An error occurred:

Check: OSX00525 M6

MACOSX 10.6: OSX00525 M6 (in version v1 r3)

Title

Mail must be configured using SSL. (Cat II impact)

Discussion

When setting up user mail accounts, select "use SSL" in advanced options. This setting is for the Mail app included with OS X. Instructions will be different for other mail applications, but all mail applications should be set up secured using some form of encryption.

Check Content

NOTE: If you are not using the Mac Mail Application, this check does not apply. Choose Mail > Preferences, and then click Accounts. Select an account, and then click Advanced. Ensure "Use SSL" is selected. From the Authentication pop-up menu, ensure an authentication method is selected (e.g., MD5 Challenge-Response, NTLM, Kerberos Version 5 (GSSAPI), or Authenticated POP (APOP)). If not, this is a finding. Click Account Information. From the Outgoing Mail Server (SMTP) pop-up menu, select Edit Server List. From the server list, select the outgoing mail server, and then click Advanced. Ensure Secure Socket Layer (SSL) is selected. From the Authentication pop-up menu, ensure an authentication method is selected (e.g., MD5 Challenge-Response, NTLM, Kerberos Version 5 (GSSAPI), or Authenticated POP (APOP)). If not, this is a finding.

Fix Text

Choose Mail > Preferences, Click Accounts. Select an account, Click Advanced. Select "Use SSL". From the Authentication pop-up menu, select authentication method (e.g., MD5 Challenge-Response, NTLM, Kerberos Version 5 (GSSAPI), or Authenticated POP (APOP)). Click Account Information. From the Outgoing Mail Server (SMTP) pop-up menu, select Edit Server List. From the server list, select your outgoing mail server and then click Advanced. Select "Secure Socket Layer (SSL)". From the Authentication pop-up menu, select authentication method (e.g., MD5 Challenge-Response, NTLM, Kerberos Version 5 (GSSAPI), or Authenticated POP (APOP)). Close the preferences window, and then click "Save" in the message that appears.

Additional Identifiers

Rule ID: SV-38567r1_rule

Vulnerability ID: V-25354

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check