WG330 W22 - A public web server must limit e-mail to outbound only.

Information

Incoming E-mail has been known to provide hackers with access to servers. Disabling the incoming mail service prevents this type of attacks. Additionally, Email represents the main use of the Internet. It is specialized application that requires the dedication of server resources. To combine this type of transaction processing function with the file serving role of the web server creates an inherent conflict. Supporting mail services on a web server opens the server to the risk of abuse as an email relay. This check verifies, by checking the OS, that incoming e-mail is not supported.

Solution

Isolate e-mail, if running on a public web server, to outbound e-mail only. This would allow the web-based application to send timely notices to users and administrators. On the SMTP or other e-mail server, the mail relay option must be disabled.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_WIN_V1R13_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CAT|II, Rule-ID|SV-33082r1_rule, STIG-ID|WG330_W22, Vuln-ID|V-2261

Plugin: Windows

Control ID: 44a001626c959aabf02f0a9a02478e4fe5528a4e25c17c572b730c0edb5a5dcb