Skip to content

Ensure 'Database Mail XPs' Server Configuration Option is set to '0'

Description

The Database Mail XPs option controls the ability to generate and transmit email messages from SQL Server.

Rationale

Disabling the Database Mail XPs option reduces the SQL Server surface, eliminates a DOS attack vector and channel to exfiltrate data from the database server to a remote host.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const { checkServerSetting } = module
/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'Database Mail XPs' is set to 0
 */
function validate(databaseSettings) {
    const success = checkServerSetting(databaseSettings, 'Database Mail XPs', "0")

    return {
        success,
    }
}

validate(databaseSettings)