RE: Tar Pitting
Pardon my asking, but why would you want to enable/use tar pitting? What does it do other than slow down an SMTP conversation? John H. Matteson, Jr. Systems Administrator/ITT Systems FOB Orgun-E Afghanistan DSN - 318 431 8001 VoSIP - (308) 431 - Iridium - 717.633.3823 Roshain - 079 - 736 - 3832 In the first place, we should insist that if the immigrant who comes here in good faith becomes an American and assimilates himself to us, he shall be treated on an exact equality with everyone else, for it is an outrage to discriminate against any such man because of creed, or birthplace, or origin. But this is predicated upon the person's becoming in every facet an American, and nothing but an American... There can be no divided allegiance here. Any man who says he is an American, but something else also, isn't an American at all. We have room for but one flag, the American flag.. We have room for but one language here, and that is the English language... and we have room for but one sole loyalty and that is a loyalty to the American people. Teddy Roosevelt; 1907 -Original Message- From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 5:49 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting When you said it affects all recipients that suggested (to me anyway) that both valid and invalid recipients would have a tarpit delay if tarpitting was enabled. Thank you for clarifying that that is not the case. To give the 100% correct summary: Messages that are accepted and all recipients are valid are not delayed by tarpitting. Carl From: Simon Butler [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 8:17 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting It is all recipients - because it slows down any response that generates 5.x.x error code. That isn't just invalid recipients - but that is the most common use for its protection. It can also slow down malformed messages to valid recipients as well. http://support.microsoft.com/default.aspx?kbid=842851 Simon. From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: 06 June 2008 00:28 To: MS-Exchange Admin Issues Subject: RE: Tar Pitting I'm afraid that Carl is 100% correct for Exchange 2003, the version used by the OP. Perhaps a change was made in Exchange 2007, I can't verify that. Carl From: Simon Butler [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 5:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Where the problems come with tarpitting is when people set the time delay too long. To be effective it doesn't need to be more than 5 seconds. Carl isn't quite 100% correct in its behaviour. It affects all recipients, valid or not. The idea is that a spammer is slowed down when carrying out a directory harvest attack. I personally feel that you shouldn't enable recipient filtering without tarpit. Tarpit is enabled by default in Exchange 2007. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/ From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: 05 June 2008 21:25 To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Got it - it's not IP based but single message based - if that makes sense. thanks From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:16 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 4:10 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting So, the tar pitting component does not remember from one message to the next - even in the same connection? From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I
RE: Tar Pitting
Pardon my asking, but why would you want to enable/use tar pitting? What does it do other than slow down an SMTP conversation? http://www.msexchange.org/tutorials/Windows-based-SMTP-Tar-Pitting-Explained.html ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Tar Pitting
I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 NASDAQ: TTPA The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.gif
RE: Tar Pitting
Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 NASDAQ: TTPA The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.gif
RE: Tar Pitting
The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 NASDAQ: TTPA The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.gif
RE: Tar Pitting
What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 4:10 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting So, the tar pitting component does not remember from one message to the next - even in the same connection? _ From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 NASDAQ: TTPA The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.gif
RE: Tar Pitting
Got it - it's not IP based but single message based - if that makes sense. thanks From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:16 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 4:10 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting So, the tar pitting component does not remember from one message to the next - even in the same connection? From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 NASDAQ: TTPA The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.gif
RE: Tar Pitting
Where the problems come with tarpitting is when people set the time delay too long. To be effective it doesn't need to be more than 5 seconds. Carl isn't quite 100% correct in its behaviour. It affects all recipients, valid or not. The idea is that a spammer is slowed down when carrying out a directory harvest attack. I personally feel that you shouldn't enable recipient filtering without tarpit. Tarpit is enabled by default in Exchange 2007. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/http://certificatesforexchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: 05 June 2008 21:25 To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Got it - it's not IP based but single message based - if that makes sense. thanks From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:16 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 4:10 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting So, the tar pitting component does not remember from one message to the next - even in the same connection? From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 NASDAQ: TTPA The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Tar Pitting
I'm afraid that Carl is 100% correct for Exchange 2003, the version used by the OP. Perhaps a change was made in Exchange 2007, I can't verify that. Carl From: Simon Butler [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 5:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Where the problems come with tarpitting is when people set the time delay too long. To be effective it doesn't need to be more than 5 seconds. Carl isn't quite 100% correct in its behaviour. It affects all recipients, valid or not. The idea is that a spammer is slowed down when carrying out a directory harvest attack. I personally feel that you shouldn't enable recipient filtering without tarpit. Tarpit is enabled by default in Exchange 2007. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/ _ From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: 05 June 2008 21:25 To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Got it - it's not IP based but single message based - if that makes sense. thanks _ From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:16 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 4:10 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting So, the tar pitting component does not remember from one message to the next - even in the same connection? _ From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Tar Pitting
