2.2 SMTP - 'Relay Restrictions'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Securing SMTP involves requiring users to authenticate to the SMTP server before relaying messages, setting operator permissions, and requiring TLS encryption. NOTE: Nessus did not perform this check as it requires manual verification that only required SMTP relays are listed in the Relay Restrictions list. NOTE: The Nessus Plugin Family 'SMTP Problems' contains many checks related to SMTP security and should be enabled in your scan policy.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Make sure 'computer relay restrictions' is set to your organization's security policy.

See Also

https://workbench.cisecurity.org/files/657