February 23, 2005
@ 10:56 PM
Comments [0]
MSKB 842851 A software update is available to help prevent the enumeration of Exchange Server 2003 e-mail addresses

http://support.microsoft.com/?id=842851

This article discusses a software update that you can install to help prevent the enumeration of e-mail addresses in your Microsoft Exchange organization. You can install this update if you run Microsoft Exchange Server 2003 on a Microsoft Windows Server 2003-based computer.

Exchange Server 2003 provides a recipient filtering feature that can block an e-mail message that has been sent to a recipient that does not exist. The recipient filtering feature blocks the e-mail message by rejecting the recipient that does not exist. The recipient filtering feature blocks the e-mail message at the Simple Mail Transfer Protocol (SMTP) level. A side effect of this feature is that a malicious sender or a sender of unsolicited commercial e-mail can enumerate e-mail addresses that do exist by using a technique that is known as a directory harvest attack.

If you click to select the Filter recipients who are not in the Directory check box when you configure recipient filtering, directory lookup for recipients is enabled. If directory lookup is enabled, senders of unsolicited e-mail may discover valid e-mail addresses in your Exchange organization.

This software update adds a feature that you can use to delay the SMTP address verification responses for each address that is not valid that is submitted. This feature is referred to as the tar pit feature. This feature makes it extremely expensive in terms of time and cost for an attacker to try to obtain the Global Address List by using a directory harvest attack against an SMTP server that has the tar pit feature enabled. You can control the delay time by setting the value of the TarpitTime registry entry. By default, this feature is disabled.

Note Only anonymous connections are affected by the TarpitTime registry entry. Therefore, we recommend that you only enable this registry entry on the Internet-facing mail gateway servers.

Software update information
A supported feature that modifies the default behavior of the product is now available from Microsoft, but it is only intended to modify the behavior that this article describes. Apply it only to systems that specifically require it. This feature may receive additional testing. Therefore, if you are not severely affected by the lack of this feature, we recommend that you wait for the next Microsoft Windows Server 2003 Service Pack that contains this feature.


 
Categories: IT

« Microsoft Installer 3.0 Redistributable | Home | Exchange 2003 - Setup Catchall Email Add... »