E-mail SMTP services are using Non-PPSM compliant ports.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18734	EMG2-105 Exch2K3	SV-20411r1_rule	DCPP-1	Medium

Description
Standard defined ports and protocols should be used for all Exchange services. The standard port for regular SMTP connections is 25. Changing the ports to non-standard values provides only temporary and limited protection against automated attacks since these attacks will not connect to the custom port. A determined attacker may still be able to determine which ports are used for the SMTP by performing a comprehensive port scan Negative impacts of using non-standard ports include complexity for the system administrator, custom configurations for connecting clients, risk of port conflict with non-exchange applications, and risk of incompatibility with standard port monitoring applications.

Description

Standard defined ports and protocols should be used for all Exchange services. The standard port for regular SMTP connections is 25. Changing the ports to non-standard values provides only temporary and limited protection against automated attacks since these attacks will not connect to the custom port. A determined attacker may still be able to determine which ports are used for the SMTP by performing a comprehensive port scan Negative impacts of using non-standard ports include complexity for the system administrator, custom configurations for connecting clients, risk of port conflict with non-exchange applications, and risk of incompatibility with standard port monitoring applications.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22455r1_chk )
Verify that SMTP services are deployed on compliant ports and protocols. Procedure: Exchange system manager >> administrative groups >> [administrative groups]>>Servers >> [server]>>Protocols >> SMTP >> [specific SMTP server] >> Properties >> Delivery Tab >> Outbound connections button >> TCP Port For SMTP, port 25 should be entered. Criteria: If 25 is entered for the SMTP port, this is not a finding.

Check Text ( C-22455r1_chk )

Verify that SMTP services are deployed on compliant ports and protocols.

Procedure: Exchange system manager >> administrative groups >> [administrative groups]>>Servers >> [server]>>Protocols >> SMTP >> [specific SMTP server] >> Properties >> Delivery Tab >> Outbound connections button >> TCP Port

For SMTP, port 25 should be entered.

Criteria: If 25 is entered for the SMTP port, this is not a finding.

Fix Text (F-19383r1_fix)
Enter the SMTP compliant ports. Procedure: Exchange system manager >> administrative groups >> [administrative groups]>>Servers >> [server]>>Protocols >> SMTP >> [specific SMTP server] >> Properties >> Delivery Tab >> Outbound Connections button >> TCP Port For SMTP, enter 25.