The SMTP Virtual Server Session Size is not set to "Unlimited".

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18668	EMG2-129 Exch2K3	SV-20280r1_rule	ECSC-1	Low

Description
E-Mail system availability depends in part on best practices strategies for setting tuning configurations. This setting controls the maximum SMTP Virtual Server session sizes (inbound and outbound) and applies globally to the Simple Mail Transfer Protocol (SMTP) protocol. If the session size limit is set too low, the SMTP server may increase the number of sessions spawned, which increases the risk that other set limits will be reached. Controlling session resource usage is best done by controlling the number of messages in a session. It is is recommended that this setting remain at the default of ‘Unlimited’.

Description

E-Mail system availability depends in part on best practices strategies for setting tuning configurations. This setting controls the maximum SMTP Virtual Server session sizes (inbound and outbound) and applies globally to the Simple Mail Transfer Protocol (SMTP) protocol. If the session size limit is set too low, the SMTP server may increase the number of sessions spawned, which increases the risk that other set limits will be reached. Controlling session resource usage is best done by controlling the number of messages in a session. It is is recommended that this setting remain at the default of ‘Unlimited’.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22387r1_chk )
Perform for each SMTP virtual server: Note: If “administrative groups” do not display in the list, highlight the topmost “Exchange” item in the left hand list, then access the Action menu, select Properties, check the “Display Routing Groups” box, and the “display administrative groups” box. Exit Exchange Manager, then restart it, and repeat the “check” steps. Procedure: Exchange System Manager >> Administrative Groups >> [administrator group] >> Servers >> [server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >>Messages Tab The "Limit Session Size to (KB)" field should be cleared. Criteria: If the “Limit Session Size to (KB)" is cleared, this is not a finding.

Check Text ( C-22387r1_chk )

Perform for each SMTP virtual server:

Note: If “administrative groups” do not display in the list, highlight the topmost “Exchange” item in the left hand list, then access the Action menu, select Properties, check the “Display Routing Groups” box, and the “display administrative groups” box. Exit Exchange Manager, then restart it, and repeat the “check” steps.

Procedure: Exchange System Manager >> Administrative Groups >> [administrator group] >> Servers >> [server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >>Messages Tab

The "Limit Session Size to (KB)" field should be cleared.

Criteria: If the “Limit Session Size to (KB)" is cleared, this is not a finding.

Fix Text (F-19315r1_fix)
Set the SMTP Session Size Limit. Procedure: Exchange System Manager >> Administrative Groups >> [administrator group] >> Servers >> [server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >>Messages Tab Clear the “Limit Session size to (KB)” field.