Exchange external/internet-bound automated response messages must be disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-259688	EX19-MB-000136	SV-259688r961161_rule		Medium

Description
Spam originators, in an effort to refine mailing lists, sometimes monitor transmissions for automated bounce-back messages. Automated messages include such items as "Out of Office" responses, nondelivery messages, and automated message forwarding. Automated bounce-back messages can be used by a third party to determine if users exist on the server. This can result in the disclosure of active user accounts to third parties, paving the way for possible future attacks.

Description

Spam originators, in an effort to refine mailing lists, sometimes monitor transmissions for automated bounce-back messages. Automated messages include such items as "Out of Office" responses, nondelivery messages, and automated message forwarding. Automated bounce-back messages can be used by a third party to determine if users exist on the server. This can result in the disclosure of active user accounts to third parties, paving the way for possible future attacks.

STIG	Date
Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide	2024-06-10

Details

Check Text ( C-63427r942376_chk )
Open the Exchange Management Shell and enter the following command: Get-RemoteDomain \| Select-Object -Property Name, DomainName, Identity, AllowedOOFType If the value of "AllowedOOFType" is not set to "InternalLegacy", this is a finding.

Fix Text (F-63335r942377_fix)
Open the Exchange Management Shell and enter the following command: Set-RemoteDomain -Identity <'IdentityName'> -AllowedOOFType 'InternalLegacy' Note: The and InternalLegacy values must be in quotes.