Outbound Connection Limit per Domain Count must be controlled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33635 | Exch-2-201 | SV-44055r2_rule | Low |
| Description |
|---|
| Email system availability depends in part on best practices strategies for setting tuning configurations. This configuration controls the maximum number of simultaneous outbound connections from a domain, and works in conjunction with the Maximum Outbound Connections Count setting as a delivery tuning mechanism. If the limit is too low, connections may be dropped. If too high, some domains may use a disproportionate resource share, denying access to other domains. Appropriate tuning reduces risk of data delay or loss. By default, a limit of 20 simultaneous outbound connections from a domain should be sufficient. The value may be adjusted if justified by local site conditions. |
| STIG | Date |
|---|---|
| Exchange 2010 Edge Transport Server STIG | 2017-01-03 |
Details
| Check Text ( C-41744r2_chk ) |
|---|
| Obtain the Email Domain Security Plan (EDSP) and locate the value for 'Maximum Domain Connections' and the server under review. Open the Exchange Management Shell and enter the following command: Get-TransportServer -Identity <'ServerUnderReview'> | Select Name, Identity, MaxPerDomainOutboundConnections If the value of 'MaxPerDomainOutboundConnections' is set to 20 this is not a finding. If the value of 'MaxPerDomainOutboundConnections' is set to a value other than 20 and has signoff and risk acceptance in the EDSP, this is not a finding. |
| Fix Text (F-37527r2_fix) |
|---|
| Open the Exchange Management Shell and enter the following command: Set-TransportServer -Identity <'ServerUnderReview'> -MaxPerDomainOutboundConnections 20 If an alternate value is desired, obtain signoff with risk acceptance and document in the EDSP. |