Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18660 | EMG2-046 Exch2K3 | SV-20264r1_rule | ECSC-1 | Medium |
Description |
---|
SPAM originators, in an effort to refine mailing lists, sometimes use a technique where they monitor transmissions for automated bounce back messages such as “Out of Office” messages. Automated messages include such items as Out of Office responses, non-delivery messages, or automated message forwarding. Automated bounce back messages can be used by a third party to determine user “liveness” on the server. This can result in the disclosure of active user accounts to third parties, paving the way for possible future attacks. Mail forwarding is an automated feature that does not provide information to third parties, but it poses a potential risk on networks where classified or confidential information may be sent. For example, if auto-forwarding is configured, sensitive information sent to this user’s account may automatically be transferred outside the control of the organization. The “Default” format applies to all domains. However, if a new format is created and applied to a specific domain, that domain will use the new format's configuration while all other domains (those without specially designated formats) will use the Default format. Automated messages must be disabled to prevent inadvertent information disclosure about E-mail recipients. |
STIG | Date |
---|---|
Microsoft Exchange Server 2003 | 2014-08-19 |
Check Text ( C-22379r1_chk ) |
---|
Procedure: Exchange System Manager >> Global Settings >> Internet Messages >>Formats >> {specific format name} >> Properties >> Advanced tab >> {item list} The "Automated Response Messages" checkbox should be cleared. Criteria: For each listed format, if the "Automated Response Messages" checkbox is cleared, this is not a finding. |
Fix Text (F-19308r1_fix) |
---|
Disable automated responses. Procedure: Exchange System Manager >> Global Settings >> Internet Messages >>Formats >> {specific format name} >> Properties >> Advanced tab >> {item list} For each profile in the list, clear the "Automated Response Messages" checkbox. |