GEN004710 - Mail relaying must be restricted.

Information

If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending SPAM or other unauthorized activity.

Solution

If the system uses Sendmail, edit the sendmail.mc file and remove the promiscuous_relay configuration. Rebuild the sendmail.cf file from the modified sendmail.mc and restart the service. If the system does not need to receive mail from external hosts, add one or more DaemonPortOptions lines referencing system loopback addresses (such as 'O DaemonPortOptions=Addr=127.0.0.1, Port=smtp, Name=MTA') and remove lines containing non-loopback addresses. Restart the service.

If the system uses Postfix, edit the main.cf file and add or edit the smtpd_client_restrictions line to have contents permit mynetworks, reject or a similarly restrictive rule. If the system does not need to receive mail from external hosts, add or edit the inet_interfaces line to have contents loopback-only or a set of loopback addresses for the system. Restart the service.

If the system is using other SMTP software, consult the software's documentation for procedures to restrict mail relaying.

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-8a., CAT|II, CCI|CCI-001305, Group-ID|V-23952, Rule-ID|SV-38919r1_rule, STIG-ID|GEN004710, Vuln-ID|V-23952

Plugin: Unix

Control ID: 068a96858f2864c448ae7d5a729f87858b2d9059cc902e5c4574fc850c439568