thorbenw 0 Posted September 13, 2006 Hi, in the FAQs, 'Why are autoresponders bad?' you say 'Configure your software to either reject messages during delivery or accept them permanently.' Good idea, we'd like to do so by rejecting all messages sent to 'unknown' users using the 'Filter recipients who are not in the Directory'-Checkbox in an Exchange 2003 Frontend-Server with SP2 installed. BUT: In the corresponding Help-Topic, Microsoft say 'Caution! Enabling this check box can potentially allow senders of unsolicited commercial e-mail to discover valid e-mail addresses in your Exchange organization, because during the SMTP session, the SMTP virtual server sends different responses for valid and invalid recipients.' AFAIK, this is true. Is there a way to make Exchange respond the same way for valid and invalid recipients? Best regards Thorben Share this post Link to post Share on other sites
Telarin 0 Posted September 13, 2006 No, however, it is easy enough to prevent dictionary attacks/directory harvesting by enabling Exchanges tarpitting feature. SMTP tar pit feature for Microsoft Windows Server 2003 As an added bonus, this also slows down a spammer by tying up their SMTP connections for longer than usual. I use a value of 120 seconds on my Exchange server, and it seems to work well. Share this post Link to post Share on other sites
thorbenw 0 Posted September 13, 2006 Great, thank you! Share this post Link to post Share on other sites