An error occurred:

Check: EMG2-046 Exch2K3

Microsoft Exchange Server 2003: EMG2-046 Exch2K3 (in version v1 r5)

Title

Automated Response Messages are Enabled. (Cat II impact)

Discussion

SPAM originators, in an effort to refine mailing lists, sometimes use a technique where they monitor transmissions for automated bounce back messages such as “Out of Office” messages. Automated messages include such items as Out of Office responses, non-delivery messages, or automated message forwarding. Automated bounce back messages can be used by a third party to determine user “liveness” on the server. This can result in the disclosure of active user accounts to third parties, paving the way for possible future attacks. Mail forwarding is an automated feature that does not provide information to third parties, but it poses a potential risk on networks where classified or confidential information may be sent. For example, if auto-forwarding is configured, sensitive information sent to this user’s account may automatically be transferred outside the control of the organization. The “Default” format applies to all domains. However, if a new format is created and applied to a specific domain, that domain will use the new format's configuration while all other domains (those without specially designated formats) will use the Default format. Automated messages must be disabled to prevent inadvertent information disclosure about E-mail recipients.

Check Content

Procedure: Exchange System Manager >> Global Settings >> Internet Messages >>Formats >> {specific format name} >> Properties >> Advanced tab >> {item list} The "Automated Response Messages" checkbox should be cleared. Criteria: For each listed format, if the "Automated Response Messages" checkbox is cleared, this is not a finding.

Fix Text

Disable automated responses. Procedure: Exchange System Manager >> Global Settings >> Internet Messages >>Formats >> {specific format name} >> Properties >> Advanced tab >> {item list} For each profile in the list, clear the "Automated Response Messages" checkbox.

Additional Identifiers

Rule ID: SV-20264r1_rule

Vulnerability ID: V-18660

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check