4bcfe2e26c
This option is configurable and documented. Implements: blueprint security-hardening Change-Id: I315fb71dc9495c805cf1c799469418cbcb06136d
841 B
841 B
The STIG requires that postfix only listens on the localhost so that
it isn't abused as a mail relay. The Ansible task will adjust the
inet_interfaces line in the Postfix configuration and
restart postfix if the line is changed.
Although it's not common, some deployers may need to configure hosts so they can receive email over the network. In that case, deployers would need to set the following Ansible variable:
postfix_inet_interfaces: allNote that postfix can have inet_interfaces set to
localhost and it can still send email on the network. The
inet_interfaces directive only controls where postfix
listens for incoming email.
For more information, review the postfix documentation for inet_interfaces.