Watch where you blog Vlad

Exchange, Vladville
3 Comments

Sorry about the previos post, it went to the wrong profile and ended up here instead of the Own Web Now Corp Blog.

For what its worth, we “innovated” that feature from Exchange 2007 and Sendmail. While Exchange 2007 does not do this type of protection at all, they do enforce a 5 second tar-pitting interval on all connections by default:

get-receiveconnector | select name,tarpitinterval

The second part we got from sendmail. I honestly expected a lot of mail servers not to respect the RFC but it turns out that everything out there does wait for the 200 greeting banner before issuing the HELO/EHLO statement. Go figure. We ran on our honeypot network and got 83% of hostnames trapped using this mechanism so its likely something in the latest botnet code that major spammers are using.

Does anyone care about this stuff? Obviously the OWN Blog is a business place so the language is different for the people that haven’t met me… but some of this technical stuff does help ITPRO folks that are trying to learn how the subsystems work. So would you like to see it here on Vladville? I stopped writing articles here because I became the “MVP Free Technical Support Force” practically overnight and I just don’t know how to turn people away that ask for help. Ideas, suggestions, etc… would you like to see me write about this stuff on here? 

3 Responses to Watch where you blog Vlad

Comments are closed.