{"description": "Modify the <pre>/etc/postfix/main.cf</pre> file to restrict client connections\nto the local network with the following command:\n<pre>$ sudo postconf -e 'smtpd_client_restrictions = permit_mynetworks,reject'</pre>", "rationale": "If unrestricted mail relaying is permitted, unauthorized senders could use this\nhost as a mail relay for the purpose of sending spam or other unauthorized\nactivity.", "severity": "medium", "references": {"srg": ["SRG-OS-000480-GPOS-00227"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the \"smtpd_client_restrictions\" parameter contains any entries other than \"permit_mynetworks\" and \"reject\"", "ocil": "Verify that Ubuntu 22.04 is configured to prevent unrestricted mail relaying,\nrun the following command:\n<pre>$ sudo postconf -n smtpd_client_restrictions</pre>", "oval_external_content": null, "fixtext": "If \"postfix\" is installed, modify the \"/etc/postfix/main.cf\" file to restrict client connections to the local network with the following command:\n\n$ sudo postconf -e 'smtpd_client_restrictions = permit_mynetworks,reject'", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must be configured to prevent unrestricted mail relaying.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must be configured to prevent unrestricted mail relaying.", "vuldiscussion": "If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending spam or other unauthorized activity.", "checktext": "If postfix is not installed, this is Not Applicable.\n\nVerify Ubuntu 22.04 is configured to prevent unrestricted mail relaying with the following command:\n\n$ postconf -n smtpd_client_restrictions\n\nsmtpd_client_restrictions = permit_mynetworks,reject\n\nIf the \"smtpd_client_restrictions\" parameter contains any entries other than \"permit_mynetworks\" and \"reject\", and the additional entries have not been documented with the information system security officer (ISSO), this is a finding.", "fixtext": "Modify the postfix configuration file to restrict client connections to the local network with the following command:\n\n$ sudo postconf -e 'smtpd_client_restrictions = permit_mynetworks,reject'"}}, "platform": "package[postfix]", "platforms": ["package[postfix]"], "sce_metadata": {}, "inherited_platforms": ["package[postfix]", "system_with_kernel"], "cpe_platform_names": ["package_postfix"], "inherited_cpe_platform_names": ["package_postfix", "system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Prevent Unrestricted Mail Relaying", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml", "template": null}