Classes
security_baseline_postfix
: Ensure mail transfer agent is configured for local-only mode (Scored)
Mail Transfer Agents (MTA), such as sendmail and Postfix, are used to listen for incoming mail and transfer the messages to the appropriate user or mail server. If the system is not intended to be a mail server, it is recommended that the MTA be configured to only process local mail.
Rationale: The software for all Mail Transfer Agents is complex and most have a long history of security issues. While it is important to ensure that the system can process local mail messages, it is not necessary to have the MTAs daemon listening on a port unless the server is intended to be a mail server that receives and processes mail from other systems.
class security_baseline_postfix {
enforce => true,
message => 'Test',
loglevel => 'info',
config_data => {
inet_interfaces => 'loopback-only',
}
}
The following parameters are available in the security_baseline_postfix
class.
Data type: Boolean
Enforce the rule or just test and log
Default value: true
Data type: String
Message to print into the log
Default value: ''
Data type: String
The loglevel for the above message
Default value: ''
Data type: Optional[Hash]
Hash with additional configuration data
Default value: {}