Title

The Mailbox server is not protected by having filtered messages archived by the Edge Transport Role server (E-mail Secure Gateway) at the perimeter. (Cat II impact)

Discussion

By performing filtering at the perimeter, up to 90% of SPAM, malware, and other undesirable messages are eliminated from the message stream rather than admitting them into the mail server environment. This significantly reduces the attack vector for inbound E-mail-borne SPAM and malware. As messages are filtered, it is prudent to temporarily host them in an archive for evaluation by administrators or users. The archive can be used to recover messages that might have been inappropriately filtered, preventing data loss, and to provide a base of analysis that can provide future filter refinements.

Check Content

Interview the E-mail Administrator or the IAO. Request documentation that indicates Filtered messages are archived on a secure email gateway server outside the enclave at the perimeter. Criteria: If inbound messages filtered by the sender filter are archived, this is not a finding.

Fix Text

Implement perimeter-based protection in the form of a secure email filtering mechanism that performs, among other protections, filtered messages archiving for SPAM elimination prior to forwarding message traffic to mailbox servers inside the enclave.

Additional Identifiers

Rule ID: SV-20290r1_rule

Vulnerability ID: V-18673

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.