Check: EMG2-015 Exch2K3
Microsoft Exchange Server 2003:
EMG2-015 Exch2K3
(in version v1 r5)
Title
The Mailbox server is not protected by an Edge Transport Server Role (E-mail Secure Gateway) performing 'Block List' filtering. (Cat II impact)
Discussion
SPAM origination sites and other sources of suspected E-Mail borne malware have the ability to corrupt, compromise, or otherwise limit availability of E-Mail servers. Limiting exposure to unfiltered inbound messages can reduce the risk of SPAM and malware impacts. Ideally, 'Block List' filtering is done at the perimeter of the network (using a commercial 'Block List' service), because eliminating threats there prevents them being evaluated inside the enclave where there is more risk they can do harm. Block List Services are fee based data providers that collect the IP addresses of known SPAMmers and other malware purveyors. Subscribers to these services benefit from more effective SPAM elimination (up to 90% of inbound mail volume) as well as leveraging the E-Mail Administration effort needed to maintain and update larger block lists than a single E-Mail site administrator could conveniently maintain. Neglecting to specify a 'Block List' would require E-Mail Administrators to manually specify addresses in the ‘Deny List’ field as they are discovered. The 'Block List' Services provider will provide a value for this field – usually the DNS suffix for their domain.
Check Content
Interview the E-mail Administrator or the IAO. Request documentation that indicates Block List Services filters are in place on an E-mail Secure Gateway outside the enclave at the perimeter. Criteria: If the Exchange 2003 mailbox servers are protected by a perimeter-based Edge Transport Server role (E-mail Secure Gateway), which performs 'Block List' filtering prior to forwarding E-mail to the mailbox servers, this is not a finding.
Fix Text
Subscribe to, and configure, Block List Services. Implement perimeter-based protection in the form of a secure E-mail filtering mechanism that performs, among other protections, Block List Services filtering for SPAM elimination prior to forwarding message traffic to mailbox servers.
Additional Identifiers
Rule ID: SV-20270r1_rule
Vulnerability ID: V-18663
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |