Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
Exch-HB-213 | Exch-HB-213 | Exch-HB-213_rule | Medium |
Description |
---|
This setting can be used to limit the total size of messages at the connector level. This includes the message header, the message body, and any attachments. For internal message flow, Exchange Server uses the custom X-MS-Exchange-Organization-OriginalSize: message header to record the original message size of the message as it enters the Exchange Server organization. Whenever the message is checked against the specified message size limits, the lower value of the current message size or the original message size header is used. The size of the message can change because of content conversion, encoding, and agent processing. This setting somewhat limits the impact a malicious user or a computer with malware can have on the Exchange infrastructure by restricting the size of incoming messages. |
STIG | Date |
---|---|
Microsoft Exchange 2010 Hub Transport Server Role | 2012-05-31 |
Check Text ( C-_chk ) |
---|
Obtain the Email Domain Security Plan (EDSP) and locate the maximum message size for the Send Connector. Open the Exchange Management Shell and enter the following command. Get-SendConnector | Select Identity, MaxMessageSize If the value of "MaxMessageSize" is set to 10MB or less, this is not a finding. If the value of "MaxMessageSize" is set to more than 10MB, and has signoff and risk acceptance in the EDSP, this is not a finding. |
Fix Text (F-_fix) |
---|
Open the Exchange Management Shell and enter the following command. Set-SendConnector -Identity <'SendConnector'> -MaxMessageSize 10MB or other value as identified by the Email Domain Security Plan. |