Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Recipient Filtering and Tarpitting Problem
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Recipient Filtering and Tarpitting Problem - 24.Apr.2008 3:57:41 AM
|
|
|
IainZ
Posts: 5
Joined: 24.Apr.2008
Status: offline
|
I have an exchange 2003 server with the recipient filtering enabled and the tick box ticked to filter out addresses that are not in the directory, i also have the tarpitting function active but, this is the only filtering option i have enabled on my smtp virtual server, but when certain senders send mails to valid recipients it's waiting until until the tarpit time out before receiving.
Any ideas?
Cheers
Iain
|
|
|
|
|
RE: Recipient Filtering and Tarpitting Problem - 24.Apr.2008 2:25:17 PM
|
|
|
IainZ
Posts: 5
Joined: 24.Apr.2008
Status: offline
|
OK further investigation shows that this apparently is the correct behaviour although it seems a bit odd.
The tarpitting is doing what it's supposed - holding the connection for the tarpit time when the smtp response is a 5xx.
But the actual response is a 504 - need to authenticate first, which is normal between 2 exchange servers from different organisations.
If tarpitting is not enabled then this would never become apparent as after the tarpit period the email is still sent.
Can any exchange gurus shed any light on this?
|
|
|
|
|
RE: Recipient Filtering and Tarpitting Problem - 25.Apr.2008 2:25:50 PM
|
|
|
IainZ
Posts: 5
Joined: 24.Apr.2008
Status: offline
|
Progress of sorts, further investingation has shown that because any sending server (exchange) is sending XEXCH50, this is what says it is an exchange server and requests authentication. Anyway http://groups.google.com/group/microsoft.public.exchange.connectivity/browse_thread/thread/fa241f957ff542bd/e85e93edeb11b139?lnk=st&q=disable+XEXCH50&rnum=3 shows how to ignore the XEXCH50 message and deal as normal SMTP.
So i did the unreg of the dll and it worked a treat or so i thought, the inbound mail did just what i was hoping, but after a while it turns out that by unregistering the dll it also stopped outbound mail.
So back to square 1.
Does anyone else have experince (good or bad) of using the recipient filtering and tarpitting? I'm sure with the amount of spam about these days i can't be the only one experimenting with this.
|
|
|
|
|
RE: Recipient Filtering and Tarpitting Problem - 27.Apr.2008 7:08:16 PM
|
|
|
Sembee
Posts: 3574
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
I enable recipient filtering and the tarpit on all servers that I build and have never had a problem with it. What are you expecting it to do?
It doesn't reduce the amount of spam that you receive - what those two settings do is ensure that your server doesn't accept email for users who do not exist and the server cannot be subjected to a directory harvest attack.
What time did you set the tarpit for? If it was anything longer than 10 seconds then you have made an error in its configuration.
Recipient fitlering and tarpit is not an antispam setting, it is a security setting to ensure that your server is not abused.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: Recipient Filtering and Tarpitting Problem - 28.Apr.2008 5:20:51 AM
|
|
|
IainZ
Posts: 5
Joined: 24.Apr.2008
Status: offline
|
Simon thank you for your response, I do understand why it is done although i am expecting it to reduce the amount of spam as i get a lot of spam for addresses that are not in my AD. i will put my hand up to mis-understanding the time issue though as i thought the time for the tarpit needed to be around 5 -10 minutes not seconds. If it is only 5 - 10 seconds though, will that put a long enough delay in to prevent directory harvesting?
Cheers
Iain
Ps I have read a number of your posts on various forums and also Amset.info so i know you know what you're talking about and appreciate the help.
|
|
|
|
|
RE: Recipient Filtering and Tarpitting Problem - 28.Apr.2008 9:13:19 AM
|
|
|
Sembee
Posts: 3574
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
A tarpit time of 5 seconds is long enough to cause a spammer to give up.
A directory harvest attack relies on being able to check a large number of addresses in a very short space of time. Without the tarpit enabled 100s of addresses a second can be be checked, whereas with a five second delay it limits it considerably.
http://support.microsoft.com/default.aspx?kbid=842851
Change it back to five seconds and then restart the SMTP virtual server.
The recipient filtering setting should also block email to unknown users - as long as the Exchange server is the prime receiver of email - and it isn't something else between the server and the internet.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
