Exchange external/Internet-bound automated response messages must be disabled.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-228392	SRG-APP-000261	EX16-MB-000480	SV-228392r879653_rule	2023-12-18	2

Description
Spam originators, in an effort to refine mailing lists, sometimes monitor transmissions for automated bounce-back messages. Automated messages include such items as "Out of Office" responses, nondelivery messages, and automated message forwarding. Automated bounce-back messages can be used by a third party to determine if users exist on the server. This can result in the disclosure of active user accounts to third parties, paving the way for possible future attacks.

Description

Spam originators, in an effort to refine mailing lists, sometimes monitor transmissions for automated bounce-back messages. Automated messages include such items as "Out of Office" responses, nondelivery messages, and automated message forwarding. Automated bounce-back messages can be used by a third party to determine if users exist on the server. This can result in the disclosure of active user accounts to third parties, paving the way for possible future attacks.

ℹ️ Check
Open the Exchange Management Shell and enter the following command: Get-RemoteDomain \| Select Name, DomainName, Identity, AllowedOOFType If the value of "AllowedOOFType" is not set to "InternalLegacy", this is a finding.

✔️ Fix
Open the Exchange Management Shell and enter the following command: Set-RemoteDomain -Identity <'IdentityName'> -AllowedOOFType 'InternalLegacy' Note: The <IdentityName> and InternalLegacy values must be in single quotes.