Tarpitting

From Roaring Penguin
Jump to: navigation, search

What is Tarpitting?

Tarpitting is a primitive antispam technique used by Microsoft Exchange and cPanel which can cause trouble for CanIt and should be disabled on servers behind a CanIt filter.

Tarpitting works by inserting artificial delays into the SMTP conversation in hopes that a spammer will not be patient enough to wait it out. While this can be effective for a server that is open to the internet, it is useless, and actually disruptive for users of CanIt.

CanIt Errors and Anomalies

Since the only connection to the mail server will be coming from CanIt, there is absolutely no reason to have this setting enabled. If CanIt detects large, intentional delays when it connects to your mail server you will be alerted with the following anomaly:

  • Large delays seen in SMTP session. Is tarpitting or delaying enabled on $SERVERNAME?

Similarly, either of these errors will be shown in the logs:

  • Verification server $SERVERNAME took $N seconds to issue the SMTP banner
  • Verification server $SERVERNAME took $N seconds to respond to a RCPT To: command

Disabling Tarpitting

Exchange

Tarpitting was not included in the initial release of Exchange 2003 but may have been added on later. In this case as well as with all Exchange 2007 and 2010 servers, tar-pitting should be configurable with the following command:

get-ReceiveConnector | set-ReceiveConnector –TarpitInterval 00:00:00

where the time parameter at the end defines the length of the delay. Please set this to 00:00:00, as above, to disable it's functionality. If you ever move away from CanIt, you can reset it using the same command and the default time of 5 seconds (00:00:05).

Exim/cPanel

In cPanel, navigate to the Exim Configuration Manager:

Home >> Service Configuration >> Exim Configuration Manager

Disable the following setting:

Introduce a delay into the SMTP transaction for unknown hosts and messages detected as spam

Disclaimer

Roaring Penguin is not responsible for supporting or administering Exchange or Exim and none of its staff is experienced in doing so. The information in this article was sourced from around the internet and has not been tested. If you notice any discrepancies in the information here and the real-world results, please let us know so that we can update our documentation.