fa2800419e
This patch migrates all of the remaining non-unique variable names in the security role to a pattern that begins with `security_*`. This will reduce potential variable collisions with other roles. This is a breaking change for deployers and users who are moving from the liberty or stable/mitaka branches to master. Release notes are included with additional details to help with the transition. Closes-Bug: 1578326 Change-Id: Ib716e81e6fed971b21dc5579ae1a871736e21189
20 lines
850 B
ReStructuredText
20 lines
850 B
ReStructuredText
The STIG requires that postfix only listens on the localhost so that it isn't
|
|
abused as a mail relay. The Ansible task will adjust the ``inet_interfaces``
|
|
line in the Postfix configuration and restart postfix if the line is changed.
|
|
|
|
Although it's not common, some deployers may need to configure hosts so they
|
|
can receive email over the network. In that case, deployers would need to set
|
|
the following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_postfix_inet_interfaces: all
|
|
|
|
Note that postfix can have ``inet_interfaces`` set to ``localhost`` and it can
|
|
still send email on the network. The ``inet_interfaces`` directive only
|
|
controls where postfix **listens** for incoming email.
|
|
|
|
For more information, review the postfix documentation for `inet_interfaces`_.
|
|
|
|
.. _inet_interfaces: http://www.postfix.org/postconf.5.html#inet_interfaces
|