Skip to content

2.2.15 Ensure mail transfer agent is configured for local-only mode

Audit#

Run the following command to verify that the MTA is not listening on any non-loopback address (127.0.0.1 or::1). 

# ss -lntu | grep -E ':25\s' | grep -E -v '\s(127.0.0.1|::1):25\s'

Nothing should be returned

Remediation#

Edit /etc/postfix/main.cf and add the following line to the RECEIVING MAIL section.

If the line already exists, change it to look like the line below: 

inet_interfaces = loopback-only

Run the following command to restart postfix: 

# systemctl restart postfix