Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-69821 | EX13-EG-000100 | SV-84443r1_rule | Medium |
Description |
---|
Email system availability depends in part on best practice strategies for setting tuning configurations. This configuration controls the maximum number of simultaneous outbound connections from a domain and works in conjunction with the Maximum Outbound Connections Count setting as a delivery tuning mechanism. If the limit is too low, connections may be dropped. If the limit is too high, some domains may use a disproportionate resource share, denying access to other domains. Appropriate tuning reduces the risk of data delay or loss. By default, a limit of 20 simultaneous outbound connections from a domain should be sufficient. The value may be adjusted if justified by local site conditions. |
STIG | Date |
---|---|
MS Exchange 2013 Edge Transport Server Security Technical Implementation Guide | 2019-03-11 |
Check Text ( C-70291r1_chk ) |
---|
Review the Email Domain Security Plan (EDSP). Determine the value for Maximum Domain Connections. Open the Exchange Management Shell and enter the following command: Get-TransportService | Select Name, Identity, MaxPerDomainOutboundConnections If the value of MaxPerDomainOutboundConnections is not set to 20, this is a finding. or If the value of MaxPerDomainOutboundConnections is set to a value other than 20 and has signoff and risk acceptance in the EDSP, this is not a finding. |
Fix Text (F-76051r1_fix) |
---|
Update the EDSP. Open the Exchange Management Shell and enter the following command: Set-TransportService -Identity <'IdentityName'> -MaxPerDomainOutboundConnections 20 Note: The or The value as identified by the EDSP that has obtained a signoff with risk acceptance. |