It is all recipients - because it slows down any response that generates 5.x.x error code. That isn't just invalid recipients - but that is the most common use for its protection. It can also slow down malformed messages to valid recipients as well. http://support.microsoft.com/default.aspx?kbid=842851 Simon. From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: 06 June 2008 00:28 To: MS-Exchange Admin Issues Subject: RE: Tar Pitting I'm afraid that Carl is 100% correct for Exchange 2003, the version used by the OP. Perhaps a change was made in Exchange 2007, I can't verify that. Carl From: Simon Butler [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 5:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Where the problems come with tarpitting is when people set the time delay too long. To be effective it doesn't need to be more than 5 seconds. Carl isn't quite 100% correct in its behaviour. It affects all recipients, valid or not. The idea is that a spammer is slowed down when carrying out a directory harvest attack. I personally feel that you shouldn't enable recipient filtering without tarpit. Tarpit is enabled by default in Exchange 2007. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/http://certificatesforexchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: 05 June 2008 21:25 To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Got it - it's not IP based but single message based - if that makes sense. thanks From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:16 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 4:10 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting So, the tar pitting component does not remember from one message to the next - even in the same connection? From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Tar Pitting
When you said it affects all recipients that suggested (to me anyway) that both valid and invalid recipients would have a tarpit delay if tarpitting was enabled. Thank you for clarifying that that is not the case. To give the 100% correct summary: Messages that are accepted and all recipients are valid are not delayed by tarpitting. Carl From: Simon Butler [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 8:17 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting It is all recipients - because it slows down any response that generates 5.x.x error code. That isn't just invalid recipients - but that is the most common use for its protection. It can also slow down malformed messages to valid recipients as well. http://support.microsoft.com/default.aspx?kbid=842851 Simon. _ From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: 06 June 2008 00:28 To: MS-Exchange Admin Issues Subject: RE: Tar Pitting I'm afraid that Carl is 100% correct for Exchange 2003, the version used by the OP. Perhaps a change was made in Exchange 2007, I can't verify that. Carl From: Simon Butler [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 5:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Where the problems come with tarpitting is when people set the time delay too long. To be effective it doesn't need to be more than 5 seconds. Carl isn't quite 100% correct in its behaviour. It affects all recipients, valid or not. The idea is that a spammer is slowed down when carrying out a directory harvest attack. I personally feel that you shouldn't enable recipient filtering without tarpit. Tarpit is enabled by default in Exchange 2007. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/ _ From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: 05 June 2008 21:25 To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Got it - it's not IP based but single message based - if that makes sense. thanks _ From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:16 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 4:10 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting So, the tar pitting component does not remember from one message to the next - even in the same connection? _ From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Tar Pitting
i use ORF (http://www.vamsoft.com) to handle all my tarpitting and recipient validation. (plus other features like DNSBL, SURBL, and Greylisting) Thought i'd bring this up as an alternative to exchange doing it for you, i find it's configuration easier and it's way too cheap for what it gives me. -Ben PS. i'm just a long time customer and thought others could benefit. On Thu, Jun 5, 2008 at 6:19 PM, Carl Houseman [EMAIL PROTECTED] wrote: When you said it affects all recipients that suggested (to me anyway) that both valid and invalid recipients would have a tarpit delay if tarpitting was enabled. Thank you for clarifying that that is not the case. To give the 100% correct summary: Messages that are accepted and all recipients are valid are not delayed by tarpitting. Carl *From:* Simon Butler [mailto:[EMAIL PROTECTED] *Sent:* Thursday, June 05, 2008 8:17 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting It is all recipients - because it slows down any response that generates 5.x.x error code. That isn't just invalid recipients - but that is the most common use for its protection. It can also slow down malformed messages to valid recipients as well. http://support.microsoft.com/default.aspx?kbid=842851 Simon. -- *From:* Carl Houseman [mailto:[EMAIL PROTECTED] *Sent:* 06 June 2008 00:28 *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting I'm afraid that Carl is 100% correct for Exchange 2003, the version used by the OP. Perhaps a change was made in Exchange 2007, I can't verify that. Carl *From:* Simon Butler [mailto:[EMAIL PROTECTED] *Sent:* Thursday, June 05, 2008 5:05 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting Where the problems come with tarpitting is when people set the time delay too long. To be effective it doesn't need to be more than 5 seconds. Carl isn't quite 100% correct in its behaviour. It affects all recipients, valid or not. The idea is that a spammer is slowed down when carrying out a directory harvest attack. I personally feel that you shouldn't enable recipient filtering without tarpit. Tarpit is enabled by default in Exchange 2007. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ http://certificatesforexchange.com/for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ -- *From:* Don Andrews [mailto:[EMAIL PROTECTED] *Sent:* 05 June 2008 21:25 *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting Got it – it's not IP based but single message based – if that makes sense. thanks -- *From:* Carl Houseman [mailto:[EMAIL PROTECTED] *Sent:* Thursday, June 05, 2008 1:16 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. *From:* Don Andrews [mailto:[EMAIL PROTECTED] *Sent:* Thursday, June 05, 2008 4:10 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting So, the tar pitting component does not remember from one message to the next – even in the same connection? -- *From:* Carl Houseman [mailto:[EMAIL PROTECTED] *Sent:* Thursday, June 05, 2008 1:05 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl *From:* Bill Lambert [mailto:[EMAIL PROTECTED] *Sent:* Thursday, June 05, 2008 1:57 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 *From:* Carl Houseman [mailto:[EMAIL PROTECTED] *Sent:* Thursday, June 05, 2008 11:39 AM *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should