SMTP Virtual Server is not bound to the PPSM Standard Port.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18735	EMG2-109 Exch2K3	SV-20413r1_rule	DCPP-1	Medium

Description
PPSM Standard defined ports and protocols must be used for all Exchange services. The default port for SMTP connections is 25. Changing the ports to non-standard values provides only temporary and limited protection against automated attacks since these attacks will not likely connect to the custom port. A determined attacker may still be able to determine which ports are used for the SMTP by performing a comprehensive port scan. Negative impacts of using non-standard ports include complexity for the system administrator, custom configurations required for connecting clients, risk of port conflict with non-exchange applications, and risk of incompatibility with port monitoring applications. Since changing the port introduces a large amount of complexity for a relatively small gain, the DoD PPSM requires that standard SMTP ports be used.

Description

PPSM Standard defined ports and protocols must be used for all Exchange services. The default port for SMTP connections is 25. Changing the ports to non-standard values provides only temporary and limited protection against automated attacks since these attacks will not likely connect to the custom port. A determined attacker may still be able to determine which ports are used for the SMTP by performing a comprehensive port scan. Negative impacts of using non-standard ports include complexity for the system administrator, custom configurations required for connecting clients, risk of port conflict with non-exchange applications, and risk of incompatibility with port monitoring applications. Since changing the port introduces a large amount of complexity for a relatively small gain, the DoD PPSM requires that standard SMTP ports be used.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22456r1_chk )
Verify that E-mail Virtual server is bound on SMTP port 25. Procedure: Exchange system manager >> administrative groups >> [administrative groups]>>Servers >> [server]>>Protocols >> SMTP >> [specific SMTP server] >> properties >> General Tab >> Advanced >>Edit>> TCP Port Port 25 for SMTP should be entered. Criteria: If 25 is entered for SMTP, this is not a finding.

Fix Text (F-19384r1_fix)
Enter 25 for SMTP on each SMTP Virtual Server Procedure: Exchange system manager >> administrative groups >> [administrative groups]>>Servers >> [server]>>Protocols >> SMTP >> [specific SMTP server] >> properties >> General Tab >> Advanced >>Edit>> TCP Port Enter 25 for SMTP.