Global outbound message size must be set.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
Exch-114	Exch-114	Exch-114_rule		Medium

Description
Email system availability depends in part on best practices strategies for setting tuning configurations. Message size limits should be set to 10 megabytes at most, but often are smaller, depending on the organization. The key point in message size is that it should be set globally, and it should not be set to 'unlimited'. Not setting a limit is likely to result in abuse and can lead to rapid filling of server disk space. Note: Transport configuration settings apply to the organization/global level of Exchange by checking and setting them at the Hub server the setting will apply to both Hub and Edge roles.

Description

Email system availability depends in part on best practices strategies for setting tuning configurations. Message size limits should be set to 10 megabytes at most, but often are smaller, depending on the organization. The key point in message size is that it should be set globally, and it should not be set to 'unlimited'. Not setting a limit is likely to result in abuse and can lead to rapid filling of server disk space. Note: Transport configuration settings apply to the organization/global level of Exchange by checking and setting them at the Hub server the setting will apply to both Hub and Edge roles.

STIG	Date
Microsoft Exchange 2010 Core Server	2012-05-31

Details

Check Text ( C-_chk )
Obtain the Email Domain Security Plan (EDSP) and locate the value for "Maximum Send Size". Open the Exchange Management Shell and enter the following command. Get-TransportConfig \| Select Name, Identity, MaxSendSize If the value of "MaxSendSize" is set to 10MB or less, this is not a finding. If the value of "MaxSendSize" is set to more than 10MB, and has signoff and risk acceptance in the EDSP, this is not a finding.

Check Text ( C-_chk )

Obtain the Email Domain Security Plan (EDSP) and locate the value for "Maximum Send Size".

Open the Exchange Management Shell and enter the following command.

Get-TransportConfig | Select Name, Identity, MaxSendSize

If the value of "MaxSendSize" is set to 10MB or less, this is not a finding.

If the value of "MaxSendSize" is set to more than 10MB, and has signoff and risk acceptance in the EDSP, this is not a finding.

Fix Text (F-_fix)
Open the Exchange Management Shell and enter the following command. Set-TransportConfig -MaxSendSize 10000000 or other value as identified by the Email domain security plan.