Audilitics
Generic filters
Generic filters

Auditing Microsoft Exchange Servers

Web Applications

← Go back

AID44
Severitymedium
Audit

Exchange must not send automated replies to remote domains.

Guidance

Attackers can use automated messages to determine whether a user account is active, in the office, traveling, and so on. An attacker might use this information to conduct future attacks. Remote users will not receive automated "Out of Office" delivery reports. This setting can be used to determine if all the servers in the organization can send "Out of Office" messages.

Recommendations

Open the Exchange Management Shell and enter the following command:

Set-RemoteDomain -Identity -AutoReplyEnabled $false

Note: The value must be in single quotes.

Procedure

Note: Automated replies to enterprise sites are allowed.
Open the Exchange Management Shell and enter the following command:

Get-RemoteDomain | Select Name, Identity, AutoReplyEnabled
If the value of “AutoReplyEnabled” is set to “True” and is configured to only Reply to enterprise domain sites, this is not a finding.

If the value of "AutoReplyEnabled" is not set to "False", this is a finding.

NIST SP 800-53

SI-8 (2)

STIGMicrosoft Exchange 2016 Mailbox Server Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 25 Oct 2019

This entry has no reviews.

Review this entry

Your email address will not be published. Required fields are marked *

Please provide a rating

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Exchange 2016 Edge Transport Server
You are not allowed to view this content.

Pin It on Pinterest