Message Recipient Count Limit is not limited on the SMTP virtual server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18670	EMG2-107 Exch2K3	SV-20284r1_rule	ECSC-1	Medium

Description
E-Mail system availability depends in part on best practices strategies for setting tuning configurations. Global Message Recipient Limits determine the total number of recipients that can be addressed on a single message. At the virtual server level, this field is set to a limited size, and is used to control the maximum number of recipients who will receive a copy of this message at one time. It is intended to improve efficiency by forcing messages sent to a greater number of recipients to be sent out in multiple messages.

Description

E-Mail system availability depends in part on best practices strategies for setting tuning configurations. Global Message Recipient Limits determine the total number of recipients that can be addressed on a single message. At the virtual server level, this field is set to a limited size, and is used to control the maximum number of recipients who will receive a copy of this message at one time. It is intended to improve efficiency by forcing messages sent to a greater number of recipients to be sent out in multiple messages.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22389r1_chk )
Verify the SMTP Virtual Server Recipient Count Limit. Procedure: Exchange System Manager >> Administrative Groups >> [administrator group] >> Servers >> [server] >> Protocols >> SMPT >> [specific SMPT server] >> Properties >>Messages Tab The “Limit number of recipients per message” should be is set to a numeric value of 64000 (default) or less. Criteria: If “Limit number of recipients per message” is set to a numeric value of 64000 (default) or less, and the System Security Plan documentation has a documented reason, this is not a finding.

Check Text ( C-22389r1_chk )

Verify the SMTP Virtual Server Recipient Count Limit.

Procedure: Exchange System Manager >> Administrative Groups >> [administrator group] >> Servers >> [server] >> Protocols >> SMPT >> [specific SMPT server] >> Properties >>Messages Tab

The “Limit number of recipients per message” should be is set to a numeric value of 64000 (default) or less.

Criteria: If “Limit number of recipients per message” is set to a numeric value of 64000 (default) or less, and the System Security Plan documentation has a documented reason, this is not a finding.

Fix Text (F-19317r1_fix)
Set the SMTP Virtual Server Message Recipient Count limit.. Procedure: Exchange System Manager >> Administrative Groups >> [administrator group] >> Servers >> [server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >>Messages Tab Select “Limit number of recipients per message" to 64000.