Mailbox Server is not protected by an Edge Transport Server (E-mail Secure Gateway) performing SPAM evaluation.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18662	EMG2-029 Exch2K3	SV-20268r1_rule	ECSC-1	Medium

Description
By performing filtering at the perimeter, up to 90% of SPAM, malware, and other undesirable messages are eliminated from the message stream rather than admitting them into the mail server environment. SPAM origination sites and other sources of suspected E-Mail borne malware have the ability to corrupt, compromise, or otherwise limit availability of E-Mail servers. Limiting exposure to unfiltered inbound messages can reduce the risk of SPAM and malware impacts. By performing filtering at the perimeter, SPAM, malware, and other undesirable messages are eliminated from the message stream rather than admitting them into the mail server environment. This significantly reduces the attack vector for inbound E-mail-borne SPAM and malware. SPAM evaluation (heuristic) filters scan inbound email messages for evidence of SPAM and other attacks that primarily use ‘Social Engineering’ techniques. Upon evaluation, a rating is assigned to each message estimating the likelihood of its being SPAM. When the message is received in the user’s mailbox, the junk mail filter threshold determines whether the message will be withheld from delivery, delivered to the junk mail folder, or delivered to the user’s inbox. For Exchange 2003 servers, Microsoft introduced the Intelligent Message Filter (IMF). Beginning with Exchange 2003 SP2 it was included as part of the application. Since that time, however, it is recommended that such filtering occur at the network perimeter. That said, risk of inbound SPAM can be somewhat mitigated by using the Microsoft IMF on the Exchange 2003 Mail server, even as an interim measure, while planning for a more comprehensive, Edte Transport Server (E-Mail Secure Gateway).

Description

By performing filtering at the perimeter, up to 90% of SPAM, malware, and other undesirable messages are eliminated from the message stream rather than admitting them into the mail server environment. SPAM origination sites and other sources of suspected E-Mail borne malware have the ability to corrupt, compromise, or otherwise limit availability of E-Mail servers. Limiting exposure to unfiltered inbound messages can reduce the risk of SPAM and malware impacts. By performing filtering at the perimeter, SPAM, malware, and other undesirable messages are eliminated from the message stream rather than admitting them into the mail server environment. This significantly reduces the attack vector for inbound E-mail-borne SPAM and malware. SPAM evaluation (heuristic) filters scan inbound email messages for evidence of SPAM and other attacks that primarily use ‘Social Engineering’ techniques. Upon evaluation, a rating is assigned to each message estimating the likelihood of its being SPAM. When the message is received in the user’s mailbox, the junk mail filter threshold determines whether the message will be withheld from delivery, delivered to the junk mail folder, or delivered to the user’s inbox. For Exchange 2003 servers, Microsoft introduced the Intelligent Message Filter (IMF). Beginning with Exchange 2003 SP2 it was included as part of the application. Since that time, however, it is recommended that such filtering occur at the network perimeter. That said, risk of inbound SPAM can be somewhat mitigated by using the Microsoft IMF on the Exchange 2003 Mail server, even as an interim measure, while planning for a more comprehensive, Edte Transport Server (E-Mail Secure Gateway).

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22381r1_chk )
Interview the E-mail Administrator or the IAO. Request documentation that indicates SPAM evaluation filters are in place on an Edge Transport Server (E-mail Secure Gateway Server) role outside the network perimeter. Criteria: If the mailbox servers are protected by a perimeter-based Edge Transport Server role (E-mail Secure Gateway) which performs SPAM filtering prior to forwarding E-mail to the mailbox servers, this is not a finding.

Check Text ( C-22381r1_chk )

Interview the E-mail Administrator or the IAO. Request documentation that indicates SPAM evaluation filters are in place on an Edge Transport Server (E-mail Secure Gateway Server) role outside the network perimeter.

Criteria: If the mailbox servers are protected by a perimeter-based Edge Transport Server role (E-mail Secure Gateway) which performs SPAM filtering prior to forwarding E-mail to the mailbox servers, this is not a finding.

Fix Text (F-19309r1_fix)
Implement perimeter protection in the form of a secure email filtering mechanism that performs, among other protections, SPAM elimination prior to forwarding message traffic to mailbox servers.