The Exchange Outbound Connection Limit per Domain Count must be controlled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-207311	EX13-MB-000225	SV-207311r615936_rule		Low

Description
Email system availability depends in part on best practice strategies for setting tuning configurations. This configuration controls the maximum number of simultaneous outbound connections from a domain and works in conjunction with the Maximum Outbound Connections Count setting as a delivery tuning mechanism. If the limit is too low, connections may be dropped. If too high, some domains may use a disproportionate resource share, denying access to other domains. Appropriate tuning reduces risk of data delay or loss. By default, a limit of 20 simultaneous outbound connections from a domain should be sufficient. The value may be adjusted if justified by local site conditions.

Description

Email system availability depends in part on best practice strategies for setting tuning configurations. This configuration controls the maximum number of simultaneous outbound connections from a domain and works in conjunction with the Maximum Outbound Connections Count setting as a delivery tuning mechanism. If the limit is too low, connections may be dropped. If too high, some domains may use a disproportionate resource share, denying access to other domains. Appropriate tuning reduces risk of data delay or loss. By default, a limit of 20 simultaneous outbound connections from a domain should be sufficient. The value may be adjusted if justified by local site conditions.

STIG	Date
Microsoft Exchange 2013 Mailbox Server Security Technical Implementation Guide	2021-12-16

Details

Check Text ( C-7569r393446_chk )
Review the Email Domain Security Plan (EDSP). Determine the value for Maximum Domain Connections Open the Exchange Management Shell and enter the following command: Get-TransportService \| Select Name, Identity, MaxPerDomainOutboundConnections If the value of MaxPerDomainOutboundConnections is not set to 20, this is a finding. or If the value of MaxPerDomainOutboundConnections is set to a value other than 20 and has signoff and risk acceptance in the EDSP, this is not a finding.

Check Text ( C-7569r393446_chk )

Review the Email Domain Security Plan (EDSP).

Determine the value for Maximum Domain Connections

Open the Exchange Management Shell and enter the following command:

Get-TransportService | Select Name, Identity, MaxPerDomainOutboundConnections

If the value of MaxPerDomainOutboundConnections is not set to 20, this is a finding.

or

If the value of MaxPerDomainOutboundConnections is set to a value other than 20 and has signoff and risk acceptance in the EDSP, this is not a finding.

Fix Text (F-7569r393447_fix)
Update the EDSP. Open the Exchange Management Shell and enter the following command: Set-TransportService -Identity <'IdentityName'> -MaxPerDomainOutboundConnections 20 Note: The value must be in quotes. or The value as identified by the EDSP that has obtained a signoff with risk acceptance.