Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Exchange must not send non-delivery reports to remote domains.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33599 | Exch-2-808 | SV-44019r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Attackers can use automated messages to determine whether a user account is active, in the office, traveling, and so on. An attacker might use this information to conduct future attacks. Ensure that non-delivery reports to remote domains are disabled. Before enabling this setting first configure a remote domain using the EMC or the New-RemoteDomain cmdlet. |
| STIG | Date |
|---|---|
| Exchange 2010 Hub Transport Server STIG | 2013-09-30 |
Details
| Check Text ( C-41706r2_chk ) |
|---|
| Open the Exchange Management Shell and enter the following command: Get-RemoteDomain | select identity, NDREnabled If the value of 'NDREnabled' is not set to 'False', this is a finding. |
| Fix Text (F-37491r1_fix) |
|---|
| Open the Exchange Management Shell and enter the following command: Set-RemoteDomain -Identity <'RemoteDomainName'> -NDREnabled $false |