agriboy1980
asked on
Need help get rid of SPAM
Dear Everyone,
I am operating an Exchange 2003 environment. Recently I experiencing a bigger spam attack.
I have heard that if I apply a Spoof record in the DNS setting or perform reverse dns using Exchange server it would reduce the SPAM attack.
Do I need to register a Spoof record or do I need to perform reverse DNS on incoming mail with server?
What do you think?
Any other suggestions would be appreciatted.
P.S.: The server is using the newest NOD32 for Exchange for Antispam and etc...
Thanks
I am operating an Exchange 2003 environment. Recently I experiencing a bigger spam attack.
I have heard that if I apply a Spoof record in the DNS setting or perform reverse dns using Exchange server it would reduce the SPAM attack.
Do I need to register a Spoof record or do I need to perform reverse DNS on incoming mail with server?
What do you think?
Any other suggestions would be appreciatted.
P.S.: The server is using the newest NOD32 for Exchange for Antispam and etc...
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Restart the SMTP Service (Simple Mail Transfer Protocol Service) to make sure the changes are put into place immediately.
ASKER
Ok.
By the way:
Do you know anything about this so called spoof record?
Thanks.
By the way:
Do you know anything about this so called spoof record?
Thanks.
If you mean an SPF record, then yes. Visit http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/ and run through the screens.
Alan
Alan
ASKER
Hi,
domain.com. TXT "v=spf1 a mx ip4:111.111.111.111 ~all"
If I have a TXT record in my DNS already (mentioned above) how can I check that is functioning properly?
In the provided link http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
there are some questions I cannot answer for sure, I am just guessing. Is there a detailed explanation for that?
Thanks in advance.
domain.com. TXT "v=spf1 a mx ip4:111.111.111.111 ~all"
If I have a TXT record in my DNS already (mentioned above) how can I check that is functioning properly?
In the provided link http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
there are some questions I cannot answer for sure, I am just guessing. Is there a detailed explanation for that?
Thanks in advance.
If you visit http://www.kitterman.com/spf/validate.html
Use the test an SPF record and feed it your SPF record exactly as above without the Quote Marks, then tweak the Mail From / Helo / IP Address and test to see what happens in terms of the Result.
Use the test an SPF record and feed it your SPF record exactly as above without the Quote Marks, then tweak the Mail From / Helo / IP Address and test to see what happens in terms of the Result.
ASKER
Hi Alan,
I have configured the TarpitTime key as it was mentioned here: http://support.microsoft.com/kb/842851/en-us
Can't find any information yet regarding what would could be the avarage range of this key VALUE?
Now I have set it to 5, but I don't think it is the good value for it.
Can you help?
thanks
I have configured the TarpitTime key as it was mentioned here: http://support.microsoft.com/kb/842851/en-us
Can't find any information yet regarding what would could be the avarage range of this key VALUE?
Now I have set it to 5, but I don't think it is the good value for it.
Can you help?
thanks
I would set it to something like 30 seconds. The idea is to slow spammers down, so 30 seconds should make life much harder for them.
60 would be worse for them - depends on how nasty you are feeling :)
Alan
60 would be worse for them - depends on how nasty you are feeling :)
Alan
ASKER
Ok. I have set it to 60.
If I am right it means if someone is trying to send SPAMs it will wait 60 seconds on my server before it starts the delivery process.
Why should this "nasty" step make SPAMMers life harder?
If I am right it means if someone is trying to send SPAMs it will wait 60 seconds on my server before it starts the delivery process.
Why should this "nasty" step make SPAMMers life harder?
No - the tarpit is a delay inserted into the communication between the remote side and your server to slow down the transmission and to give the spammer a hard time. Without a delay, they can test out addresses on your server and your server will respond immediately with a response e.g., invalid recipient. With the tarpit set to 60 seconds, it will wait for 60 seconds before sending the Invalid Recipient response, so that means the spammer has to wait a minute between trying out new recipients, thus slowing down their communications and meaning it takes much longer to get anywhere when trying to abuse your server.
A slightly more extensive definition can be found here:
http://en.wikipedia.org/wiki/Tarpit_(networking)
Alan
A slightly more extensive definition can be found here:
http://en.wikipedia.org/wiki/Tarpit_(networking)
Alan
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for agriboy1980's comment #a38805343
for the following reason:
Thanks for the detailed help.
Accepted answer: 0 points for agriboy1980's comment #a38805343
for the following reason:
Thanks for the detailed help.
You seem to be accepting your own comment as the solution here, rather than one of my comments, which would reward me for my efforts.
Could you please have another go at closing by accepting one or more of my comments and the solution, unless you didn't intend to award me any points for helping you.
Objecting to the currently intended closure.
Many thanks
Alan
Could you please have another go at closing by accepting one or more of my comments and the solution, unless you didn't intend to award me any points for helping you.
Objecting to the currently intended closure.
Many thanks
Alan
ASKER
Hi Alan,
Sorry about that, something was wrong with my smartphone, of course you are the one who earned all the points.
By the way before I close this question properly, do you think there is a way to test the appropriate working of this Tarpit solution?
Thanks in advance.
Sorry about that, something was wrong with my smartphone, of course you are the one who earned all the points.
By the way before I close this question properly, do you think there is a way to test the appropriate working of this Tarpit solution?
Thanks in advance.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Outstanding solution. Thanks.
ASKER
I have configured the Filtering at Message Delivery propreties.
Do I need to restart any services for the modification to take effect?
Thanks