Tarpit Feature

Enabled by default and set to 5 seconds for every Receive Connector in Exchange 2007, and configurable for Exchange 2003, the SMTP tarpit feature is something to keep in mind when securing your Exchange environment. By enabling tarpitting, anonymous SMTP connections will experience a delay in receiving a 5.x.x reply, which could be useful to prevent a so-called directory harvesting attack when enabling recipient filtering to deny all mails sent to non-existent users in your exchange organization. To enable and configure the tarpit interval for Exchange 2003 on a Windows 2003 OS, you need to add the following registry key and set its value to the amount of seconds you want Exchange to wait before returning a 5.x.x reply:

Location = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMTPSVC\Parameters

DWORD Value= TarpitTime

To change the tarpit interval in Exchange 2007, you need to use the Exchange Management cmdlet Set-ReceiveConnector. The following example will set the tarpit interval to 1 second for the Default Receive Connector homed on a Hub Transport server called Ex2007Se.

Set-ReceiveConnector "EX2007SE\Default EX2007SE" -TarpitInterval 00.00:00:01

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top