UCF STIG Viewer Logo

Microsoft Exchange Server 2003


Overview

Date Finding Count (106)
2014-08-19 CAT I (High): 11 CAT II (Med): 65 CAT III (Low): 30
STIG Description
Guidance for Microsoft Exhange Server 2003 in the Mailbox Server, MTA, and the Client Access (OWA) Server Roles.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-18762 High One or more SMTP Virtual Servers do not have a Valid Certificate.
V-18760 High OWA does not require only Integrated Windows Authentication.
V-18642 High E-mail Server does not require S/MIME capable clients.
V-18784 High SMTP Connectors perform outbound anonymous connections.
V-18786 High Public Folder access does not require secure channels and encryption.
V-18787 High Outlook Web Access (OWA) does not require secure channels and encryption.
V-18699 High SMTP connectors allow unauthenticated relay.
V-53399 High Exchange Server Software that is no longer supported by the vendor for security updates must not be installed on a system.
V-18820 High E-mail servers do not have E-mail aware virus protection.
V-18744 High E-mail Public Folders do not require S/MIME capable clients.
V-18745 High OWA Virtual Server has Forms-Based Authentication enabled.
V-18807 Medium ExAdmin does not have correct permissions in the ExAdmin Virtual Server.
V-18674 Medium The Mailbox server is not protected by having blank sender messages filtered by the Edge Transport Role server (E-mail Secure Gateway) at the perimeter.
V-18675 Medium The E-Mail server is not protected by having connections from “Sender Filter” sources dropped by the Edge Transport Server role (E-Mail Secure Gateway) at the perimeter.
V-18676 Medium E-Mail server has unneeded processes or services active.
V-18670 Medium Message Recipient Count Limit is not limited on the SMTP virtual server.
V-18672 Medium The Exchange E-mail Services environment is not protected by an Edge Transport Server (E-Mail Secure Gateway) performing Non-existent recipient filtering at the perimeter.
V-18673 Medium The Mailbox server is not protected by having filtered messages archived by the Edge Transport Role server (E-mail Secure Gateway) at the perimeter.
V-18804 Medium Scripts are permitted to execute in the Public Folder web server.
V-18767 Medium The “Disable Server Monitoring” feature is enabled.
V-18641 Medium User mailboxes are hosted on non-Mailbox Server role.
V-18770 Medium SMTP Virtual Server Auditing is not active.
V-18805 Medium Scripts are Permitted to Execute in the ExAdmin Virtual Server.
V-18719 Medium Users do not have correct permissions in the Public Virtual Server.
V-18717 Medium Exchange Core Services Monitors are not configured with threshold and actions.
V-18716 Medium Windows 2003 Services Monitoring Notifications are not configured with thresholds and actions.
V-18715 Medium SMTP Queue Monitor is not configured with a threshold and alert.
V-18714 Medium Virtual memory monitoring notifications are not configured with threshold and action.
V-18713 Medium CPU Monitoring Notifications are not configured with threshold and action.
V-18712 Medium Disk Space Monitoring is not Configured with Threshold and Action.
V-18711 Medium Exchange sends fatal errors to Microsoft.
V-18710 Medium SMTP Virtual Server Audit Records are not directed to a separate partition.
V-18796 Medium E-Mail service accounts are not operating at least privilege.
V-18795 Medium E-mail Services accounts are not restricted to named services.
V-18792 Medium SMTP service banner response reveals configuration details.
V-18655 Medium Public Folder Stores "Do not Mount at Startup" is enabled.
V-18799 Medium E-mail restore permissions are not restricted to E-mail administrators.
V-19186 Medium Mailbox access control mechanisms are not audited for changes.
V-18723 Medium Mailboxes and messages are not retained until backups are complete.
V-18706 Medium E-mail Diagnostic Logging is enabled during production operations.
V-18707 Medium E-mail “Subject Line” logging is enabled during production operations.
V-18700 Medium SMTP virtual Server does not Restrict Relay Access.
V-18701 Medium “Smart-Host” is specified at the Virtual Server level.
V-18703 Medium Virtual Server default outbound security is not anonymous and TLS.
V-18780 Medium Exchange Server is not protected by an Edge Transport Server (E-mail Secure Gateway) that performs Anonymous Connections interaction with Internet-based E-mail servers.
V-18782 Medium SMTP Virtual Servers do not Require Secure Channels and Encryption.
V-19198 Medium Message size restriction is specified at the SMTP connector level. .
V-18731 Medium E-mail application installation is sharing a partition with another application.
V-18733 Medium E-mail web applications are operating on non-standard ports.
V-18732 Medium Audit data is sharing directories or partitions with the E-mail application.
