The Mailbox server is not protected by having filtered messages archived by the Edge Transport Role server (E-mail Secure Gateway) at the perimeter.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18673 | EMG2-024 Exch2K3 | SV-20290r1_rule | ECSC-1 | Medium |
| Description |
|---|
| By performing filtering at the perimeter, up to 90% of SPAM, malware, and other undesirable messages are eliminated from the message stream rather than admitting them into the mail server environment. This significantly reduces the attack vector for inbound E-mail-borne SPAM and malware. As messages are filtered, it is prudent to temporarily host them in an archive for evaluation by administrators or users. The archive can be used to recover messages that might have been inappropriately filtered, preventing data loss, and to provide a base of analysis that can provide future filter refinements. |
| STIG | Date |
|---|---|
| Microsoft Exchange Server 2003 | 2014-08-19 |
Details
| Check Text ( C-22392r1_chk ) |
|---|
| Interview the E-mail Administrator or the IAO. Request documentation that indicates Filtered messages are archived on a secure email gateway server outside the enclave at the perimeter. Criteria: If inbound messages filtered by the sender filter are archived, this is not a finding. |
| Fix Text (F-19320r1_fix) |
|---|
| Implement perimeter-based protection in the form of a secure email filtering mechanism that performs, among other protections, filtered messages archiving for SPAM elimination prior to forwarding message traffic to mailbox servers inside the enclave. |