| Have your Exchange server installed, maintained or upgraded by Amset IT Solutions. Exchange 2000, 2003, 2003 SBS, 2007 More Information (UK only) |
Broadband - Exchange
Login Scripts - Net Admin
Outlook - Windows Mobile
Windows
Exchange and a
Dynamic IP Address
Global Mailbox Folder
Permissions from Server
Internal Email Address
for External People
Options when a Staff Member
Leaves
Prerequisites for Exchange
System Tools
Switching From POP3
to SMTP Delivery
| ||||||||||||
Author: Simon Butler, Exchange MVP, MCSE
Last Page Review: 13/12/2007
Exchange 2003 introduced a new facility to filter email messages if the email address doesn't exist in the Active Directory. This will stop spammers from sending messages to non-valid addresses.
The rejection is done at the SMTP level - so the email message isn't even delivered. If valid senders misspell an email address then they will get a bounce message immediately - indicating that the message has been rejected.
This feature does expose your server to "Directory Harvest" attacks, allowing spammers to find valid email addresses on your server. Therefore it should only be enabled on Exchange 2003 installed on Windows 2003 so that the tar pit feature can be enabled (see below).
Exchange 2000 and users on Windows 2000 with Exchange 2003
If you are using the older version of Windows or Exchange, then you should look at third party tools to do the same thing.
Vamsoft's ORF is one such product that can filter on the active directory.
Enabling the Option on Exchange 2003
To enable this option:
- Expand ESM, Message Delivery.
- Right click on "Message Delivery" and choose Properties.
- Click on the tab "Recipient Filtering".
- Enable the option "Filter Recipients who are not in the directory."
You then need to enable the Recipient Filter on the SMTP Server.
- Still in ESM, Expand Admin Groups, <your admin groups>, Server, <your server>, Protocols, SMTP.
- Right click on SMTP Virtual Server and choose Properties.
- Click on "Advanced" next to the IP address on the first tab.
- With the IP address selected, choose "Edit".
- Enable "Apply Recipient Filter".
- Click Apply/OK until clear.
Avoiding Directory Harvest Attacks
This feature makes your server vulnerable to directory harvest attacks - which is where the attacker sends commands to your server to find valid addresses. This can be avoided by using a feature known as tar pitting, which slows down the response of your server to these commands making it unviable for the attacker to scan your server.
Tar pitting was previously only available as a hot fix, but is now part of Windows 2003 Service Pack 1 and higher.
The tar pit is set with a small registry change.
Copy and paste the following text in to notepad and save it as tarpit.reg, changing the file type to All Types so that it is saved as a registry file. Then double click on it to install.
Restart the SMTP Server Service
After enabling these options, restart the SMTP Server Service in Services for them to take full effect.
Full information on enabling the feature can be found here: http://support.microsoft.com/default.aspx?kbid=842851
13/12/2007
Back to the Top
Contact Us - Advertise on amset.info
Exchange Index - Home Page
Broadband - Exchange - Login Scripts - Network Admin - Outlook - Windows Mobile - Windows
© Amset IT Solutions Ltd. 1998 - 2008. All rights reserved. Reproduction of any content on this web site is prohibited without express written consent. Use of this web site is subject to our terms and conditions. All trademarks and registered trademarks are property of their respective owners. This site is not endorsed or recommended by any company or organisation mentioned on this site. This site is to provide guidance only and as such we cannot be held responsible for any consequences of following the advice given.