Title

The SMTP Virtual Server performs reverse DNS lookups for anonymous message delivery. (Cat III impact)

Discussion

E-mail system availability depends in part on best practices strategies for setting tuning configurations. This feature causes the server to use a Directory Naming Service (DNS) lookup to try to resolve the source of incoming E-mail for anonymous messages as part of the delivery feature. While enabling this feature does not pose an attack hazard, it is recommended that this feature be disabled to avoid impacting resource availability. It is relatively easy to fool the DNS lookup, and therefore creates unnecessary risk to the E-mail system.

Check Content

Validate Reverse DNS lookup delivery configuration. Procedure: Exchange System Manager>>Administrative Groups>> [Administrative Group]>>Servers>> [server]>>Protocols>> SMTP >> [specific SMTP virtual server]>> >>Properties >> Delivery Tab >> Advanced button The "Perform Reverse DNS lookup on incoming messages" checkbox should be cleared. Criteria: If the "Perform Reverse DNS lookup on incoming messages" checkbox is cleared, this is not a finding.

Fix Text

Configure the anonymous delivery DNS option. Procedure: Exchange System Manager>>Administrative Groups>> [Administrative Group]>>Servers>> [server]>>Protocols>> SMTP >> [specific SMTP virtual server]>> >>Properties >> Delivery Tab >> Advanced button Clear the "Perform Reverse DNS lookup on incoming messages" checkbox.

Additional Identifiers

Rule ID: SV-20344r1_rule

Vulnerability ID: V-18702

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.