Check: EX16-ED-000430
Microsoft Exchange 2016 Edge Transport Server STIG:
EX16-ED-000430
(in versions v2 r5 through v1 r4)
Title
Exchange messages with a malformed From address must be rejected. (Cat II impact)
Discussion
Sender Identification (SID) is an email antispam sanitization process. Sender ID uses DNS MX record lookups to verify the Simple Mail Transfer Protocol (SMTP) sending server is authorized to send email for the originating domain. Failure to implement Sender ID risks that spam could be admitted into the email domain that originates from rogue servers. Most spam content originates from domains where the IP address has been spoofed prior to sending, thereby avoiding detection. For example, messages with malformed or incorrect "purported responsible sender" data in the message header could be (best case) created by using RFI noncompliant software but is more likely to be spam.
Check Content
Note: If third-party anti-spam product is being used, the anti-spam product must be configured to meet the requirement. Open the Exchange Management Shell and enter the following command: Get-SenderIdConfig | Select Name, Identity, SpoofedDomainAction If the value of "SpoofedDomainAction" is not set to "Reject", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-SenderIdConfig -SpoofedDomainAction Reject
Additional Identifiers
Rule ID: SV-221242r879653_rule
Vulnerability ID: V-221242
Group Title: SRG-APP-000261
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001308 |
The information system automatically updates spam protection mechanisms. |
Controls
Number | Title |
---|---|
SI-8 (2) |
Automatic Updates |