STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

A public web server must limit e-mail to outbound only.

DISA Rule

SV-33082r1_rule

Vulnerability Number

V-2261

Group Title

WG330

Rule Version

WG330 W22

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Isolate e-mail, if running on a public web server, to outbound e-mail only. This would allow the web-based application to send timely notices to users and administrators. On the SMTP or other e-mail server, the mail relay option must be disabled.

Check Contents

This check verifies, by checking the OS, that incoming e-mail is not supported.

Select START >> Programs >> Administrative Tools >> Services

Scroll down and review all the entries. If there is a mail program (SMTP service), then the reviewer must run that program to see if it will accept incoming e-mail (There are too many different programs for detailed instructions).

The reviewer should also check the Programs menu and sub-menus under start to see if there are any installed mail programs. The reviewer can also check the Add/Delete programs icon in the Control Panel to see if there are any e-mail programs installed.

If there is an e-mail program installed and that program has been configured to accept inbound email, this is a finding.

A public web server must limit e-mail to outbound only.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments