Exchange external/internet-bound automated response messages must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-259688 | EX19-MB-000136 | SV-259688r961161_rule | CCI-001308 | medium |
| Description | ||||
| Spam originators, in an effort to refine mailing lists, sometimes monitor transmissions for automated bounce-back messages. Automated messages include such items as "Out of Office" responses, nondelivery messages, and automated message forwarding. Automated bounce-back messages can be used by a third party to determine if users exist on the server. This can result in the disclosure of active user accounts to third parties, paving the way for possible future attacks. | ||||
| STIG | Date | |||
| Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide | 2025-05-14 | |||
Details
Check Text (C-259688r961161_chk)
Open the Exchange Management Shell and enter the following command:
Get-RemoteDomain | Select-Object -Property Name, DomainName, Identity, AllowedOOFType
If the value of "AllowedOOFType" is not set to "InternalLegacy", this is a finding.
Fix Text (F-63335r942377_fix)
Open the Exchange Management Shell and enter the following command:
Set-RemoteDomain -Identity <'IdentityName'> -AllowedOOFType 'InternalLegacy'
Note: The <IdentityName> and InternalLegacy values must be in quotes.