fix: step 1 and step 2 in 6.2.1 details.
This commit is contained in:
DrIOS
@@ -15,27 +15,50 @@ function Test-BlockMailForwarding {
|
|||||||
try {
|
try {
|
||||||
# 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
|
# 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
|
||||||
|
|
||||||
# Retrieve the transport rules that redirect messages
|
# Step 1: Retrieve the transport rules that redirect messages
|
||||||
$transportRules = Get-TransportRule | Where-Object { $null -ne $_.RedirectMessageTo }
|
$transportRules = Get-TransportRule | Where-Object { $null -ne $_.RedirectMessageTo }
|
||||||
$forwardingBlocked = $transportRules.Count -eq 0
|
$transportForwardingBlocked = $transportRules.Count -eq 0
|
||||||
|
|
||||||
|
# Step 2: Check all anti-spam outbound policies
|
||||||
|
$outboundSpamPolicies = Get-HostedOutboundSpamFilterPolicy
|
||||||
|
$nonCompliantSpamPolicies = $outboundSpamPolicies | Where-Object { $_.AutoForwardingMode -ne 'Off' }
|
||||||
|
$nonCompliantSpamPoliciesArray = @($nonCompliantSpamPolicies)
|
||||||
|
$spamForwardingBlocked = $nonCompliantSpamPoliciesArray.Count -eq 0
|
||||||
|
|
||||||
|
# Determine overall compliance
|
||||||
|
$forwardingBlocked = $transportForwardingBlocked -and $spamForwardingBlocked
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
$failureReasons = if ($transportRules.Count -gt 0) {
|
$failureReasons = @()
|
||||||
"Mail forwarding rules found: $($transportRules.Name -join ', ')"
|
$details = @()
|
||||||
|
|
||||||
|
if ($transportRules.Count -gt 0) {
|
||||||
|
$failureReasons += "Mail forwarding rules found: $($transportRules.Name -join ', ')"
|
||||||
|
$details += "Transport Rules Details:`nRule Name|Redirects To"
|
||||||
|
$details += $transportRules | ForEach-Object {
|
||||||
|
"$($_.Name)|$($_.RedirectMessageTo -join ', ')"
|
||||||
}
|
}
|
||||||
else {
|
$details += "`n"
|
||||||
"N/A"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$details = if ($transportRules.Count -gt 0) {
|
if ($nonCompliantSpamPoliciesArray.Count -gt 0) {
|
||||||
$transportRules | ForEach-Object {
|
$failureReasons += "Outbound spam policies allowing automatic forwarding found."
|
||||||
"$($_.Name) redirects to $($_.RedirectMessageTo -join ', ')"
|
$details += "Outbound Spam Policies Details:`nPolicy|AutoForwardingMode"
|
||||||
} -join " | "
|
$details += $nonCompliantSpamPoliciesArray | ForEach-Object {
|
||||||
|
"$($_.Name)|$($_.AutoForwardingMode)"
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
"Step 1: No forwarding rules found. Please proceed with Step 2 described in CIS Benchmark."
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($failureReasons.Count -eq 0) {
|
||||||
|
$failureReasons = "N/A"
|
||||||
|
$details = "Both transport rules and outbound spam policies are configured correctly to block forwarding."
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$failureReasons = $failureReasons -join " | "
|
||||||
|
$details = $details -join "`n"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Populate the audit result
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
Result = $forwardingBlocked
|
Result = $forwardingBlocked
|
||||||
|
|||||||
Reference in New Issue
Block a user