
This option is configurable and documented. Implements: blueprint security-hardening Change-Id: I315fb71dc9495c805cf1c799469418cbcb06136d
841 B
841 B
The STIG requires that postfix only listens on the localhost so that
it isn't abused as a mail relay. The Ansible task will adjust the
inet_interfaces
line in the Postfix configuration and
restart postfix if the line is changed.
Although it's not common, some deployers may need to configure hosts so they can receive email over the network. In that case, deployers would need to set the following Ansible variable:
postfix_inet_interfaces: all
Note that postfix can have inet_interfaces
set to
localhost
and it can still send email on the network. The
inet_interfaces
directive only controls where postfix
listens for incoming email.
For more information, review the postfix documentation for inet_interfaces.