UCF STIG Viewer Logo

The SMTP Virtual Server performs reverse DNS lookups for anonymous message delivery.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18702 EMG2-148 Exch2K3 SV-20344r1_rule ECSC-1 Low
Description
E-mail system availability depends in part on best practices strategies for setting tuning configurations. This feature causes the server to use a Directory Naming Service (DNS) lookup to try to resolve the source of incoming E-mail for anonymous messages as part of the delivery feature. While enabling this feature does not pose an attack hazard, it is recommended that this feature be disabled to avoid impacting resource availability. It is relatively easy to fool the DNS lookup, and therefore creates unnecessary risk to the E-mail system.
STIG Date
Microsoft Exchange Server 2003 2014-08-19

Details

Check Text ( C-22420r1_chk )
Validate Reverse DNS lookup delivery configuration.

Procedure: Exchange System Manager>>Administrative Groups>> [Administrative Group]>>Servers>> [server]>>Protocols>> SMTP >> [specific SMTP virtual server]>> >>Properties >> Delivery Tab >> Advanced button

The "Perform Reverse DNS lookup on incoming messages" checkbox should be cleared.

Criteria: If the "Perform Reverse DNS lookup on incoming messages" checkbox is cleared, this is not a finding.

Fix Text (F-19348r1_fix)
Configure the anonymous delivery DNS option.

Procedure: Exchange System Manager>>Administrative Groups>> [Administrative Group]>>Servers>> [server]>>Protocols>> SMTP >> [specific SMTP virtual server]>> >>Properties >> Delivery Tab >> Advanced button

Clear the "Perform Reverse DNS lookup on incoming messages" checkbox.