Difference between revisions of "Tarpitting"

From Roaring Penguin
Jump to: navigation, search
(What is Tarpitting?)
(CanIt Errors and Anomalies)
Line 11: Line 11:
 
* Large delays seen in SMTP session.  Is tarpitting or delaying enabled on $SERVERNAME?
 
* Large delays seen in SMTP session.  Is tarpitting or delaying enabled on $SERVERNAME?
  
Similarly, either of these errors might be shown in the logs:
+
Similarly, either of these errors will be shown in the logs:
  
 
* Verification server $SERVERNAME took $N seconds to issue the SMTP banner
 
* Verification server $SERVERNAME took $N seconds to issue the SMTP banner

Revision as of 17:02, 26 November 2015

What is Tarpitting?

Tarpitting is a primitive antispam technique used on many Microsoft Exchange servers which can cause trouble for CanIt and should be disabled on any Exchange server behind a CanIt filter.

Tarpitting works by inserting artificial delays into the SMTP conversation in hopes that a spammer will not be patient enough to wait it out. While this can be effective for an Exchange server that is open to the internet, it is useless, and actually disruptive for users of CanIt.

CanIt Errors and Anomalies

Since the only connection to the mail server will be coming from CanIt, there is absolutely no reason to have this setting enabled in Exchange. If CanIt detects large, intentional delays when it connects to your mail server you will be alerted with the following anomaly:

  • Large delays seen in SMTP session. Is tarpitting or delaying enabled on $SERVERNAME?

Similarly, either of these errors will be shown in the logs:

  • Verification server $SERVERNAME took $N seconds to issue the SMTP banner
  • Verification server $SERVERNAME took $N seconds to respond to a RCPT To: command

Disabling Tarpitting

Tarpitting was not included in the initial release of Exchange 2003 but may have been added on later. In this case as well as with all Exchange 2007 and 2010 servers, tar-pitting should be configurable with the following command:

get-ReceiveConnector | set-ReceiveConnector –TarpitInterval 00:00:00

where the time parameter at the end defines the length of the delay. Please set this to 00:00:00, as above, to disable it's functionality. If you ever move away from CanIt, you can reset it using the same command and the default time of 5 seconds (00:00:05).

Disclaimer

Roaring Penguin is not responsible for supporting or administering Exchange and none of it's staff are experienced in doing so. The information in this article was sourced from around the internet and has not been tested. If you need further help related to Tarpitting, please consult Microsoft or another resource that specializes in the management of exchange. If you notice any discrepancies in the information here and the real-world results, please let us know so that we can update our documentation.