Wednesday, 24 April 2013

SMTP Tarpitting !!

Some of you may have heard it before and some of you are asking yourself what is it ?
SMTP Tarpitting is a concept to avoid illegitimate email traffic . Now your are struggling with your mind what is an illegitimate traffic ? Illegitimate email traffic means when spammers send emails to your domain for the purpose of Directory harvest and NDR attacks.

Directory Harvest Attack :- Spammers send lots of bogus email to your domain to know the right email address. If they get NDR (550 5.1.1 User unknown) then they are sure email address does not exist and for those they don't get NDR, they start sending spam to them directly.

NDR Attacks :-  Due to non exit email in your domain , your mail server is victim of Denial of service and mail server queue starts getting filled with thousands of email and server starts responding slow.


To avoid this situation, Microsoft represent SMTP tarpitting feature which starts delay responding on spammers email and Spammers give up and go somewhere else to do same thing for another domain.

How to do this in Exchange 2003 :- You can do it on Exchange 2003 sp2 with the help of registry key.
How to do this in Exchange 2007/2010 :- By default SMTP tarpitting is enabled in both version and can be    checked through powershell command which is                                                                                       Get-ReceiveConnector | select name,tarpitinterval .
And by default 5 sec is set on both servers' Receive connector.  If you set this value 0 sec , tarpitting will be disabled automatically. 


PS:- Recipient filtering is must to be enabled, Else SMTP tarpitting is not going to work.


Cheers
Amit
View Amit Rawat's profile on LinkedIn