STIGQter STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

A public web server must limit email to outbound only.

DISA Rule

SV-32937r1_rule

Vulnerability Number

V-2261

Group Title

WG330

Rule Version

WG330 A22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the email application to not allow incoming connections.

Check Contents

"To determine if email applications are excepting incoming connections (on standard ports)enter the following command:

telnet localhost 25

review the command results, If an e-mail program is installed and that program has been configured to accept inbound email, this is a finding."

Vulnerability Number

V-2261

Documentable

False

Rule Version

WG330 A22

Severity Override Guidance

"To determine if email applications are excepting incoming connections (on standard ports)enter the following command:

telnet localhost 25

review the command results, If an e-mail program is installed and that program has been configured to accept inbound email, this is a finding."

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments