Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18694 | EMG2-250 Exch2K3 | SV-20328r1_rule | ECSC-1 | Medium |
Description |
---|
E-mail is only as secure as the recipient. Recipient SMTP servers that accept messages from all sources provide a way for rogue senders (such as SPAMMERS) or malicious users to insert message batches (that may be SPOOFED or FORGED) into the message transfer path. This setting controls which IP addresses are allowed to connect to this Virtual Server to download messages. Two strategies exist for this control, “Deny None” or “Deny All”. Exceptions can be listed in the form of IP addresses, which can also be wildcarded as subnet groups. To significantly reduce the attack vector for unauthorized connections, the “Deny All” approach must be used, stating authorized connections from “only the list below”. Depending on the server’s role in the infrastructure, the list of clients or other SMTP servers authorized to connect to this virtual server should be specified. |
STIG | Date |
---|---|
Microsoft Exchange Server 2003 | 2014-08-19 |
Check Text ( C-22412r1_chk ) |
---|
Access the mail server inbound connections configuration. Procedure: Exchange System Manager >> administrative groups >> [administrative group] >> Servers >> [Server] >> Protocols >> SMTP >> [specific SMTP server] >> properties >> Access tab >> Connection control >> Connection button "Only the list below” should be selected, with a list of addresses or subnets authorized to connect to this server. Criteria: If "Only the list below” is selected, with a list of addresses or subnets authorized to connect to this server, this is not a finding. |
Fix Text (F-19340r1_fix) |
---|
Set the Inbound Connections configuration. Procedure: Exchange System Manager >> administrative groups >> [administrative group] >> Servers >> [Server] >> Protocols >> SMTP >> [specific SMTP server] >> properties >> Access tab >> Connection control >> Connection button Select “Only the list below” and list addresses or subnets authorized to connect to this server. |