UCF STIG Viewer Logo

Receive Connector message size must be controlled.


Finding ID Version Rule ID IA Controls Severity
Exch-ED-201 Exch-ED-201 Exch-ED-201_rule Medium
This setting can be used to limit the total size of messages at the connector level. This includes the message header, the message body, and any attachments. For internal message flow, Exchange Server uses the custom X-MS-Exchange-Organization-OriginalSize: message header to record the original message size of the message as it enters the Exchange Server organization. Whenever the message is checked against the specified message size limits, the lower value of the current message size or the original message size header is used. The size of the message can change because of content conversion, encoding, and agent processing. This setting somewhat limits the impact a malicious user or a computer with malware can have on the Exchange infrastructure by restricting the size of incoming messages.
Microsoft Exchange 2010 Edge Transport Server Role 2012-05-31


Check Text ( C-_chk )
Obtain the Email Domain Security Plan (EDSP) and locate the maximum message size for the Receive Connector.

Open the Exchange Management Shell and enter the following command.

Get-ReceiveConnector | Select Identity, MaxMessageSize

If the value of "MaxMessageSize" is set to 10MB or less, this is not a finding.

If the value of "MaxMessageSize" is set to more than 10MB, and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text (F-_fix)
Open the Exchange Management Shell and enter the following command.

Set-ReceivedConnector -Identity <'ReceiveConnector'> -MaxMessageSize 10MB or other value as identified by the Email Domain Security Plan.