Title

Mailbox server is not protected by an Edge Transport Server role (E-mail Secure Gateway) performing Block List exception filtering at the perimeter. (Cat II impact)

Discussion

SPAM origination sites and other sources of suspected E-Mail borne malware have the ability to corrupt, compromise, or otherwise limit availability of E-Mail servers. Limiting exposure to inbound messages is one type of filtering that can reduce the risk of SPAM and malware impacts. Ideally, 'Block List' filtering is done at the perimeter of the network (using a commercial 'Block List' service), because eliminating threats there prevents them being evaluated inside the enclave where there is more risk they can do harm. Block List Exceptions are used to specify sources that should not be blocked despite their presence in a block list. Exceptions, if used, should be carefully vetted to ensure they are sources of legitimate email.

Check Content

Interview the E-mail Administrator or the IAO. Request documentation that indicates Block List Services filters are in place, with no exceptions (or exceptions documented as to reasons), on an E-mail Secure Gateway outside the enclave at the network perimeter. Criteria: If Block List Exceptions are configured and approved on an Edge Transport Server role (perimeter-based E-mail Secure Gateway), this is not a finding.

Fix Text

Implement perimeter-based protection in the form of a secure E-mail filtering mechanism that performs, among other protections, Block List exceptions filtering for SPAM elimination prior to forwarding message traffic to mailbox servers.

Additional Identifiers

Rule ID: SV-20272r1_rule

Vulnerability ID: V-18664

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.