Title

Message Recipient Count Limit is not limited on the SMTP virtual server. (Cat II impact)

Discussion

E-Mail system availability depends in part on best practices strategies for setting tuning configurations. Global Message Recipient Limits determine the total number of recipients that can be addressed on a single message. At the virtual server level, this field is set to a limited size, and is used to control the maximum number of recipients who will receive a copy of this message at one time. It is intended to improve efficiency by forcing messages sent to a greater number of recipients to be sent out in multiple messages.

Check Content

Verify the SMTP Virtual Server Recipient Count Limit. Procedure: Exchange System Manager >> Administrative Groups >> [administrator group] >> Servers >> [server] >> Protocols >> SMPT >> [specific SMPT server] >> Properties >>Messages Tab The “Limit number of recipients per message” should be is set to a numeric value of 64000 (default) or less. Criteria: If “Limit number of recipients per message” is set to a numeric value of 64000 (default) or less, and the System Security Plan documentation has a documented reason, this is not a finding.

Fix Text

Set the SMTP Virtual Server Message Recipient Count limit.. Procedure: Exchange System Manager >> Administrative Groups >> [administrator group] >> Servers >> [server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >>Messages Tab Select “Limit number of recipients per message" to 64000.

Additional Identifiers

Rule ID: SV-20284r1_rule

Vulnerability ID: V-18670

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.