Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33601 | Exch-2-811 | SV-44021r1_rule | ECSC-1 | Medium |
Description |
---|
SPAM originators, in an effort to refine mailing lists, sometimes use a technique where they monitor transmissions for automated bounce back messages, such as 'Out of Office' messages. Automated messages include such items as Out of Office responses, non-delivery messages, or automated message forwarding. Automated bounce back messages can be used by a third party to determine if users exist on the server. This can result in the disclosure of active user accounts to third parties, paving the way for possible future attacks. |
STIG | Date |
---|---|
MS Exchange 2010 Edge Transport Server STIG | 2019-01-02 |
Check Text ( C-41708r1_chk ) |
---|
Open the Exchange Management Shell and enter the following command: Get-RemoteDomain -Identity 'default' | Select Name, Identity, AllowedOOFType If the value of 'AllowedOOFType' is set to 'External' or 'ExternalLegacy', this is a finding. |
Fix Text (F-37493r1_fix) |
---|
Open the Exchange Management Shell and enter the following command: Set-RemoteDomain -AllowedOOFType 'InternalLegacy' -Identity 'default' |