Description: Mail Transfer Agents (MTA), such as sendmail and Postfix, are used to listen for incoming mail and transfer the messages to the appropriate user or mail server. If the system is not intended to be a mail server, it is recommended that the MTA be configured to only process local mail. Rationale: The software for all Mail Transfer Agents is complex and most have a long history of security issues. While it is important to ensure that the system can process local mail messages, it is not necessary to have the MTAs daemon listening on a port unless the server is intended to be a mail server that receives and processes mail from other systems. Audit: Run the following command to verify that the MTA is not listening on any non-loopback address ( 127.0.0.1 or ::1 ) Nothing should be returned # ss -lntu | grep -E :25s' | grep -E -v s(127.0.0.1|::1):25s Remediation: Edit /etc/postfix/main.cf and add the following line to the RECEIVING MAIL section. If the line already exists, change it to look like the line below: inet_interfaces = loopback-only Run the following command to restart postfix # systemctl restart postfix

[yes/no]

Edit /etc/postfix/main.cf and add the following line to the RECEIVING MAIL section. If the line already exists, change it to look like the line below: inet_interfaces = loopback-only Run the following command to restart postfix # systemctl restart postfix