SMTP Tarpitting In Exchange 2007…

SMTP Tarpitting is enabled by default in Exchange 2007. This is really good news as admins who configure recipient filtering are automatically protected against directory harvest attacks. This was not the case in exchange 2003, as a registry edit was necessary to enable the feature. Check this KB article for information regarding how to enable…

SMTP Tarpitting is enabled by default in Exchange 2007. This is really good news as admins who configure recipient filtering are automatically protected against directory harvest attacks. This was not the case in exchange 2003, as a registry edit was necessary to enable the feature. Check this KB article for information regarding how to enable tarpitting on an exchange 2003 server.

SMTP Tarpitting is the feature by which a delay is introduced to the rejection response. When a recipient is rejected with a 5.x.x response, a delay of few seconds is introduced before the response is initiated. This makes it difficult for spammers to find legitimate email addresses in a domain by using directory harvesting attacks.

Exchange 2007 has a default tarpit interval of 5 seconds, which can be increased upto a maximum of 10 minutes. Much thought should be put in while changing the tarpit interval, as it will affect legitimate emails as well (the ones that are not spam, like misspelt addresses). The default interval is good in most cases. Tarpit interval is set on the receive connector and is in the format hh:mm:ss.

In order to find the tarpit interval, run the following command

Get-ReceiveConnector connectorname | select tarpitinterval

To increase the tarpit interval to 10 seconds, run Set-ReceiveConnector connectorname –TarpitInterval 00:00:10

Run Set-ReceiveConnector connectorname –TarpitInterval 00:00:00 to disable tarpitting (not recommended).

5 Comments

  1. Rajith Enchiparambil says:

    Hi Greg,

    Can you paste the error message here and I will try to help you out.

    Thanks,

  2. Sure would be nice if this command actually worked! But it doesn’t. Always fails at the command line.

    1. Rajith Enchiparambil says:

      Can you paste the error message here Greg? I will try and help you out.

      1. It works. Rejith, you’re incorrect or using perhaps, exchange 2003

        1. Rajith Enchiparambil says:

          Hi James,

          The command works, which is why I blogged about it ;)

Leave a Reply

Your email address will not be published. Required fields are marked *