Documentation - V-228572

V-228572

Microsoft IIS 10.0 Server Security Technical Implementation Guide

CAT II

Title

An IIS Server configured to be a SMTP relay must require authentication.

Description

<VulnDiscussion>Anonymous SMTP relays are strictly prohibited. An anonymous SMTP relay can be a vector for many types of malicious activity not limited to server exploitation for the sending of SPAM mail, access to emails, phishing, DoS attacks, etc. Enabling TLS, authentication, and strictly assigning IP addresses that can communicate with the relay greatly reduce the risk of the implementation.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>fals...

Fix Text (Documentation Requirement)

Configure the relay server with a specific allowed IP address, from the same network as the relay, and implement TLS.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel