UCF STIG Viewer Logo

Send Connector message size must be controlled.


Overview

Finding ID Version Rule ID IA Controls Severity
Exch-ED-213 Exch-ED-213 Exch-ED-213_rule Medium
Description
This setting can be used to limit the total size of messages at the connector level. This includes the message header, the message body, and any attachments. For internal message flow, Exchange Server uses the custom X-MS-Exchange-Organization-OriginalSize: message header to record the original message size of the message as it enters the Exchange Server organization. Whenever the message is checked against the specified message size limits, the lower value of the current message size or the original message size header is used. The size of the message can change because of content conversion, encoding, and agent processing. This setting somewhat limits the impact a malicious user or a computer with malware can have on the Exchange infrastructure by restricting the size of incoming messages.
STIG Date
Microsoft Exchange 2010 Edge Transport Server Role 2012-05-31

Details

Check Text ( C-_chk )
Obtain the Email Domain Security Plan (EDSP) and locate the maximum message size for the Send Connector.

Open the Exchange Management Shell and enter the following command.

Get-SendConnector | Select Identity, MaxMessageSize

If the value of "MaxMessageSize" is set to 10MB or less, this is not a finding.

If the value of "MaxMessageSize" is set to more than 10MB, and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text (F-_fix)
Open the Exchange Management Shell and enter the following command.

Set-SendConnector -Identity <'SendConnector'> -MaxMessageSize 10MB or other value as identified by the Email Domain Security Plan.