E-mail Server Global Sending or Receiving message size is set to Unlimited.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18666	EMG2-005 Exch2K3	SV-20276r1_rule	ECSC-1	Medium

Description
E-Mail system availability depends in part on best practices strategies for setting tuning configurations. Message size limits should be set to 30 megabytes at most, but often are smaller, depending on the organization. The key point in message size is that it should be set globally, and it should not be set to ‘unlimited’. Selecting the “no limit” radio button on either field is likely to result in abuse and can lead to rapid filling of server disk space. Message size limits may be applied in Routing Group connectors, SMTP connectors, Public Folders, and on the user account under AD. Changes at these lower levels are discouraged, as the single global setting is usually sufficient. This practice prevents conflicts that could impact availability and it simplifies server administration.

Description

E-Mail system availability depends in part on best practices strategies for setting tuning configurations. Message size limits should be set to 30 megabytes at most, but often are smaller, depending on the organization. The key point in message size is that it should be set globally, and it should not be set to ‘unlimited’. Selecting the “no limit” radio button on either field is likely to result in abuse and can lead to rapid filling of server disk space. Message size limits may be applied in Routing Group connectors, SMTP connectors, Public Folders, and on the user account under AD. Changes at these lower levels are discouraged, as the single global setting is usually sufficient. This practice prevents conflicts that could impact availability and it simplifies server administration.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22385r1_chk )
Verify that the “Set message size”, is not set to Unlimited. Procedure: Exchange System Manager >> Global Settings >> Message Delivery>> Properties >> Defaults tab The "Send Size" and "Receive Size" should have a value, and not have "unlimited" selected. Criteria: If "Send Size" and "Receive Size" have a value, and have not selected "unlimited", this is not a finding.

Fix Text (F-19313r1_fix)
Set the Global Send and Receive message sizes. Procedure: Exchange System Manager >> Global Settings >> Message Delivery>> Properties >> Defaults tab Set "Send Size" and "Receive Size" to a value (do not select Unlimited). Default size limits are as follows (to be used if other sizes are not justified): Send Size =10,240 Receive Size = 10,240