MS Exchange Server SMTP Tarpitting Grey Listing
For those running Microsoft Exchange, IIS or Windows SMTP Service, this is a little known but handy feature in the battle against spam (UCE). Essentially what this does is to introduce an artificial delay into the relay process. The server sends a temporary error message in response to an SMTP connect.
This has two benefits
1) If a spammer is trying to relay mail to your users, often they will mount an attack on your server bombarding it with connection attempts to random addresses to which your server will have to respond with NDRs as fast as it can for those invalid recipients. Introducing a delay into that process could mean that the attack isn’t worthwhile as it would take too long to figure out the valid addresses.
2) Often spam is relayed by automated bots, zombies or trojans which take little heed of RFCs and standards. A valid email server in response to this “try again later” response will do just that, but often a bot will just give up and move on to the next server. MailRoute for example, use this as part of their remote spam filtering service to great effect.
Does it cause delays?
Strictly speaking yes, but only slightly and you’d be hard pressed to notice.
How Do I Enable Greylisting On Exchange Server Or Windows Server With IIS and SMTP installed?
If you’re running Windows 2003 Server, first off make sure you’ve installed SP1.
Type Regedit at a command prompt
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC\Parameters
Right click Parameters in the tree and select New > DWORD Value
Name the DWORD value TarpitTime then click enter
The default value will be 0 which means disabled, so modify the value and enter a number of seconds for the SMTP service to delay responses to SMTP 5.x.x codes, you might want to start with a value of around 30 seconds or so, so enter 30.
Now stop and restart the SMTP service in Control Panel>Administrative Tools>Services or by going to a command prompt and type:
NET STOP SMTPSVC
NET START SMTPSVC
More Information
If you are interested in the MailRoute service, try contacting Applaud www.applaud.uk.com in the UK.