A public web server must limit e-mail to outbound only.
An XCCDF Rule
Description
Incoming E-mail has been known to provide hackers with access to servers. Disabling the incoming mail service prevents this type of attacks. Additionally, Email represents the main use of the Internet. It is specialized application that requires the dedication of server resources. To combine this type of transaction processing function with the file serving role of the web server creates an inherent conflict. Supporting mail services on a web server opens the server to the risk of abuse as an email relay. This check verifies, by checking the OS, that incoming e-mail is not supported.
| Property | Value |
|---|---|
| Responsibility | Web Administrator |
- ID
- SV-33082r1_rule
- Version
- WG330 W22
- Severity
- Medium
- Updated
Remediation Templates
A Manual Procedure
Isolate e-mail, if running on a public web server, to outbound e-mail only. This would allow the web-based application to send timely notices to users and administrators. On the SMTP or other e-mail server, the mail relay option must be disabled.