuration. Rebuild the sendmail.cf file from the modified sendmail.mc and restart the service. If the system does not need to receive mail from external hosts, add one or more DaemonPortOptions lines referencing system loopback addresses (such as "O DaemonPortOptions=Addr=127.0.0.1,Port=smtp,Name=MTA") and remove lines containing non-loopback addresses. Restart the service.

If the system uses Postfix, edit the main.cf file and add or edit the "smtpd_client_restrictions" line to have contents "permit_mynetworks, reject" or a similarly restrictive rule. If the system does not need to receive mail from external hosts, add or edit the "inet_interfaces" line to have contents "loopback-only" or a set of loopback addresses for the system. Restart the service.

If the system is using other SMTP software, consult the software's documentation for procedures to restrict mail relaying.