EX13-MB-000205 - Exchange Message size restrictions must be controlled on Send connectors.

Information

Email system availability depends in part on best practice strategies for setting tuning configurations. For message size restrictions, multiple places exist to set or override inbound or outbound message size. Failure to control the configuration strategy can result in loss of data or system availability.

This setting enables the administrator to control the maximum message size on a Send connector. Using connectors to control size limits may necessitate applying message size limitations in multiple places, with the potential of introducing conflicts and impediments in the mail flow. Changing this setting at the connector overrides the global one. Therefore, if operational needs require it, the connector value may be set lower than the global value with the rationale documented in the Email Domain Security Plan (EDSP).

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Update the EDSP.

Open the Exchange Management Shell and enter the following command:

Set-SendConnector -Identity <'IdentityName'> -MaxMessageSize <MaxSendSize>

Note: The <IdentityName> value must be in quotes.

or

The value as identified by the EDSP that has obtained a signoff with risk acceptance.

Repeat the procedures for each Send connector.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Exchange_2013_Y24M07_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5(2), CAT|III, CCI|CCI-001095, Rule-ID|SV-207307r961155_rule, STIG-ID|EX13-MB-000205, STIG-Legacy|SV-84643, STIG-Legacy|V-70021, Vuln-ID|V-207307

Plugin: Windows

Control ID: 16d27ed4a4fd369ec8653b1784abf1d850c1a31959e8caa8ee2ba6e3a1a1c960