EX19-ED-000231 The Exchange SMTP automated banner response must not reveal server details.

Information

Automated connection responses occur as a result of FTP or Telnet connections when connecting to those services. They report a successful connection by greeting the connecting client and stating the name, release level, and (often) additional information about the responding product. While useful to the connecting client, connection responses can also be used by a third party to determine operating system or product release levels on the target server. The result can include disclosure of configuration information to third parties, paving the way for possible future attacks. For example, when querying the SMTP service on port 25, the default response looks similar to this one:

220 exchange.mydomain.org Microsoft ESMTP MAIL Service ready at Tuesday, 23 Nov 2021 13:43:00 -0500

Changing the response to hide local configuration details reduces the attack profile of the target.

Solution

Open the Exchange Management Shell and enter the following command:

Set-ReceiveConnector -Identity <'IdentityName'> -Banner '220 SMTP Server Ready'

Note: The <IdentityName> and 220 SMTP Server Ready values must be in quotes.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Exchange_2019_Y24M07_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5, CAT|II, CCI|CCI-002385, Rule-ID|SV-259638r961620_rule, STIG-ID|EX19-ED-000231, Vuln-ID|V-259638

Plugin: Windows

Control ID: 3cb49b6a8e23685e6dfe089cc35de224f3253c226dbfc21c8cb84c77be23881c