UCF STIG Viewer Logo

Receive Connectors must control the message count per inbound session.


Overview

Finding ID Version Rule ID IA Controls Severity
Exch-HB-208 Exch-HB-208 Exch-HB-208_rule Low
Description
Email system availability depends in part on best practices strategies for setting tuning configurations. This setting controls the maximum number of messages allowed in a single SMTP session by breaking large numbers of messages into multiple sessions. Failure to control message counts as they arrive adds risk that a sending domain could monopolize email resources by not controlling message counts per session as inbound messages arrive. Microsoft best practice recommends setting this to a value of 300.
STIG Date
Microsoft Exchange 2010 Hub Transport Server Role 2012-05-31

Details

Check Text ( C-_chk )
Obtain the Email Domain Security Plan (EDSP) and locate the "Maximum Recipients per Message" value.

Open the Exchange Management Shell and enter the following command.

Get-ReceiveConnector | Select Name, Identity, MaxRecipientsPerMessage

For each Receive Connector, evaluate the "MaxRecipientsPerMessage" value.

If the value of "MaxRecipientsPerMessage" is set to 300, this is not a finding.

If the value of "Maximum Recipients per Message" is set to a value other than 300, and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text (F-_fix)
Open the Exchange Management Shell and enter the following command.

Set-ReceiveConnector -Identity <'Server\ReceiveConnector'> -MaxRecipientsPerMessage 300 or other value as identified by the Email Domain Security Plan.