EX16-ED-000040 - Exchange must have auto-forwarding of email to remote domains disabled or restricted.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Attackers can use automated messages to determine whether a user account is active, in the office, traveling, and so on. An attacker might use this information to conduct future attacks. Ensure Automatic Forwards to remote domains are disabled, except for enterprise email that must be restricted to forward-only to .mil and .gov. domains.

Before enabling this setting, first configure a remote domain.

Solution

For Non-Enterprise Mail Fix Text:

Open the Exchange Management Shell and enter the following command:

Set-RemoteDomain -Identity <'IdentityName'> -AutoForwardEnabled $false

Note: The <IdentityName> value must be in single quotes.

For Enterprise Mail Fix Text, enter the following commands:

New-RemoteDomain -Name <NewDomainName> -DomainName <SMTP address space>

Note: NewDomainName must be either a '.mil' or '.gov' domain.

Set-RemoteDomain -Identity <'IdentityName'> -AutoForwardEnabled $true

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Exchange_2016_Y21M12_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001368, Rule-ID|SV-221205r612603_rule, STIG-ID|EX16-ED-000040, STIG-Legacy|SV-95201, STIG-Legacy|V-80491, Vuln-ID|V-221205

Plugin: Windows

Control ID: f47c4db061b4c9d8526cc5624595b2fed1ea3157f7a56131f0ef71a3ad2600f8