This article has been archived. It is offered "as is" and will no longer be updated.
This article discusses a software update that you can install to help prevent the enumeration of e-mail addresses in your Microsoft Exchange Server organization. You can install this update if you run Microsoft Exchange Server 2003 on a Microsoft Windows Server 2003-based computer.
Exchange Server 2003 provides a recipient filtering feature that can block an e-mail message that has been sent to a recipient that does not exist. The recipient filtering feature blocks the e-mail message by rejecting the recipient that does not exist. The recipient filtering feature blocks the e-mail message at the Simple Mail Transfer Protocol (SMTP) level. A side effect of this feature is that a malicious sender or a sender of unsolicited commercial e-mail can enumerate e-mail addresses that do exist by using a technique that is known as a directory harvest attack.
If you click to select the Filter recipients who are not in the Directory check box when you configure the recipient filtering feature, directory lookup for recipients is enabled. If directory lookup is enabled, senders of unsolicited e-mail may discover valid e-mail addresses in your Exchange Server organization.
This software update adds a feature that you can use to delay the SMTP address verification responses for each invalid address that is submitted. This feature is referred to as the tar pit feature. You can control the delay time by setting the value of the TarpitTime registry entry. By default, this feature is disabled. It takes more time and more money for an attacker to obtain the global address list by using a directory harvest attack against an SMTP server that has the tar pit feature enabled.
Note Only anonymous connections are affected by the TarpitTime registry entry. Therefore, we recommend that you enable the TarpitTime registry entry only on the Internet-facing mail gateway servers.
Software update information
A supported feature that modifies the default behavior of the product is available from Microsoft. However, this feature is intended to modify only the behavior that this article describes. Apply this feature only to systems that specifically require it. This feature might receive additional testing. Therefore, if the system is not severely affected by the lack of this feature, we recommend that you wait for the next software update that contains this feature.
If the feature is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the feature.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific feature. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
Note The "Hotfix download available" form displays the languages for which the feature is available. If you do not see your language, it is because the feature is not available for that language.
You must install this software update on a Windows Server 2003-based computer.
You must restart the computer after you apply this software update.
Software update replacement information
This software update does not replace any other software updates.
The English version of this software update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Windows Server 2003, 32-bit editions
Date Time Version Size File name ------------------------------------------------------- 22-May-2004 00:19 6.0.3790.175 457,216 Smtpsvc.dll
Windows Server 2003, 64-bit editions
Date Time Version Size File name Platform -------------------------------------------------------------------- 21-May-2004 22:10 6.0.3790.175 1,177,088 Smtpsvc.dll IA-64
Configure the registry to use the tar pit feature
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
To enable the tar pit feature, you must add the TarpitTime registry entry to the registry and then configure the delay time value. To do this, follow these steps.
Note If the TarpitTime registry entry does not exist, Exchange Server behaves as if the value of this registry entry were set to 0. When the TarpitTime registry entry has a value of 0, there is no delay when the SMTP address verification responses are sent.
Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following registry subkey:
Microsoft Exchange Server 2003 Standard Edition, Microsoft Exchange Server 2003 Enterprise Edition, Microsoft Windows Small Business Server 2003 Standard Edition, Microsoft Windows Small Business Server 2003 Premium Edition