An error occurred:

Check: EMG2-123 Exch2K3

Microsoft Exchange Server 2003: EMG2-123 Exch2K3 (in version v1 r5)

Title

The Outbound Delivery Retry Values are not at the Defaults, or do not have alternate values documented in the System Security Plan. (Cat III impact)

Discussion

E-Mail system availability depends in part on best practices strategies for setting tuning configurations. This setting controls the rate at which delivery attempts from the home domain are retried, user notification is issued, and expiration timeout when the message will be discarded. If delivery retry attempts are too frequent, servers will generate network congestion. If too far apart, then messages may remain queued longer than necessary, potentially raising disk resource requirements. The default values of these fields should be adequate for most environments. Administrators may wish to modify the values as a result, but changes should be documented in the System Security Plan.

Check Content

Access the Simple Mail Transfer Protocol (SMTP) Connection Retry configuration. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [Server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >> Delivery tab >> Outbound The default values should be in use, or alternate values may be in use, but they should also be documented in the System Security Plan. - the “First retry interval” (10 min) - the “Second retry interval” (15 min) - the “Third retry interval” (15 min) - the “Subsequent retry interval” (15 min). - the “delay notification” (12 hrs) - the “expiration timeout” (2 days) Criteria: If the message delivery retry settings are as shown above, or have alternate values justified in the System Security Plan, this is not a finding.

Fix Text

Set Outbound Delivery Retry values. If alternate values are desired, they must also be documented in the System Security Plan. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [Server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >> Delivery tab >> outbound Enter values as shown: - the “First retry interval” (10 min) - the “Second retry interval” (15 min) - the “Third retry interval” (15 min) - the “Subsequent retry interval” (15 min). - the “delay notification” (12 hrs) - the “expiration timeout” (2 days)

Additional Identifiers

Rule ID: SV-20314r1_rule

Vulnerability ID: V-18687

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check