Filtered messages must be archived.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| Exch-ED-229 | Exch-ED-229 | Exch-ED-229_rule | Medium |
| Description |
|---|
| As messages are filtered by the Email sanitization process, an archive must be specified and managed by the Email administrators. The archive may be used to recover messages that might have been inappropriately filtered, preventing data loss, and to provide a base of analysis that can provide future filter refinements. The archive repository may also serve as a base for analysis of filtered content, to report and trend the types of undesirable Email content being captured. Failure to specify and manage a filtered message archive adds to the risk of email environment pollution. By not archiving filtered messages it is less likely administrators would be able to analyze and refine the filtering process. The act of identifying a mailbox causes this feature to be enabled. |
| STIG | Date |
|---|---|
| Microsoft Exchange 2010 Edge Transport Server Role | 2012-05-31 |
Details
| Check Text ( C-_chk ) |
|---|
| Open the Exchange Management Shell and enter the following command. Get-ContentFilterConfig | Select QuarantineMailbox If no SMTP address is assigned to "QuarantineMailbox", this is a finding. |
| Fix Text (F-_fix) |
|---|
| Open the Exchange Management Shell and enter the following command. Set-ContentFilterConfig -QuarantineMailbox <'SmtpAddressOfMailbox'> |