UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Mail relaying must be restricted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-89641 VRAU-SL-000555 SV-100291r1_rule Medium
Description
If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending spam or other unauthorized activity.
STIG Date
VMware vRealize Automation 7.x SLES Security Technical Implementation Guide 2018-10-12

Details

Check Text ( C-89333r1_chk )
Determine if Sendmail only binds to loopback addresses by examining the "DaemonPortOptions" configuration options.

# grep -i "O DaemonPortOptions" /etc/sendmail.cf

If there are uncommented DaemonPortOptions lines, and all such lines specify system loopback addresses, this is not a finding.

Otherwise, determine if Sendmail is configured to allow open relay operation.

# grep -i promiscuous_relay /etc/mail/sendmail.mc

If the promiscuous relay feature is enabled, this is a finding.
Fix Text (F-96383r1_fix)
If the SLES for vRealize does not need to receive mail from external hosts, add one or more "DaemonPortOptions" lines referencing system loopback addresses (such as "O DaemonPortOptions=Addr=127.0.0.1,Port=smtp,Name=MTA") and remove lines containing non-loopback addresses.

# sed -i "s/O DaemonPortOptions=Name=MTA/O DaemonPortOptions=Addr=127.0.0.1,Port=smtp,Name=MTA/" /etc/sendmail.cf

Restart the sendmail service:

# service sendmail restart