Title

SMTP connectors allow unauthenticated relay. (Cat I impact)

Discussion

Identification and Authentication provide the foundation for access control. The key to preventing SPAM insertion into the SMTP message transfer path is to require authentication at each ‘hop’ of the journey from sender to receiver. Allowing unauthenticated relaying on an internal host allows internal users or applications to submit unauthenticated mail messages, a form of internally spoofed SPAM that can be difficult to trace. Allowing unauthenticated relaying on an “Internet Facing” host would enable any unauthenticated party to use your Exchange Server to resend mail. This practice is often employed by spammers to obfuscate the source of their messages. Allowing unauthenticated relaying will almost inevitably result in abuse of the relay by spammers and increased load on the connector. It can also result in the appearance of the host’s domain on Reputation Black Lists. This setting controls whether unauthenticated computers are allowed to resend (relay) E-mail messages through this connector to external domains. (Authenticated users and computers can always relay messages regardless of this control's setting.) It is recommended that no unauthenticated connections be allowed in the SMTP path.

Check Content

Validate SMTP Connector Relay authentication. Procedure: Exchange System Manager>>Administrative Groups>> [Administrative Group]>>Routing Groups>> [routing group]>>Connectors>> [SMTP connector]>> >>Properties >> Address Space tab The “Allow messages to be relayed to these domains” should be unchecked. Criteria: If “Allow messages to be relayed to these domains” is unchecked, this is not a finding.

Fix Text

Prevent unauthenticated mail relaying. Procedure: Exchange System Manager>>Administrative Groups>> [Administrative Group]>>Routing Groups>> [routing group]>>Connectors>> [SMTP connector]>> >>Properties >> Address Space tab Clear the “Allow messages to be relayed to these domains” checkbox.

Additional Identifiers

Rule ID: SV-20338r1_rule

Vulnerability ID: V-18699

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.