Re: Exchange 2003 SMTP Current Sessions



SF Dave <SFDave@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Recipient filtering, wow! That sounds reasonable. I have seen that mentioned
before to trim down the queues, but can it really be that easy? Are there any
'gotchas', like, creating a nightmare for IMAP users, for example?
Also, I was asking really about the SMTP sessions themselves, long before
Active Directory gets involved. Why is there not a tool to drop every SMTP
session, whether they are in the midst of sending an email (likely bulk
emails after 5-7 minutes) or not. Does anyone have a script for this by any
chance? Is it me or does that not seem to be one of the easiest things we
could do to at least slow down spammers? Maybe it is against RFC 'rules', but
I wouldn't care.

It wouldn't slow them down at all. Throw one off and another take its
place. There are, literally, hundreds of thousands of compromised
computers (zombies, or 'bots) whose services are sold by 'bot herders
to spamers and fraudsters.

What you really want is for a security appliance to watch the number
of bad RCPT TO addresses and, after some number of them, disconnect
the session and put the IP address in some sort of "jail" where no
connection will be accepted for it for "X" number of days.

As for RBL, I have heard your concern before, but really, our spam has been
cut down 10-20% as a result of its usage, so I am keeping it until I actually
hear from too many customers who cannot email us.

What about the potential customers that can't email you?

Use a RBL if you must, but pick the one you use with care. SpamCop
isn't one you want to use. Neither is SORBS (at least not the whole
set of RBLs they offer). Understand that you /will/ refuse legitimate
connections. RBLs don't block spam, they block connections. They never
look at the message contents.

It has happened several
times in the past, but that was before RBL (weird).

Not so wierd. Your server's busy with other connections.

In summary: I have read & talked to to many who end up MANUALLY terminating
these never ending sessions. Why hasn't Microsoft provided a simple tool for
automating this?

Why pick on MS? Who else does it?


--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@xxxxxxxxxxxxx
Or to these, either: mailto:h.pott@xxxxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxxxx
.