08 March 2017

A bit more about Tarpit Interval in Exchange

I want to show the reasons why in the SMTP logs report of delays the delivery of emails.
Tarpitting is an artificial delay in server responses in SMTP for several reasons (preventing spam, directory harvest attack, high server load and etc.).
For convenience, I presented the information about log records, features (that responsible for the delay), delay values and etc. in the tables.

Feature Recipient Lookup
Log Tarpit for '0.00:00:05' 550 5.1.1 User unknown
Applicable Exchange 2007 - 2016 on Edge Role
Delay default value 00:00:05
Delay minimum value 00:00:00
Delay maximum value 00:10:00
How to change delay value Set-ReceiveConnector "Default" -TarpitInterval 00:**:**
Default feature state Disabled. Need to enable Recipient Filter agent.
How to enable feature Set-RecipientFilterConfig -Enabled $true
How to disable feature Set-RecipientFilterConfig -Enabled $false
Disable-TransportAgent "Recipient Filter Agent"
Comments Authenticated connections are never delayed.
Technet https://technet.microsoft.com/en-us/library/bb123891(v=exchg.160).aspx



Feature Shadow Redundancy
Log Tarpit for '0.00:00:05' due to 'DelayedAck'
Applicable Exchange 2010 - 2016
Delay default value 00:00:30
Delay minimum value 00:00:00
Delay maximum value 00:10:00
How to change delay value Set-ReceiveConnector "Default" -MaxAcknowledgementDelay 00:**:**
Default feature state Enabled
How to enable feature Set-TransportConfig -ShadowRedundancyEnabled $true
Set-ReceiveConnector "Default" -MaxAcknowledgementDelay 00:00:30 (Exchange 2010)
How to disable feature Set-TransportConfig -ShadowRedundancyEnabled $false
Set-ReceiveConnector "Default" -MaxAcknowledgementDelay 0
  (Exchange 2010)
Comments
Technet https://technet.microsoft.com/en-us/library/dd351027(v=exchg.141).aspx

Feature Back Pressure
Log Tarpit for '0.00:00:55' due to 'Back Pressure'
Applicable Exchange 2007 - Exchange 2016
Delay default value 00:00:10
Delay minimum value 00:00:00
Delay maximum value 00:00:55
How to change delay value Modify SMTPBaseThrottlingDelayInterval, SMTPMaxThrottlingDelayInterval, SMTPStepThrottlingDelayInterval, SMTPStartThrottlingDelayInterval keys in "EdgeTransport.exe.config" file.
Default feature state Enabled
How to enable feature Open the "%ExchangeInstallPath%Bin\EdgeTransport.exe.config" file.
Add or change the key "<add key=”EnableResourceMonitoring” value=”true” />" and save.
Run "Restart-Service MSExchangeTransport" cmdlet.
How to disable feature Open the "%ExchangeInstallPath%Bin\EdgeTransport.exe.config" file.
Add or change the key "<add key=”EnableResourceMonitoring” value=”false” />" and save.
Run "Restart-Service MSExchangeTransport" cmdlet.
Comments Messages could delay due to Back Pressure only for "QueueLength[SubmissionQueue]" and "UsedVersionBuckets" resources with medium utilization level. For other resources due to Back Pressure all messages are rejected.
Microsoft hasn't recommended modification back pressure settings in the EdgeTransport.exe.config file.
Technet https://technet.microsoft.com/ru-ru/library/bb201658(v=exchg.160).aspx

Other tarpit logs that not yet explored by me:
Tarpit for '0.00:00:05' due to '535 5.7.3 Authentication unsuccessful'
Tarpit for '0.00:00:05' due to '554 5.6.0 Invalid message content'
Tarpit for '0.00:00:05' due to '504 5.7.4 Unrecognized authentication type'
Tarpit for '0.00:00:05' due to 'IP discredited'

P.S. Interestingly, Tarpit feature can be enabled in Microsoft Windows Server 2003.

1 comment:

  1. Hi,
    Thank you for this research, but i need more info on IP discredited, how to disable that, do you have any idea ?

    ReplyDelete