Check: EMG2-031 Exch2K3
Microsoft Exchange Server 2003:
EMG2-031 Exch2K3
(in version v1 r5)
Title
The Exchange E-mail Services environment is not protected by an Edge Transport Server (E-Mail Secure Gateway) performing Non-existent recipient filtering at the perimeter. (Cat II impact)
Discussion
SPAM originators, in an effort to refine mailing lists, sometimes use a technique where they first create fictitious names, then monitor rejected E-mails for non-existent recipients. Those not rejected, of course, are deemed to exist, and are therefore used in future SPAM mailings. To prevent this disclosure of existing E-Mail accounts to SPAMmers, this feature should not be employed. Instead, it is recommended that all messages be received, then evaluated and disposed of without enabling the sender to determine recipients that are existing vs. non-existing.
Check Content
Interview the E-mail Administrator or the IAO. Request documentation that indicates Nonexistent Recipient filters are in place and set to allow messages, on an Edge Transport Server role (E-mail Secure Gateway)at the network perimeter. Criteria: If non-existent recipients' messages are received for evaluation, this is not a finding
Fix Text
Implement perimeter-based protection in the form of an Edge Transport Server role (E-mail Secure Gateway) filtering mechanism that performs, among other protections, Non-Existent Recipient filtering that does not alert senders to non-existent recipients.
Additional Identifiers
Rule ID: SV-20288r1_rule
Vulnerability ID: V-18672
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |