EX19-MB-000136 Exchange external/internet-bound automated response messages must be disabled.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Spam originators, in an effort to refine mailing lists, sometimes monitor transmissions for automated bounce-back messages. Automated messages include such items as 'Out of Office' responses, nondelivery messages, and automated message forwarding.

Automated bounce-back messages can be used by a third party to determine if users exist on the server. This can result in the disclosure of active user accounts to third parties, paving the way for possible future attacks.

Solution

Open the Exchange Management Shell and enter the following command:

Set-RemoteDomain -Identity <'IdentityName'> -AllowedOOFType 'InternalLegacy'

Note: The <IdentityName> and InternalLegacy values must be in quotes.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Exchange_2019_Y24M07_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001308, Rule-ID|SV-259688r961161_rule, STIG-ID|EX19-MB-000136, Vuln-ID|V-259688

Plugin: Windows

Control ID: f98a99f34a115d55e3e58f3f7250e2d55ebe2e1ec51148c87de1dfdee3222d98