Exchange Server Forums

Windows-based SMTP Tar Pitting Explained

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Microsoft Exchange 2003] >> General >> Windows-based SMTP Tar Pitting Explained

Page: [1]

Message

<< Older Topic Newer Topic >>

Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM

TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!

Windows-based SMTP Tar Pitting Explained - 4.Aug.2005 9:09:00 AM

Henrik Walther

Posts: 6848
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline

This thread has been created in order to discuss the Windows-based SMTP Tar Pitting feature, which I have been writing about in my lastest article.

[ August 04, 2005, 11:30 AM: Message edited by: Henrik Walther ]

Post #: 1

Featured Links*

RE: Windows-based SMTP Tar Pitting Explained - 4.Aug.2005 9:37:00 AM

isawader

Posts: 119
Joined: 7.Jul.2005
From: US
Status: offline

Good article. I've never knew there is something called tar pitting.

However, there are spammers who run some short of scripting engine to constantly send SMTP commands. I blocked about 25 class C and B domains of known spam IPs at the firewall itself. I still see them sending HELO command to my SMTP relay server every 15 seconds only to be dropped at the firewall. Those scums don't care if the firewall blocks them completely or not.

(in reply to Henrik Walther)

Post #: 2

RE: Windows-based SMTP Tar Pitting Explained - 4.Aug.2005 11:35:00 AM

Henrik Walther

Posts: 6848
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline

Thanks

You're right these bastards constantly find new methods to deliver their spam.

If you're interested in knowing how they work, I can highly recommend the below book, which is written by a "professional" ex-spammer:

Amazon.com: Books: Inside the Spam Cartel:
http://www.amazon.com/exec/obidos/ASIN/1932266860/ref%3Dase%5Fsyngressmediahom/002-7969823-9301634

A great read...

(in reply to Henrik Walther)

Post #: 3

RE: Windows-based SMTP Tar Pitting Explained - 5.Aug.2005 12:24:00 PM

Guest

Hi,

Is there any hope for Win2000 Server owners ?
As i understand this is an OS update which requires Win2K3 and Exch. 2K3.

Thanks,
Guy

(in reply to Henrik Walther)

Post #: 4

RE: Windows-based SMTP Tar Pitting Explained - 5.Aug.2005 12:38:00 PM

Guest

There is hope... Upgrade to 2003! Windows 2000 and Exchange 2000 are 5 years old at this point.

(in reply to Henrik Walther)

Post #: 5

RE: Windows-based SMTP Tar Pitting Explained - 5.Aug.2005 12:47:00 PM

Guest

This all sounds good in theory but I doubt this would be that useful in the real world. The author says, "85 hours...Wouldn't that make the most patient spammer...give up?" It's not like they do this by hand and are sitting in front of the computer waiting for it to finish. It's all automated, why would the spammer care how long it took?

As isawader pointed out, they clearly don't care about any individual message getting through so why would they care if some messages take longer to deliver than others?

Peter

(in reply to Henrik Walther)

Post #: 6

RE: Windows-based SMTP Tar Pitting Explained - 6.Aug.2005 3:29:00 AM

Henrik Walther

Posts: 6848
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline

It's a Windows 2003 Server feature, so it can only be enabled on a Windows 2003 Server with the SMTP Service, and either SP1 or the update in MS KB article 899492 applied. But bear in mind it's only your Internet facing SMTP server which needs to have the feature enabled, as it's the server during SMTP conversations with outside SMTP servers.

Peter: I'm of course aware the spammers don't sit in front of their computers sending trying to harvest e-mail addresess manually [Smile]

Actually I do know many of the real methods they're using, they're explained in the book Inside the Spam Cartel, I referred to in a previous post. What I meant in the example was that the spammers application will timeout and jump to the next target pretty quickly, as they have many more potential e-mail addresses scheduled to be harvested from thousands of other domains.

(in reply to Henrik Walther)

Post #: 7

RE: Windows-based SMTP Tar Pitting Explained - 20.Feb.2006 11:03:06 PM

jjquin

Posts: 1
Joined: 20.Feb.2006
Status: offline

OK, I must be doing something wrong but I can't figure it out.

I have a Microsoft Exchange 2003 Server on W23 SP1 behind a Microsoft ISA Server with W23 SP1. I enabled recipient filtering on the Exchange server and enabled tar pitting by adding the registry setting and restarting the server. But I still get an instant reponse back from the isa server, no delay. I've checked the registry setting. Any advice?

Thanks

JJ

(in reply to Henrik Walther)

Post #: 8

RE: Windows-based SMTP Tar Pitting Explained - 21.Feb.2006 1:27:44 PM

Henrik Walther

Posts: 6848
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline

What you see is expected behaviour as it's the SMTP conversation, after the SMTP session has been created, that are slowed down.

_____________________________

HTH
Henrik Walther
Exchange MVP | MCM: Exchange 2007
MCITP: EMA, MCITP: EA, MCSE: M+S

Order my Exchange Server 2007 Book!

(in reply to jjquin)