The SMTP Virtual Server is configured to perform DNS lookups for anonymous E-mails.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18704	EMG2-143 Exch2K3	SV-20348r1_rule	ECSC-1	Low

Description
E-Mail system availability depends in part on best practices strategies for setting tuning configurations. This feature causes the server to use a Directory Naming Service (DNS) lookup to try to determine the source of each anonymous E-mail message. While enabling this feature does not pose an attack hazard, it is recommended that this feature be disabled to avoid impacting resource availability. Anonymous E-mail is invariably SPAM and should be filtered when received at the perimeter. In this context, DNS lookup is not a reliable indicator of perpetrator information, due to its likelihood of SPAM content and therefore likelihood of altered DNS entries. The DNS lookup result does not add value, and therefore should not be an enabled feature.

Description

E-Mail system availability depends in part on best practices strategies for setting tuning configurations. This feature causes the server to use a Directory Naming Service (DNS) lookup to try to determine the source of each anonymous E-mail message. While enabling this feature does not pose an attack hazard, it is recommended that this feature be disabled to avoid impacting resource availability. Anonymous E-mail is invariably SPAM and should be filtered when received at the perimeter. In this context, DNS lookup is not a reliable indicator of perpetrator information, due to its likelihood of SPAM content and therefore likelihood of altered DNS entries. The DNS lookup result does not add value, and therefore should not be an enabled feature.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22422r1_chk )
Validate anonymous E-mail resolution configuration. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> servers >> [server] >> Protocols >> SMTP >> [specific SMTP server] >> properties >> Access Control Tab >> Authentication button The “Resolve Anonymous E-mail” checkbox should be cleared. Criteria: If the “Resolve Anonymous E-mail” checkbox is cleared, this is not a finding.

Check Text ( C-22422r1_chk )

Validate anonymous E-mail resolution configuration.

Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> servers >> [server] >> Protocols >> SMTP >> [specific SMTP server] >> properties >> Access Control Tab >> Authentication button

The “Resolve Anonymous E-mail” checkbox should be cleared.

Criteria:
If the “Resolve Anonymous E-mail” checkbox is cleared, this is not a finding.

Fix Text (F-19350r1_fix)
Configure each SMTP virtual server. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> servers >> [server] >> Protocols >> SMTP >> [specific SMTP server] >> properties >> Access Control Tab >> Authentication button Clear the “Resolve Anonymous E-mail” checkbox.