RE: Some Advice Please

  • From: "Maglinger, Paul" <PMAGLINGER@xxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 6 Jan 2006 10:03:58 -0600

Hmmmm... Thanks!

________________________________

From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Friday, January 06, 2006 9:55
To: [ExchangeList]
Subject: [exchangelist] RE: Some Advice Please
Sensitivity: Private


http://www.MSExchange.org/


http://www.vamsoft.com/orf/

 

John T

eServices For You

 

-----Original Message-----
From: Maglinger, Paul [mailto:PMAGLINGER@xxxxxxxx] 
Sent: Friday, January 06, 2006 5:42 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Some Advice Please
Sensitivity: Private

 

http://www.MSExchange.org/

John - ORF?   

 

________________________________

From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Thursday, January 05, 2006 17:10
To: [ExchangeList]
Subject: [exchangelist] RE: Some Advice Please
Sensitivity: Private

http://www.MSExchange.org/

If it is a harvesting or dictionary attack, your best bet is an
automated way to temporarily block connections from an IP after x amount
of invalid recipients or tarpit the IP after x amount of invalid
recipients. 

 

Some one else has posted a couple of links of how to do this on
Exchange, but IMHO you want to do this before your Exchange server
unless you a small shop and do not have other resources.

 

My clients Exchange servers sit behind my e-mail server which is acting
as a gateway for them which that server sits behind 3 MS SMTP servers
with ORF running. 

 

ORF is actually a very good product that is growing but does not get
mentioned much. It can install on any server running IIS as it works
directly with the IIS SMTP service. 

 

A harvest attack is where the attacking server(s) will "send" an e-mail
to every possible address at your domain from a through zzzzzzzzzzz (you
get the idea) to find out which are valid addresses. The proper way to
fight this is either block the IP after so many invalid recipients or to
tarpit which means waiting 30 to 60 seconds to respond with a 5.1.x
indicating an invalid address. 

 

John T

eServices For You

 

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
pmaglinger@xxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to info@xxxxxxxxxxxxxx 

Other related posts: