Check: EMG2-029 Exch2K3
Microsoft Exchange Server 2003:
EMG2-029 Exch2K3
(in version v1 r5)
Title
Mailbox Server is not protected by an Edge Transport Server (E-mail Secure Gateway) performing SPAM evaluation. (Cat II impact)
Discussion
By performing filtering at the perimeter, up to 90% of SPAM, malware, and other undesirable messages are eliminated from the message stream rather than admitting them into the mail server environment. SPAM origination sites and other sources of suspected E-Mail borne malware have the ability to corrupt, compromise, or otherwise limit availability of E-Mail servers. Limiting exposure to unfiltered inbound messages can reduce the risk of SPAM and malware impacts. By performing filtering at the perimeter, SPAM, malware, and other undesirable messages are eliminated from the message stream rather than admitting them into the mail server environment. This significantly reduces the attack vector for inbound E-mail-borne SPAM and malware. SPAM evaluation (heuristic) filters scan inbound email messages for evidence of SPAM and other attacks that primarily use ‘Social Engineering’ techniques. Upon evaluation, a rating is assigned to each message estimating the likelihood of its being SPAM. When the message is received in the user’s mailbox, the junk mail filter threshold determines whether the message will be withheld from delivery, delivered to the junk mail folder, or delivered to the user’s inbox. For Exchange 2003 servers, Microsoft introduced the Intelligent Message Filter (IMF). Beginning with Exchange 2003 SP2 it was included as part of the application. Since that time, however, it is recommended that such filtering occur at the network perimeter. That said, risk of inbound SPAM can be somewhat mitigated by using the Microsoft IMF on the Exchange 2003 Mail server, even as an interim measure, while planning for a more comprehensive, Edte Transport Server (E-Mail Secure Gateway).
Check Content
Interview the E-mail Administrator or the IAO. Request documentation that indicates SPAM evaluation filters are in place on an Edge Transport Server (E-mail Secure Gateway Server) role outside the network perimeter. Criteria: If the mailbox servers are protected by a perimeter-based Edge Transport Server role (E-mail Secure Gateway) which performs SPAM filtering prior to forwarding E-mail to the mailbox servers, this is not a finding.
Fix Text
Implement perimeter protection in the form of a secure email filtering mechanism that performs, among other protections, SPAM elimination prior to forwarding message traffic to mailbox servers.
Additional Identifiers
Rule ID: SV-20268r1_rule
Vulnerability ID: V-18662
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |