Exchange 2010: Tarpitting with a 3rd party layer
In Exchange 2010 you have a feature called Tarpitting. Lets briefly understand what tarpitting is all about:
What is Tarpitting?
This is a method to stop a mail sender sending you multiple mail requests. What does it apply to:
- Directory Harvest Attack.
- NDR attack.
We are not going to go into detail regarding each one but long story short, there is a limit set between emails from a sender (5 Second Default) and spammers don't like this kind of delay.
Scenario:
If you have a 3rd party layer ontop of Exchange like Mcafee or Odin or any of the other products out there, if you have a temporary failure you might have a big backlog which takes long to clear for incoming mail.
To get the current settings for tarpitting in your environment you can run the following command:
- get-ReceiveConnector | select name,tarpitinterval
This will go and check every receive connector and return the values, if you want to drill down to a specific server then you can run the following command:
- get-ReceiveConnector -Server | select name,tarpitinterval
Solution:
You can set the tarpit interval to 0 and this will speed up incoming mail delivery, just make sure you understand that turning it off can potentially expose you.
To set the interval for all receive connectors you can run the following command:
- set-ReceiveConnector | set-ReceiveConnector –TarpitInterval 00:00:00
To set it for a specific server then run the following:
- set-ReceiveConnector "connector-name" –TarpitInterval 00:00:00