Exchange external/Internet-bound automated response messages must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-228392 | EX16-MB-000480 | SV-228392r879653_rule | CCI-001308 | medium |
| Description | ||||
| Spam originators, in an effort to refine mailing lists, sometimes monitor transmissions for automated bounce-back messages. Automated messages include such items as "Out of Office" responses, nondelivery messages, and automated message forwarding. Automated bounce-back messages can be used by a third party to determine if users exist on the server. This can result in the disclosure of active user accounts to third parties, paving the way for possible future attacks. | ||||
| STIG | Date | |||
| Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide | 2023-12-18 | |||
Details
Check Text (C-228392r879653_chk)
Open the Exchange Management Shell and enter the following command:
Get-RemoteDomain | Select Name, DomainName, Identity, AllowedOOFType
If the value of "AllowedOOFType" is not set to "InternalLegacy", this is a finding.
Fix Text (F-30610r496973_fix)
Open the Exchange Management Shell and enter the following command:
Set-RemoteDomain -Identity <'IdentityName'> -AllowedOOFType 'InternalLegacy'
Note: The <IdentityName> and InternalLegacy values must be in single quotes.