Title

Outbound Connection Limit per Domain Count is not 100 or less. (Cat III impact)

Discussion

E-Mail system availability depends in part on best practices strategies for setting tuning configurations. This configuration controls the maximum number of simultaneous outbound connections from a domain, and works in conjunction with the Maximum Outbound Connections Count setting as a delivery tuning mechanism. If the limit is too low, connections may be dropped. If too high, some domains may use a disproportionate resource share, denying access to other domains. Appropriate tuning reduces risk of data delay or loss. By default, a limit of 100 simultaneous outbound connections from a domain should be sufficient. The value may be adjusted downward if justified by local site conditions.

Check Content

Access the mail server Outbound Connection configuration. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [Server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >> Delivery tab >> Outbound Connections button. The “Outbound Connections per Domain Count” should be = 100 or less. Criteria: If "Outbound connections per domain count" is 100 or less, this is not a finding.

Fix Text

Set the Outbound Connections per Domain Count. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [Server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >> Delivery tab >> Outbound Connections button. Enter Outbound Connections per Domain Count = 100 or less.

Additional Identifiers

Rule ID: SV-20322r1_rule

Vulnerability ID: V-18691

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.