STIGQter: STIG Summary: Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:SV-221235r612603_rule
V-221235
SRG-APP-000261
EX16-ED-000360
CAT II
10
Update the EDSP to reflect the unaccepted domains that are to be blocked.
Open the Exchange Management Shell and enter the following command:
For BlockedDomains:
Set-SenderFilterConfig -BlockedDomains <BlockedDomain>
Repeat the procedure for each domain that is to be blocked.
or
For BlockedDomainsAndSubdomains:
Set-SenderFilterConfig -BlockedDomainsAndSubdomains <BlockedDomainAndSubdomain>
Repeat the procedure for each domain and all of its subdomains that are to be blocked.
Note: If third-party anti-spam product is being used, the anti-spam product must be configured to meet the requirement.
Review the Email Domain Security Plan (EDSP).
Determine the unaccepted domains that are to be blocked.
Open the Exchange Management Shell and enter the following command:
Get-SenderFilterConfig | Select Name, BlockedDomains, BlockedDomainsAndSubdomains
If the value for "BlockedDomains" or "BlockedDomainsAndSubdomains" does not reflect the list of accepted domains, this is a finding.
V-221235
False
EX16-ED-000360
Note: If third-party anti-spam product is being used, the anti-spam product must be configured to meet the requirement.
Review the Email Domain Security Plan (EDSP).
Determine the unaccepted domains that are to be blocked.
Open the Exchange Management Shell and enter the following command:
Get-SenderFilterConfig | Select Name, BlockedDomains, BlockedDomainsAndSubdomains
If the value for "BlockedDomains" or "BlockedDomainsAndSubdomains" does not reflect the list of accepted domains, this is a finding.
M
4079