Re: Best settings for Recipient Filtering?
- From: "Jim McBee [MVP Exchange]" <jmcbee@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 28 Jan 2006 20:44:13 -1000
Yep, I'm with Ben. I thought I would chime in here. I was just doing a
study on one organization's Exchange server. Enabling "Filter Recipients
Who Are Not in the Active Directory" checkbox stops about 75% of the spam at
the front door because much of it was addressed to former employees.
Using the Connection Filter with the Spamhaus RBL and the Spamcop RBL
elimates about 60% of the inbound spam that is destined for valid recpients.
One emerging trend is to use a "managed provider" to handle your inbound
mail. They filter out the spam, viruses, and directory harvesting attacks
before it ever hits your Internet connection since your MX records points to
their servers. The only service I am really familiar with is FrontBridge,
but there are a number of others out there.
--
Jim McBee
Blog: http://mostlyexchange.blogspot.com
Web: http://www.somorita.com
"Ben Winzenz [Exchange MVP]" <ben_winzenz@nospamdotmessageonedotcom> wrote
in message news:uZtm8rJJGHA.532@xxxxxxxxxxxxxxxxxxxxxxx
> It doesn't matter which version of Windows Exchange is on. With recipient
> filtering disabled, Exchange is vulnerable to reverse-NDR attacks. It's
> one reason that recipient filtering is so useful.
>
> As far as the tarpitting feature, there is no default value. The KB
> article simply shows an example of 5 seconds as a value. How long you
> wait is up to you. Understanding tarpitting is key here. Tarpitting
> works by delaying the response code that Exchange returns when an invalid
> recipient is presented during the SMTP conversation. Keeping in mind that
> the probability of legitimate mail including multiple invalid recipients
> is pretty low, I'd personally feel safe setting it to a decent value.
> Something like 30 seconds, perhaps even more. If the thousands of spam
> messages are to invalid recipients, then this should virtually eliminate
> the problem.
>
> --
> Ben Winzenz
> Exchange MVP
> MessageOne
> Read my blog!
> http://winzenz.blogspot.com
> http://feeds.feedburner.com/winzenz (RSS Feed)
>
>
> "Gregg Hill" <bogus@xxxxxxxxxxx> wrote in message
> news:%231ebdtIJGHA.344@xxxxxxxxxxxxxxxxxxxxxxx
>> Hello!
>>
>> A friend has an Exchange 2003 Enterprise server that receives thousands
>> of spam messages a day. He has Symantec Mail Security on it to filter
>> spam. I want to know if there is a way to kill most of the spam before
>> Symantec even sees it, perhaps with a combination of Recipient filtering
>> and Connection Filtering.
>>
>> Per http://support.microsoft.com/kb/886208/en-us, Exchange 2003 on SBS
>> 2003 is susceptible to reverse NDR attacks. I want to prevent Exchange
>> 2003 Enterprise from reverse NDR attacks if it is also vulnerable when
>> running on Windows Server 2003 Standard. Is Exchange 2003 Enterprise
>> vulnerable to reverse NDR attacks?
>>
>> In the article noted above, it also has a link
>> http://support.microsoft.com/kb/842851 to turn on SMTP tarpitting to
>> prevent directory harvesting of valid user account names. Do you feel
>> that the default setting is adequate, or should I set it higher?
>>
>> Thank you for your time!
>>
>> Gregg Hill
>>
>>
>>
>
>
.
- Follow-Ups:
- Re: Best settings for Recipient Filtering?
- From: #Pete#
- Re: Best settings for Recipient Filtering?
- From: Rich Matheisen [MVP]
- Re: Best settings for Recipient Filtering?
- References:
- Best settings for Recipient Filtering?
- From: Gregg Hill
- Re: Best settings for Recipient Filtering?
- From: Ben Winzenz [Exchange MVP]
- Best settings for Recipient Filtering?
- Prev by Date: Re: Account from 2nd Exchange server not receiving email
- Next by Date: I've lost some mail and I'm wondering what happened to it...
- Previous by thread: Re: Best settings for Recipient Filtering?
- Next by thread: Re: Best settings for Recipient Filtering?
- Index(es):
Relevant Pages
|
