Title

A public web server must limit e-mail to outbound only. (Cat II impact)

Discussion

Incoming e-mails have been known to provide hackers with access to servers. Disabling the incoming mail service prevents this type of attacks. Additionally, e-mail is a specialized application requiring the dedication of server resources. A production web server should only provide hosting services for web sites. Supporting mail services on a web server opens the server to the risk of abuse as an e-mail relay.

Check Content

1. Open the Services window > look for the Simple Mail Transfer Protocol (SMTP) service. 2. If the service is running, then this is a finding. 3. Open Add/Remove Programs to see if there are any e-mail programs installed. 4. Search the system to determine if other e-mail programs are running. If there is an e-mail program installed and that program has been configured to accept inbound e-mail, this is a finding. NOTE: If available, telnet to the server under review on port 25. If a response is received, this is a finding.

Fix Text

Disable the SMTP service. If other e-mail programs are running, remove them.

Additional Identifiers

Rule ID: SV-38328r1_rule

Vulnerability ID: V-2261

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.