Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18692 | EMG2-125 Exch2K3 | SV-20324r1_rule | ECSC-1 | Low |
Description |
---|
E-Mail system availability depends in part on best practices strategies for setting tuning configurations. This configuration controls the maximum number of simultaneous inbound connections allowed to the SMTP server. By default, the number of simultaneous inbound connections is unlimited. If a limit is set and is too low, the connections pool may get filled. If attackers perceive there is a limit, they could deny service to the Simple Mail Transfer Protocol (SMTP) server using a limited connection count (set to unlimited), attackers would need many more connections to cause denial of service. |
STIG | Date |
---|---|
Microsoft Exchange Server 2003 | 2014-08-19 |
Check Text ( C-22410r1_chk ) |
---|
Access the SMTP Inbound Connections configuration. Exchange System Manager >> administrative groups >> [administrative group] >> Servers >> [Server] >> Protocols >> SMTP >> [specific SMTP server] >> properties >> General tab The “Limit number of connections to” checkbox should be cleared. Criteria: If the "Limit Number of Connections to" is cleared, this is not a finding. |
Fix Text (F-19338r1_fix) |
---|
Set the Limit Inbound Connections limit. Procedure: Exchange System Manager >> administrative groups >> [administrative group] >> Servers >> [Server] >> Protocols >> SMTP >> [specific SMTP server] >> properties >> General tab Clear the “Limit number of connections to” checkbox. |