Title

The SMTP Virtual Server is configured to perform DNS lookups for anonymous E-mails. (Cat III impact)

Discussion

E-Mail system availability depends in part on best practices strategies for setting tuning configurations. This feature causes the server to use a Directory Naming Service (DNS) lookup to try to determine the source of each anonymous E-mail message. While enabling this feature does not pose an attack hazard, it is recommended that this feature be disabled to avoid impacting resource availability. Anonymous E-mail is invariably SPAM and should be filtered when received at the perimeter. In this context, DNS lookup is not a reliable indicator of perpetrator information, due to its likelihood of SPAM content and therefore likelihood of altered DNS entries. The DNS lookup result does not add value, and therefore should not be an enabled feature.

Check Content

Validate anonymous E-mail resolution configuration. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> servers >> [server] >> Protocols >> SMTP >> [specific SMTP server] >> properties >> Access Control Tab >> Authentication button The “Resolve Anonymous E-mail” checkbox should be cleared. Criteria: If the “Resolve Anonymous E-mail” checkbox is cleared, this is not a finding.

Fix Text

Configure each SMTP virtual server. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> servers >> [server] >> Protocols >> SMTP >> [specific SMTP server] >> properties >> Access Control Tab >> Authentication button Clear the “Resolve Anonymous E-mail” checkbox.

Additional Identifiers

Rule ID: SV-20348r1_rule

Vulnerability ID: V-18704

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.