The Outbound Delivery Retry Values are not at the Defaults, or do not have alternate values documented in the System Security Plan.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18687	EMG2-123 Exch2K3	SV-20314r1_rule	ECSC-1	Low

Description
E-Mail system availability depends in part on best practices strategies for setting tuning configurations. This setting controls the rate at which delivery attempts from the home domain are retried, user notification is issued, and expiration timeout when the message will be discarded. If delivery retry attempts are too frequent, servers will generate network congestion. If too far apart, then messages may remain queued longer than necessary, potentially raising disk resource requirements. The default values of these fields should be adequate for most environments. Administrators may wish to modify the values as a result, but changes should be documented in the System Security Plan.

Description

E-Mail system availability depends in part on best practices strategies for setting tuning configurations. This setting controls the rate at which delivery attempts from the home domain are retried, user notification is issued, and expiration timeout when the message will be discarded. If delivery retry attempts are too frequent, servers will generate network congestion. If too far apart, then messages may remain queued longer than necessary, potentially raising disk resource requirements. The default values of these fields should be adequate for most environments. Administrators may wish to modify the values as a result, but changes should be documented in the System Security Plan.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22405r1_chk )
Access the Simple Mail Transfer Protocol (SMTP) Connection Retry configuration. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [Server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >> Delivery tab >> Outbound The default values should be in use, or alternate values may be in use, but they should also be documented in the System Security Plan. - the “First retry interval” (10 min) - the “Second retry interval” (15 min) - the “Third retry interval” (15 min) - the “Subsequent retry interval” (15 min). - the “delay notification” (12 hrs) - the “expiration timeout” (2 days) Criteria: If the message delivery retry settings are as shown above, or have alternate values justified in the System Security Plan, this is not a finding.

Check Text ( C-22405r1_chk )

Access the Simple Mail Transfer Protocol (SMTP) Connection Retry configuration.

Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [Server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >> Delivery tab >> Outbound

The default values should be in use, or alternate values may be in use, but they should also be documented in the System Security Plan.

- the “First retry interval” (10 min)
- the “Second retry interval” (15 min)
- the “Third retry interval” (15 min)
- the “Subsequent retry interval” (15 min).
- the “delay notification” (12 hrs)
- the “expiration timeout” (2 days)

Criteria: If the message delivery retry settings are as shown above, or have alternate values justified in the System Security Plan, this is not a finding.

Fix Text (F-19333r1_fix)
Set Outbound Delivery Retry values. If alternate values are desired, they must also be documented in the System Security Plan. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [Server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >> Delivery tab >> outbound Enter values as shown: - the “First retry interval” (10 min) - the “Second retry interval” (15 min) - the “Third retry interval” (15 min) - the “Subsequent retry interval” (15 min). - the “delay notification” (12 hrs) - the “expiration timeout” (2 days)

Fix Text (F-19333r1_fix)

Set Outbound Delivery Retry values. If alternate values are desired, they must also be documented in the System Security Plan.

Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [Server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >> Delivery tab >> outbound

Enter values as shown:

- the “First retry interval” (10 min)
- the “Second retry interval” (15 min)
- the “Third retry interval” (15 min)
- the “Subsequent retry interval” (15 min).
- the “delay notification” (12 hrs)
- the “expiration timeout” (2 days)