Re: SPAM and Junk Email
- From: "Ben Winzenz [Exchange MVP]" <ben_winzenz@nospamdotmessageonedotcom>
- Date: Thu, 29 Jun 2006 13:19:24 -0500
Re: tarpitting...It would only slow wanted/necessary traffic if the remote
server entered an invalid user, which doesn't usually happen, or doesn't
happen that often. If it is an issue where there aren't enough sessions
available, you can always bump that up. Also, understand that features such
as this can be disabled at will. Is the "potential" of slowing legitimate
traffic, with the knowledge that it may not affect legit traffic at all,
worth the current SPAM problem you are facing? That is a decision you'll
have to make. For me, it is a no-brainer and I would enable tarpitting.
If you have recipient filtering enabled under the Global settings, make sure
that you have also enabled it on the properties of the SMTP Virtual Server,
otherwise it isn't really enabled...
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ADP Comm" <ADPComm@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5479439D-D2BB-4993-8493-ACBC0AA8A9B3@xxxxxxxxxxxxxxxx
"Ben Winzenz [Exchange MVP]" wrote:
If you enumerate the messages in the queues for those remote domains, I
suspect that they will all be NDR's. If this is the case, then the
simplest
solution is to enable Recipient Filtering, and "Filter Recipients who are
not in the Directory". This setting configures Exchange to only accept
messages for valid user accounts. All others will be rejected. I highly
recommend enabling this setting. In addition, I'd recommend enabling
SMTP
Tarpitting. Not only will it help prevent a Directory Harvesting attack,
but it will also discourage spammers from sending to you, as it will make
their operation much more expensive by reducing the amount of messages
they
can send.
http://support.microsoft.com/kb/842851/
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ADP Comm" <ADPComm@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:49821BEE-5CB7-4392-BAD4-7EE790BF207C@xxxxxxxxxxxxxxxx
"Ben Winzenz [Exchange MVP]" wrote:
Can you better explain what is going on? I don't think you mean
"relaying" - if you do, then that's bad - Exchange 2003 doesn't allow
anonymous relaying by default.
Do you mean simply that you receive a lot of SPAM/Junk mail to your
domain?
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ADP Comm" <ADPComm@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4A9C1797-2AC9-427E-885A-A31C6B8A045F@xxxxxxxxxxxxxxxx
I've been wrestling for a while now with SPAM and Junk Email
relaying
through
my Exchange 2003 server. I have made changes to the settings for
both
IMF
and
the SMTP connector. I've even been adding the domains these messages
are
coming from to the filters as well but they still show up and take
up
processor time. Is there a way, either a internal setting to modify,
a
registry change or 3rd party software to prevent this?
I agree, it is bad but that is the only way I can explain what I see.
Yes,
there is an excessive amount of Junk Email and SPAM being delivered to
the
users on the network and I currently have IMF set at 7, reject and 5.
I do not have any 3rd party software running to block the unwanted mail
either.
Now the reason I suspect that there is relaying going on, is because I
see
a
large amount of messages in the outbound SMTP que, from/ going to
domains
I
do not recognize. Domain like 0041.com or similar domains. I've checked
with
users here and domains named like this, they do not recognize. Of
course
there are other domains listed that are not recognized either. I've
added
these domains to the 'sender filtering' as well but it appears to not
be
working correctly. These messages still show up.
If anyone has any suggestions, I am all ears. I would really like to
put
an
end to the SPAM and Junk Email, well, the best that can possibly be
done
without 3rd party software for now.
I do have Recipient Filtering enabled and have had it running since I
turned
on the server. I've also been adding to the filter, when ever I see a
invalid
domain or get a SPAM/ Junk Email domain sent to me by a user. It gets
added
to the list.
As for the tar pitting you mention, it does sound interesting. After
reading
the page/ article, it talks about possibly slowing even wanted and
necessary
traffic as well. That is a drawback I would not be able to work with. I do
appreciate the idea and feed back, would anyone possibly have any other
ideas?
.
- Follow-Ups:
- Re: SPAM and Junk Email
- From: ADP Comm
- Re: SPAM and Junk Email
- References:
- Re: SPAM and Junk Email
- From: Ben Winzenz [Exchange MVP]
- Re: SPAM and Junk Email
- From: Ben Winzenz [Exchange MVP]
- Re: SPAM and Junk Email
- From: ADP Comm
- Re: SPAM and Junk Email
- Prev by Date: Re: Exchange generating tonnes of transaction logs
- Next by Date: Re: Out of Office Replies
- Previous by thread: Re: SPAM and Junk Email
- Next by thread: Re: SPAM and Junk Email
- Index(es):
Relevant Pages
|
|
