Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33635 | Exch-2-201 | SV-44055r2_rule | Low |
Description |
---|
Email system availability depends in part on best practices strategies for setting tuning configurations. This configuration controls the maximum number of simultaneous outbound connections from a domain, and works in conjunction with the Maximum Outbound Connections Count setting as a delivery tuning mechanism. If the limit is too low, connections may be dropped. If too high, some domains may use a disproportionate resource share, denying access to other domains. Appropriate tuning reduces risk of data delay or loss. By default, a limit of 20 simultaneous outbound connections from a domain should be sufficient. The value may be adjusted if justified by local site conditions. |
STIG | Date |
---|---|
MS Exchange 2010 Edge Transport Server STIG | 2018-09-17 |
Check Text ( C-41744r2_chk ) |
---|
Obtain the Email Domain Security Plan (EDSP) and locate the value for 'Maximum Domain Connections' and the server under review. Open the Exchange Management Shell and enter the following command: Get-TransportServer -Identity <'ServerUnderReview'> | Select Name, Identity, MaxPerDomainOutboundConnections If the value of 'MaxPerDomainOutboundConnections' is set to 20 this is not a finding. If the value of 'MaxPerDomainOutboundConnections' is set to a value other than 20 and has signoff and risk acceptance in the EDSP, this is not a finding. |
Fix Text (F-37527r2_fix) |
---|
Open the Exchange Management Shell and enter the following command: Set-TransportServer -Identity <'ServerUnderReview'> -MaxPerDomainOutboundConnections 20 If an alternate value is desired, obtain signoff with risk acceptance and document in the EDSP. |