Title

“Smart-Host” is specified at the Virtual Server level. (Cat II impact)

Discussion

E-Mail system availability depends in part on best practices strategies for setting tuning configurations. This control determines whether the entire Virtual Server routes its outbound Simple Mail Transfer Protocol (SMTP) messages through a single “Smart-Host”. “Smart-Hosts” can help secure communication, but configuring the virtual server level to use the same “Smart-Host” can lead to congestion problems and inflexibility. As such, it is recommended that administrators NOT use “Smart-Hosts” at the virtual server level. Instead, use of “Smart-Hosts” should be configured at the SMTP connector level.

Check Content

Validate “Smart-Host” configuration at the Virtual Server Level. Procedure: Exchange System Manager>>Administrative Groups>> [Administrative Group]>>Servers>> [server]>>Protocols>> SMTP >> [specific SMTP virtual server]>> >>Properties >> Delivery Tab >> Advanced button>> “Smart-Host” The list of “Smart-Hosts” should be cleared. Criteria: If the list of “Smart-Hosts” is empty, this is not a finding.

Fix Text

Configure the SMTP Virtual Verver “Smart-Host” list. Procedure: Exchange System Manager>>Administrative Groups>> [Administrative Group]>>Servers>> [server]>>Protocols>> SMTP >> [specific SMTP virtual server]>> >>Properties >> Delivery Tab >> Advanced button >> “Smart-Host” Clear the list of any “Smart-Hosts”.

Additional Identifiers

Rule ID: SV-20342r1_rule

Vulnerability ID: V-18701

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.