Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18668 | EMG2-129 Exch2K3 | SV-20280r1_rule | ECSC-1 | Low |
Description |
---|
E-Mail system availability depends in part on best practices strategies for setting tuning configurations. This setting controls the maximum SMTP Virtual Server session sizes (inbound and outbound) and applies globally to the Simple Mail Transfer Protocol (SMTP) protocol. If the session size limit is set too low, the SMTP server may increase the number of sessions spawned, which increases the risk that other set limits will be reached. Controlling session resource usage is best done by controlling the number of messages in a session. It is is recommended that this setting remain at the default of ‘Unlimited’. |
STIG | Date |
---|---|
Microsoft Exchange Server 2003 | 2014-08-19 |
Check Text ( C-22387r1_chk ) |
---|
Perform for each SMTP virtual server: Note: If “administrative groups” do not display in the list, highlight the topmost “Exchange” item in the left hand list, then access the Action menu, select Properties, check the “Display Routing Groups” box, and the “display administrative groups” box. Exit Exchange Manager, then restart it, and repeat the “check” steps. Procedure: Exchange System Manager >> Administrative Groups >> [administrator group] >> Servers >> [server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >>Messages Tab The "Limit Session Size to (KB)" field should be cleared. Criteria: If the “Limit Session Size to (KB)" is cleared, this is not a finding. |
Fix Text (F-19315r1_fix) |
---|
Set the SMTP Session Size Limit. Procedure: Exchange System Manager >> Administrative Groups >> [administrator group] >> Servers >> [server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >>Messages Tab Clear the “Limit Session size to (KB)” field. |