The Mailbox server is not protected by an Edge Transport Server Role (E-mail Secure Gateway) performing 'Block List' filtering.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18663	EMG2-015 Exch2K3	SV-20270r1_rule	ECSC-1	Medium

Description
SPAM origination sites and other sources of suspected E-Mail borne malware have the ability to corrupt, compromise, or otherwise limit availability of E-Mail servers. Limiting exposure to unfiltered inbound messages can reduce the risk of SPAM and malware impacts. Ideally, 'Block List' filtering is done at the perimeter of the network (using a commercial 'Block List' service), because eliminating threats there prevents them being evaluated inside the enclave where there is more risk they can do harm. Block List Services are fee based data providers that collect the IP addresses of known SPAMmers and other malware purveyors. Subscribers to these services benefit from more effective SPAM elimination (up to 90% of inbound mail volume) as well as leveraging the E-Mail Administration effort needed to maintain and update larger block lists than a single E-Mail site administrator could conveniently maintain. Neglecting to specify a 'Block List' would require E-Mail Administrators to manually specify addresses in the ‘Deny List’ field as they are discovered. The 'Block List' Services provider will provide a value for this field – usually the DNS suffix for their domain.

Description

SPAM origination sites and other sources of suspected E-Mail borne malware have the ability to corrupt, compromise, or otherwise limit availability of E-Mail servers. Limiting exposure to unfiltered inbound messages can reduce the risk of SPAM and malware impacts. Ideally, 'Block List' filtering is done at the perimeter of the network (using a commercial 'Block List' service), because eliminating threats there prevents them being evaluated inside the enclave where there is more risk they can do harm. Block List Services are fee based data providers that collect the IP addresses of known SPAMmers and other malware purveyors. Subscribers to these services benefit from more effective SPAM elimination (up to 90% of inbound mail volume) as well as leveraging the E-Mail Administration effort needed to maintain and update larger block lists than a single E-Mail site administrator could conveniently maintain. Neglecting to specify a 'Block List' would require E-Mail Administrators to manually specify addresses in the ‘Deny List’ field as they are discovered. The 'Block List' Services provider will provide a value for this field – usually the DNS suffix for their domain.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22382r1_chk )
Interview the E-mail Administrator or the IAO. Request documentation that indicates Block List Services filters are in place on an E-mail Secure Gateway outside the enclave at the perimeter. Criteria: If the Exchange 2003 mailbox servers are protected by a perimeter-based Edge Transport Server role (E-mail Secure Gateway), which performs 'Block List' filtering prior to forwarding E-mail to the mailbox servers, this is not a finding.

Check Text ( C-22382r1_chk )

Interview the E-mail Administrator or the IAO. Request documentation that indicates Block List Services filters are in place on an E-mail Secure Gateway outside the enclave at the perimeter.

Criteria: If the Exchange 2003 mailbox servers are protected by a perimeter-based Edge Transport Server role (E-mail Secure Gateway), which performs 'Block List' filtering prior to forwarding E-mail to the mailbox servers, this is not a finding.

Fix Text (F-19310r1_fix)
Subscribe to, and configure, Block List Services. Implement perimeter-based protection in the form of a secure E-mail filtering mechanism that performs, among other protections, Block List Services filtering for SPAM elimination prior to forwarding message traffic to mailbox servers.