We help IT Professionals succeed at work.

Exchange 2010 tarpit - can't disable

snowdog_2112
snowdog_2112 asked
on
I've run the set-receiveconnector command and a get-recieveconnector it shows the tarpitinterval of 00:00:00.

Yet, my smtp logs show the connector is tarpitting connections.  Every incoming connection from my mail scrubbing service is getting tarpitted, from 0.5 seconds to 2.5 seconds (the longest I've seen in the logs)

I have 2 questions:
1. How do I *really* disable tarpitting?

2. I have read that the connector will tarpit a connection only on a "user not found" error, but I'm getting *every* connection tarpitted, why?
Comment
Watch Question

BusbarSolutions Architect

Commented:
did you restart the transport service after you did the changes!

Author

Commented:
Yes.  Then I bounced the IS and at least one other that looked like it might be related (routing??).

Same result.

Thanks!

Author

Commented:
I am still seeing tarpit entries in my smtp logs.  Note that the log is on the Default internet Connector, which shows a tarpit of 0.

2010-07-06T18:54:57.157Z,JDFW\Default Internet Connector,08CCDAF1DACABD5B,39,192.168.80.20:25,209.242.224.62:57912,*,Tarpit for '0.00:00:00.703' due to 'DelayedAck',Delivered

Tarpit settings
Name                                                        TarpitInterval
----                                                        --------------
Default Internet Connector                                  00:00:00
Client JDFW                                                 00:00:05
Internal-Relay-Hosts                                        00:00:05
DMZ-Relay-Hosts                                             00:00:05
Commented:
Snowdog, the message "Tarpit for '0.00:00:00.703' due to 'DelayedAck',Delivered" is due to the Delayed Acknowledgement feature for Transport Shadow Redundancy in Exchange 2010 server. For more information about this, please refer to "Delayed Acknowledgement" in the following article:

Understanding Shadow Redundancy http://technet.microsoft.com/en-us/library/dd351027.aspx

If you want (and understand implications), you can disable delayed acknowledgement on the Receive connector using following command;

Set-ReceiveConnector "Default Internet Connector" -MaxAcknowledgementDelay 0

Author

Commented:
From that link, it's not clear to me whether the sending mail server is impacted by shadow redundancy.  I have a single exch10 server with hub/cas roles - no edge server.  Is this delay between the hub and cas, or is it between sending smtp server and hub?

I ask because I've had some transfer issues with some remote domains since moving from ex2003 to ex2010.
Commented:
My understanding is that the hub server will delay sending ack to sending server untill it has confirmed delivery to it's next hop (the mailbox server in your case).
See following in interoperability;
4.For each message Exchange receives, it will do the following:
a.Deliver the message to the next hop, or make a shadow copy of it.
b.Send acknowledgement to the sending server.

Not enough info to tell if this has anything to do with "some transfer issues" you mention. (but I doubt this is the case).

Author

Commented:
Is it possible that the delayed ack would have the same affect as greylisting from the perspective of the sending (i.e. remote) server?

Thanks again - I'll accept the previous post as the answer, but would appreciate your thoughts regarding this followup.

Author

Commented:
I accepted both because the first has the link, but the second explains a little better what the link says.  Thanks!

Commented:
Tarpitting (delaying ack)  is family of greylisting as a technique used by receiving mailservers to slow down spam.
They are different in that with Greylisting the receiving server sends a  temporary rejection with a SMTP 4xx error code while Tarpitting / Delayed Ack does not send rejection SMTP response, but just delays the acknoledgement.