Title

SMTP Sender, Recipient, or Connection Filters are not engaged. (Cat III impact)

Discussion

E-mail system availability depends in part on best practices strategies for setting tuning configurations. Careful tuning reduces the risk that system or network congestion will contribute to availability impacts. Filters that govern inbound E-mail evaluation can significantly reduce SPAM, PHISHING, and SPOOFED E-mails. Messages from blank senders, known SPAMMERS, or 0-day attack modifications must be enabled to be effective. Even if filtering is not being performed on the Exchange servers, there is no adverse effect from having them enabled (even if no configuration exist for the filter itself). It may prevent accidental omission in the event that a filter is configured in the future. If one of the filters does have configuration values, failure to enable the filter will result in no action taken. This setting should always be enabled.

Check Content

Verify that Exchange Filters are enabled. Procedure: Exchange System Manager >> administrative groups >> [administrative group] >> Servers >> [Server] >> Protocols >> SMTP >> [specific SMTP server] >> properties >> General tab >> Advanced >> Edit The “Apply Sender Filter” “Apply Recipient Filter” and “Apply Connection Filter” checkbox should be selected. Criteria: If “Apply Sender Filter” “Apply Recipient Filter” and “Apply Connection Filter” checkboxes are selected, this is not a finding.

Fix Text

Enable the Sender, Recipient, and Connection Filters. Procedure: Exchange System Manager >> administrative groups >> [administrative group] >> Servers >> [Server] >> Protocols >> SMTP >> [specific SMTP server] >> properties >> General tab >> Advanced >> Edit Select checkboxes for “Apply Sender Filter” “Apply Recipient Filter” and “Apply Connection Filter”.

Additional Identifiers

Rule ID: SV-20330r1_rule

Vulnerability ID: V-18695

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.