Check: EX16-ED-000240
Microsoft Exchange 2016 Edge Transport Server STIG:
EX16-ED-000240
(in versions v2 r5 through v1 r1)
Title
Exchange message size restrictions must be controlled on Send connectors. (Cat III impact)
Discussion
Email system availability depends in part on best practice strategies for setting tuning configurations. For message size restrictions, multiple places exist to set or override inbound or outbound message size. Failure to control the configuration strategy can result in loss of data or system availability. This setting enables the administrator to control the maximum message size on a Send connector. Using connectors to control size limits may necessitate applying message size limitations in multiple places, with the potential of introducing conflicts and impediments in the mail flow. Changing this setting at the connector overrides the global one. Therefore, if operational needs require it, the connector value may be set lower than the global value with the rationale documented in the EDSP.
Check Content
Review the Email Domain Security Plan (EDSP). Determine the maximum message send size. Open the Exchange Management Shell and enter the following command: Get-SendConnector | Select Name, Identity, MaxMessageSize For each send connector, if the value of "MaxMessageSize" is not the same as the global value, this is a finding. or If "MaxMessageSize" is set to a numeric value different from the maximum message send size value documented in the EDSP, this is a finding.
Fix Text
Update the EDSP to reflect the maximum message send size. Open the Exchange Management Shell and enter the following command: Set-SendConnector -Identity <'IdentityName'> -MaxMessageSize <MaxSendSize> Note: The <IdentityName> value must be in single quotes. or The value as identified by the EDSP that has obtained a signoff with risk acceptance. Repeat the procedure for each send connector.
Additional Identifiers
Rule ID: SV-221223r879651_rule
Vulnerability ID: V-221223
Group Title: SRG-APP-000247
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001095 |
The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks. |
Controls
Number | Title |
---|---|
SC-5 (2) |
Excess Capacity / Bandwidth / Redundancy |