V-18735 Medium SMTP Virtual Server is not bound to the PPSM Standard Port.
V-18734 Medium E-mail SMTP services are using Non-PPSM compliant ports.
V-18724 Medium Public Folder stores and documents are not retained until backups are complete.
V-18721 Medium E-mail servers are not protected by an Edge Transport Server role (E-mail Secure Gateway) removing disallowed message attachments at the network perimeter.
V-18803 Medium Scripts are permitted to execute in the OWA Virtual Server.
V-18802 Medium Exchange application permissions are not at vendor recommended settings.
V-18801 Medium Services permissions do not reflect least privilege.
V-18686 Medium Message size restrictions are specified on routing group connectors.
V-18806 Medium Users do not have correct permissions in the OWA Virtual Server.
V-18818 Medium E-mail Services are not protected by having an Edge Transport Server (E-mail Secure Gateway) performing outbound message signing at the perimeter.
V-18819 Medium E-Mail audit trails are not protected against unauthorized access.
V-18698 Medium The SMTP connectors do not specify use of a “Smart Host”.
V-18759 Medium Default web site allows anonymous access.
V-18696 Medium ExAdmin Virtual Directory is not Configured for Integrated Windows Authentication.
V-18694 Medium SMTP Connection Restrictions do not use the "Deny All" strategy.
V-18697 Medium Routing Group is not selected as the SMTP connector scope.
V-18741 Medium E-mail software is not monitored for change on INFOCON frequency schedule.
V-18742 Medium Security support data or process is sharing a directory or partition with Exchange.
V-18743 Medium Exchange software baseline copy does not exist.
V-18666 Medium E-mail Server Global Sending or Receiving message size is set to Unlimited.
V-18665 Medium Mailbox Server is not protected by an Edge Transport Server (E-mail Secure Gateway) performing Sender Authentication at the perimeter.
V-18664 Medium Mailbox server is not protected by an Edge Transport Server role (E-mail Secure Gateway) performing Block List exception filtering at the perimeter.
V-18663 Medium The Mailbox server is not protected by an Edge Transport Server Role (E-mail Secure Gateway) performing 'Block List' filtering.
V-18662 Medium Mailbox Server is not protected by an Edge Transport Server (E-mail Secure Gateway) performing SPAM evaluation.
V-18661 Medium Mailbox server is not protected by E-mail Edge Transport role (E-mail Secure Gateway) performing Global Accept/Deny list filtering.
V-18660 Medium Automated Response Messages are Enabled.
V-18685 Low Connectors are not clearly named as to direction or purpose.
V-18687 Low The Outbound Delivery Retry Values are not at the Defaults, or do not have alternate values documented in the System Security Plan.
V-18671 Low The Global Recipient Count limit is set to “Unlimited”.
V-18763 Low Audit Records do not contain all required fields.
V-18643 Low E-mail user mailboxes do not have Storage Quota Limitations.
V-18645 Low Public Folders Store storage quota limits are overridden.
V-18644 Low E-mail Public Folders do not have Storage Quota Limitations.
V-18646 Low Mailbox Stores "Do Not Mount at Startup" is enabled.
V-18658 Low Public Folder “Send on Behalf of” feature is in use.
V-18704 Low The SMTP Virtual Server is configured to perform DNS lookups for anonymous E-mails.
V-18705 Low E-mail Server "Circular Logging" is not set appropriately.
V-18702 Low The SMTP Virtual Server performs reverse DNS lookups for anonymous message delivery.
V-18788 Low ExAdmin is configured for Secure Channels and Encryption.
V-18726 Low Public Folder Stores Restore Overwrite is enabled.
V-18727 Low E-mail message copies are not archived.
V-18725 Low Mailbox Stores Restore Overwrite is enabled.
V-18689 Low SMTP Maximum outbound connections are not at 1000, or an alternate value is not documented in System Security Plan.
V-18688 Low SMTP Maximum Hop Count is not 30.
V-18681 Low Unneeded OMA E-mail Web Virtual Directory is not removed.
V-18683 Low Unneeded "Public" E-mail Virtual Directory is not removed.
V-18682 Low Unneeded Active Sync E-mail Web Virtual Directory is not removed.
V-18692 Low Inbound Connection Count Limit is not set to "Unlimited".
V-18693 Low Maximum Inbound Connection Timeout Limit is not 10 or less.
V-18691 Low Outbound Connection Limit per Domain Count is not 100 or less.
V-18690 Low Maximum outbound connection timeout limit is not at 10 minutes or less.
V-18695 Low SMTP Sender, Recipient, or Connection Filters are not engaged.
V-18812 Low Exchange application memory is not zeroed out after message deletion.
V-18667 Low Sending or Receiving message size is not set to Unlimited on the SMTP virtual server.
V-18669 Low The SMTP Virtual Server Message Count Limit is not 20.
V-18668 Low The SMTP Virtual Server Session Size is not set to "Unlimited".