Re: [lopsa-discuss] Checklist or best practice for auditing mail service

Thu, 05 Apr 2012 20:53:31 -0700 

Thanks for your help

On 04/05/2012 05:12 PM, Evan Pettrey wrote:
The DISA STIG guides do cover some of the mentioned technologies. For example, with regards to postfix, there are a few different standards listed under the Red Hat. At a quick glance, I see this: 


If the system uses Postfix, edit the main.cf <http://main.cf> file and 
add or edit the "smtpd_client_restrictions" line to have contents 
"permit mynetworks, reject" or a similarly restrictive rule. If the 
system does not need to receive mail from external hosts, add or edit 
the "inet_interfaces" line to have contents "loopback-only" or a set 
of loopback addresses for the system. Restart the service.




You can find the unclassified STIGs for all of their approved 
operating systems here: http://iase.disa.mil/stigs/os/index.html




If you look around I'm sure there are other unclassified STIG guides 
that may be of further assistance. DoD/DISA STIGing happens to be what 
I have the most experience with but I recall finding similar resources 
online in the past from other agencies as well.



Hope this helps!


-Evan



On Thu, Apr 5, 2012 at 5:53 AM, Hung Nguyen <[email protected] 
<mailto:[email protected]>> wrote:


    Hi all,

    Our IT team intend to audit (mainly about security settings) for
    OS and Services in our company 's infrastructure. But It seems
    that from well-known standards, such as: CIS, DISA, PCI 2.2 they
    don't have checklist for  mail service in general and particularly
    for postfix, sendmail, dovecot mail service (except for Microsoft
    Exchange :-( ).

    So, could you have any recommend about checklist or best practice
    for auditing mail service, especially for postfix, sendmail, dovecot ?

    Thanks and best regards,
    HungNT
    _______________________________________________
    Discuss mailing list
    [email protected] <mailto:[email protected]>
    https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
    This list provided by the League of Professional System Administrators
    http://lopsa.org/





_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
 http://lopsa.org/






















					Reply via email to