STIGQter STIGQter: STIG Summary: MS Exchange 2010 Edge Transport Server STIG Version: 1 Release: 15 Benchmark Date: 26 Apr 2019:

Auto-forwarding email to remote domains must be disabled or restricted.

DISA Rule

SV-43996r2_rule

Vulnerability Number

V-33576

Group Title

Exch-2-736

Rule Version

Exch-2-736

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Non- Enterprise Mail Fix Text:

Open the Exchange Management Shell and enter the following command:

Set-RemoteDomain -Identity <'RemoteDomainName'> -AutoForwardEnabled $false

Enterprise Mail Fix Text:

New-RemoteDomain -Name <Descriptive Name> -DomainName <SMTP address space>

Set-RemoteDomain -Identity <'RemoteDomainName'> -AutoForwardEnabled $true

Check Contents

Non- Enterprise Mail Check Content:

Open the Exchange Management Shell and enter the following command:

Get-RemoteDomain | select identity, AutoForwardEnabled

If the value of 'AutoForwardEnabled' is not set to 'False', this is a finding.

Enterprise Mail Check Content:

If the value of 'AutoForwardEnabled' is set to 'True', this is not a finding.

and

In the Exchange Management Shell and enter the following command:

Get-RemoteDomain

If the value of 'RemoteDomain ' is not set to a ' .mil' and/or '.gov ' domain(s), this is a finding.

Vulnerability Number

V-33576

Documentable

False

Rule Version

Exch-2-736

Severity Override Guidance

Non- Enterprise Mail Check Content:

Open the Exchange Management Shell and enter the following command:

Get-RemoteDomain | select identity, AutoForwardEnabled

If the value of 'AutoForwardEnabled' is not set to 'False', this is a finding.

Enterprise Mail Check Content:

If the value of 'AutoForwardEnabled' is set to 'True', this is not a finding.

and

In the Exchange Management Shell and enter the following command:

Get-RemoteDomain

If the value of 'RemoteDomain ' is not set to a ' .mil' and/or '.gov ' domain(s), this is a finding.

Check Content Reference

M

Target Key

1995

Comments